Enhanced Antimalware Protection in Microsoft Defender for Endpoint Android

Published Apr 25 2022 10:21 AM 3,165 Views
Microsoft

We are excited to share major updates to the Malware protection capabilities of Microsoft Defender for Endpoint on Android. These new capabilities form a major component of your next-generation protection in Microsoft Defender for Endpoint. This protection brings together machine learning, big-data analysis, in-depth threat research, and the Microsoft cloud infrastructure to protect Android devices (or endpoints) in your organization.

 

Today, we are thrilled to announce the public preview of this new, enhanced anti-malware engine capability!

 

What to expect with this enhancement:

  • Cloud Integration with support for metadata-based ML models, file classifications and reputation-based ML models, etc.
  • Better support for false positive and false negative prevention.
  • Reduced memory and CPU footprints.
  • Integrates seamlessly with Microsoft 365 Defender portal across platforms.
  • Threat nomenclature: The change in threat / malware name will now be in accordance with the standard naming scheme followed across all platforms, including Windows. This is part of the effort for aligning our nomenclature across all platforms and having a single naming mechanism for consistency.

  Changes to Android Threat names as depicted in the security center portal will be as under:

 

<Platform>.<Category>.<Family>.variant     ---->     [Threat Type]:[Platform]/[Malware Family].[Variant]?![Suffixes]?

 

Example:

Old Syntax                                                     New Syntax

Android.Trojan.FakeInst.YB

TrojanSpy:AndroidOS/Nyleaker.B

 

There are no changes to the user experience aside from the threat naming: 

  

  Screenshot showing a threat detection on the deviceScreenshot showing a threat detection on the device 

 

Microsoft 365 Defender portal example: 

Screenshot showing an alert in the portal with the new naming conventionScreenshot showing an alert in the portal with the new naming convention

 

Getting started with the preview: 

 

To get started, an IT Admin needs to use Microsoft Endpoint Manager (MEM) – Intune – to manage deployments from Managed Google Play’s pre-production tracks for Android.

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/android-intune?view=o365-w...

Use the recommended minimum version as 1.0.3825.0301. Sometime after GA, APKs older than version 1.0.3825.0301 would stop getting Antimalware protection, so it's recommended to plan for an upgrade.

 

We welcome your feedback and look forward to hearing from you! You can submit feedback through the Microsoft Defender Security Center or through the Microsoft 365 security center.

%3CLINGO-SUB%20id%3D%22lingo-sub-3290320%22%20slang%3D%22en-US%22%3EEnhanced%20Antimalware%20Protection%20in%20Microsoft%20Defender%20for%20Endpoint%20Android%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3290320%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20excited%20to%20share%20major%20updates%20to%20the%20Malware%20protection%20capabilities%20of%20Microsoft%20Defender%20for%20Endpoint%20on%20Android.%20These%20new%20capabilities%20form%20a%20major%20component%20of%20your%20next-generation%20protection%20in%20Microsoft%20Defender%20for%20Endpoint.%20This%20protection%20brings%20together%20machine%20learning%2C%20big-data%20analysis%2C%20in-depth%20threat%20research%2C%20and%20the%20Microsoft%20cloud%20infrastructure%20to%20protect%20Android%20devices%20(or%20endpoints)%20in%20your%20organization.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EToday%2C%20we%20are%20thrilled%20to%20announce%20the%20public%20preview%20of%20this%20new%2C%20enhanced%20anti-malware%20engine%26nbsp%3B%3C%2FEM%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CEM%3Ecapability%3C%2FEM%3E%3C%2FSTRONG%3E!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-395484763%22%20id%3D%22toc-hId-416013809%22%3E%3CFONT%20size%3D%224%22%3EWhat%20to%20expect%20with%20this%20enhancement%3A%3C%2FFONT%3E%3C%2FH2%3E%0A%3CUL%3E%0A%3CLI%3ECloud%20Integration%20with%20support%20for%20metadata-based%20ML%20models%2C%20file%20classifications%20and%20reputation-based%20ML%20models%2C%20etc.%3C%2FLI%3E%0A%3CLI%3EBetter%20support%20for%20false%20positive%20and%20false%20negative%20prevention.%3C%2FLI%3E%0A%3CLI%3EReduced%20memory%20and%20CPU%20footprints.%3C%2FLI%3E%0A%3CLI%3EIntegrates%20seamlessly%20with%20Microsoft%20365%20Defender%20portal%20across%20platforms.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3E%3CEM%3EThreat%20nomenclature%3C%2FEM%3E%3C%2FSTRONG%3E%3A%20The%20change%20in%20threat%20%2F%20malware%20name%20will%20now%20be%20in%20accordance%20with%20the%20standard%20naming%20scheme%20followed%20across%20all%20platforms%2C%20including%20Windows.%20This%20is%20part%20of%20the%20effort%20for%20aligning%20our%20nomenclature%20across%20all%20platforms%20and%20having%20a%20single%20naming%20mechanism%20for%20consistency.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20style%3D%22%20padding-left%20%3A%2030px%3B%20%22%3E%26nbsp%3B%20Changes%20to%20Android%20Threat%20names%20as%20depicted%20in%20the%20security%20center%20portal%20will%20be%20as%20under%3A%3C%2FP%3E%0A%3CP%20style%3D%22%20padding-left%20%3A%2030px%3B%20%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22%20padding-left%20%3A%2030px%3B%20%22%3E%3CPLATFORM%3E.%3CCATEGORY%3E.%3CFAMILY%3E.variant%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B----%26gt%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%5BThreat%20Type%5D%3A%5BPlatform%5D%2F%5BMalware%20Family%5D.%5BVariant%5D%3F!%5BSuffixes%5D%3F%3C%2FFAMILY%3E%3C%2FCATEGORY%3E%3C%2FPLATFORM%3E%3C%2FP%3E%0A%3CP%20style%3D%22%20padding-left%20%3A%2030px%3B%20%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22%20padding-left%20%3A%2030px%3B%20%22%3E%3CSTRONG%3E%3CEM%3EExample%3A%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20style%3D%22%20padding-left%20%3A%2030px%3B%20%22%3E%3CEM%3EOld%20Syntax%26nbsp%3B%3C%2FEM%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CEM%3ENew%20Syntax%3C%2FEM%3E%3C%2FP%3E%0A%3CTABLE%20class%3D%22%20lia-indent-margin-left-30px%22%20width%3D%22620px%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22308.385px%22%3E%3CP%3EAndroid.Trojan.FakeInst.YB%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22310.615px%22%3E%3CP%3ETrojanSpy%3AAndroidOS%2FNyleaker.B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20no%20changes%20to%20the%20user%20experience%20aside%20from%20the%20threat%20naming%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22%20padding-left%20%3A%2030px%3B%20%22%3E%26nbsp%3B%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Screenshot%20showing%20a%20threat%20detection%20on%20the%20device%22%20style%3D%22width%3A%20185px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F365882i33EE431FA89333A6%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Priyamsingh_2-1650556278822.jpeg%22%20alt%3D%22Screenshot%20showing%20a%20threat%20detection%20on%20the%20device%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EScreenshot%20showing%20a%20threat%20detection%20on%20the%20device%3C%2FSPAN%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH6%20id%3D%22toc-hId--9840544%22%20id%3D%22toc-hId-10688502%22%3E%3CFONT%20size%3D%224%22%3EMicrosoft%20365%20Defender%20portal%20example%3A%26nbsp%3B%3C%2FFONT%3E%3C%2FH6%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%20showing%20an%20alert%20in%20the%20portal%20with%20the%20new%20naming%20convention%22%20style%3D%22width%3A%20975px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F365788iC94E5D9008DF053B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Priyamsingh_0-1650528722765.png%22%20alt%3D%22Screenshot%20showing%20an%20alert%20in%20the%20portal%20with%20the%20new%20naming%20convention%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EScreenshot%20showing%20an%20alert%20in%20the%20portal%20with%20the%20new%20naming%20convention%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1075543133%22%20id%3D%22toc-hId-1096072179%22%3E%3CFONT%20size%3D%224%22%3EGetting%20started%20with%20the%20preview%3A%26nbsp%3B%3C%2FFONT%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20get%20started%2C%20an%20IT%20Admin%20needs%20to%20use%20Microsoft%20Endpoint%20Manager%20(MEM)%20%E2%80%93%20Intune%20%E2%80%93%20to%20manage%20deployments%20from%20Managed%20Google%20Play%E2%80%99s%20pre-production%20tracks%20for%20Android.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fandroid-intune%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fandroid-intune%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EUse%20the%20recommended%20minimum%20version%20as%201.0.3825.0301.%20Sometime%20after%20GA%2C%20APKs%20older%20than%20version%201.0.3825.0301%20would%20stop%20getting%20Antimalware%20protection%2C%20so%20it's%20recommended%20to%20plan%20for%20an%20upgrade.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EWe%20welcome%20your%20feedback%20and%20look%20forward%20to%20hearing%20from%20you!%20You%20can%20submit%20feedback%20through%20the%20Microsoft%20Defender%20Security%20Center%20or%20through%20the%20Microsoft%20365%20security%20center.%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3290320%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Priyamsingh_0-1650902834234.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F366597i86384DB52B118843%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Priyamsingh_0-1650902834234.png%22%20alt%3D%22Priyamsingh_0-1650902834234.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EStrengthening%20endpoint%20protection%20with%20enhanced%20anti-malware%20engine%20capabilities%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Version history
Last update:
‎Apr 25 2022 09:13 AM
Updated by: