Home
Microsoft

Check out the new blog about how Microsoft machine learning technologies address non-PE attacks that rely on social engineering. Go to the full blog

 

fig4-cloud-ml-models.png

 

Here are some excerpts:

 

Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents, typically in combination with social engineering lures. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. These threats commonly arrive as  attachments on phishing email or through drive-by web downloads, removable drives, or browser exploits. The most common non-PE threat file types are JavaScript and VBScript...

 

... Windows Defender AV combines local machine learning models, behavior-based detection algorithms, generics, and heuristics with a detonation system and powerful ML models in the cloud to provide real-time protection against polymorphic malware. Expert input from researchers, advanced technologies like Antimalware Scan Interface (AMSI), and rich intelligence from the Microsoft Intelligent Security Graph continue to enhance next-generation endpoint protection platform (EPP) capabilities in Windows Defender Advanced Threat Protection.