Microsoft Defender launches powerful security measures to automatically deal with threats

by ·

On the Microsoft Security and Compliance blog, Microsoft announced that Microsoft Defender for Endpoint has begun to roll out powerful security measures.

This powerful security measure can circumvent the problem that malicious software cannot be culled in time due to human factors, thereby quickly culling related malware to avoid further horizontal spread.

We know that a variety of malicious software targeting enterprises will spread laterally, that is, after infecting a certain device, it immediately uses that device as a node to infect other devices on the intranet.

This resulted in enterprises being immediately compromised by malware without response time, and the new features introduced by Microsoft Endpoint Protection are used to defend against this situation.

In the past, if Microsoft scanned malicious software or suspected problematic software, it would alert the corporate security team in advance and then the corporate security team would handle it.

For example, the security team will check and kill or release the problematic software after evaluation, which can avoid manslaughter and reduce the interference to the enterprise but may reduce security.

When set to Full – Remediate threats automatically, that is, after Microsoft Defender scans the problematic software, it will immediately conduct an investigation including a full intranet scan.

After the entire intranet scan, Microsoft will create a judgment list for each entity of each computer. In the judgment list, Microsoft will mark its malicious, suspicious, or clean status.

At the same time, a repair operation is created for each malicious entity, and the file containing the malicious entity is deleted immediately after the creation is completed to ensure that the malicious entity cannot spread horizontally.

When set to Semi – Require approval for any remediation, that is, the action will wait for manual approval, with the security team having to connect to the machine.

Microsoft said in the actual environment that if it is set to fully automatic mode, the efficiency of deleting malicious entities is 40% higher than that of enterprises that set semi-automatic mode.

So this can be fully automated and free up the company’s critical security resources, and the company can focus more on its strategic plans without worrying about malware.

At the same time, if a malicious entity discovered in a semi-automatic mode is waiting for the security team to deal with it, it will cause potential problems such as horizontal transmission and cause serious losses.

Microsoft said that the company is working to improve the accuracy of malware detection, including changes to its automated investigation infrastructure and increased revocation and remedial measures.

This means that if the internal files of the enterprise are removed by mistake, it should be easier to restore. If it can be restored, the fully automatic mode is indeed more efficient.

Tags: