Reverse, Reveal, Recover: Windows Defender Quarantine Forensics

Max Groot Erik Schamper TL;DR Introduction During incident response engagements we often encounter antivirus applications that have rightfully triggered on malicious software that was deployed by threat actors. Most commonly we encounter this for Windows Defender, the antivirus solution that is shipped by default with Microsoft Windows. Windows Defender places malicious files in quarantine upon […]

antivirus applications default defender files forensics incident incident response introduction malicious malicious software microsoft microsoft windows places quarantine recover response reveal reverse software solution threat threat actors windows windows defender