From 266de78a4c6aea338d10780b6b1c0ffa753b824e Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 7 Jan 2019 17:00:40 -0800 Subject: [PATCH 1/9] adding content --- .../whats-new-in-windows-defender-atp.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md new file mode 100644 index 0000000000..d1384522d6 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -0,0 +1,45 @@ +--- +title: What's new in Windows Defender ATP +description: Lists the new features and functionality in Windows Defender ATP +keywords: what's new in windows defender atp +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +ms.date: 01/07/2019 +--- + +# What's new in Windows Defender ATP +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Here are the new features in the latest release of Windows Defender ATP. + +## Windows Defender ATP 1809 +- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)
+Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. + +- [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections)
+With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. +- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)
+Windows Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools. +- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)
+Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers. +- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration)
+Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. +- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019)
+Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. +- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
+Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor +## Windows Defender ATP 1803 +- [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
+Query data using Advanced hunting in Windows Defender ATP +- [Automated investigation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)
Use Automated investigations to investigate and remediate threats +- [Conditional access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection)
+Enable conditional access to better protect users, devices, and data + From 592a8e26d9ed6a466b03aa6f9bfa1c1a5f67b2a9 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 8 Jan 2019 01:10:13 +0000 Subject: [PATCH 2/9] adding link to what's new --- windows/security/threat-protection/windows-defender-atp/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 5e93dae32c..6939cb2a2a 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -98,6 +98,7 @@ ## [Get started](get-started.md) +### [What's new in Windows Defender ATP](whats-new-in-windows-defender-atp.md) ### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) ### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) ### [Preview features](preview-windows-defender-advanced-threat-protection.md) From 7570341191aa5be047f472af2f727d58af972a81 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 9 Jan 2019 21:14:32 +0000 Subject: [PATCH 3/9] Updated whats-new-in-windows-defender-atp.md --- .../whats-new-in-windows-defender-atp.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index d1384522d6..362f3dba61 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -35,7 +35,10 @@ Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to - [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019)
Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. - [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
-Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor +Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor. +- [Removeable device control](https://docs.microsoft.com/windows/security/threat-protection/device-control/control-usb-devices-using-intune)
+Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removeable devices. + ## Windows Defender ATP 1803 - [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
Query data using Advanced hunting in Windows Defender ATP From 86c1081c22ef7ea0ac244d01f01412aa52f1d039 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 9 Jan 2019 23:32:46 +0000 Subject: [PATCH 4/9] Updated whats-new-in-windows-defender-atp.md --- .../windows-defender-atp/whats-new-in-windows-defender-atp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index 362f3dba61..a5babe0b40 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -36,8 +36,8 @@ Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. - [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor. -- [Removeable device control](https://docs.microsoft.com/windows/security/threat-protection/device-control/control-usb-devices-using-intune)
-Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removeable devices. +- [Removeable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)
+Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removeable devices, including new settings to allow or block specific hardware IDs. ## Windows Defender ATP 1803 - [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
From e712b8158787ab4b85ae977a30d4e977dd2221c7 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 10 Jan 2019 22:03:57 +0000 Subject: [PATCH 5/9] Updated whats-new-in-windows-defender-atp.md Update --- .../whats-new-in-windows-defender-atp.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index a5babe0b40..d780a41025 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -21,6 +21,18 @@ ms.date: 01/07/2019 Here are the new features in the latest release of Windows Defender ATP. ## Windows Defender ATP 1809 +- [Controlled folder access]() +Controlled folder access is now supported on Windows Server 2019. + +- Attack surface reduction rules +Attack surface reduction rules are now supported on Windows Server 2019. There are two new attack surface reduction rules: + - Block Adobe Reader from creating child processes + - Block Office communication application from creating child processes. + +- Windows Defender Antivirus +Windows Defender Antivirus can now run within a sandbox, increasing its security. You can also configure CPU priority settings for Windows Defender Antivirus scans. Windows Defender Antivirus can now scan macros and other scripts at runtime to check for malicious behavior. For more information, see Office VBA + AMSI: Parting the veil on malicious macros. + + - [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)
Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. From 90e5db4d00c85be606608e9f640fd81b6dd7a3cf Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 10 Jan 2019 22:29:02 +0000 Subject: [PATCH 6/9] Updated whats-new-in-windows-defender-atp.md --- .../whats-new-in-windows-defender-atp.md | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index d780a41025..baea741def 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -21,16 +21,16 @@ ms.date: 01/07/2019 Here are the new features in the latest release of Windows Defender ATP. ## Windows Defender ATP 1809 -- [Controlled folder access]() +- [Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) Controlled folder access is now supported on Windows Server 2019. -- Attack surface reduction rules +- [Attack surface reduction rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) Attack surface reduction rules are now supported on Windows Server 2019. There are two new attack surface reduction rules: - Block Adobe Reader from creating child processes - Block Office communication application from creating child processes. -- Windows Defender Antivirus -Windows Defender Antivirus can now run within a sandbox, increasing its security. You can also configure CPU priority settings for Windows Defender Antivirus scans. Windows Defender Antivirus can now scan macros and other scripts at runtime to check for malicious behavior. For more information, see Office VBA + AMSI: Parting the veil on malicious macros. +- [Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) +Windows Defender Antivirus can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/), increasing its security. You can also [configure CPU priority settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans. Windows Defender Antivirus can now scan macros and other scripts at runtime to check for malicious behavior. For more information, see [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/). - [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)
@@ -52,6 +52,17 @@ Onboard supported versions of Windows machines so that they can send sensor data Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removeable devices, including new settings to allow or block specific hardware IDs. ## Windows Defender ATP 1803 +- [Attack surface reduction rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) +New attack surface reduction rules: + - Use advanced protection against ransomware + - Block credential stealing from the Windows local security authority subsystem (lsass.exe) + - Block process creations originating from PSExec and WMI commands + - Block untrusted and unsigned processes that run from USB + - Block executable content from email client and webmail +- [Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) +You can now block untrusted processes from writing to disk sectors. +- [Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) +Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus). - [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
Query data using Advanced hunting in Windows Defender ATP - [Automated investigation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)
Use Automated investigations to investigate and remediate threats From 64dfe8b9347efe2d8021e6191c49e03bbd3ca595 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 10 Jan 2019 22:46:15 +0000 Subject: [PATCH 7/9] Updated whats-new-in-windows-defender-atp.md --- .../windows-defender-atp/whats-new-in-windows-defender-atp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index baea741def..d17952f806 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -48,8 +48,8 @@ Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. - [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor. -- [Removeable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)
-Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removeable devices, including new settings to allow or block specific hardware IDs. +- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)
+Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs. ## Windows Defender ATP 1803 - [Attack surface reduction rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) From 22378f193521300177699c8bb2e47e3622e65eb2 Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Fri, 11 Jan 2019 20:41:17 +0000 Subject: [PATCH 8/9] Merged PR 13749: added new waas blog post added new waas blog post --- windows/deployment/update/windows-as-a-service.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index de4b23511b..00e3d4fd12 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -6,7 +6,6 @@ ms.topic: landing-page ms.manager: elizapo author: lizap ms.author: elizapo -ms.date: 12/19/2018 ms.localizationpriority: high --- # Windows as a service @@ -24,7 +23,7 @@ Windows 10 is the most secure version of Windows yet. Learn what updates we rele The latest news:
    - +
  • Windows monthly security and quality updates overview - January 10, 2019
  • Driver quality in the Windows ecosystem - December 19, 2018
  • Modern Desktop Podcast - Episode 001 – Windows 10 Monthly Quality Updates - December 18, 2018
  • Measuring Delivery Optimization and its impact to your network - December 13, 2018
    • From 6eca9148e6707c0bcf2370029b0a1ae5b9cccf16 Mon Sep 17 00:00:00 2001 From: Amitai Rottem Date: Fri, 11 Jan 2019 22:38:51 +0000 Subject: [PATCH 9/9] Amitai updates to WD AV and ASR --- .../whats-new-in-windows-defender-atp.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index d17952f806..2368678ecc 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -25,12 +25,16 @@ Here are the new features in the latest release of Windows Defender ATP. Controlled folder access is now supported on Windows Server 2019. - [Attack surface reduction rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) -Attack surface reduction rules are now supported on Windows Server 2019. There are two new attack surface reduction rules: +All Attack surface reduction rules are now supported on Windows Server 2019. +For Windows 10, version 1809 there are two new attack surface reduction rules: - Block Adobe Reader from creating child processes - Block Office communication application from creating child processes. - [Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) -Windows Defender Antivirus can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/), increasing its security. You can also [configure CPU priority settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans. Windows Defender Antivirus can now scan macros and other scripts at runtime to check for malicious behavior. For more information, see [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/). + - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/). + - Windows Defender Antivirus can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security. + - [Configure CPU priority settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans. + - [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)
    @@ -60,7 +64,7 @@ New attack surface reduction rules: - Block untrusted and unsigned processes that run from USB - Block executable content from email client and webmail - [Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) -You can now block untrusted processes from writing to disk sectors. +You can now block untrusted processes from writing to disk sectors using Controlled Folder Access. - [Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus). - [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)