Skip to content

Microsoft Secure

Partnering with the industry to minimize false positives

Every day, antivirus capabilities in Windows Defender Advanced Threat Protection (Windows Defender ATP) protect millions of customers from threats. To effectively scale protection, Windows Defender ATP uses intelligent systems that combine multiple layers of machine learning models, behavior-based detection algorithms, generics, and heuristics that make a verdict on suspicious files, most of the time in...

Read more

Protecting the protector: Hardening machine learning defenses against adversarial attacks

Harnessing the power of machine learning and artificial intelligence has enabled Windows Defender Advanced Threat Protection (Windows Defender ATP) next-generation protection to stop new malware attacks before they can get started – often within milliseconds. These predictive technologies are central to scaling protection and delivering effective threat prevention in the face of unrelenting attacker activity....

Read more

Protecting the modern workplace from a wide range of undesirable software

Security is a fundamental component of the trusted and productive Windows experience that we deliver to customers through modern platforms like Windows 10 and Windows 10 in S mode. As we build intelligent security technologies that protect the modern workplace, we aim to always ensure that customers have control over their devices and experiences. To...

Read more

Attack inception: Compromised supply chain within a supply chain poses new risks

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the app’s legitimate installer the unsuspecting carrier of a...

Read more

March-April 2018 test results: More insights into industry AV tests

In a previous post, in the spirit of our commitment to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions, we shared insights and context into the results of AV-TEST’s January-February 2018 test cycle. We released a transparency report to help our customers and the broader security community to stay informed...

Read more

Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis

Much of cybercrime today is fueled by underground markets where malware and cybercriminal services are available for purchase. These markets in the deep web commoditize malware operations. Even novice cybercriminals can buy malware toolkits and other services they might need for malware campaigns: encryption, hosting, antimalware evasion, spamming, and many others. Hawkeye Keylogger is an...

Read more

Assessing Microsoft 365 security solutions using the NIST Cybersecurity Framework

This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, you’ll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog New FastTrack benefit: Deployment support for Co-management on Windows 10 devices....

Read more

Taking apart a double zero-day sample discovered in joint hunt with ESET

In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcher Anton Cherepanov. The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel with ESET researchers, I was surprised to discover two new zero-day exploits in the same PDF....

Read more