tag:blogger.com,1999:blog-9518042.post8170147897192737674..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: The Death of AV??Unknownnoreply@blogger.comBlogger1125tag:blogger.com,1999:blog-9518042.post-89091572101949725732020-09-18T02:15:20.081-05:002020-09-18T02:15:20.081-05:00I fully agree, AV is by far not dead, it's par...I fully agree, AV is by far not dead, it's part of a healty security baseline. Just because we mostly only see where it failed, we must look also into what AVs blocked and prevented, or just detected over time and still does. It the same as with seatbelts, one could forget what they mostly prevent in many small incidents when we just look at the fatal incidents.<br /><br />Because the amount of events/alerts can be huge, one could trigger based on keywords in signatures, e.g. hacktools, webshells, specific malware families, ...<br /><br />And yes, AV maintanance and operation can be time consuming... and keeping track if the AV is active and running is part of that too, as with all security tools, do they still run on my clients?Anonymousnoreply@blogger.com