Windows 10 Defender Won't Start After Malware or Ransomware
-
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@Dashrender said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
I would think that Windows 10 Defender should continue working during and after malware or ransomware. Rather than just giving up and not operating.
No application keeps working once it has been disabled.
Nothing on the computer works if Defender is disabled? I've not seen that before.
"Application" is the antecedent. Not "Defender."
i.e. the ransomware disabled Defender
Or Sophos did. Hard to tell. We saw the same disablement where there was no infection.
What version of Sophos? and did it have Intercept X?
Didn't check, but probably older. We were just removing it.
I was just asking as we use Sophos and we have seen advert some ransomware or other infections pretty much all the time. So it would be cool to know which ransomware variant was causing this.
-
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@Dashrender said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
I would think that Windows 10 Defender should continue working during and after malware or ransomware. Rather than just giving up and not operating.
No application keeps working once it has been disabled.
Nothing on the computer works if Defender is disabled? I've not seen that before.
"Application" is the antecedent. Not "Defender."
i.e. the ransomware disabled Defender
Or Sophos did. Hard to tell. We saw the same disablement where there was no infection.
What version of Sophos? and did it have Intercept X?
Didn't check, but probably older. We were just removing it.
I was just asking as we use Sophos and we have seen advert some ransomware or other infections pretty much all the time. So it would be cool to know which ransomware variant was causing this.
Sophos is the primary thing causing this issue for us. It crippled Windows so that even if you removed it, other AV would keep breaking. Really makes me wary of Sophos.
-
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@Dashrender said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
I would think that Windows 10 Defender should continue working during and after malware or ransomware. Rather than just giving up and not operating.
No application keeps working once it has been disabled.
Nothing on the computer works if Defender is disabled? I've not seen that before.
"Application" is the antecedent. Not "Defender."
i.e. the ransomware disabled Defender
Or Sophos did. Hard to tell. We saw the same disablement where there was no infection.
What version of Sophos? and did it have Intercept X?
Didn't check, but probably older. We were just removing it.
I was just asking as we use Sophos and we have seen advert some ransomware or other infections pretty much all the time. So it would be cool to know which ransomware variant was causing this.
Sophos is the primary thing causing this issue for us. It crippled Windows so that even if you removed it, other AV would keep breaking. Really makes me wary of Sophos.
There is a removal tool for this... AV are meant to not be tampered with which is probably what Sophos did. That is one thing that Sophos does, there is no way to properly uninstall it without a tamper protection password or removal.
-
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@Dashrender said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
I would think that Windows 10 Defender should continue working during and after malware or ransomware. Rather than just giving up and not operating.
No application keeps working once it has been disabled.
Nothing on the computer works if Defender is disabled? I've not seen that before.
"Application" is the antecedent. Not "Defender."
i.e. the ransomware disabled Defender
Or Sophos did. Hard to tell. We saw the same disablement where there was no infection.
What version of Sophos? and did it have Intercept X?
Didn't check, but probably older. We were just removing it.
I was just asking as we use Sophos and we have seen advert some ransomware or other infections pretty much all the time. So it would be cool to know which ransomware variant was causing this.
Sophos is the primary thing causing this issue for us. It crippled Windows so that even if you removed it, other AV would keep breaking. Really makes me wary of Sophos.
There is a removal tool for this... AV are meant to not be tampered with which is probably what Sophos did. That is one thing that Sophos does, there is no way to properly uninstall it without a tamper protection password or removal.
That's how we describe ransomware!
Getting Sophos to stop scanning isn't an issue, it's getting Sophos to allow legitimate scanning is the issue!
-
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@Dashrender said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
I would think that Windows 10 Defender should continue working during and after malware or ransomware. Rather than just giving up and not operating.
No application keeps working once it has been disabled.
Nothing on the computer works if Defender is disabled? I've not seen that before.
"Application" is the antecedent. Not "Defender."
i.e. the ransomware disabled Defender
Or Sophos did. Hard to tell. We saw the same disablement where there was no infection.
What version of Sophos? and did it have Intercept X?
Didn't check, but probably older. We were just removing it.
I was just asking as we use Sophos and we have seen advert some ransomware or other infections pretty much all the time. So it would be cool to know which ransomware variant was causing this.
Sophos is the primary thing causing this issue for us. It crippled Windows so that even if you removed it, other AV would keep breaking. Really makes me wary of Sophos.
There is a removal tool for this... AV are meant to not be tampered with which is probably what Sophos did. That is one thing that Sophos does, there is no way to properly uninstall it without a tamper protection password or removal.
That's how we describe ransomware!
Getting Sophos to stop scanning isn't an issue, it's getting Sophos to allow legitimate scanning is the issue!
I can see where it resembles the behavior of a ransomware, same will be for Webroot, they are extremely hard to remove unless you go to SafeMode to remove them. That is one of the ways the combat said ransomware or Malware.
-
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@Dashrender said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
I would think that Windows 10 Defender should continue working during and after malware or ransomware. Rather than just giving up and not operating.
No application keeps working once it has been disabled.
Nothing on the computer works if Defender is disabled? I've not seen that before.
"Application" is the antecedent. Not "Defender."
i.e. the ransomware disabled Defender
Or Sophos did. Hard to tell. We saw the same disablement where there was no infection.
What version of Sophos? and did it have Intercept X?
Didn't check, but probably older. We were just removing it.
I was just asking as we use Sophos and we have seen advert some ransomware or other infections pretty much all the time. So it would be cool to know which ransomware variant was causing this.
Sophos is the primary thing causing this issue for us. It crippled Windows so that even if you removed it, other AV would keep breaking. Really makes me wary of Sophos.
There is a removal tool for this... AV are meant to not be tampered with which is probably what Sophos did. That is one thing that Sophos does, there is no way to properly uninstall it without a tamper protection password or removal.
That's how we describe ransomware!
Getting Sophos to stop scanning isn't an issue, it's getting Sophos to allow legitimate scanning is the issue!
I can see where it resembles the behavior of a ransomware, same will be for Webroot, they are extremely hard to remove unless you go to SafeMode to remove them. That is one of the ways the combat said ransomware or Malware.
Yeah, except the Sophos got infected as one of our "ground zero" machines, and it looks like Sophos' behaviour might have been a contributing factor to the broader spread of it.
-
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@Dashrender said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
I would think that Windows 10 Defender should continue working during and after malware or ransomware. Rather than just giving up and not operating.
No application keeps working once it has been disabled.
Nothing on the computer works if Defender is disabled? I've not seen that before.
"Application" is the antecedent. Not "Defender."
i.e. the ransomware disabled Defender
Or Sophos did. Hard to tell. We saw the same disablement where there was no infection.
What version of Sophos? and did it have Intercept X?
Didn't check, but probably older. We were just removing it.
I was just asking as we use Sophos and we have seen advert some ransomware or other infections pretty much all the time. So it would be cool to know which ransomware variant was causing this.
Sophos is the primary thing causing this issue for us. It crippled Windows so that even if you removed it, other AV would keep breaking. Really makes me wary of Sophos.
There is a removal tool for this... AV are meant to not be tampered with which is probably what Sophos did. That is one thing that Sophos does, there is no way to properly uninstall it without a tamper protection password or removal.
That's how we describe ransomware!
Getting Sophos to stop scanning isn't an issue, it's getting Sophos to allow legitimate scanning is the issue!
I can see where it resembles the behavior of a ransomware, same will be for Webroot, they are extremely hard to remove unless you go to SafeMode to remove them. That is one of the ways the combat said ransomware or Malware.
Yeah, except the Sophos got infected as one of our "ground zero" machines, and it looks like Sophos' behaviour might have been a contributing factor to the broader spread of it.
Okay, again this your scenario in which I don't know what is going on. It is hard to see Sophos spreading this. but maybe you mean it allowed the ransomware to be spread because it did not do anything, correct?
-
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@dbeato said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@Dashrender said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@DustinB3403 said in Windows 10 Defender Won't Start After Malware or Ransomware:
I would think that Windows 10 Defender should continue working during and after malware or ransomware. Rather than just giving up and not operating.
No application keeps working once it has been disabled.
Nothing on the computer works if Defender is disabled? I've not seen that before.
"Application" is the antecedent. Not "Defender."
i.e. the ransomware disabled Defender
Or Sophos did. Hard to tell. We saw the same disablement where there was no infection.
What version of Sophos? and did it have Intercept X?
Didn't check, but probably older. We were just removing it.
I was just asking as we use Sophos and we have seen advert some ransomware or other infections pretty much all the time. So it would be cool to know which ransomware variant was causing this.
Sophos is the primary thing causing this issue for us. It crippled Windows so that even if you removed it, other AV would keep breaking. Really makes me wary of Sophos.
There is a removal tool for this... AV are meant to not be tampered with which is probably what Sophos did. That is one thing that Sophos does, there is no way to properly uninstall it without a tamper protection password or removal.
That's how we describe ransomware!
Getting Sophos to stop scanning isn't an issue, it's getting Sophos to allow legitimate scanning is the issue!
I can see where it resembles the behavior of a ransomware, same will be for Webroot, they are extremely hard to remove unless you go to SafeMode to remove them. That is one of the ways the combat said ransomware or Malware.
Yeah, except the Sophos got infected as one of our "ground zero" machines, and it looks like Sophos' behaviour might have been a contributing factor to the broader spread of it.
Okay, again this your scenario in which I don't know what is going on. It is hard to see Sophos spreading this. but maybe you mean allowed it to be spread because it did not do anything, correct?
Right. It looks like because Sophos appears to have caused the legitimate antivirus to turn on, then immediately disable when the admin looked away, they thought that they were protected, but Sophos was regularly disabling the AV putting them at risk.
-
On its own, where Sophos was the AV that was supposed to be running, it failed to stop the virus. That's not a huge thing, it's not the only AV that failed on that. No AV is perfect and they depend on the OS to be well configured to do their job. But it wasn't successful at protecting even where it was fully installed and running.
-
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
On its own, where Sophos was the AV that was supposed to be running, it failed to stop the virus. That's not a huge thing, it's not the only AV that failed on that. No AV is perfect and they depend on the OS to be well configured to do their job. But it wasn't successful at protecting even where it was fully installed and running.
Understood, good to see the clear picture as I am trying to see both sides of what is good and what is not.
-
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
On its own, where Sophos was the AV that was supposed to be running, it failed to stop the virus. That's not a huge thing, it's not the only AV that failed on that. No AV is perfect and they depend on the OS to be well configured to do their job. But it wasn't successful at protecting even where it was fully installed and running.
Traditional A/V is dead. It's a legal placebo.
What it's replacement is beyond user training and termination for doing something they shouldn't is beyond me at this point.
-
@PhlipElder said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
On its own, where Sophos was the AV that was supposed to be running, it failed to stop the virus. That's not a huge thing, it's not the only AV that failed on that. No AV is perfect and they depend on the OS to be well configured to do their job. But it wasn't successful at protecting even where it was fully installed and running.
Traditional A/V is dead. It's a legal placebo.
This is why I like Defender. A placebo should be free and not get in the way.
-
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
@PhlipElder said in Windows 10 Defender Won't Start After Malware or Ransomware:
@scottalanmiller said in Windows 10 Defender Won't Start After Malware or Ransomware:
On its own, where Sophos was the AV that was supposed to be running, it failed to stop the virus. That's not a huge thing, it's not the only AV that failed on that. No AV is perfect and they depend on the OS to be well configured to do their job. But it wasn't successful at protecting even where it was fully installed and running.
Traditional A/V is dead. It's a legal placebo.
This is why I like Defender. A placebo should be free and not get in the way.
We were working with a contractor that uses AVG's RMM setup (I think it's been sold now).
WDAV flagged the executable as a virus and clamped it down a few days later. That freaked me right out so we went through a process with AVG to figure out what was happening.
WDAV started flagging all of our RMM .EXE files. That's when it became clear that they were false positives. But, that does not make up for the stress that happened initially.
-
@Danp said in Windows 10 Defender Won't Start After Malware or Ransomware:
@RojoLoco Click the link and read for yourself. Also this -- https://www.cybereason.com/hubfs/ransomfree-EOL-message.pdf
Well damn...