Loading...
 
Skip to main content

DRAFT

Africa ICT Services Antivirus Recommendations:  Microsoft Defender (antivirus) IS GOOD ENOUGH FOR MOST USERS

We recommend you purchase ESET anti-malware software:

1. If you need to automatically scan all files on a USB drive or in a folder.

2. If your users' internet connection is often slow and unreliable.

Otherwise, if you do not have the above challenges, SIL Africa ICT Services considers Microsoft Defender, the free anti-malware protection packaged with Windows 10 & 11, to provide good enough security for most end-user workstations.

Please refer to our official policy page on anti-malware software for more information.

Defender Information:

  1. The most important feature in any Internet security suite is the antivirus that protects you from malware, and this is Defender‘s focus.
  2. A good antivirus program like Defender doesn’t need any help doing its job, so you can leave it alone. It automatically runs in the background, scanning every file, monitoring all the running processes, ensuring that no malicious processes are running. When you download a file or open a program, Defender steps in, examining the file before allowing it to run.
  3. You can verify that Defender is running by searching for “Windows Security”. The Virus & threat protection will have a green check mark if Defender is running.
  4. This 2022 article shows that Defender works best when it has an internet connection while scanning for threats; without this, it detects less malware. ESET works better than Defender for off-line protection.

You can consider improving Chrome’s Security with two additional extensions and a few setting changes.

If you need to deal with malware which is interfering directly with Windows Defender we recommend scanning with Malwarebytes Free.
Please note that Malwarebytes Free does not provide real-time protection - once the malware has been removed, you should still use Windows Defender. See Malwarebytes Free Review for more information.

Ransomware Protection

In addition to Defender’s behavioral detection, Windows has added a ransomware protection feature called *Controlled Folder Access* that only allows specified applications to make changes to your personal files in data folders like Documents, Pictures, and Desktop and whatever other folders you designate. Controlled Folder Access will keep your files from being changed (i.e. encrypted) but will not protect them from malware viewing and copying them. This feature will not be accessible if you are using other security software like ESET.

Controlled Folder Access is off by default and must be turned on. Then standard Windows applications will be automatically added to the approved list, so they can have access to the controlled folders. But you will have to add your personal applications to the approved application list as you start to use them. 

The Windows Firewall

A firewall sits between your computer (or local network) and another network like the Internet. It controls the incoming and outgoing network traffic.The firewall’s rules determine which traffic is allowed through and which isn’t.

A firewall’s main security purpose is blocking unsolicited incoming network traffic, but it also:

  1. Analyzes outgoing traffic to ensure no malware was communicating through the network.
  2. Monitors employee’s network use.
  3. Filters traffic.

It is important to make sure the software firewall is enabled, even if you have a hardware firewall in your entity, especially for laptops. Laptop can be used outside of your LAN, and must have a software firewall on in this case.

Windows has built-in firewall software. You can check that the Windows Firewall is running in “Windows Security”. The Firewall & network protection will have a green check mark if the Windows Firewall is running.

By default, Microsoft Defender Firewall (in Windows 10 & 11) blocks all incoming traffic, unless solicited or matching a rule and allows all outgoing traffic, unless matching a rule.

Understanding Windows Firewall Network Profiles. Windows Firewall provides three distinct network profiles: Domain, Private, and Public. These profiles help in assigning specific rules for network traffic.

  • Domain Network Profile: This profile is automatically applied to devices connected to an Active Directory domain when a domain controller is detected. It cannot be set manually.
  • Private Network Profile: Designed for trusted networks like your home network, this profile offers moderate security while allowing easier file and printer sharing.
  • Public Network Profile: This profile is designed with higher security in mind for public networks such as Wi-Fi hotspots, coffee shops, airports, and hotels. It is the default profile for unidentified networks to prevent unauthorized access.

Allowing applications through the firewall. To permit a specific application to communicate over a network, in Firewall, select “Allow an app through firewall.” Click “Change settings.” Check the boxes for Private and Public networks next to the desired application to enable it through the firewall.

If the application you want to allow is not listed, you can add it manually: Click “Allow another app.” Browse to the application's executable file and select it.

You can also add exceptions in the command line. This is an example of a command you might want to run to allow the computer to answer a ping command:

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow

If you want to block the ICMP echo, simply enter:

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=bloc

You can enable “Shields Up” mode to ignore all exceptions. You can enable that mode by ticking the checkbox next to Blocks all incoming connections, including those in the list of allowed apps, under Public Network, Incoming connections. 

Restoring Firewall Settings for Enhanced Security. If you suspect that a malware has tampered with your firewall settings, restoring it to its default state can help ensure your system is secure. In Firewall, you can select “Restore firewalls to default.”

By managing these settings, you can maintain robust security while allowing necessary applications to function properly on your network.

Sometimes Firewall or Antivirus protection might prevent software from working correctly. You might want to check this condition by temporarily disabling the protection and checking if this solves the issue. For example, for those using Eset, there has been an issue with ESET crashing SSL certificates, for example in Thunderbird. To solve this issue go to Advanced setup\Protections\SSL-TLS enable and then disable SSL/TLS.

Your router actually behaves like a hardware firewall due to its NAT (network address translation) feature, preventing unsolicited incoming traffic from reaching your computers and other devices behind your router. But it is important to install a real hardware firewall for your entity.

Africa ICT Services network firewall recommendations

Firewalla

 

Firewalla is a good firewall for most SIL and Alliance offices in Africa.

Africa ICT Services recommends Gold or Purple.

If you need 2 WAN connections, get Gold.

If you need 2 or more LANs, get Gold.

Otherwise, Purple is enough.

Africa ICT Services can provide technical support for Firewalla.

More Resources:

SIL Information Security Training for End Users:  Secure Your Devices

 

You might like to view this video

Configuring Windows Firewall

Endpoint Protection

Malware 

Malware and Ransomware

Anti-Malware Tools

Defender Antivirus

Windows Firewall

Removing Malware

An Overview of Malware

Viruses and Worms 

Trojans and RATs 

Rootkits

Spyware

Bots and Botnets

Logic Bombs




 

Contributors to this page: admin .
Page last modified on Tuesday March 4, 2025 10:27:46 GMT-0000 by admin.
Show PHP error messages