Upcoming SlideShare
Loading in...5







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Scep2012 Scep2012 Presentation Transcript

  • MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management Software Updates + SCUP Operating System Deployment Settings Management Antimalware Dynamic Translation Behavior Monitoring Software Distribution Vulnerability Shielding Windows Defender Offline Internet Explorer BitLockerAppLocker Address Space Layout Randomization Data Execution Prevention User Access Control Secure Boot through UEFI Windows Resource Protection Measured Boot Early Launch Antimalware (ELAM) MDM Software Updates ELAM & Measured Boot Cloud clean restore
  • Real time Endpoint Protection operations from console Simplified Administration Single administrator experience for simplified endpoint protection and management Simplified, 3X delivery of definitions through software updates Malware-driven operations from the console Client-side merge of antimalware policies Integrated optimizations for Windows Embedded clients New and improved Endpoint Protection client
  • PRIMARY SITE Hierarchy (Forest1) Hierarchy (Forest2) ClientClient Software Update Point 1 Software Update Point 2 Software Update Point 3 Software Update Point 4 Client.Forest1 Client.Forest2
  • Common antimalware platform across Microsoft AM clients Proactive protection against known and unknown threats Reduced complexity while protecting clients Enhanced Protection Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels Integration with UEFI Trusted Boot, early-launch antimalware
  • Diagnostics and Recovery Toolkit Windows Defender Offline
  • Updates Engine and Definitions Policy Status Events ConfigMgr Samples, Telemetry, DSS
  • Windows 7 BIOS OS Loader (Malware) 3rd Party Drivers (Malware) Anti-Malware Software Start Windows Logon Windows 8 Native UEFI Windows 8 OS Loader Anti-Malware Software Start 3rd Party Drivers Windows Logon • Malware is able to boot before Windows and Anti-malware • Malware able to hide and remain undetected • Systems can be compromised before AM starts • Secure Boot loads Anti-Malware early in the boot process • Early Load Anti-Malware (ELAM) driver is specially signed by Microsoft • Windows starts AM software before any 3rd party boot drivers • Malware can no longer bypass AM inspection
  • Windows 8 Windows 7 • Measurements of some boot components evaluated as part of boot • Only enabled when BitLocker has been provisioned • Measures all boot components • Measurements are stored in a Trusted Platform Module (TPM) • Remote attestation, if available, can evaluate client state • Enabled when TPM is present. BitLocker not required
  • Simple interface  Minimal, high-level user interactions Administrative Control  User configurability options  Central policy enforcement  UI Lockdown and disable Maintains high productivity  CPU throttling during scans  Faster scans through advanced caching Minimal network and client impact of definition updates