Has anyone had success capturing macros in USB Drive Campaign
Vastattu
Hi all,
I'm in the process of testing for a USB drive campaign. During my initial testing, I have not been able to obtain any additional information like username and computer name when the file is opened. I understand that with macros enabled on the file, that this information should be collected. I have reviewed a couple KB articles and tried those recommendations, but I still cannot obtain this critical information to make this effort a success.
Has anyone had any success running a USB campaign lately on Windows 10 systems with Defender and ATP enabled?
Thanks!
Matt
-
I tried setting this up but unfortunately our desktop security policies make it useless. We have macro's disabled by default and our AV and Malware software immediately detect it and delete the files anyways. I decided it wasn't worth the effort of trying to make it work at the time. Plus we're probably going to end up disabling unapproved usb drives to satisfy our risk assessment anyways. Good thing is my security settings and products are actually working as they should to help prevent this attack.
-
Hi Dustin,
Thanks for sharing your experience with the community. USBS and macros are definitely tricky, but in your case I think it is great to see that your security is doing its job! It is definitely better in the long run than poking any holes in your security systems, so to speak.
Thanks again, please feel free to reach out should you decide you'd like to open a case or work on this further. We'll be more than happy to help!
Kaiser
KnowBe4
Kirjaudu sisään jättääksesi kommentin.
Kommentit
3 kommenttia