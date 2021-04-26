



Microsoft today announced that Microsoft Defender for Endpoints, an enterprise version of Windows 10 Defender antivirus, now supports blocking cryptojacking malware using Intel’s silicon-based threat detection technology (TDT).

Cryptojacking malware allows threat attackers to secretly mine cryptocurrencies on infected devices such as personal computers, enterprise servers, and mobile devices.

In some cases, cryptojacking can significantly reduce the performance of infected machines by occupying valuable system resources.

Detection of malware execution using CPU-based heuristics

Intel TDT is part of a set of HardwareShield features available on Intel vPro and Intel Core platforms, including endpoint detection and endpoint detection for advanced memory scanning, cryptojacking, and ransomware detection via CPU-based heuristics. Provides response (EDR) functionality.

Intel TDT combines low-level hardware telemetry collected from the CPU Performance Monitoring Unit (PMU) with machine learning to detect cryptographic malware at run time.

This allows Microsoft Defender to block malicious processes without using hypervisor introspection or code injection, and avoid detection evasion techniques such as obfuscation of code used by malware authors.

Microsoft also wants to use Intel TDT in the future to detect and thwart other malware strains and attack methods such as ransomware and side-channel attacks.

Karthik Selvaraj, Principal Research Manager for the Microsoft 365 Defender Research Team, said:

“Intel TDT already has the ability to handle such scenarios and can train machine learning to recognize these attack vectors.”

Image: Microsoft available on Intel vPro and Core, 6th generation and above

Intel TDT continuously monitors and analyzes telemetry data from virtual machines and applications to detect signals of malicious activity, but integrates resource-intensive workloads with integrated graphics processing units (GPUs). Delegates to, so it does not affect the overall performance of the system.

“This advanced threat detection does not cause performance hits that require IT leaders to trade off between better security and a better user experience,” Intel added.

“Intel TDT can offload performance-focused security workloads to the integrated graphics controller and bring performance back to the CPU, increasing scans and reducing the impact on the computing experience.”

The new features are available to all customers using Intel Core processors and Intel vPro platforms from 6th generation onwards.

“This partnership is an example of continued investment and deep collaboration with technology partners across the industry,” Selvaraj added.

“We are working closely with chip makers to explore and adopt new hardware-based defenses that provide robust and resilient protection against cyber threats.

“As organizations seek to simplify their security investments, embedded platform-based security technologies, such as the integration of Intel TDT and Microsoft Defender for Endpoints, combine the best of streamlined solutions.”

