Microsoft New Feature in Defender ATP to Block Malicious Behavior

Microsoft introduced this week a new feature in Advanced Threat Protection (ATP) for Windows Defender designed to prevent and detect malicious behaviour.

Named “Endpoint Detection and Response (EDR) in block mode,” the capability is intended to provide post-breach blocking of malware and other malicious behaviors, taking advantage of built-in machine learning models from Microsoft Defender ATP, Microsoft says.

EDR in block mode aims at detecting threats through conduct analysis, providing real-time protection for organizations even after a threat has been executed. It aims to help businesses respond faster to threats, thwart cyber-attacks and sustain a posture of defense.

In block mode, EDR interrupts processes connected to malicious behaviors or artefacts to block the attack. Reports of these blocks are displayed in Microsoft Defender Security Center to notify security teams and allow further analysis, as well as the detection and removal of similar threats.

EDR in block mode, now available in public preview, has already proven successful in halting cyber-attacks. The capability blocked a NanoCore RAT attack in April, says the tech giant, which began with a spear-phishing email that had an Excel document bearing a malicious macro as attachment.

Microsoft customers who have already turned on Microsoft Defender Security Center preview features will allow EDR in block mode by heading to Settings > Advanced features.

SEE ALSO:
Microsoft Announced Two New Features to Improve the Security of Priority Accounts in Microsoft 365

The tech giant invites clients who test EDR in block mode to provide feedback on their experience with Microsoft Defender’s behavioral blocking and containment capabilities.

Leave a Reply
Previous Post
Huawei

Beijing Slams US ‘ Abuse ‘ Over New Huawei Sanctions

Next Post
Security

Duties of Security Engineers Who Passed Microsoft AZ-500 Certification Test

Related Posts