Overview:
Cigent is integrated with Microsoft Defender® and other Antivirus solutions registered with Windows Security Center adding additional protection in case of a threat or attack. Cigent will initiate Active Lock if:
- Microsoft Defender detects a threat
- Microsoft Defender or AV is shutdown or disabled
Testing:
Disabling Microsoft Defender or other Antivirus solution:
Attackers will often first disable the existing AV solution in order to make it easier to proceed with the attack. Cigent constantly monitors the status of Microsoft Defender or other AV solutions and will initiate Active Lock when it is no longer running or has detected a threat. This section details the steps for exercising this sensor using Microsoft Defender but you can accomplish the same using whatever your AV solution.
Manually stopping Microsoft Defender:
Search in the start menu for “Virus & threat protection”. Select the item to open System Settings.
Select “Manage Settings”
Turn off Real-Time protection using the slider.
Select Yes to allow the action to complete.
Minimize the Windows Security window and return to the Cigent dashboard. Note that Active Lock was immediately engaged. The Dynamic and Always On drives have automatically been locked.
Return to the Windows Security window and re-enable Real-time.
Click Yes to allow the operation to complete.
The security status is now clear. Notice the Cigent icon in the tray has returned to normal.
Select the Secure Drives tile and select your drive. Notice that P: has automatically been unlocked but L: remains in locked state.
Unlock the L: drive. Slide the switch next to L:, enter your PIN and click Enter.