Forum Discussion

Richard_M1010's avatar
Richard_M1010
Copper Contributor
Jun 29, 2023

Defender detected malware but didn't quarantine it

Hi All,

 

Recently saw a malware detection in Defender for Endpoint for a downloaded zip folder linked to alert A file or network connection related to ransomware-linked actor Storm-0494 detected including Ransomware on one endpoint.

 

My expectation was that Defender would block interaction with file detections of this kind but the user was able to extract the zip folder and run a JS file within the folder? Im a little confused.  There are no exclusions configured that would allow this file to behave in this fashion.

 

Maybe automated actions like this are in different licensing packs for Defender?

 

Thanks in advance.

 

Richard

Resources