deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

acrolinx updates

Browse Source
This commit is contained in:
Beth Levin 2020-11-02 17:56:17 -08:00
parent e8e0724d80
commit 3d4b6d88fd
6 changed files with 47 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/TOC.md
View File

@ -753,7 +753,7 @@
#### [Virus information alliance](intelligence/virus-information-alliance-criteria.md)
#### [Microsoft virus initiative](intelligence/virus-initiative-criteria.md)
#### [Coordinated malware eradication](intelligence/coordinated-malware-eradication.md)
### [Information for developers](intelligence/developer-info.md)
### [Information for developers]()
#### [Software developer FAQ](intelligence/developer-faq.md)
#### [Software developer resources](intelligence/developer-resources.md)

29
windows/security/threat-protection/intelligence/developer-info.md
View File

@ -1,29 +0,0 @@
---
title: Information for developers
ms.reviewer:
description: This page provides answers to common questions we receive from software developers and other useful resources
keywords: software, developer, faq, dispute, false-positive, classify, installer, software, bundler, blocking
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: ellevin
author: levinec
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Information for developers
Learn about the common questions we receive from software developers and get other developer resources such as detection criteria and file submissions.
## In this section
Topic | Description
:---|:---
[Software developer FAQ](developer-faq.md) | Provides answers to common questions we receive from software developers.
[Developer resources](developer-resources.md) | Provides information about how to submit files and the detection criteria. Learn how to check your software against the latest security intelligence and cloud protection from Microsoft.

28
windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md
View File

@ -18,21 +18,28 @@ ms.topic: article
The Virus Information Alliance (VIA) is a public antimalware collaboration program for security software providers, security service providers, antimalware testing organizations, and other organizations involved in fighting cybercrime.
Members of the VIA program collaborate by exchanging technical information on malicious software with Microsoft, with the goal of improving protection for Microsoft customers.
Members of the VIA program collaborate by exchanging technical information on malicious software with Microsoft. The goal is to improve protection for Microsoft customers.
## Better protection for customers against malware
The VIA program gives members access to information that will help improve protection for Microsoft customers. For example, the program provides malware telemetry and samples to security product teams to identify gaps in their protection and prioritize new threat coverage.
The VIA program gives members access to information that will help them improve protection. For example, the program provides malware telemetry and samples to security teams so they can identify gaps and prioritize new threat coverage.
Malware prevalence data is provided to antimalware testers to assist them in selecting sample sets and setting scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity.
Malware prevalence data is provided to antimalware testers to assist them in selecting sample sets. The data also helps set scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity.
Microsoft is committed to continuous improvement to help reduce the impact of malware on customers. By sharing malware-related information, Microsoft enables members of this community to work towards better protection for customers.
## Becoming a member of VIA
Microsoft has well-defined, objective, measurable, and tailored membership criteria for prospective members of the Virus Information Alliance (VIA). The criteria is designed to ensure that Microsoft is able to work with security software providers, security service providers, antimalware testing organizations, and other organizations involved in the fight against cybercrime to protect a broad range of customers.
Microsoft has well-defined, objective, measurable, and tailored membership criteria for prospective members of the Virus Information Alliance (VIA).
Members will receive information to facilitate effective malware detection, deterrence, and eradication. This includes technical information on malware as well as metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable.
The criteria is designed to ensure that Microsoft can work with the following groups to protect a broad range of customers:
- Security software providers
- Security service providers
- Antimalware testing organizations
- Other organizations involved in the fight against cybercrime
Members will receive information to facilitate effective malware detection, deterrence, and eradication. This information includes technical information on malware as well as metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable.
VIA has an open enrollment for potential members.
@ -43,11 +50,12 @@ To be eligible for VIA your organization must:
1. Be willing to sign a non-disclosure agreement with Microsoft.
2. Fit into one of the following categories:
* Your organization develops antimalware technology that can run on Windows and your organizations product is commercially available.
* Your organization provides security services to Microsoft customers or for Microsoft products.
* Your organization publishes antimalware testing reports on a regular basis.
* Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public.
- Your organization develops antimalware technology that can run on Windows and your organizations product is commercially available.
- Your organization provides security services to Microsoft customers or for Microsoft products.
- Your organization publishes antimalware testing reports on a regular basis.
- Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public.
3. Be willing to sign and adhere to the VIA membership agreement.
If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). For questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).

14
windows/security/threat-protection/intelligence/virus-initiative-criteria.md
View File

@ -19,13 +19,13 @@ ms.topic: article
The Microsoft Virus Initiative (MVI) helps organizations to get their products working and integrated with Windows.
MVI members receive access to Windows APIs and other technologies including IOAV, AMSI and Cloud files. Members also get malware telemetry and samples and invitations to security related events and conferences.
MVI members receive access to Windows APIs and other technologies including IOAV, AMSI, and Cloud files. Members also get malware telemetry and samples and invitations to security-related events and conferences.
## Become a member
A request for membership is made by an individual as a representative of an organization that develops and produces antimalware or antivirus technology. Your organization must meet the following eligibility requirements to qualify for the MVI program:
You can request membership if you're a representative for an organization that develops and produces antimalware or antivirus technology. Your organization must meet the following requirements to qualify for the MVI program:
1. Offer an antimalware or antivirus product that is one of the following:
1. Offer an antimalware or antivirus product that meets one of the following criteria:
* Your organization's own creation.
* Developed by using an SDK (engine and other components) from another MVI Partner company and your organization adds a custom UI and/or other functionality.
@ -34,7 +34,7 @@ A request for membership is made by an individual as a representative of an orga
3. Be active and have a positive reputation in the antimalware industry.
* Activity can include participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT or Gartner.
* Activity can include participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT, or Gartner.
4. Be willing to sign a non-disclosure agreement (NDA) with Microsoft.
@ -49,14 +49,14 @@ A request for membership is made by an individual as a representative of an orga
Test Provider | Lab Test Type | Minimum Level / Score
------------- |---------------|----------------------
AV-Comparatives | Real-World Protection Test </br> https://www.av-comparatives.org/testmethod/real-world-protection-tests/ |“Approved” rating from AV Comparatives
AV-Test | Must pass tests for Windows. Certifications for Mac and Linux are not accepted </br> https://www.av-test.org/en/about-the-institute/certification/ | Achieve "AV-TEST Certified" (for home users) or "AV-TEST Approved” (for corporate users)
AV-Test | Must pass tests for Windows. Certifications for Mac and Linux aren't accepted </br> https://www.av-test.org/en/about-the-institute/certification/ | Achieve "AV-TEST Certified" (for home users) or "AV-TEST Approved” (for corporate users)
ICSA Labs | Endpoint Anti-Malware Detection </br> https://www.icsalabs.com/technology-program/anti-virus/criteria |PASS/Certified
NSS Labs | Advanced Endpoint Protection AEP 3.0, which covers automatic threat prevention and threat event reporting capabilities </br> https://www.nsslabs.com/tested-technologies/advanced-endpoint-protection/ |“Neutral” rating from NSS
SKD Labs | Certification Requirements Product: Anti-virus or Antimalware </br> http://www.skdlabs.com/html/english/ </br> http://www.skdlabs.com/cert/ |SKD Labs Star Check Certification Requirements Pass >= 98.5 % with On Demand, On Access and Total Detection tests
SKD Labs | Certification Requirements Product: Anti-virus or Antimalware </br> http://www.skdlabs.com/html/english/ </br> http://www.skdlabs.com/cert/ |SKD Labs Star Check Certification Requirements Pass >= 98.5% with On Demand, On Access and Total Detection tests
SE Labs | Protection A rating or Small Business EP A rating or Enterprise EP Protection A rating </br> https://selabs.uk/en/reports/consumers |Home or Enterprise “A” rating
VB 100 | VB100 Certification Test V1.1 </br> https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1/ | VB100 Certification
West Coast Labs | Checkmark Certified </br> http://www.checkmarkcertified.com/sme/ | “A” Rating on Product Security Performance
## Apply now
If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). For questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).

10
windows/security/threat-protection/intelligence/worms-malware.md
View File

@ -22,19 +22,19 @@ A worm is a type of malware that can copy itself and often spreads through a net
## How worms work
Worms represent a large category of malware. Different worms use different methods to infect devices. Depending on the variant, they can steal sensitive information, change security settings, send information to malicious hackers, stop users from accessing files, and other malicious activities.
Worms represent a large category of malware. Different worms use different methods to infect devices. Depending on the variant, they can steal sensitive information, change security settings, send information to malicious hackers, stop users from accessing files, and other malicious activities.
Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have consistently remained at the top of the list of malware that infect users running Microsoft security software. Although these worms share some commonalities, it is interesting to note that they also have distinct characteristics.
Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have consistently remained at the top of the list of malware that infects users running Microsoft software. Although these worms share some commonalities, it's interesting to note that they also have distinct characteristics.
* **Jenxcus** has capabilities of not only infecting removable drives but can also act as a backdoor that connects back to its server. This threat typically gets into a device from a drive-by download attack, meaning it's installed when users just visit a compromised web page.
* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a device, it becomes a distribution channel for other malware. Weve seen it distribute other malware such as infostealers, spammers, clickers, downloaders, and rogues.
* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a device, it becomes a distribution channel for other malware. Weve seen it distribute other malware such as info stealers, spammers, clickers, downloaders, and rogues.
* **Bondat** typically arrives through fictitious Nullsoft Scriptable Install System (NSIS), Java installers, and removable drives. When Bondat infects a system, it gathers information about the machine such as device name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they are doing, they try to avoid detection by security software.
Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they're doing, they try to avoid detection by security software.
* [**WannaCrypt**](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/WannaCrypt) also deserves a mention here. Unlike older worms that often spread just because they could, modern worms often spread to drop a payload (e.g. ransomware).
* [**WannaCrypt**](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/WannaCrypt) also deserves a mention here. Unlike older worms that often spread just because they could, modern worms often spread to drop a payload (like ransomware).
This image shows how a worm can quickly spread through a shared USB drive.

29
windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
View File

@ -21,16 +21,15 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
Web protection lets you monitor your organizations web browsing security through reports under **Reports > Web protection** in the Microsoft Defender Security Center. The report contains cards that provide web threat detection statistics.
- **Web threat protection detections over time** this trending card displays the number of web threats detected by type during the selected time period (Last 30 days, Last 3 months, Last 6 months)
- **Web threat protection detections over time** - this trending card displays the number of web threats detected by type during the selected time period (Last 30 days, Last 3 months, Last 6 months)
![Image of the card showing web threats protection detections over time](images/wtp-blocks-over-time.png)
- **Web threat protection summary** this card displays the total web threat detections in the past 30 days, showing distribution across the different types of web threats. Selecting a slice opens the list of the domains that were found with malicious or unwanted websites.
- **Web threat protection summary** - this card displays the total web threat detections in the past 30 days, showing distribution across the different types of web threats. Selecting a slice opens the list of the domains that were found with malicious or unwanted websites.
![Image of the card showing web threats protection summary](images/wtp-summary.png)
@ -38,23 +37,27 @@ Web protection lets you monitor your organizations web browsing security thro
>It can take up to 12 hours before a block is reflected in the cards or the domain list.
## Types of web threats
Web protection categorizes malicious and unwanted websites as:
- **Phishing** — websites that contain spoofed web forms and other phishing mechanisms designed to trick users into divulging credentials and other sensitive information
- **Malicious** — websites that host malware and exploit code
- **Custom indicator** — websites whose URLs or domains you've added to your [custom indicator list](manage-indicators.md) for blocking
- **Phishing** - websites that contain spoofed web forms and other phishing mechanisms designed to trick users into divulging credentials and other sensitive information
- **Malicious** - websites that host malware and exploit code
- **Custom indicator** - websites whose URLs or domains you've added to your [custom indicator list](manage-indicators.md) for blocking
## View the domain list
Select a specific web threat category in the **Web threat protection summary** card to open the **Domains** page and display the list of the domains under that threat category. The page provides the following information for each domain:
- **Access count** — number of requests for URLs in the domain
- **Blocks** — number of times requests were blocked
- **Access trend** — change in number of access attempts
- **Threat category** — type of web threat
- **Devices** — number of devices with access attempts
Select a specific web threat category in the **Web threat protection summary** card to open the **Domains** page. This page displays the list of the domains under that threat category. The page provides the following information for each domain:
Select a domain to view the list of devices that have attempted to access URLs in that domain as well as the list of URLs.
- **Access count** - number of requests for URLs in the domain
- **Blocks** - number of times requests were blocked
- **Access trend** - change in number of access attempts
- **Threat category** - type of web threat
- **Devices** - number of devices with access attempts
Select a domain to view the list of devices that have attempted to access URLs in that domain and the list of URLs.
## Related topics
- [Web protection overview](web-protection-overview.md)
- [Web content filtering](web-content-filtering.md)
- [Web threat protection](web-threat-protection.md)