Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Features

  • Expanded support for processes injection analytics, to dramatically increase the accuracy of detecting malicious vs benign intent for applications.

    • This became especially important due to a small number (<0.02%) of machines in Cyber Crucible telemetry alerting on aggressive process injection behaviors of system processes.

  • Increased monitoring capability of unsigned system processes.

    • This was partially in response to attackers focusing heavily on involving those processes during lateral movement operations (on a system, and between systems).

Fixes

  • Changed a file modification behavior to decrease false positives by no longer triggering on certain benign actions, through additional kernel-level context to a process' file-access behaviors.

WHCP/WHQL Validation Status

Validated.

  • No labels