BullWall Ransomware Containment supports configurable file and directory exclusions such as $RECYCLE.BIN to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that avoids monitoring. Fixed in 4.6.1.14 and 5.0.0.42, which remove hardcoded exclusion behavior and exposes exclusion handling as configurable settings.
Weakness
The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ransomware_containment | Bullwall | 4.6.0.0 (including) | 4.6.0.0 (including) |
| Ransomware_containment | Bullwall | 4.6.0.6 (including) | 4.6.0.6 (including) |
| Ransomware_containment | Bullwall | 4.6.0.7 (including) | 4.6.0.7 (including) |
| Ransomware_containment | Bullwall | 4.6.1.4 (including) | 4.6.1.4 (including) |