Overview

Malware, short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising (source: Wikipedia)

The purpose of this pack is to help you improve the security in your IT environment by ensuring that your endpoint security tools are installed and working as desired. You'll be able to see which devices do not have Antivirus, Antispyware, and firewalls installed and running. The pack will also help you identify known malware that may have gotten past your defensive systems and is still unknown to your Endpoint protection tools.

Included are metrics configured to identify binaries with suspicious behavior. These metrics will return a list of binaries including their version, MD5 hash, and location on the target system. As shown in the image below, your security teams can use the Finder to drill-down and investigate the behavior of these binaries further.

Malwareprotection.png


Pre-Requisites

This pack requires Nexthink Version 6.20 or above.

Change log

V1.1.0.1

References to Nexthink Enhance have been removed from some metrics. As a result, some dashboards have been altered or removed to reflect the changes to some metrics.

V1.1.0.0

Removed digest configuration

V1.0.0.0

Initial release.

Configuration

Before deploying this pack, we recommend going through the metrics in the "Suspicious binaries" folder and refining them so that they are in line with your organization's threat profile. Specifically, the metric "Binaries with suspicious web activity" has been configured to look for only one binary with suspicious web activity. If you wish to look for more specific binaries, we recommend that you create another condition definition within this metric.