Anti-virus software

Anti-virus software #

 
Viruses, spyware and other malicious software or malicious code (malware) can stop your computer working properly, delete or corrupt your files, steal information, or allow others to access your computer and your personal or business information.

The consequences of a malware infection can be serious and far-reaching, from losing access to your files or becoming a victim of identity theft and fraud.

Use anti-virus software #

Viruses, spyware and other malicious software or malicious code (malware) can stop your computer working properly, delete or corrupt your files, steal information, or allow others to access your computer and your personal or business information.

 

Installing anti-virus software can help keep you safe online.

Your computer can be infected by malware in a number of ways, including:

  • clicking on false website links
  • visiting websites that have been infected by malware
  • downloading infected apps and files from the internet
  • opening infected email attachments. 

When you first install anti-virus software on a device, run a ‘full scan’ of the system to ensure there are no pre-existing virus infections, and then set up regular scans.


Important: Install anti-virus software on all devices and set the software to automatically check for updates on a daily basis.

Choosing anti-virus software #

Viruses, spyware and other malicious software or malicious code (malware) can stop your computer working properly, delete or corrupt your files, steal information, or allow others to access your computer and your personal or business information.

Anti-virus solutions differ in effectiveness and the range of malware types they cover. Before choosing an anti-virus product, consider reviews on reputable and trustworthy websites or magazines.

At a minimum, all anti-virus software should provide:

  • protection and detection capabilities for malware, adware and spyware
  • comprehensive anti-virus scanning. 

Some anti-virus products may also include:

  • a site adviser so your browser alerts you when visiting a suspicious or dangerous website
  • malware protection with an integrated firewall. 

Note if you install an anti-virus product with firewall functionality, you may need to disable your operating system’s built-in firewall. See your anti-virus and operating system vendor for more details.

Before choosing an anti-virus product, consider reviews on reputable and trustworthy websites or magazines.

Turning on Ransomware Protection for Microsoft Windows 10 #

Viruses, spyware and other malicious software or malicious code (malware) can stop your computer working properly, delete or corrupt your files, steal information, or allow others to access your computer and your personal or business information.

Ransomware attacks are typically delivered to a user via a malicious but legitimate looking email link or attachment. When the user opens the ransomware it will typically encrypt a user’s files, then demand a ransom to restore access – typically payable using cryptocurrency, like Bitcoin.

Certain malware that locks down your computer and files until a ransom is paid

Ransomware attacks are typically delivered to a user via a malicious but legitimate looking email link or attachment. When the user opens the ransomware it will typically encrypt a user’s files, then demands a ransom to restore access – typically payable using cryptocurrency, like Bitcoin.

Money

Ransom, an age-old and effective crime, is now being committed online. Ransomware offers cybercriminals a low-risk, high-reward income. It is easy to develop and distribute. Also in cybercriminals’ favour, most small businesses are unprepared to deal with ransomware attacks.

Never pay a ransom

You are not guaranteed to regain access to your information and may be vulnerable to a second attack.

Everyone

Many individuals and small businesses are often less security conscious, are less likely to implement cyber security measures, and spend less on cyber security measures. While medium and large businesses may have some considerations for cybersecurity measures, they too can benefit from inbuilt system security features – such as Microsoft’s ransomware protection.

Microsoft’s ransomware protection

Ransomware protection is a control on computers to stop a ransomware attack from encrypting access or files that are important to you. Microsoft has a built-in control to help protect devices from ransomware. It ensures folders you choose cannot be altered which prevents them from being encrypted down by a criminal. This guide will demonstrate how you can configure and use this control to protect your files from a ransomware attack.

While ransomware protection can be useful, having a backup stored offline is important in case you need to retrieve important files or information. 

Setting up Ransomware Protection for Microsoft Windows 10 #

  1. Select the Windows icon in the bottom left of your screen and then click on the Settings Cog icon.
     
    Screen shot of settings icon on windows 10

  2. Once in Settings, click on the Update & Security icon.
     
    Screen shot of updates and security icon in windows 10

  3. Click Windows Security tab.
     
    Screen shot of windows security icon in windows update screen

  4. Under the Protection areas list, click on Virus & threat protection.
     
    Screen shot of virus and threat protection icon in windows security screen

  5. Click on Manage ransomware protection under Ransomware protection.
     
    Screen shot highlighting manage ransomware protection link

  6. In many cases, the Controlled folder access will be toggled off. If so, click on the toggle to turn it on.
     
    Screen shot highlighting controlled folder access toggle button

  7. Once controlled folder access is turned on, click on Protected folders.

    Note: You can only use this functionality if you are an administrator. If you are a standard account user, you will be prompted to login or authenticate using an Administrator account.

    For more information regarding administrator and local user accounts, please refer to Managing User Accounts on Microsoft Windows 10.


  8. Click on Add a protected folder to select the folder you want to be added to the protected list.

    By default, the following folders are already included in the Protected List:

    • Documents
    • Pictures
    • Videos
    • Music 
    • Favourites

    Note: This will restrict applications from accessing any folders in the protected list.
     

    Under the 'Protected folders' heading, the 'Add a protected folder' button is highlighted

  9. Optional: To allow applications to access files inside folders on the protected List, go back to the “ransomware protection” window and click on Allow an app through Controlled folder access. Then click Add an allowed app.

    Screen shot of allow an app through controlled folder access link

    Note: This step is only recommended for users who are comfortable navigating the Windows folder structure. By default, Microsoft has a list of apps that are trusted and included behind-the-scenes. You may have applications such as MYOB or Adobe that are not part of this list.

    Only allow apps that are reputable and trustworthy to access your folders in the Protected List, as this is similar to allowing a technician into your house without supervision.

Performing a malware scan using Microsoft Defender Antivirus for Windows 10 #

Viruses, spyware and other malicious software or malicious code (malware) can stop your computer working properly, delete or corrupt your files, steal information, or allow others to access your computer and your personal or business information.

Malware is a blanket term for malicious software including viruses, spyware, trojans and worms.

Malicious software (malware)

Malware is a blanket term for malicious software including viruses, spyware, trojans and worms.

Malware gains access to important information such as bank or credit card numbers and passwords. It can also take control of or spy on a user’s computer. What criminals choose to do with this access and data includes:

  • Theft
  • Activism
  • Espionage
  • Other serious crimes

Anyone, anywhere

Malware creators can be anywhere in the world. They just need a computer, technical skills and malicious intent. Criminals can easily access cheap tools to use malware against you. It is not personal – they are not targeting you specifically – it is just business.

Microsoft Defender Antivirus

Microsoft Defender Antivirus is a built-in malware scanner for Microsoft Windows 10. As part of the Windows Security suite, it will search for any files or programs on your computer that can cause harm to it. Defender looks for software threats like viruses and other malware across email, apps, the cloud, and the web.

A malware scan is as effective as its last definition update, which means if it is not updated regularly it may be unaware of and unable to detect newer forms of malware. Microsoft Defender Antivirus is updated when Microsoft Windows 10 is updated, which is why automatic updates should be turned on.

To turn on automatic updates for Windows 10, please refer to our guide Turning On Automatic Updates (for Windows 10).

Performing a malware scan with Microsoft Defender Antivirus #

  1. Select the Windows icon in the bottom left of your screen and then click on the Settings Cog icon.
    Screenshot highlighting windows icon

  2. Once in Settings, click on the Update & Security icon
     

    Screenshot highlighting update and security icon

  3. Click on Windows Security tab.
     

    Screenshot highlighting Windows security tab

  4. Under the Protection areas section, click on Virus & threat protection.
     

    Screenshot highlighting Virus and threat protection button

  5. Under Current threats section, click on Scan options.
     

    screenshot highlighting scan options button

  6. Here you have four different scan options to detect malware. It is recommended to save and close your files before starting a scan. While you can continue to use your computer during some scans, this may lead to inaccurate results and you could experience issues with speed and performance. Once you have selected your Scan, click Scan now.
     

    Screenshot highlighting options with quick scan selected and scan now button

  7. You will see the progress, estimated time remaining and other information once you start the scan.
     

    Screenshot highlighting scan progress

  8. When finished, you will receive summary information from the scan.
     

    Screenshot highlighting scan summary information

  9. In the event that the summary information identifies malware click Start actions and follow the on-screen prompts to remove the malware.
     

    Screenshot highlighting start actions button

    Terminate ransomware programs with Task Manager (Microsoft Windows 10) #

    Viruses, spyware and other malicious software or malicious code (malware) can stop your computer working properly, delete or corrupt your files, steal information, or allow others to access your computer and your personal or business information.

     

    If you are experiencing a ransomware attack, follow these three steps to identify and stop a potential ransomware program running on your Windows 10 computer.

    How to terminate ransomware programs with Task Manager #

    When should I use this guide?

    If you are experiencing a ransomware attack, follow these three steps to identify and stop a potential ransomware program running on your Windows 10 computer:

    Step 1. Open Task Manager

    Step 2. Identify a ransomware program with Task Manager

    Step 3. Terminate a ransomware program with Task Manager (End Task)

    What to do if your device stops responding at any point:

    • Hold down the device’s power button to stop it.

    What is Task Manager?

    Task Manager is a utility within Microsoft Windows 10 that provides you with an insight into what is running on your computer, including the allocation of resources and a quick way to close running programs. The example pictures in this guide show what Task Manager might look like when opened. The information presented for your system will be different.

    If you are having trouble understanding the content in this guide, you can contact the ACSC’s 24-hour Hotline by calling 1300 CYBER1 (1300 292 371).

    Step 1. Open Task Manager #

    1. If you are signed into your device, press and hold down at the same time the CtrlShift and Esc keys on your keyboard.
       
      An image of a keyboard with the keys Escape, Shift and Control highlighted

    2. This will open the Task Manager window in simple view. Click the More details in the bottom left corner.
       
      An image of the Task Manager simple view, with the 'More details' button highlighted at the bottom left

    3. This will open the Task Manager window in detailed view.
       
      An image of the Task Manager table interface, showing the Apps and Background processes on the left and the data on the right

    What to do if Task Manager does not open, or quickly closes when you open it:

    Some types of ransomware prevent Task Manager from opening to stop you from seeing details of its malicious software (malware) running on your computer.

    Step 2. Identify a ransomware program with Task Manager #

    It is important to remember that the programs visible in Task Manager may not be ransomware and may in fact be essential for your computer to run. Use the steps below to identify potentially suspicious programs before taking action.

    Sorting information by Disk

    An indicator that a program could be ransomware is its Disk usage.

    1. To determine which programs are using the highest amount of Disk resources, sort programs by Disk usage by clicking on the Disk heading in Task Manager. The programs are now listed by highest Disk usage to lowest.  
       
      In Task Manager, the Disk Usage cell is highlighted

    Determine if Programs are Suspicious

    Look at the top programs now listed in Task Manager by Disk usage (which is displayed in the Disk column in MB/s). Critically evaluate if they are suspicious, starting with the first program, using the following steps:

    1. Think: Do you recognise the program name? Indicators of potentially malicious programs include names with random letters, numbers and symbols or even misspelled common program names.
    2. Search: Using a separate safe device, perform an internet search using the key words Task Manager and the name of the suspicious Program (for example, “weirdXYZ”). Do the search results indicate that this is ransomware or malware? Or do they indicate it is a legitimate program?
    3. Look: Is the program using significantly more Disk resources compared to other programs in the list? Is it running at higher MB/s in comparison to other programs? Typically a ransomware program will run above 5MB/s. The program’s Disk usage might also be highlighted yellow or red.
    4. Decide: If the results of Steps 2 to 4 indicate the program is suspicious or ransomware, terminate the program using the instructions on the next page.

    Note: Remember to use reliable and authentic sources of information, such as the manufacturer of the program, to clarify if a program is normal or suspicious.

    Step 3. Terminate a ransomware program with Task Manager (End Task) #

    Important: Read This Before Closing a Program:

    Using the End Task feature will immediately close a program without saving any changes made to the program. If you are considering closing a program, you should be confident that you are making an informed decision based on the information and research you have found using the previous step. This will help prevent you from using the End Task feature on a program that keeps your computer running.

    Using Task Manager’s detailed view

    1. If you can, write down the name of the program you have identified as suspicious and wish to close. Or take a photo of Task Manager using another device such as a smartphone. This information will aid in the recovery process.
    2. Right-click the suspicious program you wish to close and select End Task from the menu. 

      This will close the program.
       

      In Task Manager, the right-click menu is open and the 'End task' option is highlighted

Powered by BetterDocs