How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

Credit to Author: Eric Avena| Date: Wed, 31 Jul 2019 16:30:35 +0000

The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.

The post How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection appeared first on Microsoft Security.

Read more

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP’s Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack appeared first on Microsoft Security.

Read more

New machine learning model sifts through the good to unearth the bad in evasive malware

Credit to Author: Eric Avena| Date: Thu, 25 Jul 2019 16:30:55 +0000

Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.

The post New machine learning model sifts through the good to unearth the bad in evasive malware appeared first on Microsoft Security.

Read more

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP next-generation protection exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack appeared first on Microsoft Security.

Read more

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

Credit to Author: Eric Avena| Date: Mon, 24 Jun 2019 15:00:55 +0000

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Multiple next-generation protection engines to detect and stop a wide range of threats and attacker techniques at multiple points, providing industry-best detection and blocking capabilities.

The post Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection appeared first on Microsoft Security.

Read more

Windows Defender Antivirus can now run in a sandbox

Credit to Author: Windows Defender Research| Date: Fri, 26 Oct 2018 17:10:18 +0000

Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox. With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability and continues to lead the industry in raising the bar for security. Putting Windows Defender Antivirus in a

Read more

The post Windows Defender Antivirus can now run in a sandbox appeared first on Microsoft Secure.

Read more

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV

Credit to Author: Windows Defender Research| Date: Thu, 27 Sep 2018 16:00:24 +0000

Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.

The post Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV appeared first on Microsoft Secure.

Read more

Protecting the modern workplace from a wide range of undesirable software

Credit to Author: Windows Defender Research| Date: Tue, 07 Aug 2018 16:00:26 +0000

Security is a fundamental component of the trusted and productive Windows experience that we deliver to customers through modern platforms like Windows 10 and Windows 10 in S mode. As we build intelligent security technologies that protect the modern workplace, we aim to always ensure that customers have control over their devices and experiences. To

Read more

Read more

Attack inception: Compromised supply chain within a supply chain poses new risks

Credit to Author: Windows Defender ATP| Date: Thu, 26 Jul 2018 13:00:13 +0000

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a

Read more

Read more

March-April 2018 test results: More insights into industry AV tests

Credit to Author: Windows Defender ATP| Date: Fri, 20 Jul 2018 19:30:38 +0000

In a previous post, in the spirit of our commitment to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions, we shared insights and context into the results of AV-TESTs January-February 2018 test cycle. We released a transparency report to help our customers and the broader security community to stay informed

Read more

Read more

Machine learning vs. social engineering

Credit to Author: Windows Defender ATP| Date: Thu, 07 Jun 2018 13:00:56 +0000

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware,

Read more

Read more