Microsoft this week announced a new feature in Microsoft Defender Advanced Threat Protection (ATP) that is designed to block and contain malicious behavior.
Called “endpoint detection and response (EDR) in block mode,” the capability is meant to provide post-breach blocking of malware and other malicious behaviors, by taking advantage of Microsoft Defender ATP’s built-in machine learning models, Microsoft says.
EDR in block mode aims to detect threats through behavior analysis, providing organizations with real-time protection, even after a threat has been executed. It aims to help companies respond to threats faster, thwart cyber-attacks, and maintain security posture.
To block the attack, EDR in block mode stops processes related to the malicious behaviors or artifacts. Reports of these blocks are shown in Microsoft Defender Security Center, to inform security teams and enable further investigation, as well as the discovery and removal of similar threats.
Now available in public preview, EDR in block mode has already proven effective in stopping cyber-attacks. In April, the tech giant says, the capability blocked a NanoCore RAT attack that started with a spear-phishing email that had as attachment an Excel document carrying a malicious macro.
Microsoft customers who already turned on preview features in the Microsoft Defender Security Center can enable EDR in block mode by heading to Settings > Advanced features.
The tech giant encourages customers who preview EDR in block mode to provide feedback on their experience with the behavioral blocking and containment capabilities in Microsoft Defender ATP.
Related: Microsoft Adds New Data Corruption Preventions to Windows
Related: Safe Documents Feature in Microsoft 365 Apps Now Generally Available
Related: Microsoft Defender ATP Gets UEFI Scanner
Related: Microsoft Threat Protection Now Generally Available

More from Ionut Arghire
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Apple Unveils Upcoming Privacy and Security Features
- Dozens of Malicious Extensions Found in Chrome Web Store
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
Latest News
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
