From d45535517e96c3b0bd0b23b7a14de97dd808def6 Mon Sep 17 00:00:00 2001
From: basiliskpippin <112036351+basiliskpippin@users.noreply.github.com>
Date: Fri, 24 Jan 2025 13:28:20 +1100
Subject: [PATCH 1/2] Added information about CommandLine Scanning Engine
Added information about CommandLine Scanning Engine to the table in adv-tech-of-mdav.md
---
defender-endpoint/adv-tech-of-mdav.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/defender-endpoint/adv-tech-of-mdav.md b/defender-endpoint/adv-tech-of-mdav.md
index ae3cb99807..f13aed7cdf 100644
--- a/defender-endpoint/adv-tech-of-mdav.md
+++ b/defender-endpoint/adv-tech-of-mdav.md
@@ -53,6 +53,7 @@ When the client encounters unknown threats, it sends metadata or the file itself
|**Heuristics engine**
Heuristic rules identify file characteristics that have similarities with known malicious characteristics to catch new threats or modified versions of known threats.|**Detonation-based ML engine**
Suspicious files are detonated in a sandbox. Deep learning classifiers analyze the observed behaviors to block attacks.|
|**Emulation engine**
The emulation engine dynamically unpacks malware and examines how they would behave at runtime. The dynamic emulation of the content and scanning both the behavior during emulation and the memory content at the end of emulation defeat malware packers and expose the behavior of polymorphic malware.|**Reputation ML engine**
Domain-expert reputation sources and models from across Microsoft are queried to block threats that are linked to malicious or suspicious URLs, domains, emails, and files. Sources include Windows Defender SmartScreen for URL reputation models and Defender for Office 365 for email attachment expert knowledge, among other Microsoft services through the Microsoft Intelligent Security Graph.|
|**Network engine**
Network activities are inspected to identify and stop malicious activities from threats.|**Smart rules engine**
Expert-written smart rules identify threats based on researcher expertise and collective knowledge of threats.|
+|**CommandLine scanning engine**
This engine scans the commandlines of all processes before they execute. If the commandline for a process isĀ found to be malicious it is blocked from execution.|**CommandLine ML engine**
Multiple advanced ML models scan the suspicious commandlines in the cloud. If a commandline is found to be malicious, cloud sends a signal to the client to block the corresponding process from starting.|
For more information, see [Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise](https://www.microsoft.com/security/blog/2023/09/20/microsoft-365-defender-demonstrates-100-percent-protection-coverage-in-the-2023-mitre-engenuity-attck-evaluations-enterprise/).
From dc90b53d88c7d8aea76d35188ef2cf93036f7e9a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Fri, 24 Jan 2025 10:59:20 -0800
Subject: [PATCH 2/2] Update ms.date in adv-tech-of-mdav.md
---
defender-endpoint/adv-tech-of-mdav.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/defender-endpoint/adv-tech-of-mdav.md b/defender-endpoint/adv-tech-of-mdav.md
index f13aed7cdf..67f8ae9859 100644
--- a/defender-endpoint/adv-tech-of-mdav.md
+++ b/defender-endpoint/adv-tech-of-mdav.md
@@ -7,7 +7,7 @@ ms.reviewer: yongrhee
manager: deniseb
ms.service: defender-endpoint
ms.topic: overview
-ms.date: 02/28/2024
+ms.date: 01/24/2025
ms.subservice: ngp
ms.localizationpriority: medium
ms.custom: partner-contribution