Skip to main content
This site uses cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use.
Learn more
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
Home
Operations
Operations Overview
Intelligence
Intelligence report
Technology
Technology Overview
Identity and access management
Identity and access management overview
Conditional access
Passwordless
Threat protection
Information protection
Security management
Partnerships
Partnerships Overview
Security API
Security Association
Find a partner
Security fundamentals
Resources
Resources Overview
Security blog
Events
Trust Center
Trust Center
Security
Privacy
Compliance
Service Trust Portal
More
All Microsoft
Microsoft 365
Azure
Office 365
Dynamics 365
SQL
Windows 10
Products & Services
Windows Server
Enterprise Mobility + Security
Power BI
Teams
Visual Studio
Microsoft Advertising
Emerging Technologies
AI
Internet of Things
Azure Cognitive Services
Quantum
Microsoft HoloLens
Mixed Reality
Developer & IT
Docs
TechNet
Developer Network
Windows Dev Center
Windows IT Pro Center
FastTrack
Partner
Partner Network
Solution Providers
Partner Center
Cloud Hosting
Industries
Education
Financial services
Government
Health
Manufacturing & resources
Retail
Other
Security
Licensing
AppSource
Azure Marketplace
Events
Research
View Sitemap
Search
Cancel
Sign in
Author: windows-defender-research
Featured image for From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw
March 25, 2019
From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw
Our discovery of two privilege escalation vulnerabilities in a driver highlights the strength of Microsoft Defender ATP’s sensors. These sensors expose anomalous behavior and give SecOps personnel the intelligence and tools to investigate threats, as we did.
Read more
From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw
Featured image for Tackling phishing with signal-sharing and machine learning
December 19, 2018
Tackling phishing with signal-sharing and machine learning
Across services in Microsoft Threat Protection, the correlation of security signals enhances the comprehensive and integrated security for identities, endpoints, user data, cloud apps, and infrastructure.
Read more
Tackling phishing with signal-sharing and machine learning
Featured image for Microsoft AI competition explores the next evolution of predictive technologies in security
December 13, 2018
Microsoft AI competition explores the next evolution of predictive technologies in security
Predictive technologies are already effective at detecting and blocking malware at first sight. A new malware prediction competition on Kaggle will challenge the data science community to push these technologies even further—to stop malware before it is even seen.
Read more
Microsoft AI competition explores the next evolution of predictive technologies in security
Featured image for Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
December 3, 2018
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign.
Read more
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
Featured image for Windows Defender Antivirus can now run in a sandbox
October 26, 2018
Windows Defender Antivirus can now run in a sandbox
Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox. With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability and continues to lead the industry in raising the bar for security. Putting Windows Defender Antivirus in a…
Read more
Windows Defender Antivirus can now run in a sandbox
Featured image for Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
September 27, 2018
Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.
Read more
Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
Featured image for Small businesses targeted by highly localized Ursnif campaign
September 6, 2018
Small businesses targeted by highly localized Ursnif campaign
In social engineering attacks, is less really more? A new malware campaign puts that to the test by targeting home users and small businesses in specific US cities. This was a focused, highly localized attack that aimed to steal sensitive info from just under 200 targets. Macro-laced documents masqueraded as statements from legitimate businesses. The documents are then distributed via email to target victims in cities where the businesses are located. With Windows Defender AV’s next gen defense, however, the size of the attack doesn’t really matter. Several cloud-based machine learning algorithms detected and blocked the malicious documents at the onset, stopping the attack and protecting customers from what would have been the payload, info-stealing malware Ursnif.
Read more
Small businesses targeted by highly localized Ursnif campaign
August 16, 2018
Partnering with the industry to minimize false positives
Every day, antivirus capabilities in Windows Defender Advanced Threat Protection (Windows Defender ATP) protect millions of customers from threats. To effectively scale protection, Windows Defender ATP uses intelligent systems that combine multiple layers of machine learning models, behavior-based detection algorithms, generics, and heuristics that make a verdict on suspicious files, most of the time in…
Read more
Partnering with the industry to minimize false positives
Featured image for Protecting the protector: Hardening machine learning defenses against adversarial attacks
August 9, 2018
Protecting the protector: Hardening machine learning defenses against adversarial attacks
Harnessing the power of machine learning and artificial intelligence has enabled Windows Defender Advanced Threat Protection (Windows Defender ATP) next-generation protection to stop new malware attacks before they can get started – often within milliseconds. These predictive technologies are central to scaling protection and delivering effective threat prevention in the face of unrelenting attacker activity.…
Read more
Protecting the protector: Hardening machine learning defenses against adversarial attacks
August 7, 2018
Protecting the modern workplace from a wide range of undesirable software
Security is a fundamental component of the trusted and productive Windows experience that we deliver to customers through modern platforms like Windows 10 and Windows 10 in S mode. As we build intelligent security technologies that protect the modern workplace, we aim to always ensure that customers have control over their devices and experiences. To…
Read more
Protecting the modern workplace from a wide range of undesirable software
1
2
3
…
13
Next
