cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Enhanced Antimalware Protection in Microsoft Defender for Endpoint Android
By
Priyamsingh
Published Apr 25 2022 10:21 AM 6,495 Views
Priyamsingh
Microsoft
‎Apr 25 2022 10:21 AM

Enhanced Antimalware Protection in Microsoft Defender for Endpoint Android

‎Apr 25 2022 10:21 AM

Update: Enhanced antimalware protection for Android is now generally available. 

 

We are excited to share major updates to the Malware protection capabilities of Microsoft Defender for Endpoint on Android. These new capabilities form a major component of your next-generation protection in Microsoft Defender for Endpoint. This protection brings together machine learning, big-data analysis, in-depth threat research, and the Microsoft cloud infrastructure to protect Android devices (or endpoints) in your organization.

 

Today, we are thrilled to announce the general availability of this new, enhanced anti-malware engine capability!

 

What to expect with this enhancement:

  • Cloud Integration with support for metadata-based ML models, file classifications and reputation-based ML models, etc.
  • Better support for false positive and false negative prevention.
  • Reduced memory and CPU footprints.
  • Integrates seamlessly with Microsoft 365 Defender portal across platforms.
  • Threat nomenclature: The change in threat / malware name will now be in accordance with the standard naming scheme followed across all platforms, including Windows. This is part of the effort for aligning our nomenclature across all platforms and having a single naming mechanism for consistency.

  Changes to Android Threat names as depicted in the security center portal will be as under:

 

<Platform>.<Category>.<Family>.variant     ---->     [Threat Type]:[Platform]/[Malware Family].[Variant]?![Suffixes]?

 

Example:

Old Syntax                                                     New Syntax

Android.Trojan.FakeInst.YB

TrojanSpy:AndroidOS/Nyleaker.B

 

There are no changes to the user experience aside from the threat naming: 

  

  Screenshot showing a threat detection on the deviceScreenshot showing a threat detection on the device 

 

Microsoft 365 Defender portal example: 

Screenshot showing an alert in the portal with the new naming conventionScreenshot showing an alert in the portal with the new naming convention

 

Getting started with the preview: 

 

To get started, an IT Admin needs to use Microsoft Endpoint Manager (MEM) – Intune – to manage deployments from Managed Google Play’s pre-production tracks for Android.

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/android-intune?view=o365-w...

Use the recommended minimum version as 1.0.3825.0301. Sometime after GA announcement, APKs older than version 1.0.3825.0301 would stop getting Antimalware protection, so it's recommended to plan for an upgrade.

 

We welcome your feedback and look forward to hearing from you! You can submit feedback through the Microsoft Defender Security Center or through the Microsoft 365 security center.

Version history
Last update:
‎Jun 06 2022 05:13 AM
Updated by: