Many times it is not necessary to make stratospheric changes to increase the functionality of a product. With Defender, the same thing happened: When we spoke to a mechanic, he knew what the point was to improve his response to malware attacks.
The Microsoft Defender team reported that they have improved endpoint security with a key change to settings. No, it’s not changing a zero for a one, but almost. Defender changed the default from automatic optional malware fixes to fully automatic fixes.
Defender will better protect us against malware attacks
We will explain what the change is and why it has not happened before. This change means that when Microsoft Defender for Endpoint detects malware or malware on computers on a network, the antivirus automatically starts scanning for all threats related to the alert. By scanning files, processes, services, registry keys, and all other areas where a threat might reside.
“The result of an automated investigation initiated by an alert is a list of related entities. These end up on a device and its results (malicious, suspicious or clean), ”Microsoft explains in a blog post.
“For any malicious entity, the investigation will create corrective action. An action that, when approved, will remove or contain a malicious entity that was found in the investigation. Microsoft Defender for Endpoint defines, manages, and performs these actions without the Security Operations team having to remotely log into the device. “
The actions taken depend on the level of device automation that has been configured. Previously, Microsoft Defender for Endpoints customers that opted for public previews were set to “Semi”. This required approval for any correction. Soon they will be moved to the “Full” setting, which allows Windows 10 to automatically fix threats.
As always, we are faced with a situation where if we have more control, we react more slowly. However, if Microsoft Defender has better control, it is possible to have a faster response and the malware will not affect multiple computers.