Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Microsoft Defender Antivirus with Andy Ful WHHLight
Message
<blockquote data-quote="likeastar20" data-source="post: 1078712" data-attributes="member: 51151"><p>What’s the difference really ? [USER=99014]@Trident[/USER] maybe you know?</p><p></p><p>[URL unfurl="true"]https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/behavior-monitor?view=o365-worldwide[/URL]</p><p></p><p><strong>Applies to:</strong></p><p></p><ul> <li data-xf-list-type="ul"><a href="https://go.microsoft.com/fwlink/p/?linkid=2154037" target="_blank">Microsoft Defender for Endpoint Plan 1</a></li> <li data-xf-list-type="ul"><a href="https://go.microsoft.com/fwlink/p/?linkid=2154037" target="_blank">Microsoft Defender for Endpoint Plan 2</a></li> <li data-xf-list-type="ul"><a href="https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-business" target="_blank">Microsoft Defender for Business</a></li> <li data-xf-list-type="ul"><a href="https://www.microsoft.com/en-us/microsoft-365/microsoft-defender-for-individuals" target="_blank">Microsoft Defender for Individuals</a></li> <li data-xf-list-type="ul">Microsoft Defender Antivirus</li> </ul><p>Monitors process behavior to detect and analyze potential threats based on the behavior of applications, services, and files. Rather than relying solely on signature-based detection (which identifies known malware patterns), behavior monitoring focuses on observing how software behaves in real-time. Here’s what it entails:</p><p></p><ol> <li data-xf-list-type="ol">Real-Time Threat Detection:</li> </ol> <ul> <li data-xf-list-type="ul">Continuously observe processes, file system activities, and interactions within the system.</li> <li data-xf-list-type="ul">Defender Antivirus can identify patterns associated with malware or other threats. For example, it looks for processes making unusual changes to existing files, modifying or creating automatic startup registry (ASEP) keys, and other alterations to the file system or structure.</li> </ul> <ol> <li data-xf-list-type="ol">Dynamic Approach:</li> </ol> <ul> <li data-xf-list-type="ul">Unlike static, signature-based detection, behavior monitoring adapts to new and evolving threats.</li> <li data-xf-list-type="ul">Microsoft Defender Antivirus uses predefined patterns, and observes how software behaves during execution. For malware that doesn’t fit any predefined pattern, Microsoft Defender Antivirus uses anomaly detection.</li> <li data-xf-list-type="ul">If a program shows suspicious behavior (for example, attempting to modify critical system files), Microsoft Defender Antivirus can take action to prevent further harm, and revert some previous malware actions.</li> </ul><p>Behavior monitoring enhances Defender Antivirus’s ability to proactively detect emerging threats by focusing on real-time actions and behaviors rather than relying solely on known signatures.</p><p></p><p>The following features depend on behavior monitoring.</p><p></p><p><strong>Anti-malware</strong></p><p></p><ul> <li data-xf-list-type="ul">Indicators, File hash, allow/block</li> </ul><p><strong>Network Protection</strong></p><p></p><ul> <li data-xf-list-type="ul">Indicators, IP address/URL, allow/block</li> <li data-xf-list-type="ul">Web Content Filtering, allow/block</li> </ul></blockquote><p></p>
[QUOTE="likeastar20, post: 1078712, member: 51151"] What’s the difference really ? [USER=99014]@Trident[/USER] maybe you know? [URL unfurl="true"]https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/behavior-monitor?view=o365-worldwide[/URL] [B]Applies to:[/B] [LIST] [*][URL='https://go.microsoft.com/fwlink/p/?linkid=2154037']Microsoft Defender for Endpoint Plan 1[/URL] [*][URL='https://go.microsoft.com/fwlink/p/?linkid=2154037']Microsoft Defender for Endpoint Plan 2[/URL] [*][URL='https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-business']Microsoft Defender for Business[/URL] [*][URL='https://www.microsoft.com/en-us/microsoft-365/microsoft-defender-for-individuals']Microsoft Defender for Individuals[/URL] [*]Microsoft Defender Antivirus [/LIST] Monitors process behavior to detect and analyze potential threats based on the behavior of applications, services, and files. Rather than relying solely on signature-based detection (which identifies known malware patterns), behavior monitoring focuses on observing how software behaves in real-time. Here’s what it entails: [LIST=1] [*]Real-Time Threat Detection: [/LIST] [LIST] [*]Continuously observe processes, file system activities, and interactions within the system. [*]Defender Antivirus can identify patterns associated with malware or other threats. For example, it looks for processes making unusual changes to existing files, modifying or creating automatic startup registry (ASEP) keys, and other alterations to the file system or structure. [/LIST] [LIST=1] [*]Dynamic Approach: [/LIST] [LIST] [*]Unlike static, signature-based detection, behavior monitoring adapts to new and evolving threats. [*]Microsoft Defender Antivirus uses predefined patterns, and observes how software behaves during execution. For malware that doesn’t fit any predefined pattern, Microsoft Defender Antivirus uses anomaly detection. [*]If a program shows suspicious behavior (for example, attempting to modify critical system files), Microsoft Defender Antivirus can take action to prevent further harm, and revert some previous malware actions. [/LIST] Behavior monitoring enhances Defender Antivirus’s ability to proactively detect emerging threats by focusing on real-time actions and behaviors rather than relying solely on known signatures. The following features depend on behavior monitoring. [B]Anti-malware[/B] [LIST] [*]Indicators, File hash, allow/block [/LIST] [B]Network Protection[/B] [LIST] [*]Indicators, IP address/URL, allow/block [*]Web Content Filtering, allow/block [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
