This is one of the cases where Helios will help.
Example: malicious HTA file is not detected by Defender.
Hash: 24ef77b150ff7ebc30d8cb7234fd2cec8a15a58128e8e2441e259b7d3de1e66c
Defender alone would not handle this malware.
Protections: MSHTA is blocked from accessing the web anyway, through Deep Firewall Control.
The script sets persistence.
Response:
View attachment 294617
Remediation terminates the process, deletes the persistence and the initial script (I will update the UI so it doesn't display "Quarantine" but "Process" and displays information what will happen on remediation.
Helios combines expertise in fileless and evasive malware detection with reputation from different providers on executables.