[German]Today a brief overview of what happened at Microsoft at the end of July 2019 with regard to Windows Defender and Microsoft Security Essentials as well as Advanced Thread Protection (ATP). Microsoft released, for instance, a "Security Intelligence – Update for Microsoft Security Essentials".
Advertising
Background
I became aware about the topic by this user comment of German blog reader Hans Thölen. He wrote:
Addendum to Microsoft Security Essentials:
Every morning and every evening I use Windows Update to look for updates for the MSE. So far I always got "Definition update for Microsoft Security Essentials". Today I got the following update for the first time : "Security Intelligence – Update for Microsoft Security Essentials".
Also blog reader Father confirmed this information within this comment here in the blog:
I also noticed it.
I get new updates displayed here https://www.microsoft.com/en-us/wdsi/definitions.
This user comment has encouraged me to look into the subject and search the Internet to see what Microsoft has published so new.
Security Intelligence–Update for MS Security Essentials
I checked Windows Update in Windows 7 for new pending updates, I a new update Security Intelligence – Update for Microsoft Security Essentials" have been offered.
Advertising
The link More informations in Windows Update dialog box opens the site Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware in Internet Explorer. There you will learn that Microsoft continuously updates the security information in anti-malware products. The goal is to cover the latest threats and constantly optimize the detection logic. The goal is to improve the ability of Windows Defender Antivirus and other Microsoft antimalware solutions to accurately identify threats.
This security intelligence works directly with cloud-based protection to deliver fast and powerful next-generation AI-based protection. Microsoft Security Intelligence updates include software that includes third-party material. Information can be found under Notices and Third Party Information.
The Update from Juli 31, 2019
The website contains the information that a Security Intelligence Update version 1.299.891.0 was released on 31.7.2019. The update is to be installed automatically and can be downloaded there for the various platforms, from Microsoft Security Essentials (Windows 7) to Windows Defender (Windows 8.1, Windows 10) to System Center 2012 Configuration Manager and Microsoft Forefront Protection & Co. The website also tells you how to trigger updates manually using commands from the command prompt.
Updates des Network Inspection System (NIS)
On the website you can find out that the following products use updates of the Network Inspection System (NIS):
- Microsoft Security Essentials
- Forefront Endpoint Protection
- System Center 2012 Endpoint Protection
These updates are designed to protect systems from network threats. This also applies to exploits that are supposed to take effect on the network during transmission. Microsoft recommends that you check the version of the Antimalware Client component on your security software and download the correct version of the NIS updates for the platform you are using.
What changes with Update Version 1.299.891.0?
Microsoft now maintains the Change logs for security intelligence update page, which currently refers to the changes in Version 1.299.891.0.
On the page you can select the update version via the list box and see what new malware attacks are detected. Two Trojans have been included in the detection. In the 'Severity' column, the severity of the threat is listed. In the last update, no Thread Detections were added.
However, if you select older updates, you will find entries to detect potentially unwanted applications/software (PUA) or Trojans. The Trojans Winnti, the Ransomware Ryuk or the Exploit Exploit:O97M/CVE-2017-11882 for exploiting the vulnerability CVE-2017-11882 in the old Office Formula Editor (see Hacker are misusing CVE-2017-11882 in Office EQNEDT32.EXE) are detected by the update version 1.299.843.0 of July 30, 2019.
Meanwhile, Microsoft also maintains the blog on Microsoft security intelligence, where you can always find the latest articles on security issues. On 29 July 2019, for example, there was this article which deals with the further development of the functions of Microsoft Thread Protection
In addition, there is the Microsoft Security Scanner on this page, a scan tool that was developed to detect and remove malware from Windows computers. The tool can be downloaded and run. Then it is scanned to find malware, so that if it hits you can try to eliminate the infection or reinstall the system to eliminate it. On this page you will find hints on how to use the tool.
Advertising
Gunter,
I am on W 8.1 Pro. IF I HAVE IT, it must have come in with the definitions??? Nothing in WU/MU this morning.
From Defender Module in Powershell:
PS C:\Windows\system32> Get-MpComputerStatus
AMEngineVersion : 1.1.16200.1
AMProductVersion : 4.10.209.0
AMServiceEnabled : True
AMServiceVersion : 4.10.209.0
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 2019-07-31 06:24:01
AntispywareSignatureVersion : 1.299.931.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 2019-07-31 06:24:02
AntivirusSignatureVersion : 1.299.931.0
BehaviorMonitorEnabled : True
Crysta
Microsoft has simply renamed "Definition updates" to "Security Intelligence".
See "https://www.microsoft.com/en-us/wdsi/definitions"
vs.
"https://web.archive.org/web/20190302173023/https://www.microsoft.com/en-us/wdsi/definitions"