From c16414bd4d1b3e8f4f4b76fdfcb7b5d795f45ee8 Mon Sep 17 00:00:00 2001 From: Scott Brondel Date: Mon, 5 Oct 2020 15:59:34 -0500 Subject: [PATCH 1/2] Update tvm-software-inventory.md I've worked with customers who are expecting a full SCCM-style Software Inventory of all clients because of the sentence "The software inventory in threat and vulnerability management is a list of all the software in your organization". Edit adds on "with known vulnerabilities" to reflect the true scope of this inventory. --- .../microsoft-defender-atp/tvm-software-inventory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 215f2fc19c..2399841129 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -26,7 +26,7 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -The software inventory in threat and vulnerability management is a list of all the software in your organization. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. +The software inventory in threat and vulnerability management is a list of all the software in your organization with known vulnerabilities. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. ## How it works From 9e401054bba93feb1d41bf0d1c18e8efb4d5e39d Mon Sep 17 00:00:00 2001 From: Keith McCammon Date: Sat, 10 Oct 2020 09:51:41 -0600 Subject: [PATCH 2/2] Clarify language re: firmware-based threats --- .../security/threat-protection/intelligence/fileless-threats.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index 6ae2dcfe4c..a5f4583231 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -43,7 +43,7 @@ A fully fileless malware can be considered one that never requires writing a fil A compromised device may also have malicious code hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or in the firmware of a network card. All these examples don't require a file on the disk to run, and can theoretically live only in memory. The malicious code would survive reboots, disk reformats, and OS reinstalls. -Infections of this type can be extra difficult deal with because antivirus products usually don’t have the capability to inspect firmware. Even if they did, it would be extremely challenging to detect and remediate threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks. +Infections of this type can be particularly difficult to detect because most antivirus products don’t have the capability to inspect firmware. In cases where a product does have the ability to inspect and detect malicious firmware, there are still significant challenges associated with remediation of threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks. ## Type II: Indirect file activity