With the influx of attachments with dangerous content, there is a need for a service that can determine whether or not an attachment is safe to open. Anti-virus scans on attachments are not sufficient these days, and are easy to work around, especially considering how rampant ransomware is, which encrypts your data, including backups, and requires a ransom payment to unlock. The only sure way to see if a suspicious attachment should be opened on your network is to actually open it on dedicated systems, see what it does, and give it a score. This is where ContentCatcher Detonator comes in.
Most malicious attachments are intelligent and check certain machine parameters before they execute to prevent giving themselves away easily. These parameters are ineffective against Detonator since the systems used to execute the files are no different than a normal workplace pc. After the file is executed, its actions are scored by Detonator. If the malware performs high risk actions such as “phoning home” to a command and control server or creating registry keys in run or runonce, then it is given a high score in our system and sent to your quarantine.
ContentCatcher Detonator requires no work on the client side. If our email filtering service is currently in use on your network, Detonator is a simple add on.