Category Archives: Windows Defender

Auto Added by WPeMatico

Save your files to OneDrive for expanded ransomware protection – Windows Experience Blog

If you want an additional layer of protection from ransomware, try saving your files in OneDrive. It’s part of the new experiences that arrived with the Windows 10 April 2018 Update.
Here’s how it works: If a ransomware threat is found on a device, Windows Defender will notify you of the threat, help you remove the ransomware from your device, and give you options to recover your OneDrive files to the state they were in before the attack occurred.
Save your files to OneDrive

For Office 365 Home subscribers, Office 365 Personal subscribers, and OneDrive for Business users, that includes OneDrive Files Restore, which can be used to restore your OneDrive to a previous point in time within the last 30 days. The date and time that Windows Defender detected the attack will be pre-selected in Files Restore, making the process simple and easy to use.
Learn more about the protections from online threats available to Office 365 Home and Office 365 Personal subscribers.
If you like this, check out more Windows 10 Tips.

Healthcare is getting safer, smarter and more secure with HP’s new lineup of Windows 10 devices

The new HP Healthcare Edition portfolio announced at HIMSS is powered by Windows 10 and includes an ultra-slim notebook, All-in-One (AiO), and premium clinical review display, all built to address the unique needs of healthcare providers: enhanced patient safety, streamlined workflows, and robust data security features.
The HP Healthcare Edition portfolio is safer to use in patient rooms by being built with special coatings and specific materials designed to resist deterioration from harsh germicidal wipes, making them easy to clean and disinfect after every shift, every day.
The portfolio is also tested to meet stringent EN/IEC 60601-1-2:2015 standards which define electrical safety conditions for medical equipment. Meeting these standards mean the devices are not oversensitive to radio frequency interference, nor will it produce electromagnetic emissions that interfere with other medical equipment and systems. These devices also deliver an optimal, collaborative telemedicine experience with Vidyo Ready and Skype for Business capabilities for superior video calls and conferencing, as well as built-in BIOS-level protection and robust, optional multi-factor authentication features to provide maximum device and data protection to comply more easily with HIPAA requirements.
Powered by Windows 10, the notebook and AiO also ship with features including RGB/IR cameras and FIPS 201-compliant fingerprint readers that light up Windows Hello for fast and secure login, comprehensive protection with Windows Defender and more.
The HP EliteBook 840 G5 Healthcare Edition Notebook

The HP EliteBook 840 G5 Healthcare Edition Notebook is an ultra-slim notebook for healthcare that features integrated dual-band RFID and biometrics for single sign-on authentication with Windows Hello. Clinicians can save time electronically prescribing controlled substances with the optional FIPS-201 compliant fingerprint reader, or logging in with the IR camera and Windows Hello. The notebook comes with HP Easy Clean: a quick and easy sanitization application that disables computer input devices such as the keyboard, the touchscreen and the touchpad for a set amount of time, making it is easy to clean. The notebook also features an integrated privacy screen and is optimized for an intuitive collaboration experience with audio boost and noise cancellation features, as well as an IR/RGB camera for optimized audio and video calls.
Availability: HP EliteBook 840 G5 Healthcare Edition Notebook is expected to be available in May.
The HP EliteOne 800 G4 23.8 Healthcare Edition AiO

The HP EliteOne 800 G4 23.8 Healthcare Edition AiO has an integrated dual-band RFID and biometrics for single sign-on authentication so clinicians can save time logging in using Windows Hello with the optional FIPS-201 compliant fingerprint reader or the optional IR camera. This AiO also features HP Manageability Integration Kit which makes it easy to implement HP’s security features across clinical organizations, and provides audio boost and noise cancellation features to minimize background distractions from noisy environments, as well as a dual-facing pop-camera to simplify patient registration and badging.
Availability: HP EliteOne 800 G4 23.8 Healthcare Edition All-in-One is expected to be available in June.
The HP Healthcare Edition HC270cr Clinical Review Display 

The HP Healthcare Edition HC270cr Clinical Review Display has an integrated RGB webcam and IR sensor so clinicians can login easily with Windows Hello. This 27-inch diagonal, 3.7-megapixel clinical review display is DICOM Part 14-compliant with features for more accurately viewing medical images, such as automatic backlight monitoring and auto image rotation. It also arrives with USB-C that supplies up to 65w power delivery for connected devices.
Availability: HP Healthcare Edition HC270cr Clinical Review Display is expected to be available in June.
To learn more, please visit hp.com.

Windows Defender ATP Windows 10 Fall Creators Update now open for public preview

This focused security investment combines the best of Windows Defender ATP and the Windows security stack.  We integrated Windows 10’s new prevention technologies, enhanced our built-in sensors to better detect script-based attacks, added new response capabilities and opened up powerful analytics.
So now, let’s see what we are lighting up in more detail:
Windows security features working in unison – Get visibility into security alerts coming from the combined stack of Endpoint Detection and Response (EDR), Windows Defender Antivirus (AV), Windows Defender Firewall, Windows Defender SmartScreen, Windows Defender Device Guard and Windows Defender Exploit Guard. See events reported across the stack in each machine’s timeline. Here are some of the new things Security Operations (SecOps) would be able to achieve:
See alerts and events from Windows Defender SmartScreen that show if an employee within the company clicked on a specific URL despite receiving warning message
See Windows Defender Device Guard events surfacing attempts to run unauthorized applications that have been restricted from running in the organization
See applications blocked or audited by the Windows Defender Exploit Guard protection rules
See Windows Defender Antivirus detections and Windows Defender Firewall blocks
View security events and alerts information for sessions taking place within the Windows Defender Application Guard isolated containers (Figure 1)

In addition, we are providing a centralized and simplified management experience in System Center Configuration Manager (SCCM) starting with version 1710 and Microsoft Intune to manage the various Windows Security stack products.
Application Guard detection event
Better detections, enhanced alerts and more power to the SoC – we continue to evolve our detection capabilities to gain more visibility into dynamic script-based attacks, network explorations, and keylogging alerts. We enhanced our alert capabilities, showing more data to help security teams better understand the story behind the alert (Figure 2), introducing automatic detection correlation and grouping of related alerts. In addition, we added the ability to manage high value assets by using tags and grouping capabilities.    Based on customer feedback, we are also enhancing our response capabilities, adding more granular machine isolation, ability to restrict the machine to run only trusted binaries and initiating Windows Defender AV update and scan.
Enhanced Alert view
Security Analytics – a new dashboard view (Figure 3) designed to assess the organization’s security posture compared to the Windows recommended baseline and shows breakdown of possible issues and actionable recommendations for improvement.  This dashboard sheds light on configuration issues and provide view to machines where security features are misconfigured or out of date. Security managers can now see their org’s security posture across a wide set of Windows security stack products, as applied in reality and reported by the endpoints.  The dashboard also provides view into top non-compliant machines sorted by number of issues and provide recommendation on actions to take.
Security Analytics dashboard
Customized reporting – organizations can now quickly create a Power BI report (Figure 4) that allows them to interactively analyze machines, alerts and investigation status. This report provides view on alerts, for example: severity and time to resolve, and machines, for example: sensor health state and OS platform, domain.
PowerBI report
Access your data via APIs- Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
More Windows sockets – we are expanding our endpoint coverage and adding support for Windows Server 2012R2 and 2016 endpoints (Figure 5). In addition, we are adding enhanced VDI support for organizations wanting to secure their desktop virtualization environment.
Windows Server Machine view
We encourage you to experience all this new goodness first hand, by joining our 90-day free trial today.
Raviv Tamir, Principal Group Program Manager, Windows Defender ATP

Evolving our Windows approach to AV, thanks to partner feedback

Earlier this summer I shared that we believe in a healthy antivirus ecosystem working with us in protecting our shared customers from security threats. Our top priority is and always will be to protect our customers with security innovations for the Windows platform, increase our customers’ pre- and post-breach security stance, and provide a platform that offers choice.
Part of delivering on that commitment is listening and responding to feedback from our customers and partners. We work closely with AV partners like Kaspersky Lab, and at our Microsoft Virus Initiative forum last month, we made great progress in building upon our shared understanding of how we deliver Windows 10 updates and security experiences that help ensure the ongoing safety of Windows customers.
I’m pleased to share these discussions have helped us clarify our roadmap and implementation plans. As a result, we are making updates to our AV partner requirements today that reflect the interests of the community and our shared customers. We will also implement changes in the Windows 10 Fall Creators Update.
Here are some of the changes we are making to support our partners in delivering security protections to Windows customers.
We will work more closely with AV vendors to help them with compatibility reviews in advance of each feature update becoming available to customers. This means customers can expect we will have worked through compatibility issues with AV providers before offering the update to customers running that AV.
We will give AV partners better visibility and certainty around release schedules for feature updates. This includes increasing the amount of time AV partners will have to review final builds before the next Windows 10 feature update is rolled out to customers.
We will enable AV providers to use their own alerts and notifications to renew antivirus products before and after they have expired.
We have modified how Windows will inform users when their antivirus application has expired and is no longer protecting them. Instead of providing an initial toast notification that users could ignore, the new notification will persist on the screen until the user either elects to renew the existing solution or chooses to rely on Windows Defender or another solution provider.
We appreciate the feedback and continued dialogue with our partners and are pleased to have found common ground with Kaspersky Lab on the complaints raised in Russia and Europe. We look forward to our continued partnership with the industry.
Customers deserve the best and most up-to-date protection possible. Microsoft and our security partners share a commitment to keep them safe.