MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

Slides:

Advertisements

Similar presentations

3/29/2017 1:10 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

Advertisements

Agenda Human Process + System Automation Better together Demos Identify self service opportunities Enable cloud through automation Key Takeaways.

Experiences with Service Manager and Orchestrator.

Contains: Monitoring configuration: MPs, rules, monitors, discoveries, etc. Configuration & inventory data Performance data State data Alerts.

Agenda Orchestrator - Components Orchestrator – For the ConfigMgr Admin.

DV-B306 One with Windows More Apps in More Places Modern Managemen t.

Microsoft System Center 2012 Endpoint Protection Overview Adwait Joshi (AJ) Product Marketing Manager Microsoft Corporation Mark Florida Principal Program.

The system requirements for System Center components are all not consistent I don’t know in what order I should upgrade System Center components.

-ConfigMgr Scripting history -Introduction to the ConfigMgr SP1 & PowerShell -Scenarios & Demos.

4/15/ :16 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

DV-B307 Personal & flexible  App and OS personalization roam across Windows  Syncs are smart and logins are fast  Application or OS reconfiguration.

Windows Defender Next Generation Anti-malware

Maintaining and Updating Windows Server 2008

Agenda Overcome flat budgets Coping with relentless growth Meeting increasing business demands Managing escalating complexity Maintaining service levels.

Service Manager Operations Manager Configuration Manager Data Protection Manager Virtual Machine Manager App Controller Orchestrator Active Directory.

AI-B301 Topics A quick note: There is a lot of information in this session, too much in fact! Slides are heavy and designed for you to review. We’ll.

Something special about Benjamin Session Objectives and Takeaways.

Patch Deployment Patch Creation Vulnerability Scanning Vulnerability Intelligence.

Agenda Advanced Query Techniques Agenda Taming SQL Performance issues.

Not what you are looking for? Head to another session now!

Devices & Experiences Users Want Applications and data across devices, anywhere Controlled access to data with seamless authentication.

Windows Store apps Provisioning Installation.

Leader in Cloud Services Enablement and Desktop Virtualization 900+ employees worldwide 100+ patents granted or pending 200+ partnerships include Microsoft,

Session Objectives and Takeaways Scenario End UserAdministrator Art needs to quickly install an application to edit a diagram that he needs to update.

IM-B201 Traditional Virtualized Private Cloud Public Cloud  Windows  Linux  UNIX  Windows  Linux  UNIX  Windows  Linux  Windows  Linux.

Boot processCapable of USB boot Firmware USB boot enabled. (PCs certified for use with Windows 7 or Windows 8 can be configured to boot directly.

Customizing the Browser Browser Management Deployment MethodsApp Compat.

UD-B325 Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices,

Increase the level of Service Pack to the supported level IMPACT.

Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.

LinuxUNIX Red HatSUSECentOSUbuntuDebianOracleAIXHP-UXSolaris Configuration Manager * * * * * * Endpoint Protection No Plans.

Not what you are looking for? Head to another session now!

Global Foundation Services (GFS) Malware Protection Center Microsoft Security Response Center (MSRC)

IM-B401 Dashboard Samples shown today can be found at

Your Application:.NET Application Performance Monitoring First mile: internal synthetic transactions Mid-mile: Global Service Monitor Last mile: client-side.

IM-B391 Agenda Getting Metrics Out From Database Servers.

Pre-Talk Q&A piecing it together fabric design and configuration.

REQUIREMENTS WORKING SOFTWARE Misunderstood requirements Conflicting priorities Unmet user expectations Can’t get actionable feedback Disparate management.

Co-facilitator Denver user group Blog at  Code examples from this presentation.

Microsoft Virtual Academy SP1. Real time Endpoint Protection operations from console Simplified Administration Single administrator experience for simplified.

Online Snapshots Disk-Based Backup Active Directory Tape-Based Backup SC DPM Up to Every 15 minutes Disaster Recovery with offsite replication and.

SD-B309 Session Objectives And Takeaways Check us out on Visit our blog: Watch us:

DC-B312 BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features Deploying MBAM 2.0MBAM 2.0 End User Experience.

Five issues, commonly addressed on the forums and mailing lists Boundaries Client identity Business hours and maintenance windows Deployment type.

Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.

Integrated Platform Virtual applications work like installed applications Virtual applications use Windows standards No dedicated drive letter.

Not what you are looking for? Head to another session now!

Software Update Groups Update Deployments Assign updates to clients Define when, where, how, who Update Packages.

ADK ComponentConfiguration Manager Site System Windows Deployment ToolsCentral Administration Site Server Primary Site Server All SMS Provider.

Agenda Data center challenges Main central themes facing every IT decision maker today Overcome flat budgets Cope with relentless growth Meet increased.

Lost Data and Files Recovery Planning Distributed Workforce System Failures Traditional approaches to machine recovery don’t meet the needs of a.

Session Objectives And Takeaways Our Service Why Use the Portal?

WS-B327 Dynamic, policy-driven network (re)configuration Consistent, profile- based deployment of SDN traffic policies through distributed.

Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at.

On Premises Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service) Storage Servers.

A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.

DC-B301 Agenda Can you afford not to Migrate? What is USMT 5.0?

ConfigMgr Environment 2007 Hierarchy 2007 Hierarchy (Simplified View)

Stop following incidents Register and analyze Describe your tasks step by step Make it part of your DNA If you know what you did the last month you.

High Density Virtualization Low Density or No Virtualization All features Unlimited virtual instances Processor-based license All features Two virtual.

Session Objectives And Takeaways Agenda Monitor and manage servers 30+ Azure Hosted Services 10 global data center facilities & 6 domains 110+

Data Application Operation Infrastructure Create Secure & Protect Replicate & Distribute Archive Files Databases Compliance Data Rich Content.

Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

System Center 2012 Configuration Manager Service Pack 1 Overview.

Agenda Is your company using Windows Azure? Dev vs Ops and the Modern Application.

Microsoft System Center 2012 Endpoint Protection Overview

7/28/ :33 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

Presentation transcript:

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management Software Updates + SCUP Operating System Deployment Settings Management Antimalware Dynamic Translation Behavior Monitoring Software Distribution Vulnerability Shielding Windows Defender Offline Internet Explorer BitLockerAppLocker Address Space Layout Randomization Data Execution Prevention User Access Control Secure Boot through UEFI Windows Resource Protection Measured Boot Early Launch Antimalware (ELAM) MDM Software Updates ELAM & Measured Boot Cloud clean restore

Real time Endpoint Protection operations from console Simplified Administration Single administrator experience for simplified endpoint protection and management Simplified, 3X delivery of definitions through software updates Malware-driven operations from the console Client-side merge of antimalware policies Integrated optimizations for Windows Embedded clients New and improved Endpoint Protection client

PRIMARY SITE Hierarchy (Forest1)Hierarchy (Forest2) Client Software Update Point 1 Software Update Point 2 Software Update Point 3 Software Update Point 4 Client.Forest1 Client.Forest2

Common antimalware platform across Microsoft AM clients Proactive protection against known and unknown threats Reduced complexity while protecting clients Enhanced Protection Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels Integration with UEFI Trusted Boot, early-launch antimalware

Diagnostics and Recovery Toolkit Windows Defender Offline

Updates Engine and Definitions Policy Status Events ConfigMgr Samples, Telemetry, DSS

Live system monitoring identifies new threats  Tracks behavior of unknown processes and known bad processes  Multiple sensors to detect OS anomaly Updates for new threats delivered through the cloud in real time  Real time signature delivery with Microsoft Active Protection Service  Immediate protection against new threats without waiting for scheduled updates RESEARCHERSREPUTATION REAL-TIME SIGNATURE DELIVERY BEHAVIOR CLASSIFIERS Microsoft Active Protection Service Properties/ Behavior Real-time signature Sample request Sample submit 1234

Real Time Protection Driver Intercepts Industry-leading proactive detection  Emulation based detection helps provide better protection  Safe translation in a virtual environment for analysis Enables faster scanning and response to threats  Heuristics enable one signature to detect thousands of variants Potential Malware Execution attempt on the system VIRTUALIZED RESOURCES Safe Translation Using DT Malware Detected Malicious File Blocked

Advanced system file cleaning through replacement  Replaces infected system files with clean versions from a cloud source.  Uses a trusted Microsoft cloud source for the replacement file  Restart requirements orchestrated on system and wired to client UI (for in use file replacement). Microsoft Symbol Store System file compromise detected (RTP or scan) Compromised file replaced Request new file Download replacement file

Windows 7 Windows 8 Malware is able to boot before Windows and Anti-malware Malware able to hide and remain undetected Systems can be compromised before AM starts Secure Boot loads Anti-Malware early in the boot process Early Load Anti-Malware (ELAM) driver is specially signed by Microsoft Windows starts AM software before any 3rd party boot drivers Malware can no longer bypass AM inspection

Windows 8 Windows 7 Measurements of some boot components evaluated as part of boot Only enabled when BitLocker has been provisioned Measures all boot components Measurements are stored in a Trusted Platform Module (TPM) Remote attestation, if available, can evaluate client state Enabled when TPM is present. BitLocker not required

Windows OS Loader UEFI Boot Windows Kernel and Drivers AM Software AM software is started before all 3 rd party software Boot Policy AM Policy 3 rd Party Software 2 TPM 3 Measurements of components including AM software are stored in the TPM Client Remote Attestation Service 5 Client retrieves TPM measurements of client and sends it to Remote Attestation Service Windows Logon Client Health Claim 6 Remote Attestation Service issues Client Health Claim to Client Secure Boot prevents malicious OS loader 1 Remote Resource (Fie Server) 4 Client attempts to access resource. Server requests Client Health Claim. Remote Resource (File Server) 7 Client provides Client Health Claim. Server reviews and grants access to healthy clients.

Simple interface  Minimal, high-level user interactions Administrative Control  User configurability options  Central policy enforcement  UI Lockdown and disable Maintains high productivity  CPU throttling during scans  Faster scans through advanced caching Minimal network and client impact of definition updates

Launching a Windows Defender Offline Scan with Configuration Manager 2012 OSD Operating System Deployment and Endpoint Protection Client Installation Software Update Content Cleanup in System Center 2012 Configuration Manager Building Custom Endpoint Protection Reports in System Center 2012 Configuration Manager Managing Software Updates in Configuration Manager 2012 Endpoint Protection by the numbers Group Policy Preferences and Software Updates Software Update Points in Configuration Manager 2012 SP1 How-to-Videos Product Documentation Security and Compliance Manager – Configuration Packs

Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.