Mar 23 2021 11:24 AM
Hi!
I wonder if there is any kind of contact address where we can report e.g. evasion techniques which are working to fly under the defender for endpoint radar.
Our pen tests which are regularly done showed us a few ways to infect a machine including communication to a c&c server without being alarmed.
Of course there are other measures we can take before such things happen, but i wonder if Microsoft itself is interested in such findings to make defenders capabilities even better.
Another (public) example (which i havent tried by myself but the article is pretty current):
As i said, i havent tried it by myself yet, but if this is still working -> would it make sense to get in touch with the product guys for defender in any way?
BR
"DefenderAdmin"
Mar 25 2021 07:27 AM
Update: i just tried the evasion technique for which i gave a link before -> not working any longer (it is prevented and generates alarms; which is a good thing i guess 🙂 )
Mar 25 2021 08:49 AM
Apr 02 2021 12:59 PM
In the future, you can use our Microsoft Security Intelligence portal to report malicious files, URLs, etc. here: Antimalware and cybersecurity portal - Microsoft Security Intelligence