Top 10 Reasons to Use Malicious File Hunter

Reason #1 - Layered Security is Not Perfect

Regardless of how good is your AV, Firewall, Proxy and ACLs, malware can and will always makes it through. It happens in small and large organisations. No exceptions. Malicious File Hunter helps your search each and every system on your network for malicious file(s) based on easy keyword query. Search is blazing fast and you will know right there and then if known trojan is present on any of your systems.

Reason #2 - Reactive is Old School

Waiting for your users or a security software to report a suspicious or malicious activity is not recommended and goes against basic IT security principals. Malware moves fast and a PC could be infected for days, weeks or even months before it's flagged for investigation. By that time, data could have left the building and the damage is done.

Reason #3 - Antivirus Software Miss Out

A lot, and it happens all the time. Antivirus software relies heavily on files found in the wild or received by customers to build detection definitions. If your AV didn't know about a Trojan stealing data from your network, there is no way they will have detections for it. Using MFH, you can search for any new threat using a full and partial filename(s) and you will know if any of your systems is hit.

Reason #4 - Users are the Weakest Link

Some say "rules are made to be broken", while it's not the moto of corporate security, but some users always insist on having it the easy way. Whether it's opening a dangerous Firewall rules or allowing sharing sites, it does happen. Actively targeting most vulnerable users (happy clickers & downloaders) helps you clean your network faster. Who knows, you may build a case for tighter rules.

Reason #5 - APTs are APTs

APT or Advanced Persistent Threats are constantly targeting organisation on daily basis. It can simply start with an email sent to specific user attached with filename "Purchase Order Details for YOUR-COMPANY-NAME.xls.exe". This file could have been carefully coded to infect a specific user in your organisation. In most cases, AV and other security tools won't detected. Some malware writters test their files on VirusTotal.com. The non-technical user may not know the difference between an EXE and XLS extension. Most users don't know what an extension is and changing the file icon is not hard to convince the user to run it.

Malicious File Hunter can be easily used to search for files using exact name or wild cards. A search with "Purchase Order*.exe" will return details on what systems have such files and other variants.

Reason #6 - Removable Media Devices are Wild

Removable drives are wild. There are USB sticks, external drives and then some mobile devices such as smart phones and tablets used to store data from a PC. If these devices are allowed on your network, and they are on many corporate network, they are very likely to be a source of threats. When that happens, you will need to locate the source of infection and MFH is capable of searching removable media attached to Windows.

Reason #7 - C&C Servers Move Fast

Constantly adding domain to your Firewall or Proxy block of malicious Command & Control, download, and exploit site is good practice. However, there is so much intelligence to be gained from samples. Many malware have similar filenames. By searching you local network for those files, you get the upper hand and be able to block new C&C servers, you may not find anywhere. You will need to run those files on sandbox to collect C&C data.

Reason #8 - Network is Noisy

The amount of network traffic on a typical corporate network nowadays is absolutely huge. Even for small or medium companies it can be a challenge to keep tabs on what's good and what's bad traffic. However, you Windows admin knows what should be on standard Windows image and what shouldn't be.

Reason #9 - Collecting Samples Should be Easier

Copy to Share is a feature only available in Malicious File Hunter Enterprise edition. It allows you to select one or multiple files found on any remote computer and copy them to a destination share of your choice. You can zip then with a password such as "infected" and forward on to your IT Security personnel or Antivirus company. All with a few clicks. No more calling local admin, messing with admin shares.

Reason #10 - Putting Intelligence to Good Use

Everyday various IT security companies such as Antivirus vendors, blogs and websites publish data on new found malware. Some of which are known to spread fast. The published data typically include malware behaviour, files and sometimes C&C servers. Using MFH software, you can put this data to good use by searching for those files to check if your network is affected. You can create a scheduled tasks (Professional and Enterprise) to run scheduled searches to ensure your network is clean.