Revamped Microsoft Windows Defender a Capable Malware Thwarter

Reading Time: 3 minutes

There’s unfortunately no getting around the fact that alongside advances in computing are advances in malware. Engineers do an admirable job of keeping up with the newest and most dangerous of those malwares, but there’s always new wrinkles on existing ones that make it much more of a challenge. All of this may not be very concerning to the average individual who goes online for recreational or avocational purposes, but if you’ve got sensitive information related to your business and no choice but to have it stored and transmitted in digital form then this is a genuine issue.

Now here at 4GoodHosting we’re like any Canadian web hosting provider in that we are definitely in that 2nd category, and we always have to be on our toes when it comes to responding new digital security risks as part of offering the peace of mind we need to offer to our customers. Any host that’s running a legit web hosting business is going to have extensive protocols in place related to this, but there’s a need for introspection and being proactive with identifying potential deficiencies and making upgrades.

Now we know as well that some of you are firmly in the Mac camp, while others are equally as dedicated to PC. We’ll leave Apple out of it for today, as what’s noteworthy this week is that Microsoft’s newest Windows 10 OS is featuring a new and revamped Windows Defender that not only improves on malware defence, but also expands that benefit for anyone who’s been using Microsoft Defender for Endpoint.

From ‘Semi’ to ‘Full’

Windows 10 users are well accustomed to Windows Defender being automated for protecting their PC from malware. However, for enterprise users who rely on Microsoft Defender for Endpoint there’s a lot more coming in the way of what can be done for dealing with malware. And all thanks to a simple setting change.

Microsoft Defender has always shipped with a default automation level that was set to ‘semi.’ With that the software automatically inspects files, processes, services, registry keys, and any area that may contain threat-related evidence and then prompts a response action to contain that malicious threat. However, it will only do so with approval from those identified as in charge of security with these organizations.

If they’re not made aware of the need, too often it can be neglected until someone realizes a malware infection and then the damage is done. The newest version of Defender is designed to have a default public preview setting that will allow many more sets of eyes to be aware of what the Defender finds out there and sees as worthy of monitoring and / or defending against.

To accomplish this Microsoft is switching the default automation level to ‘Full,’ meaning the malicious threat can be dealt with automatically and without the need for approval. This means malware can be stopped before doing additional damage and making it so that security operators don’t need to be reactive in flushing out the problem once it’s already been introduced.


Why the Change

The general industry consensus is that Microsoft is switching to automatic remediation because malware detection has slipped to the reactionary side of the scale more than it was previously, where beforehand it was more possible to have malware protection software catching the problems before they really had a chance to take root.

All of this is good news for Enterprise users, as since the automatic investigation and remediation capabilities were first added to Microsoft Defender for Endpoint there has been tangible improvements with malware detection accuracy. Other nice features included in the new Windows Defender for Enterprise are options to undo remediation actions and overall a much better automated investigation infrastructure. There are already more than a handful of documented cases where organizations with fully automated tenants successfully contained and remediated threats that they likely wouldn’t have if they had remained on the default ‘semi’ setting.

In these instances the primary contributing factor was delays in response times related to these restrictions on who could either view the potential threats and / or take the needed action to counter them. This will likely go a long way into allowing businesses to be much more secure with data and sensitive information and the peace of mind that comes with that is something that can’t be overstated. We can certainly vouch for that part of it, even if we do so in a somewhat indirect way.

‘Full’ becomes the default setting for Windows Defender beginning on February 16 of this year. Of course, masters can change it if a security team wants to retain control of the action and is okay with assuming the added risk.

Post Navigation