OMS Security: Antimalware solution Assessment presentation

Microsoft Operations Management Suite (OMS) offers an interesting solution named Antimalware Assessment with which you can monitor the status of anti-malware protection on the entire infrastructure and easily detect potential threats.

In order to use the Antimalware solution Assessment you must subscribe to l ’ offer "Security & Compliance "OMS. The installation of the solution can be made by following the procedure described at the beginning of the article OMS Security: Threat Intelligence or by going directly to theAzure Marketplace. After having activated the OMS is not required no further configuration and is ready to be used.

La solution thanks to an easy-to-navigate dashboard shows real-time antimalware protection systems without active and is able to show a status in OMS antimalware for the following products:

  • Windows Defender on Windows 8, Windows 8.1, Windows 10 and Windows Server 2016.
  • Windows Security Center (WSC) on Windows 8, Windows 8.1, Windows 10, Windows Server 2016.
  • System Center Endpoint Protection (version 4.5.216 or later).
  • Antimalware extension and Windows Malicious Software Removal Tool (MSRT) activated on the VMS in Azure.
  • Symantec Endpoint 12. x and 14 x.
  • Trend Micro Deep 9.6.

At the moment only detects installations of some solutions of third party vendors such as Symantec and Trend Micro, but probably this list is set to increase.

On monitored systems by who is made an assessment about security by checking the status of the antimalware product, performing analysis on a regular basis, and if you are using signatures from as little as seven days.

The portal home page who is the tile that reports a summary Assessment of the State of anti-malware infrastructure:

Figure 1 – Antimalware Assessment tile

By selecting this tile leads to Antimalware solution dashboard Assessment that categorizes the information collected and reported in 4 different tile:

  • Threat Status
  • Detected Threats
  • Protection Status
  • Type of Protection

Figure 2 – Antimalware Dashboard Assessment

The first two tile focus on observations of infections with the type of malware intercepted, infected systems and highlighting situations where the antimalware ’ was not able to clean your system from ’ infection.

Selecting the infected machine or the name of the malware is returned on the page Log Search where you can see the details of the threat detected:

Figure 3 – Details of the threat detected

Selecting the link View next to the name of threat you are directed to the Microsoft malicious software encyclopedia:

Figure 4 – Search all internal Microsoft ’ encyclopedia of malware

By selecting the name of the malware you can consult the card with all details about all ’ infection:

Figure 5 – Card with malware information

The remaining tile shows useful information on the State of infrastructure security:

  • Which machines are not protected and why (agent disabled, signature not updated or not scan made recently) so you can take corrective action.
  • The list of machines detected on antimalware solutions.

From these tile you can easily do a drill down to see the list of affected machines, such as the list of machines without a real time protection enabled:

Figure 6 – Machines with no real time protection

Conclusions

You can count on a tool that can quickly identify systems with antimalware protection not sufficient or compromised machines from malware is crucial to mitigate attempts at compromise of corporate data and avoid major incidents of security. Microsoft Operations Management Suite (OMS) In addition to these features it includes other important solutions in this area making it a great tool to ensure the security and compliance of your infrastructure. To further explore this and other features you can try the OMS for free.

Please follow and like us: