Security News

Microsoft Defender ATP adds live response for Linux and macOS
2021-10-25 15:50

Microsoft has announced the addition of new live macOS and Linux response capabilities to Defender for Endpoint, the enterprise version of Redmond's Windows 10 Defender antivirus. They are designed to help security operations teams to trigger response actions straight from the live response interface during incident investigations.

Microsoft Defender ATP now secures removable storage, printers
2021-07-26 21:21

To address this increased security exposure, Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus. "We are excited to announce new device control capabilities in Microsoft Defender for Endpoint to secure removable storage scenarios on Windows and macOS platforms and offer an additional layer of protection for printing scenarios," Microsoft said.

Microsoft Defender ATP now warns of jailbroken iPhones, iPads
2021-06-15 20:21

Microsoft has added support for detecting jailbroken iOS devices to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus. The new detection capability now available in the enterprise endpoint security platform will warn security teams of both managed and unmanaged jailbroken iPhones and iPads on their network.

Microsoft Defender ATP now secures networked Linux, macOS devices
2021-05-11 17:01

Microsoft has added support for identifying and assessing the security configurations of Linux and macOS endpoints on enterprise networks using Microsoft Defender for Endpoint. The secure configuration assessment feature is now in public preview, and it has expanded to include macOS and Linux devices after initially only supporting Windows 10 and Windows Server devices.

Microsoft Defender ATP detects Chrome updates as PHP backdoors
2021-02-03 16:17

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. Even though multiple Microsoft security accounts were tagged on Twitter and the company was also contacted to provide a statement regarding this ongoing issue, Redmond hasn't yet provided an official reply.

Microsoft Defender ATP Users Get False Positive Alerts for Mimikatz, Cobalt Strike
2020-10-29 09:36

Microsoft rushed to take action on Wednesday after Defender Advanced Threat Protection users reported getting Cobalt Strike and Mimikatz alerts that turned out to be false positives. It's not surprising that some Microsoft Defender ATP users had a small heart attack on Wednesday when they saw multiple high-severity alerts for Cobalt Strike.

Microsoft Defender ATP adds vulnerable Windows device tracking
2020-10-28 16:11

The Microsoft Defender Advanced Threat Protection endpoint security platform now provides users with a new report designed to help them keep track of vulnerable Windows and macOS devices within their organization's environment. The vulnerable devices report displays graphs with statistics and details on currently vulnerable device trends with the end goal of making it easier for IT administrators to grasp the scope and breadth of device exposure within the organization.

Microsoft shares list of URLs required by Microsoft Defender ATP
2020-10-28 13:59

Microsoft has released a spreadsheet containing the full list of URLs that Microsoft Defender ATP must reach to function correctly. When Microsoft Defender ATP is installed on endpoints, its sensor will detect malicious threats and behaviors and send them via HTTP to the Microsoft Defender ATP cloud service.

Microsoft Defender ATP scars admins with false Cobalt Strike alerts
2020-10-28 11:14

Administrators woke up to a scary surprise today after false positives in Microsoft Defender ATP showed network devices infected with Cobalt Strike. Microsoft Defender ATP is Microsoft's enterprise antivirus and threat monitoring solution that admins deploy on devices throughout an organization.

CI Security expands offerings to include EDR with Microsoft Defender ATP
2020-08-26 00:45

CI Security announced an expansion of existing offerings to include Endpoint Detection and Response with Microsoft Defender Advanced Threat Protection. CI Security's new Microsoft Defender ATP integration helps round out the company's 24/7 detection and response offering, Critical Insight MDR. The combination enables complete visibility into customers' environments, whether a physical network, cloud environment, zero-trust workforce, or any combination of the above.