Security News

Microsoft has announced the addition of new live macOS and Linux response capabilities to Defender for Endpoint, the enterprise version of Redmond's Windows 10 Defender antivirus. They are designed to help security operations teams to trigger response actions straight from the live response interface during incident investigations.

To address this increased security exposure, Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus. "We are excited to announce new device control capabilities in Microsoft Defender for Endpoint to secure removable storage scenarios on Windows and macOS platforms and offer an additional layer of protection for printing scenarios," Microsoft said.

Microsoft has added support for detecting jailbroken iOS devices to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus. The new detection capability now available in the enterprise endpoint security platform will warn security teams of both managed and unmanaged jailbroken iPhones and iPads on their network.

Microsoft has added support for identifying and assessing the security configurations of Linux and macOS endpoints on enterprise networks using Microsoft Defender for Endpoint. The secure configuration assessment feature is now in public preview, and it has expanded to include macOS and Linux devices after initially only supporting Windows 10 and Windows Server devices.

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. Even though multiple Microsoft security accounts were tagged on Twitter and the company was also contacted to provide a statement regarding this ongoing issue, Redmond hasn't yet provided an official reply.

Microsoft rushed to take action on Wednesday after Defender Advanced Threat Protection users reported getting Cobalt Strike and Mimikatz alerts that turned out to be false positives. It's not surprising that some Microsoft Defender ATP users had a small heart attack on Wednesday when they saw multiple high-severity alerts for Cobalt Strike.

The Microsoft Defender Advanced Threat Protection endpoint security platform now provides users with a new report designed to help them keep track of vulnerable Windows and macOS devices within their organization's environment. The vulnerable devices report displays graphs with statistics and details on currently vulnerable device trends with the end goal of making it easier for IT administrators to grasp the scope and breadth of device exposure within the organization.

Microsoft has released a spreadsheet containing the full list of URLs that Microsoft Defender ATP must reach to function correctly. When Microsoft Defender ATP is installed on endpoints, its sensor will detect malicious threats and behaviors and send them via HTTP to the Microsoft Defender ATP cloud service.

Administrators woke up to a scary surprise today after false positives in Microsoft Defender ATP showed network devices infected with Cobalt Strike. Microsoft Defender ATP is Microsoft's enterprise antivirus and threat monitoring solution that admins deploy on devices throughout an organization.

CI Security announced an expansion of existing offerings to include Endpoint Detection and Response with Microsoft Defender Advanced Threat Protection. CI Security's new Microsoft Defender ATP integration helps round out the company's 24/7 detection and response offering, Critical Insight MDR. The combination enables complete visibility into customers' environments, whether a physical network, cloud environment, zero-trust workforce, or any combination of the above.