Forum Discussion
MDATP doesn't constantly detect a ransomware-type mass encryption
Hello, As a part of security tastings, to see the efficacy level of MDATP, we are running a PowerShell script (encrypt_ransomware.ps1) found in the GitHub https://github.com/leomatias/Ransomware-...
Based on my testing using that same ransomware simulator, we were able to get it to stop and not even launch when we enabled the "Block at First Site" and the ASR Rules.
Check out my results that i posted here:
Give it a try by following some of these MDATP tips here: https://www.thecloudtechnologist.com/mdatp-best-practices/
Joe Stocker We have the rule enabled already from endpoint security > Antivirus > Cloud protection > cloud-delivered protection level =high.
From my side, I think we found a cause. The mdatp seems to detect any ransomware attack by looking at the file extension ".crypted" if not, it doesn't raise the alert in mdatp security center.