Security News

Microsoft has announced a new feature for Microsoft Defender for Endpoint to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.There's a catch: the new MDE capability works only with onboarded devices running Windows 10 and later or Windows Server 2019 and later.

Microsoft Defender vs Trellix: EDR software comparison We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. Microsoft Defender for Endpoint is an endpoint security tool that provides threat alerts and attack mitigation for phishing, malware and ransomware.

Microsoft says Defender for Endpoint now comes with a new 'troubleshooting mode' that will help Windows admins test Defender Antivirus performance and run compatibility scenarios without getting blocked by tamper protection. The new mode is available in public preview and it enables admins to disable or change the tamper protection setting while diagnosing false-positive application blocks or performing performance troubleshooting.

In user tests of endpoint detection and response tools, CrowdStrike is generally considered to be easier to use and deploy than Microsoft Defender for Endpoint; however, Microsoft Defender is easily integrated into an existing Microsoft technology stack. Not only does Microsoft Defender fold neatly into the already existing Microsoft technology stack, but it provides best-in-class security alerting and attack mitigation.

You've probably encountered numerous threat intelligence reports outlining top attack campaigns in the past year. These reports are helpful in that they provide insight into common attacker behaviors and methods, but most of them fail to help you to apply this insight or include examples of the mitigation steps taken by defenders.

Microsoft Defender for Endpoint, formerly known as Microsoft Defender Advanced Threat Protection, is the tech giant's enterprise endpoint security platform. VMware Carbon Black Endpoint is an EDR software solution that consolidates multiple endpoint security features into a single platform.

Microsoft has made a standalone version of Microsoft Defender for Business generally available, aimed at customers not keen on paying for one of its subscriptions. The product is already bundled with Microsoft 365 Business Premium but can now be picked up as a standalone product for $3 per user per month, as we reported from Ignite late last year.

Microsoft says that its enterprise-grade endpoint security for small to medium-sized businesses is now generally available as a standalone solution.Known as Microsoft Defender for Business, this product is designed for SMBs with up to 300 employees who need protection against malware, phishing, and ransomware attacks on Windows, macOS, iOS, and Android devices.

Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue. According to Windows system admins reports [1, 2, 3, 4], the security solution began marking Chrome updates as suspicious starting last evening.

While there are some malicious drivers that are deliberately crafted to compromise PCs, the most problems come from a small number of legitimate drivers with accidental flaws in, said David Weston, VP of Enterprise and OS Security at Microsoft. "Think about some of the driver cases recently where a certificate leaked from a giant vendor. If we revoke that, everyone's devices may stop working. We need more of a precision mechanism to do blocking while we work towards the longer approach of revocation. The Vulnerable Driver Block List allows the user to do that with a very precise list that Microsoft has validated. We look at things like how many devices would stop working? Have we worked with a vendor to have a fix? We think the list is a good balance for folks who want security, but also want the confidence that Microsoft has done the telemetry and analysis."