I recently discovered this ransomware simulator test from KnowBe4: https://www.knowbe4.com/ransomware-simulator
Actually found this on Spiceworks: https://community.spiceworks.com/topic/1874415-ransomware-simulator-we-failed
It simulates 5 different types of ransomware, and allows you to see if your security solution will protect you from it.
I had a new laptop that I had just provisioned for a user (I am an MSP), and after I installed Webroot SecureAnywhere Endpoint (Business), I decided to test how Webroot would fair. I am dissapoiinted to say that accoding to the results it failed 5 out of 5. Webroot did quarantine the installation package when I attempted to copy it over to the laptop, but after recovering it from quarantine I was able to install it and run the simulator. One person in the Spicework community post stated that he had Webroot and it detected all 5 and was not vulnerable. I did not get the same results. My policy is pretty much the default settings from the Global Recommended Defaults policy.
I was wondering if anyone else has tested this and also if maybe Webroot support has more information to share. I would definitely like to see Webroot handling this test better.
A screenshot of the results::
?
Thanks
LThibx
Solved
Knowbe4 RanSim Ransomware Simulator
Best answer by coscooper
Policy -> Scan Settings -> (Scroll to the bottom)-> PUA - turn to on. (It's off by default).
HTH
~Shane
+10- Sr. Threat Research Analyst
Hi LThibx!
Apologis for the delay. We have re-ran this test and we now score a perfect score. I'm not sure quite what has happened in the interim but perhaps your test might have been using an incorrect policy? If you re-run this test with the default policy and you still get bad results perhaps this could hint to installation or comms issues so please contact our support.
Thanks
Apologis for the delay. We have re-ran this test and we now score a perfect score. I'm not sure quite what has happened in the interim but perhaps your test might have been using an incorrect policy? If you re-run this test with the default policy and you still get bad results perhaps this could hint to installation or comms issues so please contact our support.
Thanks
Further questions or tips? I'm @threatmurray or kmurray@webroot.com
+26Policy -> Scan Settings -> (Scroll to the bottom)-> PUA - turn to on. (It's off by default).
HTH
~Shane
Shane Cooper | Manager, Channels Sales (RMM & Strategic Partners)
Thanks to both of you for leading me in the right direction.
- First, I always make copies of the default policies and make my changes to those copies. Never change the defaults.
- Second, Yes I had to turn the detection of PUAs in my policies Scan Settings. Once I enabled this detection the RanSim ran as expected:
I have now changed my policies at the global level, so now I feel a bit more confortable about the protection of all endpoints across my client base.
Thanks again!
LThibx
1 person likes this
+26Shane Cooper | Manager, Channels Sales (RMM & Strategic Partners)
1 person likes this
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.