Category Archives: Windows Defender

Auto Added by WPeMatico

Windows Defender ATP Windows 10 Fall Creators Update now open for public preview

This focused security investment combines the best of Windows Defender ATP and the Windows security stack.  We integrated Windows 10’s new prevention technologies, enhanced our built-in sensors to better detect script-based attacks, added new response capabilities and opened up powerful analytics.
So now, let’s see what we are lighting up in more detail:
Windows security features working in unison – Get visibility into security alerts coming from the combined stack of Endpoint Detection and Response (EDR), Windows Defender Antivirus (AV), Windows Defender Firewall, Windows Defender SmartScreen, Windows Defender Device Guard and Windows Defender Exploit Guard. See events reported across the stack in each machine’s timeline. Here are some of the new things Security Operations (SecOps) would be able to achieve:
See alerts and events from Windows Defender SmartScreen that show if an employee within the company clicked on a specific URL despite receiving warning message
See Windows Defender Device Guard events surfacing attempts to run unauthorized applications that have been restricted from running in the organization
See applications blocked or audited by the Windows Defender Exploit Guard protection rules
See Windows Defender Antivirus detections and Windows Defender Firewall blocks
View security events and alerts information for sessions taking place within the Windows Defender Application Guard isolated containers (Figure 1)

In addition, we are providing a centralized and simplified management experience in System Center Configuration Manager (SCCM) starting with version 1710 and Microsoft Intune to manage the various Windows Security stack products.
Application Guard detection event
Better detections, enhanced alerts and more power to the SoC – we continue to evolve our detection capabilities to gain more visibility into dynamic script-based attacks, network explorations, and keylogging alerts. We enhanced our alert capabilities, showing more data to help security teams better understand the story behind the alert (Figure 2), introducing automatic detection correlation and grouping of related alerts. In addition, we added the ability to manage high value assets by using tags and grouping capabilities.    Based on customer feedback, we are also enhancing our response capabilities, adding more granular machine isolation, ability to restrict the machine to run only trusted binaries and initiating Windows Defender AV update and scan.
Enhanced Alert view
Security Analytics – a new dashboard view (Figure 3) designed to assess the organization’s security posture compared to the Windows recommended baseline and shows breakdown of possible issues and actionable recommendations for improvement.  This dashboard sheds light on configuration issues and provide view to machines where security features are misconfigured or out of date. Security managers can now see their org’s security posture across a wide set of Windows security stack products, as applied in reality and reported by the endpoints.  The dashboard also provides view into top non-compliant machines sorted by number of issues and provide recommendation on actions to take.
Security Analytics dashboard
Customized reporting – organizations can now quickly create a Power BI report (Figure 4) that allows them to interactively analyze machines, alerts and investigation status. This report provides view on alerts, for example: severity and time to resolve, and machines, for example: sensor health state and OS platform, domain.
PowerBI report
Access your data via APIs- Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
More Windows sockets – we are expanding our endpoint coverage and adding support for Windows Server 2012R2 and 2016 endpoints (Figure 5). In addition, we are adding enhanced VDI support for organizations wanting to secure their desktop virtualization environment.
Windows Server Machine view
We encourage you to experience all this new goodness first hand, by joining our 90-day free trial today.
Raviv Tamir, Principal Group Program Manager, Windows Defender ATP

Evolving our Windows approach to AV, thanks to partner feedback

Earlier this summer I shared that we believe in a healthy antivirus ecosystem working with us in protecting our shared customers from security threats. Our top priority is and always will be to protect our customers with security innovations for the Windows platform, increase our customers’ pre- and post-breach security stance, and provide a platform that offers choice.
Part of delivering on that commitment is listening and responding to feedback from our customers and partners. We work closely with AV partners like Kaspersky Lab, and at our Microsoft Virus Initiative forum last month, we made great progress in building upon our shared understanding of how we deliver Windows 10 updates and security experiences that help ensure the ongoing safety of Windows customers.
I’m pleased to share these discussions have helped us clarify our roadmap and implementation plans. As a result, we are making updates to our AV partner requirements today that reflect the interests of the community and our shared customers. We will also implement changes in the Windows 10 Fall Creators Update.
Here are some of the changes we are making to support our partners in delivering security protections to Windows customers.
We will work more closely with AV vendors to help them with compatibility reviews in advance of each feature update becoming available to customers. This means customers can expect we will have worked through compatibility issues with AV providers before offering the update to customers running that AV.
We will give AV partners better visibility and certainty around release schedules for feature updates. This includes increasing the amount of time AV partners will have to review final builds before the next Windows 10 feature update is rolled out to customers.
We will enable AV providers to use their own alerts and notifications to renew antivirus products before and after they have expired.
We have modified how Windows will inform users when their antivirus application has expired and is no longer protecting them. Instead of providing an initial toast notification that users could ignore, the new notification will persist on the screen until the user either elects to renew the existing solution or chooses to rely on Windows Defender or another solution provider.
We appreciate the feedback and continued dialogue with our partners and are pleased to have found common ground with Kaspersky Lab on the complaints raised in Russia and Europe. We look forward to our continued partnership with the industry.
Customers deserve the best and most up-to-date protection possible. Microsoft and our security partners share a commitment to keep them safe.