Forum Discussion

DefenderAdmin's avatar
DefenderAdmin
Brass Contributor
Mar 23, 2021

Report evasion techniques

Hi!

 

I wonder if there is any kind of contact address where we can report e.g. evasion techniques which are working to fly under the defender for endpoint radar.

Our pen tests which are regularly done showed us a few ways to infect a machine including communication to a c&c server without being alarmed.

 

Of course there are other measures we can take before such things happen, but i wonder if Microsoft itself is interested in such findings to make defenders capabilities even better.

 

Another (public) example (which i havent tried by myself but the article is pretty current):

https://medium.com/csis-techblog/silencing-microsoft-defender-for-endpoint-using-firewall-rules-3839a8bf8d18

 

As i said, i havent tried it by myself yet, but if this is still working -> would it make sense to get in touch with the product guys for defender in any way?

 

BR
"DefenderAdmin"