Microsoft recently highlighted a scheme to infect tax accounting firm with malware. The criminal intent is that once the tax accountant has been infected that it will not only provide access to a treasure trove of information to be potentially used for identity theft on their clients but that they may also have access to business customers data too which the criminals may be able to leverage.
Fortunately, Defender protects against this when configured correctly. In addition to the Defender for Endpoint sensor installation, Attack Surface Reduction rules and certain anti-virus configurations should also be deployed.
Attack Surface Reduction Rules
Add these two rules:
- Block executable files from running unless they meet a prevalence, age, or trusted list criterion
- Block JavaScript or VBScript from launching downloaded executable content
Open the Endpoint Manager admin console from https://endpoint.microsoft.com, then navigate to Endpoint security, Attack Surface Reduction rules.
Review your rules and make sure that the two above are included and set to Block.
Configure Defender Anti-Virus
Add these two configurations:
- Enable Microsoft Defender Antivirus scanning of downloaded files and attachments
- Enable cloud-delivered protection
Open the Endpoint Manager admin console from https://endpoint.microsoft.com, then navigate to Endpoint security, Antivirus.
Create or review your anti-virus policy. Set the items above in the Defender configuration section as shown below.
If you like this content please join our Endpoint Manager, Lighthouse & Defender group. https://www.facebook.com/groups/endpointmanager
If you’d like to read more about configuring Intune endpoint manager, you can find more blog posts here.
All we do is support IT professionals. Microsoft 365 technical assistance, Super Secret News, Security community, MSP Legislation community, EndPoint, Defender and Lighthouse community, Peer groups, Kits, papers, Business consulting and more. https://www.thirdtier.net