yeah but i'm not an average person, i'm "The" Umbra
In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks
- Thread starter oldschool
- Start date
yeah but i'm not an average person, i'm "The" Umbra
Digital devices are far too complex for society (and administrators) nowadays. Technology has unleased a whole range of plagues on mankind. First and foremost are device\software addictions.
- Dec 23, 2014
- 8,593
We know that it is not on Windows Home and Pro. It is one of the top security solutions with Microsoft ATP on Windows E5 (rather expensive protection).
People on forums usually do not understand the results of several AV Lab tests. But, they are right in one thing. For average users, there is no real advantage of using 3rd party free AV (and a few paid too).
Yes, it is a hard job to make a safe and working security profile. I skipped forcing DLL checking in H_C profiles a long time ago (except ALL ON). Some path rules do not work properly in SRP (especially with the environment variables), etc. There are also some bugs when applying WD Application Control. Everything needs detailed checking/testing, before one could accept it working well (you cannot fully rely on Microsoft documentation).
Last edited:
- Dec 23, 2014
- 8,593
Back to the topic. I like the new WD features:
- Behavior-based (real-time, post-execution) machine learning.
- AMSI-paired machine learning.
- Mar 29, 2018
- 7,698
- Dec 23, 2014
- 8,593
The results were good indeed. But for some samples, the results were inconclusive and would require a special investigation. WD is hard to test against never seen samples, especially when the malware uses multistage techniques.
Anyway, it is good to see that WD still develops.
This will push other vendors to work hard to improve 3rd party AVs.
Last edited:
- May 16, 2018
- 1,363
Windows Defender ATP is much like the consumer version of Windows Defender in that they have both improved dramatically in the past two years.
I'm aware of WD ATP installations in places that would have never been considered in the past. Andy knows about one of those..
And some of that WD ATP tech slowly floats down to WD.
The thing about WD... Microsoft always tries to squeeze the amount of resources devoted to customer service. And this is why WD will probably never put the advanced capabilities into the WD product. They want to deploy WD so it's virtually foolproof and nobody has any issues.
But with 3rd party solutions like H_C, some of that WD ATP goodness can appear on your computer.
I'm aware of WD ATP installations in places that would have never been considered in the past. Andy knows about one of those..
And some of that WD ATP tech slowly floats down to WD.
The thing about WD... Microsoft always tries to squeeze the amount of resources devoted to customer service. And this is why WD will probably never put the advanced capabilities into the WD product. They want to deploy WD so it's virtually foolproof and nobody has any issues.
But with 3rd party solutions like H_C, some of that WD ATP goodness can appear on your computer.
- Jul 6, 2017
- 2,392
Interesting thread, but I'm going to say that maybe it's an aberration, but reading you who know Windows in depth, I realize that Windows has no solution.
Last edited:
The solution is to use anything except Microsoft made.
- Jul 6, 2017
- 2,392
That's why I spend most of my time on Linux.
This will push other vendors to work hard to improve 3rd party AVs.
People keep saying this but it isn't true. Nobody sees Windows Defender as any kind of real threat to their product.
But I will tell you what is happening... Microsoft is annoying paid vendors and paying customers for putting in protection features that cause problems with their products or cause cross-product conflicts. Microsoft will point the finger at the other party and won't take responsibility for the problems that it creates.
It isn't a matter of publishers trying harder. It is a matter of people paying, and paying well.
The average person does better, and is better protected, with paid AV on Windows. Paid AV are well optimized for the average user whereas Windows Defender is not.
But you are smart to use Linux instead of Windows.
- Mar 16, 2019
- 3,868
Hmm but I've been very busy for the last few days so haven't been able to test last few packs. I'll start testing again within 2-3 days.
- May 16, 2018
- 1,363
- Dec 23, 2014
- 8,593
It is strange that you have so much confidence without asking them all.
Let's stop here, until we sink in the sea of speculations.
- Dec 23, 2014
- 8,593
Windows is a kind of thing like cars, democracy, and health care. Most people can see that they are far from being perfect, but no one did find something better so far.
Anyway, I would be happy to see something better, for sure.
Last edited:
Because I know what people in the industry think. I certainly know what Avira, Kaspersky, DrWeb, Bitdefender and Symantec\Norton think. Heck, even people at Webroot do not think very highly of Windows Defender. They have made their positions on Microsoft, Windows and Windows Defender public for the most part so it isn't speculation.
- Dec 23, 2014
- 8,593
Please, think objectively. Why should anyone believe you? Would you believe if I would say that I know what people in the industry think?
Edit.
Do you also know what they think about WD after introducing the new features presented in this thread? Did you talk with anyone whose voice is decisive in these matters? Why should such a person say you the truth?
Last edited:
Well to be fair, Windows is MS property and for better, or worse, they can do as they please with it. In all fairness, the way I see it, since Windows is MS property, they really should be the ones shouldering the burden of keeping it safe. Others have profited by doing this for MS, due to their stupidity over the years. Thing is, for MS to properly lock things down, it will block what 3rd parties can do, or have access to. 3rd parties also do create problems, so it really isn't only MS as some claim. What about issues with HTTPS and browsers, slow web page laoading, FP of critical system files, causing issues with games and such? These aren't issues that MS created, these are issues that 3rd parties created due to the way they hook into things, etc...
Well of course they will say/think that. Let's cut the BS, these companies are making money on this, so let's be realistic here. If anything cuts into their margins, including MS and WD/ATP, of course they wont be happy. They may have some truth to the matter, but at the end of the day it's still a business for them.
- May 26, 2014
- 1,339
But they should, because Microsoft is the market share leader in business endpoints and has the biggest market share in the consumer segment too.
Microsoft is unique in the EPP space, as it is the only vendor that can provide built-in endpoint protection capabilities tightly integrated with the OS. Windows Defender Antivirus (known as System Center Endpoint Protection in Window 7 and 8) is now a core component of all versions of the Windows 10 OS, and provides cloud-assisted attack protection. Microsoft Defender Advanced Threat Protection (ATP) provides an EDR capability, monitoring and reporting on Windows Defender Antivirus and Windows Defender Exploit Guard (“Exploit Guard”), vulnerability and configuration management, as well as advanced hardening tools. The Microsoft Defender ATP incident response console consolidates alerts and incident response activities across Microsoft Defender ATP, Office 365 ATP, Azure ATP and Active Directory, as well as incorporates data sensitivity from Azure information protection.
Microsoft is much more open to supporting heterogeneous environments and has released EPP capabilities for Mac. Linux is supported through partners, while native agents are on the roadmap.
Microsoft has been placed in the Leaders quadrant this year due to the rapid market share gains of Windows Defender Antivirus (Defender), which is now the market share leader in business endpoints. In addition, excellent execution on its roadmap make it a credible replacement for competitive solutions, particularly for organizations looking to reduce complexity.
Strengths
- Defender provides malware protection using a range of techniques including behavioral, emulation, script analysis, memory scanning, network monitoring signatures and heuristics on the client, along with cloud protection engines to detect newer malware. Microsoft Defender ATP can work alongside some other vendors’ EPP or EDR agents or will step up to protect clients automatically if a third-party EPP engine fails, is out of date or is disabled.
- Microsoft Defender ATP combines advanced EDR functionality with management and monitoring of Exploit Guard, Defender and other Microsoft products, critically Active Directory, to enable a common alert and incident response console. ATP leverages Azure infrastructure to store six months of data at no extra charge.
- Microsoft has one of the better out-of-the-box SOAR capabilities to integrate with Microsoft and partner products and to automate repetitive tasks. Conditional access rules enable a continuous adaptive risk and trust assessment (CARTA) architecture.
- ATP adds threat and vulnerability management, attack surface reduction (such as hardware-based isolation, application control, network protection and attack surface reduction rules) and threat analytics’ contextual threat intelligence reports. Microsoft Secure Score and vulnerability and configuration information provide weighted recommendations and actions to improve endpoint hardening, and compare the current posture with the industry and global peers for benchmarking. This score gives admins and chief information security officers (CISOs) an excellent understanding of the overall security posture relative to peers and shows improvements over time.
- Microsoft recently launched a service called Microsoft Threat Experts to support customers’ incident response and alert analysis.
Source:
Similar threads
- Microsoft Threat Intelligence
- Microsoft Defender
