#microsoft-defender — Public Fediverse posts

AI-powered defense for an AI-accelerated threat landscape https://www.yayafa.com/2799125/ #AgenticAi #AI #ArtificialGeneralIntelligence #ArtificialIntelligence #Copilot #Microsoft #MicrosoftAI #MicrosoftCopilot #MicrosoftDefender #MicrosoftSecurity #エージェント型AI #人工知能 #汎用人工知能

https://winbuzzer.com/2026/05/06/microsoft-defender-digicert-root-certificates-cerdigent-false-positive-xcxwbn/

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows

DigiCert breached via malicious screensaver file
#DigiCert #MicrosoftDefender #ZhongStealer
https://www.helpnetsecurity.com/2026/05/04/digicert-breach-code-signing-certificates-malware/

#MicrosoftDefender wrongly flags #DigiCert certs as #Trojan:Win32/Cerdigent(dot)A!dha

https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/

#cybersecurity #Microsoft

Der #MicrosoftDefender stuft nach einem Signatur-Update legitime #Zertifikate als #Trojaner ein und löscht sie. Dadurch kam es zu Störungen bei Webseiten und Anwendungen. Ein Fix steht bereit. #Fehlalarm https://winfuture.de/news,158482.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
#MicrosoftDefender #DigiCert #GoldenEyeDog #ZhongStealer
https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/

Komari Red: The Monitoring Tool with a Built-in Reverse Shell

On April 16, 2026, a threat actor leveraged stolen VPN credentials to access a Windows workstation and deployed a SYSTEM-level backdoor using the Komari agent, an open-source monitoring tool with built-in command-and-control capabilities. The attacker authenticated through an SSLVPN session from IP 45.153.34[.]132 and used Impacket smbexec.py to enable RDP on the target system. The Komari agent was installed as a persistent Windows service named 'Windows Update Service' using NSSM, pulling the installer directly from the official GitHub repository. Komari provides bidirectional control through WebSocket connections, offering arbitrary command execution, interactive reverse shell access, and network probing capabilities by default. Microsoft Defender quarantined an earlier registry dump attempt, forcing the adversary to pivot to this GitHub-based approach. This represents the first publicly documented case of Komari being abused in a real-world intrusion.

Pulse ID: 69f29e7612b827a15dfc7787
Pulse Link: https://otx.alienvault.com/pulse/69f29e7612b827a15dfc7787
Pulse Author: AlienVault
Created: 2026-04-30 00:12:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #GitHub #InfoSec #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #RCE #RDP #SMB #SSL #VPN #Windows #bot #AlienVault

We'll install MS Defender on your VMs, they said.
It will make them more secure, they said.

#infosec #Defender #MicrosoftDefender
#RedSun #BlueHammer #UnDefend

🔐 Just shipped a fix for the April 2026 Windows update (KB5083769) that flags unsigned RDP files as "Unknown Publisher".
If you manage RDP shortcuts via Intune and your users are suddenly seeing red security warnings — here's a complete solution:
✅ Self-signed code signing cert (no PKI required)
✅ rdpsign.exe signing workflow
✅ Intune Win32 package (install + uninstall scripts)
✅ Trusted Certificate profile + Settings Catalog policies
✅ Versioned detection rule for clean updates
✅ Supersedence pattern for migrating from unsigned deployments
Tested in production on a real M365 Business Premium environment.
🔗 github.com/Bluewal/m365-intune-scripts/tree/main/intune/rdp-signing
#Intune #Microsoft365 #RDP #BlueTeam #WindowsSecurity #MicrosoftDefender

Zero-Day Local Privilege Escalation Exploit

RedSun.exe is a publicly available proof-of-concept exploit targeting a zero-day vulnerability in Microsoft Defender that enables local privilege escalation from standard user to SYSTEM-level access on Windows systems. The exploit leverages flawed Defender remediation logic for cloud-tagged malicious files, combined with filesystem primitives to redirect high-privilege file operations. This allows attackers to overwrite protected system locations such as C:\Windows\System32 with malicious binaries, achieving arbitrary code execution as SYSTEM without requiring administrator privileges or kernel exploits. The technique is reliable, actively weaponized, and potentially unpatched in some environments, making it a critical post-exploitation tool for persistence, lateral movement, and defense evasion. Organizations should implement rapid patching, enforce least privilege principles, and deploy behavior-based detection for suspicious Defender-related file operations and privilege escalation attempts.

Pulse ID: 69e739ee02f0f88b6f9e017a
Pulse Link: https://otx.alienvault.com/pulse/69e739ee02f0f88b6f9e017a
Pulse Author: AlienVault
Created: 2026-04-21 08:48:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #InfoSec #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #RAT #RCE #Vulnerability #Windows #ZeroDay #bot #AlienVault

New #MicrosoftDefender “#RedSun” zero-day PoC grants SYSTEM privileges

https://www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/

#Microsoft #Windows #cybersecurity

https://winbuzzer.com/2026/04/15/microsoft-april-2026-patch-tuesday-fixes-167-flaws-xcxwbn/

Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days

#PatchTuesday #Microsoft #Security #Cybersecurity #ZeroDayVulnerabilities #MicrosoftSharePoint #MicrosoftDefender #Windows #Windows11 #MicrosoftWindows #WindowsUpdate #RemoteCodeExecution

Weird Intune/MDE issue 🧵
ASR policy (Block PSExec/WMI) shows 38 Succeeded in Intune, but Get-MpPreference returns empty on endpoints and registry key doesn't exist.
AttackSurfaceReductionRules_ProviderSet = 1 in PolicyManager but no actual rule values written anywhere.
Cloud-only, no SCCM. Anyone seen this? #MicrosoftDefender #Intune #MDE

Canonical and Microsoft team up to push Ubuntu Pro security deeper into enterprise Linux environments

https://fed.brid.gy/r/https://nerds.xyz/2026/03/canonical-microsoft-ubuntu-pro-defender/

Tired of digging through menus just to configure Windows 11 Defender?

DefenderUI gives you a clean, powerful GUI that puts full control of Microsoft Defender at your fingertips, no guesswork, no clutter.

#Windows11 #MicrosoftDefender #DefenderUI #CyberSecurity #Infosec #WindowsSecurity

Ranking antywirusów na koniec 2025 roku. Kto daje 100% ochrony, a kto zawodzi?

Laboratorium AV-Comparatives opublikowało wyniki swoich najnowszych, kompleksowych testów oprogramowania zabezpieczającego.

Raporty zamykające rok 2025 przynoszą dobre wieści dla użytkowników darmowych rozwiązań (świetny wynik Microsoft Defender), ale też ostrzeżenie przed produktami, które generują rekordowe liczby fałszywych alarmów.

Najważniejszym sprawdzianem dla każdego pakietu ochronnego jest tzw. Real-World Protection Test. W edycji obejmującej okres od lipca do października 2025 roku badacze sprawdzili 19 popularnych programów na próbce 428 realnych zagrożeń (złośliwe strony, ataki drive-by download).

Elita ze skutecznością 100%

Bezbłędną skutecznością wykazały się trzy pakiety, które zablokowały absolutnie wszystkie próbki złośliwego oprogramowania (100% Protection Rate). Są to:

• Avast (Free Antivirus)
• AVG (AntiVirus Free)
• Norton (Antivirus Plus)

Tuż za nimi, z wynikiem 99,5%, uplasowała się silna grupa pościgowa, w której znalazły się m.in.: Kaspersky, ESET oraz Bitdefender (99,1%). Co istotne dla użytkowników systemu Windows – domyślny Microsoft Defender (standardowe oprogramowanie ochronne w systemie Microsoftu) również trafił do najwyższej kategorii „Advanced+”, osiągając solidne 99,1% skuteczności przy bardzo niskiej liczbie fałszywych alarmów.

Trend Micro i Malwarebytes z problemami

Wysoka wykrywalność to nie wszystko – liczy się też brak pomyłek. W tej kategorii najgorzej wypadł Trend Micro, który aż 75 razy błędnie oznaczył bezpieczne pliki lub strony jako zagrożenie. Słabo pod tym względem zaprezentowały się również Malwarebytes (42 fałszywe alarmy) oraz K7 (34 pomyłki). Z powodu tak dużej liczby błędów, produkty te zostały zdegradowane w rankingu końcowym do niższych kategorii certyfikacji, mimo przyzwoitej skuteczności wykrywania wirusów.

Ochrona zakupów: wykrywanie fałszywych sklepów

W kontekście zbliżających się Świąt, kluczowy jest test Fake Shops Detection 2025. Eksperci sprawdzali, czy antywirusy potrafią uchronić użytkownika przed wejściem na stronę udającą sklep internetowy, której celem jest kradzież danych karty kredytowej. Certyfikat potwierdzający skuteczność w tym obszarze otrzymała wąska grupa produktów:

• Avast Premium Security
• F-Secure Internet Security
• Kaspersky Premium
• Norton 360 Deluxe

Zaawansowane zagrożenia i Stalkerware

Dla najbardziej wymagających użytkowników przeprowadzono test Advanced Threat Protection (ATP), sprawdzający odporność na ataki celowane i bezplikowe. Tutaj rynek konsumencki prezentuje bardzo wysoki poziom – aż 7 z 8 testowanych produktów (w tym wersje darmowe Avast, AVG i Avira) otrzymało najwyższą ocenę „Advanced+”.

Równolegle, we współpracy z Electronic Frontier Foundation (EFF), przetestowano 13 aplikacji mobilnych na Androida pod kątem wykrywania oprogramowania szpiegującego (stalkerware). Raport zwraca uwagę na niepokojący trend rynkowy: sprawcy przemocy domowej coraz częściej porzucają aplikacje szpiegowskie na rzecz tanich lokalizatorów Bluetooth (jak AirTag i podobne), co stanowi nowe wyzwanie dla branży bezpieczeństwa.

Tylko 2% polskich małych firm jest gotowych na atak hakerów. Alarmujący raport Cisco

#avComparatives #avast #falszyweSklepyInternetowe #microsoftDefender #news #norton #rankingAntywirusow2025 #stalkerware #testyBezpieczenstwa

Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks https://hackread.com/microsoft-teams-guest-chat-flaw-malware/ #MicrosoftDefender #MicrosoftTeams #Cybersecurity #Vulnerability #Microsoft365 #Microsoft #Security #Malware #Ontinue #Privacy

Microsoft Unveils Security Enhancements for Identity, Defense, Compliance https://www.securityweek.com/microsoft-unveils-security-enhancements-for-identity-defense-compliance/ #Management&Strategy #MicrosoftDefender #securityproducts #Microsoft #Copilot #Purview #Intune #Entra

Microsoft Defender for Endpoint delivers industry-leading anti-virus protection, but navigating its licensing tiers, pricing models, and feature sets can be incredibly confusing.

Join us today on Defender Fridays with Ken Westin, Senior Solutions Engineer at LimaCharlie, as we break down:

> The differences between the various tiers

> Ways to solve Defender visibility issues and increase operational transparency.

> How its capabilities can be customized and expanded for better flexibility and scalability for service providers

This is an interactive session - bring your questions and let's explore the benefits and drawbacks together.

#defenders #cybersecurity #microsoftdefender #infosec

Tomorrow, October 15th at 10am PT - hands-on workshop on Microsoft Defender automation.

We'll demonstrate how to augment Windows Defender Antivirus with centralized management capabilities that eliminate manual processes and accelerate threat detection.

What we'll cover:

> Verify Defender deployment status across your entire Windows infrastructure in seconds
> Capture endpoint security events at wire speed without relying on Microsoft's collection timelines
> Execute AV scans remotely across endpoints or schedule them to run automatically
> Configure detection and response rules tailored to your environment's specific needs

Final reminder: This is a live session and will not be recorded.

Register: https://limacharlie.wistia.com/live/events/su08f1kjsa?utm_campaign=virtual+workshop+microsoft+defender+10+15+25&utm_source=mastodon&utm_medium=social

#cybersecurity #secops #microsoftdefender

Want better visibility and control over Microsoft Defender?

We're running a hands-on virtual workshop on augmenting Windows Defender Antivirus with centralized management and automation capabilities using the SecOps Cloud Platform.

Session agenda:

> Gathering telemetry quicker than Microsoft's native collection methods
> Controlling instances across endpoints from a single interface
> Automating log collection at scale
> Enriching detection capabilities with custom rules
> Leveraging data retention to improve investigation speed

This session will not be recorded. Register now: https://limacharlie.wistia.com/live/events/su08f1kjsa?utm_campaign=virtual+workshop+microsoft+defender+10+15+25&utm_source=mastodon&utm_medium=social

#cybersecurity #secops #microsoftdefender

#Patchday #Microsoft: #Azure, #Office, #Windows :windows: & Co. sind angreifbar | heise online https://www.heise.de/news/Patchday-Microsoft-Schadcode-Schlupfloecher-in-Office-und-Windows-geschlossen-10639037.html #MicrosoftAzure #Azure #MicrosoftDefender #Defender #MicrosoftHyperV #HyperV #MicrosoftOffice #MicrosoftWindows #MicrosoftXbox #Xbox

Microsoft’s new AI reverse-engineers malware autonomously, marking a shift in cybersecurity - Microsoft says its new system could eventually detect new types of malware direct... - https://www.geekwire.com/2025/microsofts-new-ai-reverse-engineers-malware-autonomously-marking-a-shift-in-cybersecurity/ #securefutureinitiative #largelanguagemodels #reverseengineering #aimalwareanalysis #microsoftdefender #malwaredetection #threatdetection #cybersecurity #autonomousai #zerodayquest #microsoft

Project Ire: Microsoft’s autonomous malware detection AI agent https://www.helpnetsecurity.com/2025/08/05/project-ire-microsoft-autonomous-malware-detection-ai-agent/ #reverseengineering #MicrosoftDefender #malwaredetection #automation #Don'tmiss #Microsoft #Hotstuff #News #LLM #AI

Microsoft Defender has this thing called Timeline, it actually works quite well, listing every single thing every process does, what it interacts with, networks it connects to etc. Its not quite as detailed as ProcMon but its pretty detailed, good for security investigation but honestly it's troubleshooting assistance cannot be ignored very helpful.

Anyway, obviously it's quite intense, there's a lot of info here.
There's a search bar, I can see multiple events called "winword.exe failed to establish a connection with <IP>".
I want to know all the events of failed connections so I click the search bar and type on "failed to establish connection with".

No results.

In addition, what I frequently want to do is find an event and then investigate the events surrounding it. This isn't possible, you can't like "jump to event" you have to find it first, then apply a custom time-range to the filter, then scroll ( also its a web-app and a dynamically loaded list so scrolling lots of events is very painful and slow) to the event, then investigate around it.
To add insult to my experience, I know this jump behaviour is possible because elsewhere in the defender console there are frequently alerts that say "view in timeline" which then loads the timeline URL of a specific device with additional parameters of the alert ID that makes the interface jump to the right location, which is great, you can then explore the surrounding events. So, this functionality exists, and it's even used, there's just no button for it here...

And finally, results are presented in a table that's nice to view, interactive and easy to look at. The table has headings. You cannot sort these headings... It looks like you can, they look clickable and dynamic but they're not, it's a static table. You can export the table to a CSV but then you lose all the additional features of this GUI and m365 exports typically include lots if unserialised JSON stuffed into a CSV column, so it's not useful unless you spend precious time writing a PowerShell script to iterate through each row unwrapping the data and putting it into columns, which I frequently do because it's more fun than interacting with M365.

#microsoft #MicrosoftDefender #defender #security

MS Defender's "Collect File" is actually trash.
As I've previously established, once quarantined, MS Defender offers no ability to investigate a file, offers no information on why it was flagged, doesn't provide you with a file hash and doesn't even re-scan after definition updates.

So you're blind and stunned.

Releasing the file is dangerous because defender will restore it to its previous state, if this file happens to be a Service, this means re-instating and executing a potentially malicious file, because it will re-start the service immediately.

Your only hope of safely investigating the file is to have already onboarded Defender to M365 where you can "collect" the file. Defender then says that this can "take up to 3 days" and might not be successful.

To this day I've never seen it be successful. At least you get the file hash with M365, though sometimes that also just isn't populated for some reason.

I hate Microsoft.

#security #microsoft #microsoftdefender

Microsoft introduces protection against email bombing https://www.helpnetsecurity.com/2025/07/01/microsoft-introduces-protection-against-email-bombing/ #MicrosoftDefender #socialengineering #Don'tmiss #Microsoft #Hotstuff #email #News #spam

Microsoft Defender alerts can take minutes to hours to appear in their console. By then, ransomware has already done its damage.

In our latest webinar, we demonstrated how our new Microsoft Defender integration delivers alerts in under 1 second - giving security teams the speed they need to stop modern threats.

What we covered:

> Wire-Speed Detection: Get Defender alerts faster than Microsoft's own console - seconds vs. hours

> Centralized Management: Control all Defender endpoints from a single interface, no premium licensing required

> Advanced Response: Automatically isolate hosts, scan files, and trigger incident response the moment threats are detected

> Cost-Effective Storage: One year of alert data retention included

Watch the full webinar to see how we're putting Microsoft Defender into overdrive: https://limacharlie.io/webinars?wchannelid=fy1wct3rkg&wmediaid=4yzsljwwop

#cybersecurity #infosec #microsoftdefender #edr

Stop settling for basic MS Defender capabilities.

Today at 10:00am PT / 1:00pm ET we will demonstrate how LimaCharlie gives you enterprise-grade control over Defender.

Final hours to register and see:

> Wire-speed Defender alerts that outperform native subscriptions
> Remote endpoint scanning and management from one dashboard
> Instant Defender status verification across your environment
> Smart exclusion controls for optimized performance

Don't miss this demo of what enhanced MS Defender management looks like.

Register here: https://limacharlie.wistia.com/live/events/nh0b9ofocf?utm_campaign=outreach&utm_source=mastodon&utm_medium=social

#cybersecurity #infosec #microsoftdefender