Collaborate Disseminate
Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.
The post Out of sight b… Continue reading Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
Security is a fundamental component of the trusted and productive Windows experience that we deliver to customers through modern platforms like Windows 10 and Windows 10 in S mode. As we build intelligent security technologies that protect the modern w… Continue reading Protecting the modern workplace from a wide range of undesirable software
A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF edito… Continue reading Attack inception: Compromised supply chain within a supply chain poses new risks
In a previous post, in the spirit of our commitment to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions, we shared insights and context into the results of AV-TESTs January-February 2018 test cyc… Continue reading March-April 2018 test results: More insights into industry AV tests
The traditional perimeter-based network defense is obsolete. Perimeter-based networks operate on the assumption that all systems within a network can be trusted. However, todays increasingly mobile workforce, the migration towards public cloud services… Continue reading Building Zero Trust networks with Microsoft 365
Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Ju… Continue reading Machine learning vs. social engineering
Corporate Vice President Brad Anderson recently shared his insights on how Windows Defender Advanced Threat Protection (Windows Defender ATP) evolved to achieve important quality milestones. Our Windows Defender ATP team is committed to deliveri… Continue reading Adding transparency and context into industry AV test results
Dofoil is a sophisticated threat that attempted to install coin miner malware on hundreds of thousands of computers in March, 2018. In previous blog posts we detailed how behavior monitoring and machine learning in Windows Defender AV protected custome… Continue reading Hunting down Dofoil with Windows Defender ATP
Statistics about the success and sophistication of malware can be daunting. The following figure is no different: Approximately 96% of all malware is polymorphic meaning that it is only experienced by a single user and device before it is replaced wit… Continue reading Why Windows Defender Antivirus is the most deployed in the enterprise
On March 7, we reported that a massive Dofoil campaign attempted to install malicious cryptocurrency miners on hundreds of thousands of computers. Windows Defender Antivirus, with its behavior monitoring, machine learning technologies, and layered appr… Continue reading Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak