This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 3%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
'Chopper' high-severity malware, 'NiktoSanner' hacktool and 'Dirtelti' backdoor was detected (Agentless). How does 'Chopper' high-severity malware, 'NiktoSanner' hacktool and 'Dirtelti' backdoor attack?
How to run a full scan on the machine and follow remediation instructions in Azure.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Bimala Shrestha Thank you for reaching out to us, for similar issue you created another post on friday, As I understand you are looking for steps to run a full scan on the device which is impacted by the malware.
Refer to this learn doc - https://learn.microsoft.com/en-us/defender-endpoint/run-scan-microsoft-defender-antivirus which has the steps on how to initiate a scan, if this doesn't help, I have pinged you on teams, we can have a conversation over there.
@Bimala Shrestha We connected offline and worked with our support team and followed the below action plan:
For the recommendations suggested on the MDE portal for the device in question:
To turn on real-time protection (turn off Passive mode), you can run mdatp config real-time-protection --value enabled
To turn on PUA protection in block mode, you can run: mdatp threat policy set --type potentially_unwanted_application --action block
Also, following suggestions have been recommended:
Requested to check the files and directories and investigate whether these files are present, quarantined, or removed by antivirus, or whether it was a false positive.
Shared insights about the MSRC portal (MSRC - Microsoft Security Response Center), which deals with vulnerabilities and compromises via Microsoft related IoCs.
Let me know if you have any further questions, feel free to post back.