none
Windows Defender/ATP and Ransomware attacks RRS feed

  • Question

  • Can Windows Defender and ATP protect the machines from Ramsomware attacks?

    Can they prevent an exe being copied to a folder on the system?

    Its a quest of showing Defender is better than McAfee. Please help.

    Monday, March 5, 2018 6:49 PM

All replies

  • Am 05.03.2018 um 19:49 schrieb 3M3M3M:
    > Its a quest of showing Defender is better than McAfee. Please help.
     
    Everything is better, then McAfee ...
     
    Why do you all think, that the client can heal the world? Your problem
    is: a lot of systems already failed. The ransomware is on the client,
    because your SPAM politic is wron, because you allow attachments in
    Mail, because people are allowed to use any USB device, because you are
    to lazy to implement softeware restriction policies/Applocker etc etc etc.
     
    1000 better ways, than Antivirus. They only cost time and brain.
    A fool with a tool, is still a fool.
     
    This time it´s Ransomware, netxt time it´s ??? Change behavior to save
    your network.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    GET Privacy and DISABLE Telemetry on Windows 10 - gp-pack PaT
     
    Monday, March 5, 2018 7:04 PM
  • Yes, Windows Defender is able to detect ransomware as defined here: https://www.microsoft.com/en-us/wdsi/threats/ransomware

    In general, you should consider it as the only barrier against ransomware.

    Mainly you should:

    1. Educate your users to not open suspicious files nor download them. This is the most of important of all the advises
    2. Configure your messaging system to filter those messages whenever possible
    3. Disable autorun for external drives
    4. Take regular backups of your shared folders. Again, educate your end users to take their own backups too

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Monday, March 5, 2018 9:38 PM
  • Thank you Mark and Ahmed. We have Windows defender AV and ATP implemented.

    Lets suppose I have implemented Applocker and Controlled folder Access to safeguard the end user devices but still a malware gets through somehow, will ATP help me in making the infected machine quarantine? How will I ensure that malware doesnt impact my Business?

    Wednesday, March 7, 2018 6:03 PM
  • Am 07.03.2018 um 19:03 schrieb 3M3M3M:
    > [...] How will I ensure that malware doesnt impact my Business?
     
    Applocker -> Whitelist.
    Allow only exe/script/apps etc you verified for good.
     
    block attachments consequently. There is no reason to allow "m" (macros)
    or even executables and scripts. You can disable java script inside PDF
    at all etc.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    GET Privacy and DISABLE Telemetry on Windows 10 - gp-pack PaT
     
    Wednesday, March 7, 2018 8:38 PM