Microsoft Presents Defender's Advanced Threat Protection

[BoraMurdar]

​

Today's announcement builds on security features that the company unveiled at its Ignite 2016 conference, which include Defender Advanced Threat Protection (ATP) and Office ATP being able to communicate with one another through the Windows Security Center. This will allow IT admins to "easily follow an attack across endpoints and email in a seamless and integrated way."

• Enriched Detection. As I’ve said before, methods and means attackers use are increasingly varied, complex and well-funded. The sensors we have today across the network traffic channeled through end points and the cloud are powerful. However, cyber threats won’t stop, and neither will we. With the Creators Update we will expand Windows Defender ATP sensors to detect threats that persist only in memory or kernel level exploits. This will enable IT administrators to monitor loaded drivers and in-memory activities, and to detect various patterns of injection, reflective loading, and in-memory modifications indicating potential kernel exploits.
  
  
• Enriched Intelligence. We already add on to our Microsoft Threat Intelligence (TI) with industry partners like FireEye iSIGHT Threat Intelligence. In the Creators Update, we’ll enable IT administrators to feed their own intelligence into the Windows Security Center for alerts on activities based on their own indicators of compromise. This added level of insight will enrich machine learning models to identify and block malware more quickly and better protect their unique environment.
  
  
• Enhanced Remediation. We will also deliver new remediation actions in Windows Defender ATP that will give IT administrators the tools to isolate machines, collect forensics, kill and clean running processes and quarantine or block files with a single click in the Windows Security Center and further reduce response time.

From Neowin

 

[SHvFl]

This sounds way too cool to be truth. Someone bring me back to reality please.

 

[Der.Reisende]

This sounds way too cool to be truth. Someone bring me back to reality please.

+1
I wonder whether this will find it's way into Windows Defender for Home / Pro Win10, too. Some mechanical protection features for WD wouldn't be of harm, too. Like HIPS / BB. In case the improved detection ratio fails.

 

[SHvFl]

+1
I wonder whether this will find it's way into Windows Defender for Home / Pro Windows 10, too. Some mechanical protection features for WD wouldn't be of harm, too. Like HIPS / BB. In case the improved detection ratio fails.

If MS made a BB it would be the BB you want. They have access to everything and can make the OS behave like they wish to help. MS is the only one that could potentially own the anti malware business but they don't seem to want to do it.

 

[kaleci07]

seems we wont need 3. party av solution anymore

 

[Der.Reisende]

If MS made a BB it would be the BB you want. They have access to everything and can make the OS behave like they wish to help. MS is the only one that could potentially own the anti malware business but they don't seem to want to do it.

Yes, I agree with you! I think the problem is they rather would, however they'd get sued all the way down, like they were in Europe with boosting the use of IE by not offering alternatives on stock installations.
https://gizmodo.com/5988837/the-eu-just-fined-microsoft-730m-over-its-browser-monopoly
However, this time, probably by not only the EU.

 

[BoraMurdar]

This sounds way too cool to be truth. Someone bring me back to reality please.

It initially was going to be released for business users, it would be great if they change their mind and bring those features to home users as well

 

[SHvFl]

It initially was going to be released for business users, it would be great if they change their mind and bring those features to home users as well

They added pro which is something. Don't expect them to give it to home. They don't even give group policy in home. Home is the poor relative to their lineups in the eyes of MS.Just so they can be added to all those pre made builds(laptop/desktops) for a profit to both MS and manufactures.
At least this is how i see it.

 

[MalwareBlockerYT]

seems we wont need 3. party av solution anymore

I think we still will. It's worth buying an AV for the GUI improvement alone & not using Defender. Defender has a horrible GUI, the detection has improved & I will be uploading a test of it soon.

 

[BoraMurdar]

It's worth buying an AV for the GUI improvement alone & not using Defender

GUI should be the least important thing for security software. But anyway, Microsoft is ready to update Windows Defender GUI in Creators Update

 

[MalwareBlockerYT]

GUI should be the least important thing for security software. But anyway, Microsoft is ready to update Windows Defender GUI in Creators Update

I agree that the GUI is the least important thing but there's no reason to ditch 3rd party AVs when they have a better GUI, better performance, better detection rate, more extra features, etc...

Yes Microsoft may be upping their claim but can they up their game? Will they ever produce as good of an AV as Emsisoft or Kaspersky, Bitdefender, etc?

The new GUI does look slightly better though.

 

[BoraMurdar]

Yes Microsoft may be upping their claim but can they up their game? Will they ever produce as good of an AV as Emsisoft or Kaspersky, Bitdefender, etc?

They can, they know Windows better than anyone, but they probably will not

 

[In2an3_PpG]

I agree that the GUI is the least important thing but there's no reason to ditch 3rd party AVs when they have a better GUI, better performance, better detection rate, more extra features, etc...

Yes Microsoft may be upping their claim but can they up their game? Will they ever produce as good of an AV as Emsisoft or Kaspersky, Bitdefender, etc?

The new GUI does look slightly better though.

I don't know if Microsoft would be allowed to improve Defender to be like the three you mentioned. If they were then why would anyone need to leave Defender and purchase or use a 3rd party av when Defender comes with the OS. That would probably make the industry very upset and make Microsoft look like a monopoly. 3rd party AVs would then start losing a lot of money. Then governments would get involved.

Personally though i don't really have any problem with the current GUI. The new one looks alright.

 

[MalwareBlockerYT]

I don't know if Microsoft would be allowed to improve Defender to be like the three you mentioned. If they were then why would anyone need to leave Defender and purchase or use a 3rd party av when Defender comes with the OS. That would probably make the industry very upset and make Microsoft look like a monopoly. 3rd party AVs would then start losing a lot of money. Then governments would get involved.

Personally though i don't really have any problem with the current GUI. The new one looks alright.

The new GUI looks better in my opinion but bland. Microsoft seems to like the colour grey - Windows 10 Settings, new Windows Defender GUI, etc are all either grey, blue or white. I like the colours on the OS but the Defender GUI looks like they've wasted a lot of space & it looks plain & simple. I feel as though they should actually add an image or something next to the "Windows Defender Protecting Is Your Computer" otherwise it will be the first AV ever to not have a green tick saying "You are protected!"...

 

[aragornnnn]

This seems quite interesting

definitely keeping an eye on it.

 

[Wave]

I agree that the GUI is the least important thing but there's no reason to ditch 3rd party AVs when they have a better GUI, better performance, better detection rate, more extra features, etc...

The extra features aren't essential. What is essential is basic real-time/on-demand scanning, and as long as you use the existing built-in Windows security like UAC/SmartScreen correctly and are careful online then you don't need an expensive AV with loads of fancy features. Even if you are using Kaspersky or Emsisoft, you may believe you are better protected, but most infections 9/10 involve additional user-intervention and if the user is being dumb and allowing things or doesn't know how to work a product correctly or is just not using safe practises then they'll be infected no matter what security they are using.

Windows Defender + UAC + SmartScreen + common sense = 10x better than using any other AV/IS product you'll find, because using another one won't make you more full-proof. Having fancy features like BB/HIPS, sandboxing, etc may not make a difference... User downloads malware -> becomes sandboxed -> so they execute out of the sandbox... (after all, they did download and try to run it). Now apply the same for BB/HIPS -> they allow because they wanted to run it... Now they become infected anyway.

They can't make a product like Emsisoft has because it'd remove the freedom that we as users have on Windows. Users who use WD don't need HIPS alerts and to be confused with fancy features... MS are just providing good essentials which can be used like UAC/SmartScreen which are great alone if used in combination, plus basic security which is sufficient enough to be a backup friend.

 

[Svoll]

This sounds way too cool to be truth. Someone bring me back to reality please.

Whats reality? Marketing 101 taught me, you must believe in the product and your imagination of what it is capable of therefore you are not blowing smoke out of your behind. I didn't believe therefore I am repeating the class =P -Joking, I passed it easily!!!!

 

[509322]

Official Microsoft Infos

Platforms supported: Windows Defender Advanced Threat Protection - Windows Defender

WDATP: Windows Defender Advanced Threat Protection

Trial (It isn't explicitly stated which platforms the Trial can installed on): WDATP - Windows Defender Advanced Threat Protection

Appears it might only install on Enterprise

 

[bunchuu]

not supported windows 10 home edition

 

[Wave]

not supported windows 10 home edition

No surprise there, it probably isn't developed to be comfortable for Home users, since you'd need to know what you are doing, etc.