SANGFOR NGFW Anti-Malware27/09/2015
Published on Apr 17, 2014
SANGFOR NGFW (Next-Generation Firewall) Anti Malware
This demo shows SANGFOR NGFW's anti-malware capability of identifying and preventing the damages caused by endpoint affection of malware.
To clearly demonstrate the intrusion, now we enable the anti-malware on SANGFOR NGFW so that we can monitor the process by the logs.
Now assume someone ran the malware by accident.
As you can see, the malware has created a new exe process, but we will have no idea what it is
secretly doing with the endpoint purely from this process.
However, since the SANGFOR NGFW anti-malware has been enabled, admins are able to go to its dashboard to check what exactly it is doing.
Go to the anti-malware module log, we can see the affected endpoint has already been located.
The detailed threats information indicates that, endpoint is trying to initially connect to an unknown external server 184.108.40.206, which could be a botnet Command & Control server.
However, since the network and endpoint has been secured from SANGFOR NGFW, it can't do anything currently.
To check what it's exactly going to do without SANGFOR NGFW's protection, we disable the anti-malware module so that it can proceed on its activities.
Now we can see the affected endpoint immediately starts downloading an .exe file, which could be a Trojan that can cause serious damages to the network and systems.