Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added information about CommandLine Scanning Engine #183

Merged
merged 4 commits into from
Jan 24, 2025
Merged

Added information about CommandLine Scanning Engine #183

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d455355
Added information about CommandLine Scanning Engine
basiliskpippin Jan 24, 2025
dc90b53
Update ms.date in adv-tech-of-mdav.md
denisebmsft Jan 24, 2025
3d0dbcf
Merge branch 'public' into patch-1
denisebmsft Jan 24, 2025
6a0d3f1
Merge branch 'public' into patch-1
denisebmsft Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion defender-endpoint/adv-tech-of-mdav.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ ms.reviewer: yongrhee
manager: deniseb
ms.service: defender-endpoint
ms.topic: overview
ms.date: 02/28/2024
ms.date: 01/24/2025
ms.subservice: ngp
ms.localizationpriority: medium
ms.custom: partner-contribution
Expand Down Expand Up @@ -53,6 +53,7 @@ When the client encounters unknown threats, it sends metadata or the file itself
|**Heuristics engine** <br/> Heuristic rules identify file characteristics that have similarities with known malicious characteristics to catch new threats or modified versions of known threats.|**Detonation-based ML engine** <br/> Suspicious files are detonated in a sandbox. Deep learning classifiers analyze the observed behaviors to block attacks.|
|**Emulation engine** <br/> The emulation engine dynamically unpacks malware and examines how they would behave at runtime. The dynamic emulation of the content and scanning both the behavior during emulation and the memory content at the end of emulation defeat malware packers and expose the behavior of polymorphic malware.|**Reputation ML engine** <br/> Domain-expert reputation sources and models from across Microsoft are queried to block threats that are linked to malicious or suspicious URLs, domains, emails, and files. Sources include Windows Defender SmartScreen for URL reputation models and Defender for Office 365 for email attachment expert knowledge, among other Microsoft services through the Microsoft Intelligent Security Graph.|
|**Network engine** <br/> Network activities are inspected to identify and stop malicious activities from threats.|**Smart rules engine** <br/> Expert-written smart rules identify threats based on researcher expertise and collective knowledge of threats.|
|**CommandLine scanning engine** <br/> This engine scans the commandlines of all processes before they execute. If the commandline for a process is found to be malicious it is blocked from execution.|**CommandLine ML engine** <br/> Multiple advanced ML models scan the suspicious commandlines in the cloud. If a commandline is found to be malicious, cloud sends a signal to the client to block the corresponding process from starting.|

For more information, see [Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK&reg; Evaluations: Enterprise](https://www.microsoft.com/security/blog/2023/09/20/microsoft-365-defender-demonstrates-100-percent-protection-coverage-in-the-2023-mitre-engenuity-attck-evaluations-enterprise/).

Expand Down
Loading