Windows Defender AV
Windows Defender AV
Evaluate Windows Defender AV – Use this guide to determine how well Windows Defender Antivirus protects you from viruses, malware, and potentially unwanted applications.
Mitigate threats by using Windows 10 security features – This topic provides an overview of some of the software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats. For information about related types of protection offered by Microsoft
Manage Windows Defender AV in your business – You can manage WDAV with Group Policy, SCCM, Powershell cmdlets, WMI, and mpcmdrun.exe utility.
March-April 2018 test results: More insights into industry AV tests – we’d like to share Windows Defender AV’s scores in the March-April 2018 test. In this new iteration of the transparency report, we continue to investigate the relationship of independent test results and the real-world protection of antivirus solutions. We hope that you find the report insightful.
Windows Transparency Reports for March-April 2018
Microsoft Security Intelligence Report – The Microsoft Security Intelligence Report Volume 23 analyzes key security trends from the past year—and provides actionable recommendations on how you can respond today.
External – Av-test.org – AV-TEST Product Review and Certification Report – Mar-Apr/2018 – During March and April 2018 we continuously evaluated 15 endpoint protection products using settings as provided by the vendor. We always used the most current publicly-available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers.
Best Practice and Recommendations
Windows Security Baselines – We recommend that you implement an industry-standard configuration that is broadly known and well-tested, such as Microsoft security baselines, as opposed to creating a baseline yourself. This helps increase flexibility and reduce costs.
GCHQ Windows 10 Security Guidance – National Cyber Security Centre guidance has been updated to cover the 1803 “April 2018 Update” of Windows 10 Enterprise. It builds on the previous Windows 10 ALPHA Mobile Device Management (MDM) guidance.
AUSC Windows 10 Hardening Guide – Australian Cyber Security Centre guidance. This document provides guidance on hardening workstations using Enterprise and Education editions of Microsoft Windows 10, version 1709. Some Group Policy settings used in this document may not be available or compatible with Professional, Home or S editions of Microsoft Windows 10, version 1709.
Sticking with Well-Known and Proven Solutions – I work with a lot of customers, and there are some problems I see over and over. One problem that I’ve seen and been thinking about a lot lately is the way that a number of customers paint themselves into a corner through excessive customization of their environment. Lately I’ve been making the case that they would be much better off by sticking with defaults or broadly known and well-tested configurations, and with proven enterprise solutions over home-grown tools.
Application whitelisting with “AaronLocker” – AaronLocker is designed to make the creation and maintenance of robust, strict, AppLocker-based whitelisting rules as easy and practical as possible. The entire solution involves a small number of PowerShell scripts. You can easily customize rules for your specific requirements with simple text-file edits. AaronLocker includes scripts that document AppLocker policies and capture event data into Excel workbooks that facilitate analysis and policy maintenance.
Microsoft Safety Scanner – Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.
Malicious Software Removal Tool – Windows Malicious Software Removal Tool (MSRT) helps keep Windows computers free from prevalent malware. MSRT finds and removes threats and reverses the changes made by these threats. MSRT is generally released monthly as part of Windows Update or as a standalone tool available here for download.
Device Guard and Credential Guard hardware readiness tool – use this tool to see if you’re ready for Device Guard and Credential Guard.
Security Compliance Toolkit (SCT) – a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.
Microsoft Exploitability Index – helps customer prioritize their deployment of the monthly security updates.
Getting Started with Security Update Guide
MSRC Security Update Guide – investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.
Protect against Rapid Cyber Attacks (Petya, WannaCrypt, and similar variants) – Webinar – Rapid cyberattacks like Petya and WannaCrypt were able to take down all IT systems at global enterprises in about an hour, creating a new challenge for IT and Security leadership and practitioners to manage. Join us to learn about these attacks and Microsoft’s prescriptive roadmap of recommended mitigations to protect your organization against this type of attack.
Customize the Windows Defender Security Center app for your organization – You can add information about your organization in a contact card to the Windows Defender Security Center app. This can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
Attack inception: Compromised supply chain within a supply chain poses new risks – A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the app’s legitimate installer the unsuspecting carrier of a malicious payload. The attack seemed like just another example of how cybercriminals can sneak in malware using everyday normal processes.