...
Expanded support for processes injection analytics, to dramatically increase the accuracy of detecting malicious vs benign intent for applications.
This became especially important due to a small number (<0.02%) of machines in Cyber Crucible telemetry ) demonstrating alerting on aggressive use of process injection techniquesbehaviors of system processes.
Increased monitoring capability of unsigned system processes.
This was partially in response to attackers focusing heavily on involving those processes during lateral movement operations (on a system, and between systems).
Fixes
Changed a file modification behavior to decrease false positives by no longer triggering on certain benign actions, through additional kernel-level context to a process' file-access behaviors.
...