Data Defense is integrated with Microsoft Defender® and other Antivirus solutions registered with Windows Security Center adding additional protection in case of a threat or attack. Data Defense will initiate Active Lock if:
- Microsoft Defender detects a threat
- Microsoft Defender or Antivirus is shutdown or disabled
Testing:
Disabling Microsoft Defender or other Antivirus solution:
Attackers will often first disable the existing antivirus solution in order to make it easier to proceed with the attack. Data Defense constantly monitors the status of Microsoft Defender and other antivirus solutions and will initiate Active Lock when it is no longer running or has detected a threat. This section details the steps for exercising this sensor using Microsoft Defender but you can accomplish the same using whatever your antivirus solution.
Manually stopping Microsoft Defender:
Search in the start menu for “Virus & threat protection”. Select the item to open System Settings.
Select “Manage Settings”
Turn off Real-Time protection using the slider.
Select Yes to allow the action to complete.
Minimize the Windows Security window and return to the Data Defense dashboard. Note that ActiveLock was immediately engaged. When Activelock is engaged, all Secure Drives will be locked and protected files will require authentication regardless of protection level.
Return to the Windows Security window and re-enable Real-time.
Click Yes to allow the operation to complete.
The security status is now clear. Notice the Cigent icon in the tray has returned to normal.
