knowbe4 ransim test failed

%3CLINGO-SUB%20id%3D%22lingo-sub-2675628%22%20slang%3D%22en-US%22%3Eknowbe4%20ransim%20test%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2675628%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20testing%20ATP%20defender%20for%20endpoints%2C%20we%20tested%20with%20knowbe4%20ransim%20test%20software%20and%20ATP%20defender%20failed%2020%2F23%20scenarios.%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20very%20well%20could%20be%20a%20mis-configuration.%20Has%20anyone%20ran%20this%20tool%3F%20Are%20there%20recommended%20settings%20for%20ATP%20that%20need%20to%20be%20configured%20to%20block%20all%20forms%20of%20malware%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2703631%22%20slang%3D%22en-US%22%3ERe%3A%20knowbe4%20ransim%20test%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2703631%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F606641%22%20target%3D%22_blank%22%3E%40Jason_B1025%3C%2FA%3E%2C%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3EHere%20are%20some%20ransomware%20articles%20that%20may%20be%20useful%3A%26nbsp%3B%3CDIV%3E%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fwindows%2Fprotect-your-pc-from-ransomware-08ed68a7-939f-726c-7e84-a72ba92c01c3%22%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fwindows%2Fprotect-your-pc-from-ransomware-08ed68a7-939f-726c-7e84-a72ba92c01c3%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3EProtect%20your%20PC%20from%20ransomware%20(microsoft.com)%3C%2FA%3E%2C%20%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fransomware-protection-in-windows-security-445039d6-537a-488a-ad53-48906f346363%22%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fransomware-protection-in-windows-security-445039d6-537a-488a-ad53-48906f346363%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3ERansomware%20protection%20in%20Windows%20Security%20(microsoft.com)%3C%2FA%3E%20and%20%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f%22%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3ERansomware%20detection%20and%20recovering%20your%20files%20(microsoft.com)%3C%2FA%3E.%26nbsp%3B%3CDIV%3EWe%20customize%20the%20configuration%20based%20on%20the%20scenario.%20It%20would%20be%20helpful%20to%20know%20the%20configuration%20that%20you%20used%20during%20testing%20that%20caused%20failure.%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3EPlease%20let%20me%20know%20if%20this%20helps%20answer%20your%20question.%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

We are testing ATP defender for endpoints, we tested with knowbe4 ransim test software and ATP defender failed 20/23 scenarios. 

It very well could be a mis-configuration. Has anyone ran this tool? Are there recommended settings for ATP that need to be configured to block all forms of malware?

 

 

2 Replies

Hi @Jason_B1025

 

Here are some ransomware articles that may be useful: 
Protect your PC from ransomware (microsoft.com), Ransomware protection in Windows Security (microsoft.com) and Ransomware detection and recovering your files (microsoft.com)
We customize the configuration based on the scenario. It would be helpful to know the configuration that you used during testing that caused failure.
 
Please let me know if this helps answer your question.

 

Hello @Jason_B1025 - We have extensive guidance for protecting against ransomware at https://aka.ms/ransomware. I suggest downloading the Human Operated Ransomware Mitigation plan. In it you'll have endpoint specific protection guidelines on slide 14 and detection and response guidance on slide 21.