ManagedMethods uses Avira as our malware scanning provider, this page will detail how malware scanning is performed, and what results come from a potentially malicious scan.
AVIRA IN A NUTSHELL:
Historically malware scanning has been performed by looking at file signatures, and comparing the signatures against known malware. However malware changes daily, this method leaves organizations vulnerable to novel attacks.
Avira uses AI in combination with signature scanning, to find novel and known malware. This provides true zero day protection for your cloud environment. Avira also looks for malware that uses memory maliciously, and allows immediate responses through policy enforcement in the ManagedMethods console.
WHAT YOU WILL SEE:
When malware is found in your environment it will be displayed on the Malware Tab, there are two different scan results for malware.
Malicious: Malware that is known to be malicious, or a file that is behaving maliciously. Files that are marked malicious should be treated as active malware, and dealt with accordingly. It is incredibly uncommon for a file to be marked as malicious that is not.
Suspicious: Files marked as suspicious are files that seem to be behaving maliciously, however the Avira AI is unable to verify the file as truly malicious. These files should be examined to see why they are triggering the flag.
INVESTIGATING MALWARE
FIRST:
So you've found some malware in your environment, what now? After navigating to the malware page, select the drop-down arrow in the Scan Result column, and look at the threat score. Typically scores over 70 are considered very dangerous.
SECOND:
Download the malware report, and see what about the file Avira found to be concerning, do this by select the Download Report button in the drop-down.
THIRD:
Ask yourself some questions about the file in question, follow the flowchart below.