[USER=114717]@bazang[/USER],
The article mentioned by you cannot bring anything useful to the discussion.
I am not sure if you understood my post. The detection of 40% to 60% of new malware used in the targeted attack on Enterprises is nothing new. It is consistent with the statistics already posted by me:
[URL unfurl="false"]https://malwaretips.com/threads/microsoft-defender-is-not-enough-anymore%E2%80%94this-malware-gets-around-it.133857/#post-1109465[/URL]
But, the same source shows that in the real world, other popular AVs also have similar detection. Of course, there can be some advanced EDR solutions that can detect/block 90% of new malware. However, most of the increased detection does not follow from better behavior blocking, but mainly from system/network restrictions and allowlisting.
According to available sources, Microsoft Defender has good behavior-based detection for new previously unseen malware.
[URL unfurl="false"]https://learn.microsoft.com/en-us/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus[/URL]
I could see it working many times when my freshly compiled tools were detected and blocked. I must always submit my tools to Microsoft before publishing them.
