Microsoft slings bulked-up Windows Defender preview at world+dog
Security tool slated for Creators Update promises to rat on misbehaving apps, bad staff
Microsoft says its upcoming Windows 10 Creators Update will include new capabilities in the Windows Defender Advanced Threat Protection security suite.
Redmond says the updated Defender ATP tools are now open for public preview and will hit general availability this fall with the Creators Update.
"This focused security investment combines the best of Windows Defender ATP and the Windows security stack," wrote Windows Defender group program manager Raviv Tamir.
"We integrated Windows 10's new prevention technologies, enhanced our built-in sensors to better detect script-based attacks, added new response capabilities and opened up powerful analytics."
Among the new features will be the ability for Defender to provide alerts and notifications to administrators, after users click on a known malicious URL and are notified by Defender. Additionally, the security suite will be able to log when banned applications attempt to load and view logs of firewall blocks.
The new alert report trees (click image to enlarge)
Microsoft also says Defender ATP will sport a new management screen that is designed to provide admins with a clearer picture of event logs and alerts in Defender Antivirus, Firewall, SmartScreen, Device Guard and Exploit Guard. The new interface will include updated analysis and reporting screens, as well as APIs for importing data into other applications.
"We continue to evolve our detection capabilities to gain more visibility into dynamic script-based attacks, network explorations, and keylogging alerts," said Tamir.
"We enhanced our alert capabilities, showing more data to help security teams better understand the story behind the alert, introducing automatic detection correlation and grouping of related alerts."
The new features deliver on the promise Microsoft made back in June to overhaul Defender ATP with the Creators Update to better support mobile devices and to provide admins with a clearer picture of security events and attacks. ®