Check out the new blog about how Microsoft machine learning technologies address non-PE attacks that rely on social engineering. Go to the full blog
Here are some excerpts:
Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents, typically in combination with social engineering lures. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. These threats commonly arrive as attachments on phishing email or through drive-by web downloads, removable drives, or browser exploits. The most common non-PE threat file types are JavaScript and VBScript...
... Windows Defender AV combines local machine learning models, behavior-based detection algorithms, generics, and heuristics with a detonation system and powerful ML models in the cloud to provide real-time protection against polymorphic malware. Expert input from researchers, advanced technologies like Antimalware Scan Interface (AMSI), and rich intelligence from the Microsoft Intelligent Security Graph continue to enhance next-generation endpoint protection platform (EPP) capabilities in Windows Defender Advanced Threat Protection.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.