Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
How I got infected last time thread
Message
<blockquote data-quote="SeriousHoax" data-source="post: 1017789" data-attributes="member: 78686"><p>A good place to add the comment I was thinking about making which is, you guys know Microsoft Defender's cloud protection has a Block/Zero tolerance level and also there's an ASR rule named "Block executable files from running unless they meet a prevalence, age, or trusted list criterion". </p><p>Now these two, specially with the ASR rule, you would think Microsoft Defender would simply block any PE file that's not trusted/prevalent but either of the two can not block this huge file sized malware. It simply can not check these huge files with its cloud database. There must be a certain size limit which hinders Microsoft Defender, and it let these swollen malware files get executed on the system anyway. </p><p>If separate small sized payloads are downloaded or complied by the malware then most of them are likely to get detected by Microsoft Defender but if the large file itself is something that steals your data then Microsoft Defender even with the cloud level and ASR rule can not help. Those who are using these two rules, keep this in mind.</p><p>These malware are spread from fake crack websites, YouTube or malvertisements, so barely anyone in this forum is likely to be fallen for these, but always check the size of a newly downloaded file before running it, just in case. </p><p>My File Explorer is set in Details mode, and I've been using it like this for many years now, so the file size is something that I notice by default in most situations.</p></blockquote><p></p>
[QUOTE="SeriousHoax, post: 1017789, member: 78686"] A good place to add the comment I was thinking about making which is, you guys know Microsoft Defender's cloud protection has a Block/Zero tolerance level and also there's an ASR rule named "Block executable files from running unless they meet a prevalence, age, or trusted list criterion". Now these two, specially with the ASR rule, you would think Microsoft Defender would simply block any PE file that's not trusted/prevalent but either of the two can not block this huge file sized malware. It simply can not check these huge files with its cloud database. There must be a certain size limit which hinders Microsoft Defender, and it let these swollen malware files get executed on the system anyway. If separate small sized payloads are downloaded or complied by the malware then most of them are likely to get detected by Microsoft Defender but if the large file itself is something that steals your data then Microsoft Defender even with the cloud level and ASR rule can not help. Those who are using these two rules, keep this in mind. These malware are spread from fake crack websites, YouTube or malvertisements, so barely anyone in this forum is likely to be fallen for these, but always check the size of a newly downloaded file before running it, just in case. My File Explorer is set in Details mode, and I've been using it like this for many years now, so the file size is something that I notice by default in most situations. [/QUOTE]
Insert quotes…
Verification
Post reply
Top