W32/CVE_2017_0147.A!tr
Analysis
W32/CVE_2017_0147.A!tr is a generic detection for a type of trojan. Since this is a generic detection, malware that are detected as W32/CVE_2017_0147.A!tr may have varying behavior. At the time of this analysis, this has been detecting variants of the WannaCry ransomware. For more information, please see the description for W32/WannaCryptor!tr.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database./li>
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
- Download and install the patch for the Microsoft Windows SMB Server Vulnerability at https://technet.microsoft.com/library/security/MS17-010.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |