Anti-virus Software
For Windows systems, Windows Defender (Microsoft Defender Antivirus) is built into Windows and should be active by default.
To check if it’s enabled:
Go to Settings > Update & Security > Windows Security > Virus & threat protection.
Ensure real-time protection is turned on and up to date.
Tip: If you prefer a third-party antivirus, make sure you use a single provider as many products will conflict with each other.
For MacOS (Apple) devices, built-in security features like Gatekeeper and XProtect are not full-proof antivirus solutions. You will need to install a solution from a vendor of your choosing.
To check if you have a third-party antivirus installed:
Goto System Preferences > Security & Privacy and look for any additional software listed.
You can also check the Applications folder for popular antivirus software icons.
If no third-party solution is found, you may need to download and install one from a reputable source.
Tips for choosing a reputable solution:
Research and Reviews: Look for well-known brands like Norton, McAfee, Bitdefender, Sophos, and Malwarebytes. Check independent reviews from trusted sources like AV-Comparatives, AV-Test, or PCMag for performance and reliability assessments.
Essential Features: Choose anantivirus that offers real-time protection, automatic updates, ransomware protection, and scheduled scans. Some also offer additional features like VPNs, parental controls, and password managers.
Official Sources: Download antivirus software directly from the official website or trusted app stores (e.g., Microsoft Store for Windows or the Mac App Store). Avoid free, cracked or illegal versions from unofficial sources, as they are likely compromised, and this is a common scam facing small businesses.
More information about how to identify an official source of software can be found within this fact sheet.
Note: Your anti-virus vendor will not call you if they detect a virus on your machine.
Application Control (Application Whitelisting)
Software exists that prevents the ability of untrusted applications to run without being specifically allowed. Think of this as nothing is allowed to run without the specific permission ofthe administrator, not even malware.
For Windows systems – AppLocker is a built-in feature that allows you to create rules specifying which applications and files can run on the machine. Unfortunately, this is only available to Professional and Enterprise editions of Windows.
AppLocker Configuration:
Open the Group Policy Management Console (Hold the Windows Key + R, then type: gpedit.msc).
Navigate to: Computer Configuration > Windows Settings > Security Settings >Application Control Policies > AppLocker.
Create rules for Executable, Windows Installer, Script, and other file types:
Choose whether to allow or deny specific applications by path, publisher, or file hash.
Apply the policy, and it will block any application not included in the rules from running.
Note: Test your rules on a small set of systems first to ensure they don’t interfere with essential software.
For MacOS (Apple) devices,there is a similar feature called GateKeeper. This service is similar to AppLocker, however, it restricts the use and installation of apps to only those originating from the Apple App store and identified developers.
Steps:
Go to System Preferences > Security & Privacy > General.
Set the option to allow apps only from the App Store and identified developers.
Fora stricter approach, only allow apps from the App Store and use System Preferences > Parental Controls (if enabled) to block unwanted applications.
The above methods, when setup correctly, can greatly reduce the risk of malware executing on a device.
Avoid Interacting with Untrusted Sources
Malware can be embedded within seemingly normal software packages. Avoid downloading programs from sources such as unofficial websites, untrusted ZIP files, and unexpected communications.
Clicking untrusted links can start an attack called Drive-By Download. This is where a phishing message contains a link that, when clicked, downloads and installs malware on to a device.
Similarly, clicking links that purport to be from trusted sources can send a user to a legitimate looking webpage that hosts potentially malicious downloadable malware.
Our Tips for Avoiding Suspicious Downloads
Use Official Websites, or the app store:
Don’t always trust the first result from Google. When you find a search result, look closely at the URL and domain name. Official websites usually have clear and recognisable domains, such as .com, .org, .gov or country-specific domains. For example, for a Microsoft product, the URL should clearly include microsoft.com.
Always download software directly from the developer's official website. If you need an Adobe product, you should only be downloading it from the Adobe website.
Verify that the URL begins with https:// and has a padlock icon. This indicates a secure connection, which means that the site is encrypted and less likely to be tampered with.
Be cautious of URLs with slight misspellings or extra words (e.g.,softwaresource123[.]net). These are often scams meant to mimic legitimate sites.
Verify Digital Signatures:
On Windows: Right-click the downloaded file and select Properties. Go to the Digital Signatures tab. A legitimate software file should show a signature from the developer (e.g., Microsoft Corporation). Click Details to confirm that the certificate is valid and matches the developer’s name.
On MacOS: MacOS uses Gatekeeper to check digital signatures. If a file lacks a valid signature, MacOS will show a warning when you try to open it. Only proceed if you are sure the software is from a trusted source.
Signs of a Malware Infection
If you notice any of these signs, it’s essential to run a full antivirus scan and take steps to remove any detected malware promptly. In some cases, you may not be able to achieve this (forexample, in the case of ransomware), so extra guidance has been provided.
- Unusual Pop-Ups: You experience excessive pop-up ads, even when you're not browsing the internet.
- New Toolbars or Extensions: Unknown toolbars or browser extensions appear in your web browser without your consent.
- Disabled Security Software: Your antivirus or firewall settings are altered or disabled without your knowledge.
- Unfamiliar Programs: New or unfamiliar programs appear on your device that you didn’t install.
- Browser Redirects: Your web browser redirects you to unfamiliar websites or changes your homepage and search engine settings.
- Unusual Activity on Accounts: You see unauthorised changes in your online accounts, such as sent emails or social media activity you didn’t initiate.
- Somone is demanding money through an email: Someone may send you an email claiming to have access to your files or other sensitive information. This may be a sign of an info-stealer malware infection.
- All of your files are encrypted and contain strange file extensions. This is a sign of a ransomware infection.
With the exception of ransomware, ifyou notice any of the above signs, it’s essential to run a full antivirus scan and take steps to remove any detected malware promptly.
Additional Guidance: Ransomware
If you are unable to access any of your files and there is a ransom note on your desktop, this is a sign that ransomware has infected your device. You can follow the steps below for malware remediation but also seek the immediate assistance of the ACSC on 1300CYBER1 (1300 292 371).
Never pay the ransom – the cybercriminal group responsible may be under international sanctions, and sending funds could be breaking Federal law.
For additional information, please see IDCARE’s Ransomware Fact Sheet for Small Businesses.
Remediating Malware on your devices
If you suspect Malware has been downloaded to your device, follow the below steps:
1. Disconnect the device from all network connections: This includes the internet, any local networks you may have setup, and shared folders accessible on your network or intranet.
2. Perform an offline scan of the device: Check to see that your anti-virus software is running, and no unknown files have been excluded and marked as safe. Ensure you perform a full scan of the device.
3. Follow the antivirus instructions: Most antivirus programs will prompt you with actions when a threat is detected, such as ‘Quarantine’, ‘Remove’, or ‘Ignore’. In general, choose ‘Quarantine’ or ‘Remove’ to isolate or delete the threat.
4. Run a full system scan: After removing the initial threat, run a full system scan to ensure no other threats are present.
Additional Guidance:
Update the Antivirus: Make sure your antivirus software is up to date before and after the scan to ensure it has the latest virus definitions.
Review Recent Activity: Check recent downloads, email attachments, or websites visited to identify the potential source of the virus. Avoid accessing those files or sites again.
What Next?
If the malware is found and remediated, monitor the device for unusual behaviour. If no infection is found but you are still concerned:
1. Ensure you have safe and reliable backups to restore from. If you do not have backups, consult an IT specialist for assistance. Safe backups can be made on infected devices, but this process can be expensive.
2. Wipe the affected device. You can do this by reformatting your hard drive and performing a clean installation of your operating system.
3. Restore the information contained on the device from the backup. You will want to get back up and running as soon as possible.
4. Assume all the sensitive information held on the device was compromised. Change any stored passwords and replace potentially compromised documents. For help with concerns about compromised identity documents, call IDCARE on 1800 595 160.
5. Monitor the restored device for any unusual behaviour. If the problem persists, seek the assistance of a trusted IT professional.
Additional Resources and Information
If your business encounters and successfully recovers from a malware infection, it would be recommended to take some time to reflect on how the infection happened and what could have been done differently to avoid it.
Educating employees about the risks involved with malware, how infections happen, and steps to take if a device is suspected to have been infected by malware is the most effective mitigation.The end user is the first and best line of defence, but mistakes are made everyday, so implementing a simple but effective layered approach to security as outlined in this document is the first step to improving the cyber resilience of your business.
The ACSC also features an online tool which guides users through most of the steps that appear in this document, albeit in an online manner.
Further Education and Simulation
There are several companies that offer services in relation to malware prevention,with a focus on education and simulated phishing attacks. KnowBe4 is aleading platform that offers security awareness training and simulated phishing attacks, enabling organisations to assess and enhance their employees' readiness against cyber threats. Another notable service is Cofense, which focuses on phishing defence through employee training and phishing simulation tools, helping organisations identify weaknesses and improve overall security posture. Additionally, PhishLabs offers a similar suite of services, including simulated phishing campaigns and ongoing education, aimed at fostering a culture of security awareness among employees.
