NEW BLOG POST: Windows Defender AV’s behavior monitoring coupled with cloud-powered machine learning models uncovered and blocked a massive Dofoil (Smoke Loader) coin mining campaign. Read the post
Windows Defender Security Intelligence (WDSI), formerly known as Microsoft Malware Protection Center (MMPC), is committed to helping Microsoft customers keep their computers secure. By continuously gathering and analyzing data, and by working with organizations inside and outside Microsoft, WDSI stays agile to combat evolving threats. Our mission is to help protect customers and computers, quickly respond to malware outbreaks, advise customers, and engage in valuable partnerships.
Help protect customers and computers
Microsoft antimalware products and services help protect hundreds of millions of computers worldwide. The WDSI team works closely with product teams at Microsoft to help ensure that products have the latest antimalware definitions and can provide accurate and actionable telemetry—data that can be used for further research.
The scanning tool that all these technologies use—the Microsoft antimalware engine—loads definition files that contain detection signatures for thousands of different families of malware and unwanted software. These detection signatures are key aspects of security updates. They are continually updated in response to new research and telemetry.
Telemetry data generated by Microsoft security products includes information about the general geographical location of the computers (not exact locations or personal information). This data enables WDSI to compare infection rates, patterns, and trends in various locations around the world.
Quickly respond to malware outbreaks
By receiving telemetry from millions of computers, and operating a global network of research and response labs, WDSI can identify and mitigate new threats within hours of their discovery. By using advanced research and heuristics, and by continuously monitoring for malicious behaviors, WDSI also provides proactive detection for new threats—before we even receive our first sample. Labs in Redmond (Washington, United States), Herzliya (Israel), and Melbourne (Australia)—with the help of additional researchers in other locations around the world—ensure that a response team is always online.
Advise customers on the threat landscape and protection
WDSI uses multiple channels to distribute malware research and security information to the public:
Engage in partnerships
WDSI engages widely within the antimalware industry. It collaborates with security researchers, partners, competitors, and independent software vendors (ISVs) worldwide. It also works with law enforcement organizations that seek to apprehend attackers.