one more thing Malware What needs to be done is to access more instructions for his command and control (C2) server. By capturing this traffic before any information is exchanged, Microsoft hopes to stop many attacks in their tracks.
The company recently added a new feature to the Microsoft Defender for Endpoint (MDE) security platform that notifies administrators when a malicious connection is created. It is able to kill this connection and log the details for further evaluation.
As I mentioned Computer , The new feature is currently in public preview.
Previous discoveries
With the new feature enabled, Defender for Endpoint’s Network Protection (NP) agent will map all external connection IP addresses, ports, host names and other data, along with data from the Microsoft Cloud. If it detects a connection that the company’s AI-powered registry engines deem to be malicious, the tool will block it and push the malware binaries back to prevent further damage.
It will then add a log that states “Network protection blocked a possible C2 connection”, which SecOps teams can evaluate later.
“SecOps teams need accurate alerts that can accurately identify areas of intrusion and past connections to known malicious IP addresses,” said Oludele Ogunrinde, Senior Director of MDE Program.
“With new capabilities in Microsoft Defender for Endpoint, SecOps teams can detect C2 attacks on the network early in the attack chain, reduce spread by rapidly blocking any spread of an attack, and reduce the time it takes to mitigate by easily removing malicious binaries.”
To take advantage of the new feature, users need to activate Microsoft Defender Antivirus with real-time protection and protection provided via the cloud. Moreover, they need MDE in active mode, network protection in blocking mode, and engine version 1.1.17300.4.
Once the preview rollout is complete, the new feature will be available on Windows 10 1709 and later, Windows Server 1803, and Windows Server 2019.
Across Computer (Opens in a new tab)