{"id":229,"date":"2020-06-22T09:13:38","date_gmt":"2020-06-22T07:13:38","guid":{"rendered":"https:\/\/www.oxxodata.com\/blog\/?p=229"},"modified":"2020-12-21T16:28:17","modified_gmt":"2020-12-21T15:28:17","slug":"les-attaques-de-rootkits-detectees-par-microsoft-defender-atp","status":"publish","type":"post","link":"https:\/\/oxxodata.com\/blog\/les-attaques-de-rootkits-detectees-par-microsoft-defender-atp\/","title":{"rendered":"Les attaques de rootkits d\u00e9tect\u00e9es  par Microsoft Defender ATP"},"content":{"rendered":"\n<p><strong>Microsoft<\/strong> a mis en place des d\u00e9fenses dans les <strong>PC Windows 10 Secured-Core<\/strong> qui a des fonctions  similaires au <strong>Microsoft Defender Advanced Threat Protection (ATP) <\/strong>qui \u00e0 son tour analyse  le microprogramme du <strong>PC Windows 10<\/strong> pour d\u00e9tecter les attaques de<strong> rootkits<\/strong>.<br><br>L&rsquo;une des protections cl\u00e9s au niveau mat\u00e9riel que ces offres offrent est la protection <strong>DMA (Direct Memory Access) <\/strong>du noyau, ou via une Plateforme bas\u00e9e sur la virtualisation comme <strong>(TPM)<\/strong> que l&rsquo;int\u00e9grit\u00e9 du code prot\u00e9g\u00e9 par hyperviseur <strong>(HVCI)<\/strong> et des outils pour bloquer l&rsquo;ex\u00e9cution de code non v\u00e9rifi\u00e9.<br><br>Le scanner <strong>UEFI <\/strong>dans <strong>Windows Defender ATP<\/strong> analyse l&rsquo;interface entre le syst\u00e8me d&rsquo;exploitation et le micrologiciel, \u00e9tant donn\u00e9 que le micrologiciel n&rsquo;est pas accessible \u00e0 partir de la m\u00e9moire principale le scanner <strong>UEFI<\/strong> effectue une analyse  qu&rsquo;il obtient \u00e0 partir du stockage flash <strong>SPI<\/strong>.<br><br><br>Donc le scanner <strong>UEFI<\/strong> est capable d&rsquo;analyser le micrologiciel, permettant \u00e0 <strong>Microsoft Defender ATP<\/strong> d&rsquo;inspecter le contenu du micrologiciel au moment de l&rsquo;ex\u00e9cution.<br><br><br><\/p>\n\n\n\n<p>Par ailleurs, <a href=\"http:\/\/www.oxxodata.com\">OXXODATA<\/a> propose aussi des services des <a href=\"https:\/\/www.oxxodata.com\/services\/digitalisation\/solution-antivirus\/\">Solution d\u2019antivirus<\/a><strong> <\/strong> , que vous pouvez commander directement depuis le lien :<a href=\"https:\/\/www.oxxodata.com\/services\/digitalisation\/solution-antivirus\/\"> https:\/\/www.oxxodata.com\/services\/digitalisation\/solution-antivirus\/<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Pour plus d&rsquo;information&nbsp;vous pouvez nous contacter sur le lien: <strong><a rel=\"noreferrer noopener\" href=\"http:\/\/www.oxxodata.com\/\" target=\"_blank\">www.oxxodata.com<\/a><\/strong> ou par T\u00e9l\u00e9phone au <strong>04 81 13 33 27<\/strong>.<\/p>\n\n\n\n<p><strong><a rel=\"noreferrer noopener\" href=\"https:\/\/billing.oxxodata.com\/\" target=\"_blank\">OXXODATA<\/a><\/strong> vous accompagne dans vos choix en solution IT &amp; Cloud.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft a mis en place des d\u00e9fenses dans les PC Windows 10 Secured-Core qui a des fonctions similaires au Microsoft Defender Advanced Threat Protection (ATP) qui \u00e0 son tour analyse le microprogramme du PC Windows 10 pour d\u00e9tecter les attaques de rootkits. L&rsquo;une des protections cl\u00e9s au niveau mat\u00e9riel que ces offres offrent est la &#8230; <a title=\"Les attaques de rootkits d\u00e9tect\u00e9es  par Microsoft Defender ATP\" class=\"read-more\" href=\"https:\/\/oxxodata.com\/blog\/les-attaques-de-rootkits-detectees-par-microsoft-defender-atp\/\" aria-label=\"Read more about Les attaques de rootkits d\u00e9tect\u00e9es  par Microsoft Defender ATP\">Lire la suite<\/a><\/p>\n","protected":false},"author":2,"featured_media":241,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"_links":{"self":[{"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/posts\/229"}],"collection":[{"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/comments?post=229"}],"version-history":[{"count":3,"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/posts\/229\/revisions"}],"predecessor-version":[{"id":240,"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/posts\/229\/revisions\/240"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/media\/241"}],"wp:attachment":[{"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/media?parent=229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/categories?post=229"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oxxodata.com\/blog\/wp-json\/wp\/v2\/tags?post=229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}