To restate to see if I understand, I can get Defender for Business, but unless it is plugged into MS analysis, there's no point...? When my wife worked for university, she did some work from home even before covid, and univ used MS business managed by univ IT. I saw it but never looked at it closely. I'll look at the link, thanks.
It provides the analysis, this is the benefit of it.
Now I have some idea of "why_not" after about 45 mins mucking around in MS Defender for Business. Relatively easy for MS to get my payment info. Beyond that... yikes! I thought it would be ok, download this, answer a few questions, and Defender Biz is up & running. NO!!... First answer 1000 questions, then good luck figuring out how to deploy, then download a file only to be blocked by Edge SmartScreen -- downloading security file from MS, blocked?? Only relevant to this thread since Di is made to run with Defender Biz. I may do better after dark with a little more coffee, or not
I have 30 day free trial to get it deployed to one win10.
I think that's simply overkill and not needed on a home environment. No offence intended, but even Deep Instinct is too complex for many home users. I think you are absolutely good to go with Deep Instinct only.
There is nothing wrong with that. Yet, it's not worth it spending even more money on enterprise security software.
AGREE, and now I know having been there for an hour or 2.
(you don't know what you don't know until you know...)
Definitely, majority of capabilities are of 0 value when you have one or few machines. For example what is the benefit of threat hunting when there is little chance of lateral movement and you can just go on the other PC and check yourself.There is nothing wrong with that. Yet, it's not worth it spending even more money on enterprise security software.
Paloalto is one of the few I contacted after the developer himself made the demo for me directly, but unfortunately they said the minimum purchase for paloalto traps is 100 devices... So I didn't get it.
Cybereason | Partners & resellers
Authorised Partner for Cybereason. ✓ Request pricing ✓ Technical support ✓ Certified experts.www.nomios.co.uk
Enterprise Cyber Security
Secure your business's future with Babble's Enterprise Cyber Security. Trust in our industry-leading approach to keep your enterprise protected.activereach.net
They have a lot of different partners in the UK, but not sure about your region. Cybereason is difficult to purchase as a single license (many won’be willing to deal) because they are used to EDRs being on demand from large businesses.
I am very interested in Paloalto, Check Point and Sentinel One. Check Point I have already contacted reseller, the rest will be at a later stage. In my opinion, these are the best. CrowdStrike is good, but overrated.
live and learn (learning the hard way today...Definitely, majority of capabilities are of 0 value when you have one or few machines. For example what is the benefit of threat hunting when there is little chance of lateral movement and you can just go on the other PC and check yourself.
current situation here is not Di fault)
I mean Run By Smartscreen is user dependent and doesn't automatically check PE files if you run them. You have to manually check them through the context menu. I think it's not really necessary but definitely doesn't hurt either. If you have SAC enabled on your Windows 11 machine, then its redundant.
forgot to mention stuck in win10 if and until I invest in some hardware. past 22 days, Di has been smooth and quiet on both physical & virtual machines.
@Trident, I don't recall the context for "VT situation"
Meaning different results between VT and user pc running Di (ditto other av too...)? IIRC a week or 2 ago, Di was near the bottom of the listings with sandbox scanners, yes? I notice today it is in its alphabetical place among other av. If the "VT situation" is more elaborate, please enlighten us (me ) if you have time.
It was reported here by some users (@Kongo and @Shadowra) that DI detects malware on VT but on their PCs it does not. I sent email to DI back then and they didn’t hear from me so they called me. So this is what they’ve told me, I suspected it was that anyway.@Trident, I don't recall the context for "VT situation"
I assume I have to try to compare & analyze the ps scripts. Does a suspicious flag equal a false positive? fwiw VT DeepIn sees compattelrunner as clean. So it must be Behavioral related to the script itself, ie, I assume that not the same ps script runs every morning...?
