From 862df2adc02af959ef30c5ab2d3dc5e825e1b05f Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Thu, 27 Feb 2020 14:26:34 -0800 Subject: [PATCH 1/4] pua updates --- .../intelligence/criteria.md | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 1ec28a4e93..280c0a59fb 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -18,11 +18,22 @@ search.appverid: met150 # How Microsoft identifies malware and potentially unwanted applications -Microsoft aims to provide a delightful and productive Windows experience by working to ensure you are safe and in control of your devices. When you download, install, and run software, you have access to information and tools to do so safely. Microsoft helps protect you from potential threats by identifying and analyzing software and online content. That information is then compared against criteria described in this article. +Microsoft aims to provide a delightful and productive Windows experience by working to ensure you are safe and in control of your devices. Microsoft helps protect you from potential threats by identifying and analyzing software and online content. When you download, install, and run software, we check the reputation of downloaded programs and ensure you are protected against known threats and warned about software that is unknown to us. -You can participate in this process by [submitting software for analysis](submission-guide.md) to ensure undesirable software is covered by our security solutions. +You can assist Microsoft by [submitting unknown or suspicious software for analysis](submission-guide.md). This will help ensure that unknown or suspicious software is scanned by our system to start establishing reputation. -Because new forms of malware and potentially unwanted applications are being developed and distributed rapidly, Microsoft reserves the right to adjust, expand, and update these criteria without prior notice or announcements. +The next sections provide an overview of the classifications we use for applications and the types of behaviors that lead to that classification. + +>[!NOTE] +> New forms of malware and potentially unwanted applications are being developed and distributed rapidly. The following list may not be comprehensive, and Microsoft reserves the right to adjust, expand, and update these without prior notice or announcement. + +## Unknown – Unrecognized software + +No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates.  With almost 2 billion websites on the internet and software continuously being updated and released, it's impossible to have information about every single site and program. There is a delay between the outbreak of an attack and when it is detected and blocked. + +You can think of Unknown /Uncommonly downloaded warnings as an early warning system for potentially undetected malware. Not all uncommon programs are malicious, but the risk in the unknown category is significantly higher for the typical user. Warnings for unknown software are not blocks, and users can choose to download and run the application normally if they wish to. + +Once enough data is gathered, Microsoft's security solutions can make a determination. Either no threats are found, or an application or software is categorized as malware or potentially unwanted software. ## Malware @@ -48,7 +59,7 @@ Microsoft classifies most malicious software into one of the following categorie * **Obfuscator:** A type of malware that hides its code and purpose, making it more difficult for security software to detect or remove. -* **Password stealer:** A type of malware that gathers your personal information, such as user names and passwords. It often works along with a keylogger, which collects and sends information about the keys you press and websites you visit. +* **Password stealer:** A type of malware that gathers your personal information, such as usernames and passwords. It often works along with a keylogger, which collects and sends information about the keys you press and websites you visit. * **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note which states you must pay money, complete surveys, or perform other actions before you can use your device again. [See more information about ransomware](ransomware-malware.md). From 5f994e98ae247723f4ae9810532bdbef26f50118 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 3 Mar 2020 12:53:19 -0800 Subject: [PATCH 2/4] updated sentence --- windows/security/threat-protection/intelligence/criteria.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 280c0a59fb..ab8fdadf52 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -29,7 +29,7 @@ The next sections provide an overview of the classifications we use for applicat ## Unknown – Unrecognized software -No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates.  With almost 2 billion websites on the internet and software continuously being updated and released, it's impossible to have information about every single site and program. There is a delay between the outbreak of an attack and when it is detected and blocked. +No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates.  With almost 2 billion websites on the internet and software continuously being updated and released, it's impossible to have information about every single site and program. This can result in a delay in malware detections when a new outbreak occurs. You can think of Unknown /Uncommonly downloaded warnings as an early warning system for potentially undetected malware. Not all uncommon programs are malicious, but the risk in the unknown category is significantly higher for the typical user. Warnings for unknown software are not blocks, and users can choose to download and run the application normally if they wish to. @@ -49,7 +49,7 @@ Microsoft classifies most malicious software into one of the following categorie * **Downloader:** A type of malware that downloads other malware onto your device. It must connect to the internet to download files. -* **Dropper:** A type of malware that installs other malware files onto your device. Unlike a downloader, a dropper doesn’t have to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself. +* **Dropper:** A type of malware that installs other malware files onto your device. Unlike a downloader, a dropper doesn't have to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself. * **Exploit:** A piece of code that uses software vulnerabilities to gain access to your device and perform other tasks, such as installing malware. [See more information about exploits](exploits-malware.md). @@ -95,7 +95,7 @@ Software that exhibits lack of choice might: Software must not mislead or coerce you into making decisions about your device. This is considered behavior that limits your choices. In addition to the previous list, software that exhibits lack of choice might: -* Display exaggerated claims about your device’s health. +* Display exaggerated claims about your device's health. * Make misleading or inaccurate claims about files, registry entries, or other items on your device. From bb7d9b8635e020ddd239da167a42fa5d4094364e Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 6 Mar 2020 11:59:46 -0800 Subject: [PATCH 3/4] moved sentence --- windows/security/threat-protection/intelligence/criteria.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index ab8fdadf52..782f719971 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -29,9 +29,9 @@ The next sections provide an overview of the classifications we use for applicat ## Unknown – Unrecognized software -No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates.  With almost 2 billion websites on the internet and software continuously being updated and released, it's impossible to have information about every single site and program. This can result in a delay in malware detections when a new outbreak occurs. +No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates.  With almost 2 billion websites on the internet and software continuously being updated and released, it's impossible to have information about every single site and program. -You can think of Unknown /Uncommonly downloaded warnings as an early warning system for potentially undetected malware. Not all uncommon programs are malicious, but the risk in the unknown category is significantly higher for the typical user. Warnings for unknown software are not blocks, and users can choose to download and run the application normally if they wish to. +You can think of Unknown/Uncommonly downloaded warnings as an early warning system for potentially undetected malware, as there is generally a delay from the time new malware is released until it is identified. Not all uncommon programs are malicious, but the risk in the unknown category is significantly higher for the typical user. Warnings for unknown software are not blocks, and users can choose to download and run the application normally if they wish to. Once enough data is gathered, Microsoft's security solutions can make a determination. Either no threats are found, or an application or software is categorized as malware or potentially unwanted software. From 1b4dc3e50e01483f5b7a99e386de0aee1df028c5 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 6 Mar 2020 12:07:03 -0800 Subject: [PATCH 4/4] adding new link --- windows/security/threat-protection/intelligence/criteria.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 782f719971..572d4cf705 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -20,7 +20,7 @@ search.appverid: met150 Microsoft aims to provide a delightful and productive Windows experience by working to ensure you are safe and in control of your devices. Microsoft helps protect you from potential threats by identifying and analyzing software and online content. When you download, install, and run software, we check the reputation of downloaded programs and ensure you are protected against known threats and warned about software that is unknown to us. -You can assist Microsoft by [submitting unknown or suspicious software for analysis](submission-guide.md). This will help ensure that unknown or suspicious software is scanned by our system to start establishing reputation. +You can assist Microsoft by [submitting unknown or suspicious software for analysis](https://www.microsoft.com/wdsi/filesubmission/). This will help ensure that unknown or suspicious software is scanned by our system to start establishing reputation. [Learn more about submitting files for analysis](submission-guide.md) The next sections provide an overview of the classifications we use for applications and the types of behaviors that lead to that classification.