Windows Defender Antivirus: Next-gen AV 10/13/2018 6:14 AM Windows Defender Antivirus: Next-gen AV Amitai Rottem @AmitaiTechie Senior Program Manager, Windows Active Defense © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

https://aka.ms/wdav 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What you’ll hear today Bob from Texas and Ransomware The evolving threat landscape and the role of cloud based protection Balancing productivity and security What others say about us Call to action

The story about Bob

10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM 2017-04-19 10:53:00pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM 2017-04-19 10:53:00pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM 2017-04-19 10:53:00pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM 2017-04-19 10:53:00pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Now technical

10/13/2018 6:14 AM 2017-04-20 10:53:21pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM 2017-04-20 10:53:21pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Something is detected 2017-04-20 10:53:21pm 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Service receives query 10/13/2018 6:14 AM 2017-04-20 10:53:21pm Service receives query © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

File is deemed suspicious, sample requested 2017-04-20 10:53:21pm File is deemed suspicious, sample requested © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sample finishes uploading 2017-04-20 10:53:23pm Sample finishes uploading © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Determined as malware, signature sent back 2017-04-20 10:53:28pm 10/13/2018 6:14 AM 2017-04-20 10:53:28pm Determined as malware, signature sent back © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM 2017-04-20 10:53:28pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM Only 8 seconds after clicking, Windows Defender AV blocked a new strain of ransomware variant that wasn’t ever seen before 2017-04-20 10:53:29pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM Only 8 seconds after clicking, Windows Defender AV blocked a new strain of ransomware variant that wasn’t ever seen before 2017-04-20 03:53:29pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

https://aka.ms/wdav 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Defender AV’s unique optics Microsoft 2016 10/13/2018 6:14 AM Windows Defender AV’s unique optics 1.2 billion Devices/monthly 200 billion Emails/monthly 3 billion Cloud queries/daily 2 million New file samples/daily 80 billion Metadata of files 2.5 trillion URLs index © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Instant Threat intelligence sharing with Office 365

96% 0.01% 3% 0.4% malware seen once and never again seen on 1001+ Polymorphism 3% seen 2–10 0.4% seen 11–100

End-to-end latency 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What if I don’t turn on Cloud Protection? 10/13/2018 6:14 AM What if I don’t turn on Cloud Protection? 28 computers are now infected 25% of malware is less than 1 day old © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Defender Exploit Guard Balancing productivity and security 10/13/2018 6:14 AM Windows Defender Exploit Guard Balancing productivity and security 0-day blocked Attack Surface Reduction Set of rules to customize the attack surface Controlled Folder Access Protecting data against access by untrusted processes Exploit Protection Mitigations against memory based attacks (EMET evolved!) Network Protection Blocking outbound calls to low reputation sources © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How to configure

How to configure System Center Configuration Manager (SCCM) Intune 10/13/2018 6:14 AM How to configure System Center Configuration Manager (SCCM) Intune 3rd party MDM PowerShell Group Policy WMI End user UI (IT admin has the ability to disable) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Powerful knobs Extended cloud check Cloud protection level 10/13/2018 6:14 AM Powerful knobs Extended cloud check Cloud protection level PUA protection © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM Monitor © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How to monitor Windows Defender ATP SCCM Dashboard 10/13/2018 6:14 AM How to monitor Windows Defender ATP SCCM Dashboard Windows Analytics: Update Compliance EventLog (Windows Event Log collection to SIEM) Soon: Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

https://aka.ms/wdav 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

AV-Test.org test scores (relative)

AV-Test.org test scores (absolute)

AV-Comparatives.org Test Scores (AVC) 10/13/2018 6:14 AM AV-Comparatives.org Test Scores (AVC) http://chart.av-comparatives.org/chart1.php?chart=chart2&year=2017&month=Feb_Jun&sort=0&zoom=3 © AV-Comparatives 2017 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

AV-Comparatives.org Test Scores (AVC) 10/13/2018 6:14 AM AV-Comparatives.org Test Scores (AVC) http://chart.av-comparatives.org/chart1.php?chart=chart2&year=2017&month=Feb_Jun&sort=0&zoom=3 © AV-Comparatives 2017 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

AV-Comparatives.org Test Scores (AVC) 10/13/2018 6:14 AM AV-Comparatives.org Test Scores (AVC) http://chart.av-comparatives.org/chart1.php?chart=chart6&year=2017&month=3&sort=0 © AV-Comparatives 2017 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What others are saying about us… in the news Ex top Mozilla dev to Windows users: Ditch all antivirus except Microsoft's Defender @SwiftOnSecurity as well as Google engineers on twitter: Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV Gartner: “Microsoft's future vision as “very forward-thinking and technically elegant””

https://aka.ms/wdav 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why do we say it is next-gen AV? 10/13/2018 6:14 AM Why do we say it is next-gen AV? Little reliance on traditional signatures ML powered—on the box and in the cloud Built-in Ransomware protection and recovery Attack surface reduction to protect against file-less attacks At the same time Agentless—easy to configure and manage with your existing IT stack If you own Windows you already own it Years of experience in operating systems and security © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MMPC Portal

Windows Defender Security Intelligence 10/13/2018 6:14 AM Windows Defender Security Intelligence © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Related content Breakout Sessions Theater Sessions Labs Tech Ready 15 10/13/2018 Related content Breakout Sessions Next-Gen AV: Windows Defender Antivirus unleashed—Tuesday 11:30am (BRK3063) Windows Defender Exploit Guard: Reducing the Attack Surface while balancing productivity and security—Wednesday 2:15pm (BRK2084) Ransomware: Don't pay the ransom—Thursday 11:30am (BRK3065) Theater Sessions Windows Defender Exploit Guard: Reducing the Attack Surface while balancing productivity and security—Monday 6:05pm (THR2257) Deploying Windows Defender AV and more with Configuration Manager—Wednesday 10:50am (THR2218) Don’t be the first victim of new malware, turn Windows Defender AV Cloud Protection on!—Thursday 1:40pm (THR1081) Labs WAD-ILL304: Windows Defender Antivirus—configure and deploy policies and check out reports— Thursday 3:30pm © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM Resources Whitepaper: Evolution of malware protection https://aka.ms/xbfqn3 Demo website: https://demo.wd.microsoft.com AV Documentation: https://aka.ms/wdavdocs EG Documentation: https://aka.ms/wdeg Security Intelligence: https://microsoft.com/av Evaluation Guide + Script: https://aka.ms/evaluatewdav © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Your feedback is important to us! 10/13/2018 6:14 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Q & A

https://aka.ms/wdav 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.