Report evasion techniques

DefenderAdmin · ‎Mar 23 2021

Hi!

I wonder if there is any kind of contact address where we can report e.g. evasion techniques which are working to fly under the defender for endpoint radar.

Our pen tests which are regularly done showed us a few ways to infect a machine including communication to a c&c server without being alarmed.

Of course there are other measures we can take before such things happen, but i wonder if Microsoft itself is interested in such findings to make defenders capabilities even better.

Another (public) example (which i havent tried by myself but the article is pretty current):

https://medium.com/csis-techblog/silencing-microsoft-defender-for-endpoint-using-firewall-rules-3839...

As i said, i havent tried it by myself yet, but if this is still working -> would it make sense to get in touch with the product guys for defender in any way?

BR
"DefenderAdmin"

DefenderAdmin · ‎Mar 25 2021

Update: i just tried the evasion technique for which i gave a link before -> not working any longer (it is prevented and generates alarms; which is a good thing i guess :) )

Balaji_R · ‎Mar 25 2021

Great!!

In such cases, we can also prevent modifications made to Windows Defender firewall (via group policy) etc.,

Marc_M · ‎Apr 02 2021

In the future, you can use our Microsoft Security Intelligence portal to report malicious files, URLs, etc. here: Antimalware and cybersecurity portal - Microsoft Security Intelligence

Report evasion techniques

Report evasion techniques

Re: Report evasion techniques

Re: Report evasion techniques

Re: Report evasion techniques

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Report evasion techniques