Connect with us

Hi, what are you looking for?


Endpoint Security

Microsoft Enhances Windows Defender ATP

Microsoft has unveiled several enhancements to its Windows Defender Advanced Threat Protection (ATP) product to improve its protection capabilities.

Microsoft has unveiled several enhancements to its Windows Defender Advanced Threat Protection (ATP) product to improve its protection capabilities.

The improvements target various aspects of the endpoint protection platform, such as attack surface reduction, post-breach detection and response, automation capabilities, security insights, and threat hunting, Moti Gindi, General Manager, Windows Cyber Defense, explains. 

Windows Defender ATP now has new attack surface reduction rules, designed to prevent Office communication applications (including Outlook) and Adobe Acrobat Reader from creating child processes. The new rules should help prevent a variety of attacks, such as those using macro and vulnerability exploits. 

However, the company also added improved customization for exclusions and allow lists, which can be applied to folders and even individual files, Gindi reveals

Now, Microsoft’s protection platform also takes advantage of emergency security intelligence updates. In the event of an outbreak, the Windows Defender ATP team can request cloud-connected enterprise devices to pull dedicated intelligence updates directly from the Windows Defender ATP cloud, thus eliminating the need for security admins to take action. 

According to Microsoft, Windows Defender ATP blocks 5 billion threats every month, leveraging machine learning and artificial intelligence in the process. The technology also allows it to score high in various protection tests. 

Dedicated detections for cryptocurrency mining malware is also available in the protection platform now, and Microsoft also increased focus on detecting and disrupting tech support scams. Recently, Windows Defender ATP’s antivirus also got a dedicated sandbox, to prevent attackers from leveraging it to compromise system. 

Advertisement. Scroll to continue reading.

To provide security analysis with means to better understand complex security events, Microsoft has added Incidents to Windows Defender ATP. Providing an aggregated view of an attack’s context, it can help identify related alerts and artifacts across impacted systems, as well as correlating them across the attack timeline. 

“By transforming the queue from hundreds of individual alerts to a more manageable number of meaningful aggregations, Incidents eliminate the need to review alerts sequentially and to manually correlated malicious events across the organization, saving up to 80% of analyst time,” Gindi claims. 

Windows Defender ATP can also automatically investigate and remediate memory-based attacks, also known as fileless attacks. Thus, instead of simply alerting on such an attack, the platform can launch a fully automated investigation into the incident. 

Technical information on threats is provided through a Threat analytics dashboard, along with recommended actions to contain and prevent specific threats and increase organizational resilience. Additionally, Microsoft is offering an assessment of the impact of threats on an organization’s environment and a view of the number of protected and exposed machines. 

Custom detection rules are also available, based on the queries security researchers share using the GitHub community repository, along with built-in capabilities for discovery and protection of sensitive data on enterprise endpoints, courtesy of integration with Azure Information Protection (AIP) Data Discovery. 

Windows Defender ATP also integrates with Microsoft Cloud App Security for the discovery of shadow IT in an organization. This simplifies rollout of Cloud App Security discovery and provides Microsoft Cloud App Security with traffic information about client-based and browser-based cloud apps and services used on IT-managed Windows 10 devices. 

Customers interested in testing the new features can sign up for a free 60-day fully featured Windows Defender ATP trial. The Windows Defender demo page and the Windows Defender security center portal also allow interested parties to take the features for a spin. 

Related: Microsoft Creates Sandbox for Windows Defender

Related: Microsoft Brings Windows Defender ATP to Windows 7, 8.1

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...