Microsoft Releases First Public Preview Of Its Defender Antivirus On Android
The tech giant Microsoft is launching a preview version of its antivirus software for Android today. The product, named “Microsoft Defender ATP for Android,” was announced at the RSA security conference in February this year, and has reached a first public preview today.
This new Android app will work like a classic mobile antivirus product that can scan the phone for malicious apps and other malware, detect malicious and phishing sites while the user is browsing the web, and block users from accessing certain sites based on a predefined block-list.
Microsoft says the Defender ATP for Android app also comes with hidden features, courtesy of its integration into the larger and more complex Defender ATP, Intune, and Configuration Manager platforms.
The app effectively works as a gatekeeper for a company’s network, allowing IT staff to lock Android smartphones out of the corporate network or prevent users from accessing corporate apps.
According to Microsoft, “Phishing is one of the biggest threat vectors on mobile, with the majority of attacks happening outside of email such as via phishing sites, messaging apps, games, and other applications. Other potential threats come from apps which may make connections to unsafe domains, unknowingly to the user and security teams. Web protection capabilities in Microsoft Defender ATP for Android help to address these challenges with:
- Anti-phishing: Access to unsafe websites from SMS/text, WhatsApp, email, browsers, and other apps is instantly blocked. To do this, we leverage the Microsoft Defender SmartScreen service to help determine whether a URL is potentially malicious. This works in conjunction with Android to enable the app to inspect the URL to provide anti-phishing protection. If access to a malicious site is blocked, the device user will get a notification about this with the options to allow the connection, report it safe, or dismiss the notification. Security teams are notified about attempts to access malicious sites via an alert in the Microsoft Defender Security Center.
- Blocking unsafe connections: The same Microsoft Defender SmartScreen technology is used to also block unsafe network connections that apps automatically might make on the user’s behalf without them knowing. Just as in the phishing example, the user is immediately informed that this activity is blocked and is given the same choices to allow it, report it as unsafe, or dismiss the notification as the product screenshot shows. Alerts for this scenario also show up in the Microsoft Defender Security Center. When these connections are attempted on a user’s device, security teams are notified of this via an alert in the Microsoft Defender Security Center.
- Custom indicators: Security teams can create custom indicators, giving them more fine-grained control over allowing and blocking URLs and domains users connect to from their Android devices. This can be done in the Microsoft Defender Security Center and is an extension of our custom indicators capability already available for Windows.”
“When Microsoft Defender ATP for Android finds that a device has malicious apps installed, it will classify the device as ‘high risk’ and will flag it in the Microsoft Defender Security Center,” Kanishka Srivastava, Senior Program Manager at Microsoft, said today.