Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Can Anti-Viruses stop RATS that have their connection established?
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1049879"><p>Blocking risky file extension execution is a simpler and far more effective approach than a script emulator for home users. Because people pay for advanced protection they like to believe they don't need Windows build in protections. It is like saying, I don't need to run as standard user, because my security is so advanced I can run as Admin.</p><p></p><p>The risk surface for home use can be easily reduced by taking a few measures, for instance running SUA, blocking risky file extensions in user folders (Simple Windows Hardening) and allowing only known good (white listed) executables to execute (Configure Defender on MAX). Alternatively you could switch to a more restrictieve OS which does not allow the user to weaken security.</p><p></p><p>In the corporate environment the endpoint protection is not the problem, it is the user who is using that endpoint. Best in class security provides automated analysis of events on endpoints and provides signals when users are sloppy or fall into tricks. In these use cases a script emulator is a watch guard which provides valuable insights for the EDR-system.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1049879"] Blocking risky file extension execution is a simpler and far more effective approach than a script emulator for home users. Because people pay for advanced protection they like to believe they don't need Windows build in protections. It is like saying, I don't need to run as standard user, because my security is so advanced I can run as Admin. The risk surface for home use can be easily reduced by taking a few measures, for instance running SUA, blocking risky file extensions in user folders (Simple Windows Hardening) and allowing only known good (white listed) executables to execute (Configure Defender on MAX). Alternatively you could switch to a more restrictieve OS which does not allow the user to weaken security. In the corporate environment the endpoint protection is not the problem, it is the user who is using that endpoint. Best in class security provides automated analysis of events on endpoints and provides signals when users are sloppy or fall into tricks. In these use cases a script emulator is a watch guard which provides valuable insights for the EDR-system. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
