AnsweredAssumed Answered

Petya Defense seen as False Positive Petya Detection

Question asked by jkent on Jul 11, 2017
Latest reply on Sep 7, 2017 by Jimmy Graham

Based on a great writeup that Binary Defense did, I have deployed a file on my windows machines to limit infections from Petya.  If you drop c:\windows\perfc.dat onto a machine and write protect the file to a read-only condition, Petya's programming fails and it stops the ransomware from progressing.  

 

Unfortunately the presence of this file triggers Qualys to detect QID 1037 on machines with the Agent Installed.  Anyone else using this type of mitigation?  Perhaps Qualys could use another detection mechanism, other than the one that is a protection mechanism, to detect Petya.

Outcomes