Blog Post

Microsoft Defender for Endpoint Blog
1 MIN READ

Machine learning vs. social engineering

Louie Mayor's avatar
Louie Mayor
Icon for Microsoft rankMicrosoft
Jun 07, 2018

Check out the new blog about how Microsoft machine learning technologies address non-PE attacks that rely on social engineering. Go to the full blog

 

 

Here are some excerpts:

 

Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents, typically in combination with social engineering lures. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. These threats commonly arrive as  attachments on phishing email or through drive-by web downloads, removable drives, or browser exploits. The most common non-PE threat file types are JavaScript and VBScript...

 

... Windows Defender AV combines local machine learning models, behavior-based detection algorithms, generics, and heuristics with a detonation system and powerful ML models in the cloud to provide real-time protection against polymorphic malware. Expert input from researchers, advanced technologies like Antimalware Scan Interface (AMSI), and rich intelligence from the Microsoft Intelligent Security Graph continue to enhance next-generation endpoint protection platform (EPP) capabilities in Windows Defender Advanced Threat Protection.

Published Jun 07, 2018
Version 1.0
No CommentsBe the first to comment