It Could Have Been Bad, But It Wasn’t: Why Users Should Not Be Admins


Microsoft Defender did its job.
Users not being Windows Admins did its job.
Both things together did their jobs and saved the day.
Our clients are safer because of it.

In recent months, business users are more frequently receiving emails containing attachments and download links for invoices and purchase orders. Users of Intuit QuickBooks software (online and desktop alike) are often targeted with these emails as it is common that invoices, orders, and other documents are emailed directly from the software. Combine that activity with social engineering and “spear phishing”, it can be difficult sometimes to verify the veracity of an email or its contents before it is too late. Once the file is downloaded and opened, that is usually all it takes to plant the virus or the malware on the computer.

A NOOBEH client accidentally (oops) downloaded a file called INVOICE.HTM to the server. It had been attached to an email that looked like it was from a vendor, so they thought it was legitimate. They downloaded the attachment several times (copy 2 and copy 3 were there). The protection on the server kept jumping in and preventing the user from launching or opening the file, so it appeared to the user to be an empty file and they thought nothing more about it.

The RMM system and Defender notified the support team that a couple of files on the server had been quarantined and removed successfully. The files were in a user’s downloads folder, and they were all called Invoice.htm. The nightly backup system confirmed that the quarantined files existed and were subsequently removed.

Our technicians reviewed the document folders that malware would have loved to encrypt. They reviewed deep into file system folders and subfolders and found only unmolested data. They looked closely at the files and profile for the user that downloaded the malware packages and found no residue of an attack.

The system has been scanned (and continues to be) and is running clear of issues. The data is sound, and no further evidence of any issue has been identified or reported.

The collective sigh of relief from our technicians, and a customer continuing operation as usual, is a sign that we’ve accomplished what we set out to do: deliver a more secure and resilient solution for businesses that want their IT to work for them and not against them. We did our job, and our tools and methods did theirs.

Let our NOOBEH team provide your business with the best services on the most resilient platform available: QuickBooks on Azure is what you need for whatever desktop and network applications you run, even if it isn’t QuickBooks.

Mike, the IT guy
NOOBEH cloud tech



Mike Ryan is the Chief Technical Manager for Noobeh Cloud Solutions, bringing many years of experience working with small/midsize businesses and their IT infrastructure. Mike, the IT Guy (as he likes to call himself) has been with the Mendelson Consulting team for over 14 years.

Leave a Reply

Feel free to give us a call.

We look forward to hearing from you!