[German]Companies using Windows Defender in Windows environments should ensure that Cloud/MAPS is active and that communication for real-time protection is not blocked by the firewall.
Advertising
This is pointed out by the security researcher with the @SwiftOnSecurity alias in this tweet.
DOES YOUR COMPANY USE WINDOWS DEFENDER?
Make sure Cloud/MAPS is on, and run this command to verify your corporate firewall isn't blocking communications for real-time protection!
This is the only way to find out. pic.twitter.com/IB4E82doB8— SwiftOnSecurity (@SwiftOnSecurity) 16. August 2018
To do this, you must open an administrative prompt (otherwise there is an access error ERROR_ACCESS_DENIED, code 0x80070005) and navigate to the Windows Defender folder. Then enter the following command:
mpcmdrun –validatemapsconnection
The command then reports whether the connection to the MAPS (Microsoft Advanced Protection Service) cloud service is possible for Defender. A description of the configuration and validation can be found in the Microsoft document Configure and validate Windows Defender Antivirus network connections. The MAPS service itself is described in the Microsoft document Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection.
Advertising
