Windows Defender ATP has protections for USB and removable devices

Credit to Author: Windows Defender ATP team| Date: Wed, 19 Dec 2018 21:52:09 +0000

Meet Jimmy. Jimmy is an employee in your company. He Does Things With Computers (official title). Last Wednesday, as Jimmy got out of his car after parking in the company-owned parking lot, he saw something on the ground. That something is a 512GB USB flash drive! Jimmy picks up the drive, whistling along to himself

Read more

The post Windows Defender ATP has protections for USB and removable devices appeared first on Microsoft Secure.

Read more

Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Credit to Author: Windows Defender ATP| Date: Thu, 08 Nov 2018 18:08:13 +0000

Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specific languages like Urdu, Persian, Pashto, and Arabic. More than 75% of

Read more

The post Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets appeared first on Microsoft Secure.

Read more

Windows Defender Antivirus can now run in a sandbox

Credit to Author: Windows Defender Research| Date: Fri, 26 Oct 2018 17:10:18 +0000

Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox. With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability and continues to lead the industry in raising the bar for security. Putting Windows Defender Antivirus in a

Read more

The post Windows Defender Antivirus can now run in a sandbox appeared first on Microsoft Secure.

Read more

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV

Credit to Author: Windows Defender Research| Date: Thu, 27 Sep 2018 16:00:24 +0000

Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.

The post Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV appeared first on Microsoft Secure.

Read more

Protecting the modern workplace from a wide range of undesirable software

Credit to Author: Windows Defender Research| Date: Tue, 07 Aug 2018 16:00:26 +0000

Security is a fundamental component of the trusted and productive Windows experience that we deliver to customers through modern platforms like Windows 10 and Windows 10 in S mode. As we build intelligent security technologies that protect the modern workplace, we aim to always ensure that customers have control over their devices and experiences. To

Read more

Read more

Attack inception: Compromised supply chain within a supply chain poses new risks

Credit to Author: Windows Defender ATP| Date: Thu, 26 Jul 2018 13:00:13 +0000

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a

Read more

Read more

March-April 2018 test results: More insights into industry AV tests

Credit to Author: Windows Defender ATP| Date: Fri, 20 Jul 2018 19:30:38 +0000

In a previous post, in the spirit of our commitment to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions, we shared insights and context into the results of AV-TESTs January-February 2018 test cycle. We released a transparency report to help our customers and the broader security community to stay informed

Read more

Read more

Machine learning vs. social engineering

Credit to Author: Windows Defender ATP| Date: Thu, 07 Jun 2018 13:00:56 +0000

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware,

Read more

Read more

Machine learning vs. social engineering

Credit to Author: Windows Defender ATP| Date: Thu, 07 Jun 2018 13:00:56 +0000

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware,

Read more

Read more

Hunting down Dofoil with Windows Defender ATP

Credit to Author: Windows Defender ATP| Date: Wed, 04 Apr 2018 15:00:18 +0000

Dofoil is a sophisticated threat that attempted to install coin miner malware on hundreds of thousands of computers in March, 2018. In previous blog posts we detailed how behavior monitoring and machine learning in Windows Defender AV protected customers from a massive Dofoil outbreak that we traced back to a software update poisoning campaign several

Read more

Read more

Why Windows Defender Antivirus is the most deployed in the enterprise

Credit to Author: Windows Defender ATP| Date: Thu, 22 Mar 2018 16:58:23 +0000

Statistics about the success and sophistication of malware can be daunting. The following figure is no different: Approximately 96% of all malware is polymorphic meaning that it is only experienced by a single user and device before it is replaced with yet another malware variant. This is because in most cases malware is caught

Read more

Read more