Windows 10 – Page 22 – Computer Security Articles

MSRT October 2016 release: Adding more unwanted software detections

January 23, 2017 admin BrowserModifier:Win32/Sasquor, BrowserModifier:Win32/SupTab, Checking Windows Defender exclusions, Ghokswa, Microsoft Edge, Microsoft Malicious Software Removal Tool, MSRT, MSRT release October 2016, Objective Criteria, Sasquor, software bundler, SupTab, Suweezy, Trojan, Trojan:Win32/Ghokswa, Trojan:Win32/Suweezy, Trojan:Win32/Xadupi, Uncategorized, Unwanted software, Windows 10, Windows Defender, Xadupi

Unwanted software often piggy-backs on program downloads, delivered by software bundlers. These bundles, which you might have downloaded, can include software that you do not want, and some that are harmful. The bundled or “extra” software can perform actions on your device that run the gambit from unwanted to annoying to malicious. The threat that…

Microsoft Security

Troldesh ransomware influenced by (the) Da Vinci code

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, MMPC, ransomware, ransomware backup and recovery, ransomware da vinci code, ransomware mitigation, ransomware prevention, ransomware recovery, Trojan:Win32/Mexar.A, Win32/Troldesh, Windows 10, Windows update

We at the MMPC are constantly tracking new and emerging ransomware threats so we can be one step ahead of active campaigns and help protect our users. As part of these efforts, we recently came across a new variant of the Win32/Troldesh ransomware family. Ransomware, like most malware, is constantly trying to change itself in…

Microsoft Security

Malicious macro using a sneaky new trick

January 23, 2017 admin antimalware, Antimalware research for IT pros and enthusiasts, Donoff, guidance, Locky, macro, Macro-based malware, malware, malware research, office, ransomware, Social engineering, VBA, VBAscript, Windows 10, Windows Defender, Word

We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, there wasn’t…

Microsoft Security

Limited Periodic Scanning in Windows 10 to Provide Additional Malware Protection

January 23, 2017 admin antivirus scanning, AV scan, cybersecurity, Limited Periodic Scanning, Microsoft Safety Scanner, Microsoft security, Microsoft software security, MSRT, Windows 10, Windows Defender

Every month, Microsoft’s Malicious Software Removal Tool (MSRT) scans more than 500 million Windows devices for malware and malicious software. This tool aids in the detection and removal of malware from 1 to 2 million machines each time, even on those devices running antivirus software. Meanwhile, many Windows customers continue to use the Microsoft Safety…

Microsoft Security

Digging deep for PLATINUM

January 23, 2017 admin Activity groups, Advanced persistent threats, advanced threat, enterprise software security, guidance, hunters, malware, malware research, Microsoft Security Essentials, MMPC, phishing, research, Uncategorized, Windows 10, Windows Defender, Windows Defender ATP, Windows Defender for Windows 10

This blog introduces our latest report from the Windows Defender Advanced Threat Hunting team. You can read the full report at: PLATINUM: Targeted attacks in South and Southeast Asia There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones…

Microsoft Security

No mas, Samas: What’s in this ransomware’s modus operandi?

January 23, 2017 admin antimalware, Credential Guard for Windows 10 Enterprise, cybersecurity, Device Guard for Windows 10 Enterprise, Disable macro, Disable macro in Office, enterprise software security, Java-based vulnerabilities, JBOSS, Lateral account movement security, Macro-based malware, microsoft, Microsoft Passport, New ransomware, Outdated JBOSS, Ransom:MSIL/Samas, ransomware, Ransomware modus operandi, Redhat, Samas ransomware, Samas ransomware geographical distribution, Samas ransomware geoloc_, Samas ransomware infection chain, Secure your code integrity, Securing Lateral Account Movement, Windows 10, Windows Defender, Windows Defender blogs for home users and small businesses, Windows Defender for Windows 10, Windows Hello

We’ve seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims’ pockets in exchange for recovering files from their encrypted form. …

Microsoft Security

Cleaners ought to be clean (and clear)

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, Consumer, microsoft, Microsoft Security Products, Objective Criteria, Optimize system performance, prefetch files, Unwanted behaviors, Unwanted software, Windows 10, Windows Defender blogs for home users and small businesses, Windows Defender for Windows 10

There are many programs that purport to clean up and optimize system performance. While Microsoft does not endorse the use of these tools with Windows, we do not view them as unwanted or malicious. Many programs in this category have a practice of providing a free version of their software that scans your system, presents the…

Microsoft Security

Does prevalence matter? A different approach to traditional antimalware test scoring

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, antimalware test result, does prevalence matter, microsoft, Microsoft antimalware test scoring, prevalence, Windows 10, Windows Defender

Most well-known antimalware tests today focus on broad-spectrum malware. In other words, tests include malware that is somewhat indiscriminate (isn’t necessarily targeted), at least somewhat prevalent and sometimes very prevalent. Typically, tests are not focused on specialized threats that are highly targeted, and most avoid including programs that walk the line between good and evil,…