cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Olga_Kuts
Silver

Prevent malicious files from being written to the file system using SBA

How can I prevent malicious files from being written to the file system using a Threat Emulation blade of SandBlast Agent? In policies, I can only specify whether to emulate these files or not. 

8 Replies
Admin
Admin

Re: Prevent malicious files from being written to the file system using SBA

Files have to be downloaded in order to be sent to Cloud or Local Emulation.

I know that SandBlast Agent for Browsers has a control as to whether the files are kept afterwords or not: Where does Threat Extraction SandBlast Agent for Browsers save original files 

0 Kudos
Employee+
Employee+

Re: Prevent malicious files from being written to the file system using SBA

As Dameon wrote, Threat Extraction & Threat Emulation in the SBA browser extension will prevent the malicious files from getting to the disk.

SBA browser extension is an integral part of the Sandblast Agent installation you have.

0 Kudos

Re: Prevent malicious files from being written to the file system using SBA

Hi ,

If I copy the malicious file to the system through USB,what will be the case ?

Will that file be removed or we can't ?

0 Kudos
Employee
Employee

Re: Prevent malicious files from being written to the file system using SBA

Hi,

In this case, the local copy of the file will be removed, but the file on the USB will remain.

Thanks,

Gal

0 Kudos

Re: Prevent malicious files from being written to the file system using SBA

Hi Gal,

Thanks for the reply.

How we can remove the file from the system ?

Employee
Employee

Re: Prevent malicious files from being written to the file system using SBA

If you want the file to be deleted from the usb, you need to trigger on the file itself. If you double click the file on the usb drive and the trigger will be directly on that file, it will be deleted.

Thanks,

Gal

0 Kudos

Re: Prevent malicious files from being written to the file system using SBA

Hi Gal,

I don't want to delete the file from the USB.

I want it to be deleted from the local PC,how we can delete this malicious file automatically from Sandblast when the verdict is malicious.

0 Kudos
Admin
Admin

Re: Prevent malicious files from being written to the file system using SBA

As noted in previous comments, it should not be written to the local system in the first place, so it should not need to be deleted.

Even in the case where the SBA Plugin downloads a file to send it to emulation, it is not done in a user accessible location.

Only if the file is deemed safe it is written to a user accessible location.

0 Kudos