Features
Expanded support for processes injection analytics, to dramatically increase the accuracy of detecting malicious vs benign intent for applications.
This became especially important due to a small number (<0.02%) of machines in Cyber Crucible telemetry alerting on aggressive process injection behaviors of system processes.
Increased monitoring capability of unsigned system processes.
This was partially in response to attackers focusing heavily on involving those processes during lateral movement operations (on a system, and between systems).
Fixes
Changed a file modification behavior to decrease false positives by no longer triggering on certain benign actions, through additional kernel-level context to a process' file-access behaviors.
WHCP/WHQL Validation Status
Validated.