A fellow MVP and cybersecurity expert shares awareness that latest Cerber Ransomware variants have code in them to disable Windows Defender Firewall rules:


For the last 10 days or so we have noticed Cerber ransomware disabling Windows Defender by using firewall rules to prevent Windows Defender accessing the internet.  This shows a change in behaviour using firewall blocks to disable windows defender. This will be primarily aimed at Windows 10 users. Windows Defender is the inbuilt “free” antivirus in Windows 8.1 and Windows 10.