Proactive Defense Against Malwares for Remote Workers

%3CLINGO-SUB%20id%3D%22lingo-sub-1386228%22%20slang%3D%22en-US%22%3EProactive%20Defense%20Against%20Malwares%20for%20Remote%20Workers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386228%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22lia-align-justify%22%3EDuring%20these%20days%20when%20work%20from%20home%20is%20a%20trend%2C%20protecting%20remote%20workers%20against%20malwares%20is%20essentials%2C%20we%20have%20to%20make%20sure%20their%20systems%20are%20free%20from%20malwares%20and%20running%2C%20so%20they%20could%20perform%20their%20day%20to%20day%20tasks.%20When%20system%20is%20infected%2C%20they%20couldn't%20do%20their%20daily%20task%20and%20makes%20them%20counterproductive.%20In%20case%2C%20you%20are%20using%26nbsp%3B%3CSTRONG%3EMicrosoft%20Intune%26nbsp%3B%3C%2FSTRONG%3Eand%20you%26nbsp%3Bare%20managing%20devices%20with%26nbsp%3B%3CSTRONG%3EWindows%20Defender%20%3C%2FSTRONG%3Ein%26nbsp%3B%3CSTRONG%3EWindow%2010%3C%2FSTRONG%3E%2C%20make%20sure%20take%20the%20following%20into%20consideration%3A%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-justify%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-justify%22%3E%3CSTRONG%3EEnable%20Tamper%20Protection%3A%26nbsp%3B%3C%2FSTRONG%3EThis%20policy%20prevents%20change%20to%20disable%20important%20security%20settings%20in%20Windows%20Defender%20like%20real-time%20protection%2C%20removing%20update%2C%20cloud%20protection%2C%20...%20using%26nbsp%3Bregistry%2C%20group%20policy%2C%20scripts%20and%20so%20on.%20Because%20people%20are%20working%20from%20home%20and%20they%20might%20download%20many%20things%20or%20execute%20untrusted%20command%20or%20fall%20into%20hand%20of%20cybercriminals%20to%20trick%20them%20into%20disabling%20their%26nbsp%3Bantimalware%20program%20and%20enabling%20this%20setting%20would%20make%20sure%20they%20won't%20be%20able%20to%20do%20it.%20However%2C%20please%20make%20sure%20send%20announcement%20and%20inform%20them%20about%20you%20are%20applying%20this%20change%20and%20if%20there%20was%20any%20case%20of%20false-positive%20detection%20or%20you%20have%20permit%20program%20that%20incorrectly%20is%20being%20detected%20as%20malware%2C%20then%20you%20have%20to%20add%20them%20to%20exclude%20list.%20Take%20a%20look%20at%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-antivirus%2Fprevent-changes-to-security-settings-with-tamper-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eprotect%20security%20settings%20with%20tamper%20protection%3C%2FA%3E.%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-justify%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-justify%22%3E%3CSTRONG%3EEnable%20Cloud-Delivered%20Protection%3A%26nbsp%3B%3C%2FSTRONG%3EThere%20are%20possibility%20of%200-days%20malware%20and%20suspicious%20behavior%20for%20malware%20and%20cloud%20protection%20is%20great%20way%20to%20protect%20users%20against%20malware.%20In%20case%20antimalware%20definition%20update%20is%20not%20installed%20yet%20or%20pending%20installation%2C%20it%20would%20be%20proactive%20way%20to%20protect%20system%20while%20update%20is%20being%20installed.%20You%20might%20face%20case%20of%20false-positive%20in%20following%20cases%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3ESoftware%20Developer%20Teams%3A%20%3C%2FSTRONG%3Ethey%20are%20writing%20codes%20and%20might%20execute%20programs%20or%20make%20changes%20behaving%20like%20malware%20%2C%20their%20action%20might%20be%20detected%20as%20malicious%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ESupport%20Teams%3A%20%3C%2FSTRONG%3Ethey%20might%20create%20scripts%20and%20execute%20programs%20and%20they%20could%20detect%20as%20malicious%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EIT%20Department%3A%26nbsp%3B%3C%2FSTRONG%3Ethey%20are%20doing%20administrative%20tasks%20and%20working%20with%20scripts%20and%20programs%20and%20might%20produce%20programs%20where%20detected%20as%20malicious%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIn%20such%20case%2C%20you%20might%20monitor%20cloud-delivery%20protection%20and%20test%20or%20add%20their%20components%20into%20exclude%20list%20for%20Windows%20Defender.%20To%20learn%20more%2C%20take%20a%20look%20at%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-antivirus%2Futilize-microsoft-cloud-protection-windows-defender-antivirus%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUse%20next-gen%20technologies%20in%20Windows%20Defender%20Antivirus%20through%20cloud-delivered%20protection%3C%2FA%3E%26nbsp%3B.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Valued Contributor

During these days when work from home is a trend, protecting remote workers against malwares is essentials, we have to make sure their systems are free from malwares and running, so they could perform their day to day tasks. When system is infected, they couldn't do their daily task and makes them counterproductive. In case, you are using Microsoft Intune and you are managing devices with Windows Defender in Window 10, make sure take the following into consideration:

 

Enable Tamper Protection: This policy prevents change to disable important security settings in Windows Defender like real-time protection, removing update, cloud protection, ... using registry, group policy, scripts and so on. Because people are working from home and they might download many things or execute untrusted command or fall into hand of cybercriminals to trick them into disabling their antimalware program and enabling this setting would make sure they won't be able to do it. However, please make sure send announcement and inform them about you are applying this change and if there was any case of false-positive detection or you have permit program that incorrectly is being detected as malware, then you have to add them to exclude list. Take a look at protect security settings with tamper protection.

 

Enable Cloud-Delivered Protection: There are possibility of 0-days malware and suspicious behavior for malware and cloud protection is great way to protect users against malware. In case antimalware definition update is not installed yet or pending installation, it would be proactive way to protect system while update is being installed. You might face case of false-positive in following cases:

 

  • Software Developer Teams: they are writing codes and might execute programs or make changes behaving like malware , their action might be detected as malicious
  • Support Teams: they might create scripts and execute programs and they could detect as malicious
  • IT Department: they are doing administrative tasks and working with scripts and programs and might produce programs where detected as malicious

In such case, you might monitor cloud-delivery protection and test or add their components into exclude list for Windows Defender. To learn more, take a look at Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection .

0 Replies