Features include greater threat detection, security automation, and intelligence updates via the cloud
Microsoft has released an update to Windows Defender Advanced Threat Protection (ATP), enhancing security capabilities and offering quicker response times in the event of an attack.
In a blog post released last week, the team behind Windows’ in-built antivirus product laid bare the new features, including advanced threat hunting, more powerful post-breach detection and response, and enhanced automation tools.
Microsoft said it was inspired by feedback from customers and partners in the hopes of better equipping security teams to handle the ongoing “onslaught” of threats.
Windows Defender ATP will now block a larger number of Office applications, including Outlook and Adobe Reader, from creating child processes.
This, in turn, will help to eliminate certain attacks including those using macro and vulnerability exploits, Microsoft said.
Users can have more control over customizable exclusions and allow lists, and can access dedicated detection tools for coin miners and tech support scams.
The AV will also offer cloud-delivered protection, reducing the amount of time it can take for security teams to respond to some attacks.
The blog post reads: “In the event of an outbreak, Windows Defender ATP research team can now issue an emergency request to all cloud-connected enterprise devices to immediately pull dedicated intelligence updates directly from the Windows Defender ATP cloud.
“This reduces the need for security admins to take action or wait for internal client update infrastructure to catch up, which often takes hours or even longer, depending on configuration.”
The new features have been rolled out just weeks after Microsoft announced that it has sandboxed the antivirus program in a move to help ensure that, in the event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the user’s system from harm.
The latest update has largely been welcomed by the Twitter security community.
Some have praised, for example, the integration with cloud application security – while others commented that the ability to issue emergency requests to all cloud-connected devices is good, but “long overdue”.
