Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10/11
Message
<blockquote data-quote="Andy Ful" data-source="post: 927180" data-attributes="member: 32260"><p>Anyway, adding malware exclusions like in the case of the DeroHE ransomware payload (iobit.dll), can have an impact on malware persistence.</p><p>In most cases, the post-execution behavior-based detections in Microsoft cloud can detect the malware after some minutes. If the malware is not excluded, then the infection chain will be killed and the encryption will be often interrupted. If the malware is excluded in the meantime, then it will survive and the encryption will continue.</p><p>In the case of ransomware in the home environment, this is not so important because the user's files are often encrypted before post-execution detection will work. But in businesses, this difference can be crucial because there are much more data and the full encryption can last several hours.</p><p></p><p>So, adding malware exclusions can have two opposite causes:</p><ol> <li data-xf-list-type="ol">Negative for the attacker:<br /> Exclusions are suspicious and can increase the malware detection on the pre-execution stage. <strong>This can be an important disadvantage especially when advanced WD settings are enabled (like higher Cloud Protection Level or ASR rule "Use advanced protection against ransomware").</strong></li> <li data-xf-list-type="ol">Positive for the attacker: exclusions can increase the malware persistence.</li> </ol></blockquote><p></p>
[QUOTE="Andy Ful, post: 927180, member: 32260"] Anyway, adding malware exclusions like in the case of the DeroHE ransomware payload (iobit.dll), can have an impact on malware persistence. In most cases, the post-execution behavior-based detections in Microsoft cloud can detect the malware after some minutes. If the malware is not excluded, then the infection chain will be killed and the encryption will be often interrupted. If the malware is excluded in the meantime, then it will survive and the encryption will continue. In the case of ransomware in the home environment, this is not so important because the user's files are often encrypted before post-execution detection will work. But in businesses, this difference can be crucial because there are much more data and the full encryption can last several hours. So, adding malware exclusions can have two opposite causes: [LIST=1] [*]Negative for the attacker: Exclusions are suspicious and can increase the malware detection on the pre-execution stage. [B]This can be an important disadvantage especially when advanced WD settings are enabled (like higher Cloud Protection Level or ASR rule "Use advanced protection against ransomware").[/B] [*]Positive for the attacker: exclusions can increase the malware persistence. [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
