Cybercriminals use sophisticated PowerShell-based malware

  • 11 April 2014
  • 2 replies

Any update on this would the AV can penetrate and destroy on or while this is running on a machine.

2 replies

Userlevel 7
Badge +56
I believe we do protect against this attack vector, but I'll double check with our threat team to be sure.
We do have the ability to add detection for this type of malware as needed. However, this is not very widespread and we are not currently detecting many variants of it as they are non-PE. Fortunately, most malware using this technique will attempt to download additional executable components, which will be detected and removed by WSA in most cases.