What can you tell me about Microsoft's new Windows Defender Advanced Threat Protection? I know Windows Defender isn't an enterprise-ready antimalware tool, but how is this new release different from the standard Windows Defender tool?
Microsoft's new Windows Defender Advanced Threat Protection started out as Giant antispyware in 2004, which included unique functionality like innovative neighborhood watch. Windows Defender has advanced significantly and is now included by default in Windows, but there have been concerns about how it can be used in enterprises, including questions about the configurability of the Windows Defender tool and specifically how the definition updates aren't configurable. Some enterprises want to test malware definition updates to ensure legitimate files and applications aren't disrupted, as they have caused problems in the past for antimalware tools.
The new version of Windows Defender Advanced Threat Protection has features to appeal to enterprises to build on Microsoft System Center 2012 R2 Endpoint Protection. It now has functionality for controlling when definitions are updated, along with other reporting and alerting functionality for monitoring your environment.
Windows Defender Advanced Threat Protection is powered by Windows behavioral sensors, cloud-based security analytics, threat intelligence and machine learning. It has improved incident response functionality where a network of managed systems can be investigated looking for signs of an attack, so an enterprise could determine how to respond to an attack. Windows Defender Advanced Threat protection also has functionality to examine the state of a system over the previous six months to help provide additional context.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out what Windows Defender's pros and cons are
Learn about the best antimalware alternatives to Windows Defender
Discover how to stop Vonteera adware from disabling antimalware