Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all articles
Browse latest Browse all 6827

SEPM 12.1.4: delete Outlook msgs where attachment .zip contains .js

$
0
0
I need a solution

We're receiving a rash of new phishing/hack messages that contain a .zip attachment that contains a .js file.

In all cases, the .js is harmless because of existing security policies in place. However, we recieve a number of these messages per day. The messages adapt faster than our perimeter protection + SEP + end user education can adapt.

I would like to avoid exposure altogether by simply deleting any messages from Outlook where the .zip attachment contains a .js file. SEP is really very good at catching .zip > .scr/.exe conditions. I would like to expand that behavior to .zip > .js. No one will ever need to send us a .js file, except for the developer teams who already rename .js to .js_safe when sending. I'm confident this is a reasonable bheavior change with no negative impact.

This will be my first time navigating SEPM to modify its behavior, and I'm a bit overwhelmed at all of the options. Could someone give me a brief guide on what to do? I'm sure I could muddle my way through it and likely end up doing it the wrong way. I would prefer to get it right the first time.

0

Viewing all articles
Browse latest Browse all 6827

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>