In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I wasn't talking about everyday sheeples, but instead about people on forums that keep saying Windows Defender has now become a top AV.
(y)
We know that it is not on Windows Home and Pro. It is one of the top security solutions with Microsoft ATP on Windows E5 (rather expensive protection).
People on forums usually do not understand the results of several AV Lab tests. But, they are right in one thing. For average users, there is no real advantage of using 3rd party free AV (and a few paid too).

That i totally agree and experienced it...
Example: set Windows SRP restriction as "basic user" with dll enforcements , it blocks right away Windows Defender to show up (no more Security Center tray icon, WD whole settings disappeared, etc...) LOL
(y)
Yes, it is a hard job to make a safe and working security profile. I skipped forcing DLL checking in H_C profiles a long time ago (except ALL ON). Some path rules do not work properly in SRP (especially with the environment variables), etc. There are also some bugs when applying WD Application Control. Everything needs detailed checking/testing, before one could accept it working well (you cannot fully rely on Microsoft documentation).:unsure:
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Back to the topic. I like the new WD features:
  1. Behavior-based (real-time, post-execution) machine learning.
  2. AMSI-paired machine learning.
They will improve the WD detection of prevalent malware, for sure. So, all WD users will be better protected, too.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
And we've seen a snapshot example of this in @SeriousHoax recent tests. (y)(y)
The results were good indeed. But for some samples, the results were inconclusive and would require a special investigation. WD is hard to test against never seen samples, especially when the malware uses multistage techniques.
Anyway, it is good to see that WD still develops.(y)
This will push other vendors to work hard to improve 3rd party AVs.:giggle:
 
Last edited:

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Windows Defender ATP is much like the consumer version of Windows Defender in that they have both improved dramatically in the past two years.

I'm aware of WD ATP installations in places that would have never been considered in the past. Andy knows about one of those..

And some of that WD ATP tech slowly floats down to WD.

The thing about WD... Microsoft always tries to squeeze the amount of resources devoted to customer service. And this is why WD will probably never put the advanced capabilities into the WD product. They want to deploy WD so it's virtually foolproof and nobody has any issues.

But with 3rd party solutions like H_C, some of that WD ATP goodness can appear on your computer. (y)
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Interesting thread, but I'm going to say that maybe it's an aberration, but reading you who know Windows in depth, I realize that Windows has no solution.
 
Last edited:
9

93803123

This will push other vendors to work hard to improve 3rd party AVs.:giggle:

People keep saying this but it isn't true. Nobody sees Windows Defender as any kind of real threat to their product.

But I will tell you what is happening... Microsoft is annoying paid vendors and paying customers for putting in protection features that cause problems with their products or cause cross-product conflicts. Microsoft will point the finger at the other party and won't take responsibility for the problems that it creates.

It isn't a matter of publishers trying harder. It is a matter of people paying, and paying well.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Interesting thread, but I'm going to say that maybe it's an aberration, but reading you who know Windows in depth, I realize that Windows has no solution.
Windows is a kind of thing like cars, democracy, and health care. Most people can see that they are far from being perfect, but no one did find something better so far. :unsure:
Anyway, I would be happy to see something better, for sure.:giggle:
 
Last edited:
9

93803123

It is strange that you have so much confidence without asking them all.

Because I know what people in the industry think. I certainly know what Avira, Kaspersky, DrWeb, Bitdefender and Symantec\Norton think. Heck, even people at Webroot do not think very highly of Windows Defender. They have made their positions on Microsoft, Windows and Windows Defender public for the most part so it isn't speculation.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Because I know what people in the industry think.
Please, think objectively. Why should anyone believe you? Would you believe if I would say that I know what people in the industry think?

Edit.
Do you also know what they think about WD after introducing the new features presented in this thread? Did you talk with anyone whose voice is decisive in these matters? Why should such a person say you the truth?
 
Last edited:
F

ForgottenSeer 72227

But I will tell you what is happening... Microsoft is annoying paid vendors and paying customers for putting in protection features that cause problems with their products or cause cross-product conflicts. Microsoft will point the finger at the other party and won't take responsibility for the problems that it creates.

Well to be fair, Windows is MS property and for better, or worse, they can do as they please with it. In all fairness, the way I see it, since Windows is MS property, they really should be the ones shouldering the burden of keeping it safe. Others have profited by doing this for MS, due to their stupidity over the years. Thing is, for MS to properly lock things down, it will block what 3rd parties can do, or have access to. 3rd parties also do create problems, so it really isn't only MS as some claim. What about issues with HTTPS and browsers, slow web page laoading, FP of critical system files, causing issues with games and such? These aren't issues that MS created, these are issues that 3rd parties created due to the way they hook into things, etc...

Because I know what people in the industry think. I certainly know what Avira, Kaspersky, DrWeb, Bitdefender and Symantec\Norton think. Heck, even people at Webroot do not think very highly of Windows Defender. They have made their positions on Microsoft, Windows and Windows Defender public for the most part so it isn't speculation.

Well of course they will say/think that. Let's cut the BS, these companies are making money on this, so let's be realistic here. If anything cuts into their margins, including MS and WD/ATP, of course they wont be happy. They may have some truth to the matter, but at the end of the day it's still a business for them.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
People keep saying this but it isn't true. Nobody sees Windows Defender as any kind of real threat to their product.

But I will tell you what is happening... Microsoft is annoying paid vendors and paying customers for putting in protection features that cause problems with their products or cause cross-product conflicts. Microsoft will point the finger at the other party and won't take responsibility for the problems that it creates.

It isn't a matter of publishers trying harder. It is a matter of people paying, and paying well.

But they should, because Microsoft is the market share leader in business endpoints and has the biggest market share in the consumer segment too.

Microsoft
Microsoft is unique in the EPP space, as it is the only vendor that can provide built-in endpoint protection capabilities tightly integrated with the OS. Windows Defender Antivirus (known as System Center Endpoint Protection in Window 7 and 8) is now a core component of all versions of the Windows 10 OS, and provides cloud-assisted attack protection. Microsoft Defender Advanced Threat Protection (ATP) provides an EDR capability, monitoring and reporting on Windows Defender Antivirus and Windows Defender Exploit Guard (“Exploit Guard”), vulnerability and configuration management, as well as advanced hardening tools. The Microsoft Defender ATP incident response console consolidates alerts and incident response activities across Microsoft Defender ATP, Office 365 ATP, Azure ATP and Active Directory, as well as incorporates data sensitivity from Azure information protection.
Microsoft is much more open to supporting heterogeneous environments and has released EPP capabilities for Mac. Linux is supported through partners, while native agents are on the roadmap.

Microsoft has been placed in the Leaders quadrant this year due to the rapid market share gains of Windows Defender Antivirus (Defender), which is now the market share leader in business endpoints. In addition, excellent execution on its roadmap make it a credible replacement for competitive solutions, particularly for organizations looking to reduce complexity.

Strengths

  • Defender provides malware protection using a range of techniques including behavioral, emulation, script analysis, memory scanning, network monitoring signatures and heuristics on the client, along with cloud protection engines to detect newer malware. Microsoft Defender ATP can work alongside some other vendors’ EPP or EDR agents or will step up to protect clients automatically if a third-party EPP engine fails, is out of date or is disabled.
  • Microsoft Defender ATP combines advanced EDR functionality with management and monitoring of Exploit Guard, Defender and other Microsoft products, critically Active Directory, to enable a common alert and incident response console. ATP leverages Azure infrastructure to store six months of data at no extra charge.
  • Microsoft has one of the better out-of-the-box SOAR capabilities to integrate with Microsoft and partner products and to automate repetitive tasks. Conditional access rules enable a continuous adaptive risk and trust assessment (CARTA) architecture.
  • ATP adds threat and vulnerability management, attack surface reduction (such as hardware-based isolation, application control, network protection and attack surface reduction rules) and threat analytics’ contextual threat intelligence reports. Microsoft Secure Score and vulnerability and configuration information provide weighted recommendations and actions to improve endpoint hardening, and compare the current posture with the industry and global peers for benchmarking. This score gives admins and chief information security officers (CISOs) an excellent understanding of the overall security posture relative to peers and shows improvements over time.
  • Microsoft recently launched a service called Microsoft Threat Experts to support customers’ incident response and alert analysis.



Gartner-EPP-MQ-Microsoft.jpg

Source:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top