Windows Defender Antivirus – Computer Security Articles

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

July 31, 2019 admin assertion engine, cybersecurity, hardware-based isolation, kernel-mode attacks, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, next generation protection, Privilege Escalation, runtime attestation, Security Intelligence, Threat protection, token swap, token theft, Windows Defender Antivirus, Windows Security

Credit to Author: Eric Avena| Date: Wed, 31 Jul 2019 16:30:35 +0000

The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.

The post How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection appeared first on Microsoft Security .

Microsoft Security

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

July 30, 2019 admin AI and machine learning, Antimalware Scan Interface (AMSI), Astaroth, behavior monitoring, Command-line scanning, cybersecurity, Endpoint security, Execution stage, fileless, fileless malware, heuristics, Initial access stage, living-off-the-land, Microsoft Defender ATP, Microsoft security intelligence, Security Intelligence, Threat protection, Windows Defender Antivirus, Windows Security, WMIC

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP’s Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack appeared first on Microsoft Security .

Microsoft Security

New machine learning model sifts through the good to unearth the bad in evasive malware

July 25, 2019 admin AI and machine learning, Antivirus, automation, cybersecurity, detection evasion, Endpoint security, LockerGoga, machine learning, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP, Microsoft security intelligence, monotonic models, next generation protection, Windows Defender Antivirus

Credit to Author: Eric Avena| Date: Thu, 25 Jul 2019 16:30:55 +0000

Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.

The post New machine learning model sifts through the good to unearth the bad in evasive malware appeared first on Microsoft Security .

Microsoft Security

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

July 8, 2019 admin AI and machine learning, Antimalware Scan Interface (AMSI), Astaroth, behavior monitoring, Command-line scanning, cybersecurity, Endpoint security, Execution stage, fileless, fileless malware, heuristics, Initial access stage, living-off-the-land, Microsoft Defender ATP, Security Intelligence, Threat protection, Windows Defender Antivirus, Windows Security, WMIC

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP next-generation protection exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack appeared first on Microsoft Security .

Microsoft Security

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

June 25, 2019 admin AI and machine learning, Antimalware Scan Interface (AMSI), behavior monitoring, behavior-based machine learning, cybersecurity, Endpoint security, heuristics, machine learning, memory scanning, Microsoft Defender ATP, next-generation protections, Threat protection, Windows Defender Antivirus, Windows Security

Credit to Author: Eric Avena| Date: Mon, 24 Jun 2019 15:00:55 +0000

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Multiple next-generation protection engines to detect and stop a wide range of threats and attacker techniques at multiple points, providing industry-best detection and blocking capabilities.

The post Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection appeared first on Microsoft Security .

Microsoft Security

Windows Defender Antivirus can now run in a sandbox

October 26, 2018 admin cybersecurity, sandbox, windows, Windows 10, Windows Defender Antivirus, Windows Defender ATP, Windows Defender AV

Credit to Author: Windows Defender Research| Date: Fri, 26 Oct 2018 17:10:18 +0000

Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox. With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability and continues to lead the industry in raising the bar for security. Putting Windows Defender Antivirus in a

The post Windows Defender Antivirus can now run in a sandbox appeared first on Microsoft Secure.

Microsoft Security

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV

September 27, 2018 admin Antimalware Scan Interface (AMSI), behavior monitoring, cybersecurity, fileless malware, Windows 10, Windows 10 in S mode, Windows Defender Antivirus, Windows Defender ATP, Windows Defender AV

Credit to Author: Windows Defender Research| Date: Thu, 27 Sep 2018 16:00:24 +0000

Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.

The post Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV appeared first on Microsoft Secure.

Microsoft Security

Protecting the modern workplace from a wide range of undesirable software

August 7, 2018 admin cybersecurity, evaluation criteria, malware, potentially unwanted application (PUA), Unwanted software, Windows 10, Windows 10 in S mode, Windows Defender, Windows Defender Antivirus, Windows Defender ATP, Windows Defender AV

Credit to Author: Windows Defender Research| Date: Tue, 07 Aug 2018 16:00:26 +0000

Security is a fundamental component of the trusted and productive Windows experience that we deliver to customers through modern platforms like Windows 10 and Windows 10 in S mode. As we build intelligent security technologies that protect the modern workplace, we aim to always ensure that customers have control over their devices and experiences. To

← Previous