Category: Use Case 
Module: Defender Management
Testing Time: 30 min

This use case shows you how Microsoft Defender Antivirus works hand-in-hand with the DriveLock Zero Trust platform and its associated prevention tools. 

1. What is the use case about? 

With DriveLock Defender Antivirus, you can configure sttings related not only to malware protection, but also some advanced options for running programs. By integrating Microsoft Defender into DriveLock, you only need the DriveLock Management Console or the fully managed Security Service to configure the system. This makes it much easier to implement and coordinate with the more powerful security features of DriveLock Application Control. Combined with DriveLock interface control, unlocking external drives for users is linked to a detailed scan result: In case Microsoft Defender Antivirus detects malware, they will not be unblocked. Advanced automation is available when combined with DriveLock Endpoint Detection and Response (EDR). When Microsoft Defender Antivirus detects a threat, for example, the computer can be shut down using a script; or a DriveLock security campaign can be automatically initiated containing the next steps. 

2. How does it affect your client computer?

With the policy 50 - Native Security, DriveLock Microsoft Defender integration is enabled. Archive files, e.g. ZIP or PAR files, will be scanned.

Additionally, attack surface reduction rules are employed, to prevent execution of potentially hidden scripts, theft of authentication details from the Windows Local Security Authority subsystem, Office applications in terms of executable content creation, or execution of untrusted or unsigned processes from USB.

3. How to monitor the results in the DOC?

The Microsoft Defender dashboard provides an overview of the security situation and possible threats in your company.

Detected threats can be analyzed in more detail and, if required, notifications for false positives or irrelevant messages can be suppressed. 

Reports can also be created in the DOC and downloaded as PDFs or emailed at specified times, allowing you to keep track of important details on a regular basis.

You can either use the template or create a custom report. Under the menu item Analytics > Reports click on Configure new report, enter a name and select the dashboard template.

To edit the report, switch to edit mode in the upper right corner and then click the gear icon of the particular row or widget you want to configure.

Here you can change the display properties or filters depending on the widget type.

If you want to add a new widget, there are many pre-configured widgets available.

In the Settings area, various actions are available, such as notification in the web console or sending the report by e-mail on a specified schedule.