Stopping attacks that use SLK files
Published Feb 15 2018 05:12 PM 1,730 Views

New attacks that hide behind SLK or symbolic link files to launch malicious content from Excel are handily caught by Windows Defender ATP as malicious behavior. Yes, we flag bad behaviors, .slk or otherwise.




To block attacks that use SLK with DDE, disable DDE and turn on Attack surface reduction in Windows Defender Exploit Guard.

Version history
Last update:
‎Feb 18 2018 03:51 PM
Updated by: