TrojanSpy:Win32/IcedId

Guidance for end users

Prevent IcedID attacks from getting into your network by avoiding opening files from unknown sources.

For more tips on how to keep your device safe, go to the Microsoft security help & learning portal.

To learn more about preventing trojans or other malware from affecting individual devices, read about preventing malware infection.

Guidance for enterprise administrators

Apply these mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations:

• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
• Turn on tamper protection features to prevent attackers from stopping security services.
• Run endpoint detection and response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus doesn’t detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.
• Enable investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume.
• Use device discovery to increase your visibility into your network by finding unmanaged devices on your network and onboarding them to Microsoft Defender for Endpoint.