Windows Defender Antivirus Utility as Part of the Incident Response Process

Assess and document the uses of the Windows Defender Antivirus utility as part of the incident response process.

Windows defenders is an antivirus program that is available on Windows operating system. The software is used to detect, analyze and prevent any form of malware on a computer. Hence Sifers-Grayson can use the tool in their incident response process. It is complex to perform an incidence response and tools such as windows defender come in handy to help in the process (Cichonski, 2012). A good incident response plan consists of a protection mechanism to prevent incidents, a detection mechanism to early detect malware and a response mechanism to block the intruder (Microsoft, 2017a). One of the features that make Windows defender an excellent tool for incident response is the update feature. When a computer is connected to the internet, users can update their antivirus to protect their devices. The second feature is the presence of real-time and cloud-based protection. It helps to protect the device from malware at all the time. The third feature is the notification section. It helps to warn the user of any malware present in the system or in tools they are using in various websites.

To perform a system scan, the user needs to click the windows button, search for windows defender, select windows defender. Under home menu, there are radio buttons that one needs to click. After selecting a full scan, they should click the scan now button. Windows defender will scan all the files in the computer. That is the same procedure for other types of scans, i.e. quick and custom. To scan removable devices, the user needs to select the custom radio button, select the device then click the scan now button. One way windows defender can be used in the incident response and recovery process is in detecting the entry point of the malware. The user can then block the entry point to prevent more consequences that can be caused by malware. The second use of the tool is in detecting real-time intrusion attempt in a device. It has a feature to provide real-time protection from intrusion, and the user can turn it on or off, therefore, determine the protection state of the device (Microsoft, 2017b). The third use is analyzing data to determine the presence of any malware and deleting infected files. That is done using the full, quick and custom scan present in the home menu of windows defender. The fourth way is by isolating file that was detected to have malware but was not deleted from the system. It has a quarantine feature that isolates a file that is detected to have been infected. The fifth way is scanning any removable devices. Since removable devices pose a threat to the security of the computer, they can be scanned to prevent any file from being corrupted. The last way is providing an event log for incident reporting information. The log contains information to about the malware thus can be used to prevent future attacks of a similar malware.

Windows defender is a great tool that can be used by Sifers-Grayson in their incident response process. The tool only requires being updated from time to time to provide better protection to devices and data in the organization. It is free and easy to use hence the organization can train the employees to use it, and it will ensure confidentiality, integrity and availability aspect of security are achieved.

Assess and document the uses of the Windows Defender SmartScreen utility as part of the incident response process.

Windows Defender SmartScreen is available for devices having windows 10 and for mobile devices. The tool protects the user when they visit websites that have been reported to contain malware or does phishing (Microsoft, 2017c). During the incident response process, the tool can be used in detecting and blocking a bad website. That helps to protect the use and the organization from any data breach that can be done by intruders using the bad websites. Bad applications are also detected and blocked by the tool. Windows Defender SmartScreen will warn the user of the on any bad downloads or attempt to install an infected app, therefore, protect their data (Microsoft, 2017d). The tool can also be used to detect and report any malicious website or web page. From the report, the administrator can block the websites, application and web pages containing malware therefore protecting users who will try to access them in future. Windows Defender SmartScreen also provides an event log of the list of malware detected. The feature offers incident reporting information that can be used in the organization to prevent further attack and secure systems.

The benefits Windows Defender SmartScreen offers include proving anti-malware and anti-phishing support, application and URL protection, always up to date and it is integrated into the operating system. The feature is available on the latest version of Windows 10 hence users using older versions on Windows may continue to be vulnerable to attacks. The updates can be found once the user updates the who system and they will automatically install in the device. Sifers-Grayson should use this too as it helps users to detect and prevent websites and applications containing malware, therefore, an essential tool in the incident response process. The tool is readily available in the latest versions of Windows 10. Hence users should update their OS to get better benefits of the tool. For the organization to benefit from the tool, employees also need to be trained on how to identify malware and report them to the administrator for checking. Using the tool will benefit the organization as it will help to eliminate some of the security vulnerabilities.

References

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident

handling guide. NIST Special Publication, 800(61), 1-147.

Microsoft. (2017a). Responding to IT security incidents. Retrieved from

https://docs.microsoft.com/en-us/azure/security-center/security-center-incident-response

Microsoft. (2017b). The Windows Defender Security Center App. Retrieved from

https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-security-center/windows-defender-security-center

Microsoft. (2017c). Windows Defender SmartScreen. Retrieved. Retrieved from

https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview

Microsoft. (2017d). Windows Defender SmartScreen FAQ. Retrieved from

https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview