- Dec 23, 2014
- 8,598
But sometimes they do. A video was published on Dec 26 (Defender excluding ransomware), and on the following day:
Infected by Loki ransomware
I can guess you have in mind the "Defender exclusions" issue. But in this case, the Defender exclusions were not the cause of the infection, but happened after the infection. We can expect that the infected computer with added exclusions can be "more compromised" compared to the infection without exclusions. But this is not necessarily true, because there are tenths of similarly (or more) dangerous techniques (the computer was infected with high privileges). We can also expect that by using exclusions, the attacker did not use another dangerous technique that could be used in the case of another AV. There is no evidence, that "exclusions" are more efficient or used more frequently than other possible techniques. Finally, the user did not post that exclusions caused another infection. So, there is no evidence, that this example is more than another "Ebola case".
As we know, Loki ransomware can infect computers protected by any popular AV on default settings.
Edit.
Of course, popular AVs on default settings cannot protect against many fresh malware samples (Loki ransomware is only an example).
Last edited: