Not long ago, the news came out that the removable devices, such as USB flash drive can be protected with the Windows Defender Advanced Threat Protection. In this post, I’m going to illustrate how the protection works.
What Is Windows Defender ATP
The full name of Windows Defender ATP is Windows Defender Advanced Threat Protection, which is a platform designed by Microsoft to help enterprise networks do the following things:
- Prevent threats
- Detect potential threats
- Investigate the threats
- Respond to advanced threats
What if your files are deleted by Windows Defender? How to recover them?
You can experience many built-in technologies of Windows 10 and robust cloud service of Microsoft by using the Windows Defender ATP.
- Threat intelligence
- Cloud security analytics
- Endpoint behavioral sensors
- …
Windows 10 Update Debacle Influences Cisco & Morphisec Endpoints.
Windows Defender ATP Provides Protection for Removable Devices
In fact, the Windows Defender Advanced Threat Protection of Microsoft is a useful way to deal with threats and data protection involving removable devices, such as USB flash drive. Microsoft confirmed that you can get comprehensive protection over USB and removable devices so as to prevent threats and data loss thanks to Windows Advanced ATP.
How to secure your flash drive from cyber threats:
According to statistics, the malware and virus can be spread easily through removable devices like USB flash drives. Though there are lots of antivirus solutions to scan the drives, it is not enough. Comprehensive protection is a better choice.
How Windows Defender Advanced Threat Protection Works
With the help of Windows Defender ATP, you can get away from threats and data loss effectively. In this part, I will show you how the Windows Defender Advanced Threat Protection protects your data in different ways.
Way one: reduce the possible attack surface area. This is achieved by stop certain individuals/groups of people/machines from using the specified or all removable devices.
Way two: make use of advanced hunting function to detect plug-and-play connected events, so as to do following things:
- Identify suspicious usage.
- Conduct internal investigations.
- Create custom alerts by taking advantage of the custom detection rule feature.
Way three: enable the data loss prevention techniques, including Windows Information Protection and BitLocker.
Click to know more about BitLocker drive encryption recovery.
Way four: enable the threat protection techniques.
- Windows Defender Antivirus real-time protection (RTP): it is used to scan removable devices for malware
- Kernel DMA Protection for Thunderbolt to block Direct Memory Access (DMA): it is used until the user logs-on
- The Exploit Guard Attack surface reduction rule, which is able to block the untrusted & unsigned processes running from the USB drive
Block Unauthorized Data Access to USB Flash Drive
Yes, you are able to prevent your removable devices, such as USB flash drive, from being seen and interacted with without your permission. Besides, you can make it possible to stop certain users to get access to the certain and defined USB drives on certain machines.
What you can do with Windows Information Protection and BitLocker?
- Windows Information Protection: stop people from copying sensitive information and running files from unknown or untrusted apps. That is to say, it will ruin users’ attention to copy sensitive or confidential-marked data and the notification will be executed according to the level of enforcement.
- BitLocker: by turning BitLocker on, you’re able to secure your data on the lost or stolen USB flash drive from being accessed by malicious people. All the files that have been stored on the USB flash drive (which has been protected by BitLocker) will be encrypted automatically when people attempt to plug it into computer/other devices.
Though Windows Defender ATP is of great help, it is still sort of complex to know these things:
- The exact removable devices you should block.
- The exact time and people that shouldn’t use removable devices.