ãã®åºçç©ã§ã¯ãDofoilã®äœè ãé Œãã«ãããããã°ã¢ãŒããšåæã§ã®èµ·åã«å¯Ÿæããæ¹æ³ã詳现ã«èª¿ã¹ããã«ãŠã§ã¢ãæ€åºããWindows 10ã®æ©èœããã®ãããªæ»æã®èª¿æ»ã«ã©ã®ããã«åœ¹ç«ã€ãã説æããŸãã

調æ»äžã«ãDofoilãŠã€ã«ã¹ã«ã¯åæã«å¯Ÿæããããã®çµã¿èŸŒã¿ã¡ãœãããããããšãããããŸããã ã©ã®ç°å¢ã«ãããã確èªããä»®æ³ãã·ã³ã§ã®åäœãåæ¢ããŸãã ãŸããã¡ã¢ãªãã¹ãã£ã³ããŠåæããŒã«ã®ååšã確èªããããã«ããã»ã¹ãå®äºããŸãã ããã¯ãã¹ãŠãæªæã®ããã³ãŒãã®åæãèããè€éã«ããŸãã
次ã®å³ã¯ããã«ãŠã§ã¢ã®å°å ¥ã«å¿ èŠãªæé ã瀺ããŠããŸãã ãããã®äžéšã«ã¯ãåæç°å¢ã®ç¢ºèªãå«ãŸããŸãã

å³1.ã·ã§ã«ã³ãŒããšæ»æã³ãŒãDofoilã®å®è¡ã®æ®µéçãªå³
次ã®è¡šã¯ãåã¹ãããã®ç®çã説æããŠããŸãã æåã®5段éã«ã¯ãæªæã®ããã³ãŒãã®åçãŸãã¯éçåæã«å¯Ÿæããæ段ãå«ãŸããŠããŸãã
ã¹ããŒãž | èšè¿° |
1.åœè£ ã·ã§ã«ã³ãŒã | ãã¥ãŒãªã¹ãã£ãã¯åæããä¿è·ããŸãã
ãšãã¥ã¬ãŒã·ã§ã³ããä¿è·ããŸãã |
2.ããŒãã¹ãã©ããã¢ãžã¥ãŒã« | 次ã®ã¢ãžã¥ãŒã«ãããŒãããããã®ãã€ãã£ãããã»ã¹ã®ã³ãŒãã眮ãæããŸãã
|
3.ãããã°å¯Ÿçã¢ãžã¥ãŒã« | ãããã°ã¢ãŒãã§å®è¡ããããšããè©Šã¿ãåæ¢ããŸãã |
4.ããã€ã®æšéŠ¬ããŒãããŒããŒã¢ãžã¥ãŒã« | ã·ã¹ãã ç°å¢ã確èªããŸãã
ä»®æ³ãã·ã³å ã§éå§ããããšããè©Šã¿ãåæ¢ããŸãã ããã»ã¹ã³ãŒãã眮ãæããããšã«ãããexplorer.exeã«åã蟌ã¿ãŸãã |
5. explorer.exeã®ããã€ã®æšéŠ¬ããŒãããŒããŒã¢ãžã¥ãŒã« | 管çããã³å¶åŸ¡ãµãŒããŒãšéä¿¡ããŠããã€ã®æšéŠ¬ãããŠã³ããŒãããããã»ã¹ã³ãŒã眮ææ¹æ³ã䜿çšããŠå®è¡ããŸãã
|
6. explorer.exeã®æ»æã³ãŒãã®ããŒãããŒããŒã¢ãžã¥ãŒã« | 管çããã³å¶åŸ¡ãµãŒããŒãšéä¿¡ããŠãäž»ãªæ»æã³ãŒããããŠã³ããŒãããŸãã
|
7.ããã€ã®æšéŠ¬ã¢ãžã¥ãŒã« | ããŸããŸãªã¢ããªã±ãŒã·ã§ã³ã®æ§æããè³æ Œæ
å ±ãçã¿ãåéããããŒã¿ãHTTPãã£ãã«ãä»ããŠç®¡çãµãŒããŒã«è»¢éããŸãã
|
8. CoinMiner.D | æå·é貚ãã€ãã³ã°ãå®è¡ããŸãã |
è¡š1.ããŸããŸãªæ®µéã§Dofoilã«ãã£ãŠå®è£ ãããã¢ãžã¥ãŒã«
åæ段é
æåã®3段éïŒã€ãŸããåœè£ ã·ã§ã«ã³ãŒããããŒãã¹ãã©ããã¢ãžã¥ãŒã«ãããã³ãããã°å¯Ÿçã¢ãžã¥ãŒã«ïŒã¯ã次ã®æ¹æ³ã§åæãšèªèãé²æ¢ããããšããŸãã
åææ¹æ³ | èšè¿° |
çµã¿èŸŒã¿ã®ã¯ãªãŒã³ã³ãŒã | ãã¥ãŒãªã¹ãã£ãã¯åæãšæååæãæ··åããããã«ã倧éã®ã¯ãªãŒã³ãªã³ãŒããåã蟌ã¿ãŸãã |
ãšãã¥ã¬ãŒã·ã§ã³ãã¹ã | ä»»æã®ã¬ãžã¹ããªããŒïŒHKEY_CLASSES_ROOT \ Interface \ {3050F557-98B5-11CF-BB82-00AA00BDCE0B}ïŒãéžæããããŒã¿ãæåŸ å€ïŒDispHTMLCurrentStyleïŒãšæ¯èŒããŠããã«ãŠã§ã¢ããšãã¥ã¬ãŒã¿ãŒå ã§å®è¡ãããŠãããã©ããã確èªããŸãã |
ç¬èªã®ããã»ã¹ã³ãŒãã®çœ®ãæã | çŸåšã®ããã»ã¹ã®ã³ãŒãã眮ãæããŸããã³ãŒãã®ã¢ãã¬ã¹ããŒã¯ã¢ãããå€æŽããããããåæãå€§å¹ ã«è€éã«ãªããŸãã |
ãããã°ãã§ã㯠| ãããã°ããŒã«ããã§ãã¯ããŸãã ããããèŠã€ãããšã³ãŒããå€æŽãããã¯ã©ãã·ã¥ãçºçããŸãã ãã®ã¡ã«ããºã ã¯ããã®ãããªçµè«ã®çç±ãèŠã€ããããšããã§ããªãç 究è ã®ä»äºãè€éã«ããŸãã ããã°ã©ã ã¯ãPEBæ§é äœã®PEB.BeingDebuggedããã³PEB.NtGlobalFlagãã£ãŒã«ãããã§ãã¯ããŸãã ããšãã°ãããã»ã¹ããããã¬ãŒã§å®è¡ãããŠããå Žåã PEB.BeingDebuggedãã£ãŒã«ãã¯1ã«èšå®ããã PEB.NtGlobalFlagã¯FLG_HEAP_ENABLE_TAIL_CHECKã«èšå®ãããŸã ã FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_VALIDATE_PARAMETERS |
è¡š2.åæã«å¯Ÿæããæ¹æ³
æåã®ã¹ããŒãžã«ã¯ãäžèŠããããªã³ãŒãã®ãµã€ããå«ãŸãããã®åŸã«å®éã®æªæã®ããã³ãŒããç¶ããŸãã ãã®ãããå®è¡å¯èœãã¡ã€ã«ã¯å®å šã«èŠãããããããŸããã ããã«ãæªæã®ããã³ãŒãã§ã¯ãã£ãã«èŠãããªãAPIåŒã³åºããã·ãã¥ã¬ãŒãããããšã¯å®¹æã§ã¯ãªãããããã®ãããªã³ãŒããååšãããšãšãã¥ã¬ãŒã·ã§ã³ãè€éã«ãªãå¯èœæ§ããããŸãã
æåã®ã¹ãããã³ãŒãã¯ãã¬ãžã¹ããªããŒãæåŸ å€ãšç §åããŸãã ãã¹ãŠã®ãã§ãã¯ã«åæ Œãããšãã³ãŒãã¯2çªç®ã®ã¹ããŒãžã®ã·ã§ã«ã³ãŒãã埩å·åããã©ãã«ä»ãã¡ã¢ãªé åã§å®è¡ããŸãã ã·ã§ã«ã³ãŒãã¯ããœãŒã¹ã¡ã€ã³ã¢ãžã¥ãŒã«ã®ã¡ã¢ãªã¬ã€ã¢ãŠããã¯ãªã¢ãã3çªç®ã®ã¹ããŒãžã®ã·ã§ã«ã³ãŒãã埩å·åããåãã¡ã¢ãªäœçœ®ã«é 眮ããŸãããã®æé ã¯ããã€ãã£ãããã»ã¹ã®ã³ãŒãã®çœ®ãæããšåŒã°ããŸãã

å³2. PEB.BeingDebuggedã®å€ã«å¿ããã³ãŒãå€æŽ
Windows Defender ATPããã»ã¹ããªãŒã¯ããã®ãããªã¢ã³ããããã°ã¡ã«ããºã ãå ¬éããã®ã«åœ¹ç«ã¡ãŸãã

å³3. Windows Defender ATPããã»ã¹ããªãŒã«è¡šç€ºãããã¢ã³ããããã°ã¡ã«ããºã
ããã€ã®æšéŠ¬ããŠã³ããŒããŒã¢ãžã¥ãŒã«
ããã€ã®æšéŠ¬ããŒããŒã¢ãžã¥ãŒã«ã¯ãæ»æã³ãŒããèªã¿èŸŒãåã«ãä»®æ³æ§ãåæããŒã«ã®å¯çšæ§ãªã©ãããŸããŸãªæ¹æ³ã§ã©ã³ã¿ã€ã ããã§ãã¯ããŸãã
åææ¹æ³ | èšè¿° |
ã¢ãžã¥ãŒã«ã®ååã確èªãã | ã¡ã€ã³ã®å®è¡å¯èœãã¡ã€ã«ã®ååã«æååãsampleããå«ãŸããŠãããã©ããã確èªããŸãã
|
ããªã¥ãŒã ã·ãªã¢ã«çªå·ã®ç¢ºèª | çŸåšã®ããªã¥ãŒã ã«ã·ãªã¢ã«çªå·0xCD1A40ãŸãã¯0x70144646ããããã©ããã確èªããŸãã |
ã¢ãžã¥ãŒã«ã®ç¢ºèª | ãããã°DLLã®ååšã確èªããŸãã |
ã¬ãžã¹ããªããŒã®ãã©ã€ãã確èªãã | ã¬ãžã¹ããªããŒHKLM \ System \ CurrentControlSet \ Services \ Disk \ Enumã®å€ããä»®æ³ãã·ã³ã®äžè¬çãªãã£ã¹ã¯åãã¿ãŒã³ïŒ qemuãvirtualãvmwareãxenãffffcce24 ïŒ ã§ãã§ãã¯ããŸãã |
ããã»ã¹ãã§ã㯠| å®è¡äžã®ããã»ã¹ããã§ãã¯ããåæããŒã«ïŒ procexp.exeãprocexp64.exeãprocmon.exeãprocmon64.exeãtcpview.exeãwireshark.exeãprocesshacker.exeãollydbg.exeãidaq.exeãx32dbgã«é¢é£ããããã»ã¹ãçµäºããŸãã .exe ïŒã |
Windowsã¯ã©ã¹åã®ç¢ºèª | çŸåšã®Windowsã¯ã©ã¹åããã§ãã¯ããåæããã³ãããã°ã«é¢é£ããäžè¬çãªã¯ã©ã¹åïŒ AutorunsãPROCEXPLãPROCMON_WINDOW_CLASSãTCPViewClassãProcessHackerãOllyDbgãWinDbgFrameClass ïŒãèŠã€ãããšçµäºããŸãã |
è¡š3. Dofoil TrojanããŠã³ããŒããŒã¢ãžã¥ãŒã«ã§ã®åæã«å¯Ÿæããæ¹æ³
ã¿ãŒã²ããããã»ã¹ãšWindowsã¯ã©ã¹ã®ååã¯ãç¹å¥ã«èšç®ããããã§ãã¯ãµã ã®ãªã¹ããšããŠä¿åãããŸãã æ€èšŒã¢ã«ãŽãªãºã ã¯æ¬¡ã®ããã«ãªããŸãã

å³4.ããæããã³æä»çORã«åºã¥ãç¹å¥ãªãã§ãã¯ãµã ã¢ã«ãŽãªãºã
ãã§ãã¯ãµã ã䜿çšãããšã調æ»ãé ããªããç 究è ããã«ãŠã§ã¢ãã©ã®åæããŒã«ãæ€åºããããè¿ éã«ææ¡ã§ããªããªããŸãã
LINE | å¶åŸ¡é |
èªåå®è¡ | 0x0E5C1C5D |
PROCEXPL | 0x1D421B41 |
PROCMON_WINDOW_CLASS | 0x4B0C105A |
TCPViewClass | 0x1D4F5C43 |
Processhacker | 0x571A415E |
ãªã«ãªã | 0x4108161D |
WinDbgFrameClass | 0x054E1905 |
procexp.exe | 0x19195C02 |
procexp64.exe | 0x1C0E041D |
procmon.exe | 0x06185D0B |
procmon64.exe | 0x1D07120A |
tcpview.exe | 0x060B5118 |
wireshark.exe | 0x550E1E0D |
processhacker.exe | 0x51565C47 |
ollydbg.exe | 0x04114C14 |
ollydbg.exe | 0x04114C14 |
x32dbg.exe | 0x5F4E5C04 |
idaq.exe | 0x14585A12 |
è¡š4. Windowsããã»ã¹åãšã¯ã©ã¹ã®ãã§ãã¯ãµã ããŒãã«
ããã»ã¹ã³ãŒãã®çœ®æ
Dofoilã®ããã©ãŒãã³ã¹ã¯ãããã»ã¹ã³ãŒãã®çœ®ææè¡ã«å€§ããäŸåããŠããŸãã ã¡ã€ã³ã®ã¿ãŒã²ããããã»ã¹ã¯explorer.exeã§ãã ã·ã§ã«ã³ãŒãDofoilã¯explorer.exeã®æ°ããã€ã³ã¹ã¿ã³ã¹ãèµ·åããã·ã§ã«ã³ãŒããåçã¡ã¢ãªã«é 眮ãããšã³ããªãã€ã³ãã®ã³ãŒããå€æŽããŠã·ã§ã«ã³ãŒãã«åãæ¿ããŸãã ãã®ããããã«ãŠã§ã¢ã¯CreateRemoteThread APIé¢æ°ã䜿çšããã«ã³ãŒããæ¿å ¥ããŸãã

å³5. explorer.exeã®ãšã³ããªãã€ã³ãã³ãŒãã®å€æŽ
Windows Defender ATPã·ã¹ãã ã¯ãã¡ã¢ãªæäœãåæããããšã«ãããããã»ã¹ã³ãŒã眮æã®å åãæ€åºã§ããŸãã 次ã®ããã»ã¹ããªãŒã¯ãããã»ã¹ã³ãŒãã眮ãæããããšã«ãããexplorer.exeã«æªæã®ããããã°ã©ã ãã©ã®ããã«åã蟌ãŸãããã瀺ããŠããŸãã

å³6. Windows Defender ATPèŠåããã»ã¹ããªãŒïŒæåã®ããã»ã¹ã³ãŒãã®çœ®æ
ã·ã§ã«ã³ãŒããæ»æã³ãŒãã®æ¬¡ã®ã¬ã€ã€ãŒãèªã¿èŸŒããšãå¥ã®explorer.exeããã»ã¹ãçæããã代æ¿ã¡ãœããã«ãã£ãŠæ»æã³ãŒããåã蟌ãŸããŸãã ãã®ãããªå ŽåãWindows Defender ATPã¯åæãå€§å¹ ã«é«éåããæªæã®ããæäœãæ£ç¢ºã«èå¥ããæ°ããäœæãããWindowsã·ã¹ãã ããã»ã¹ã®çãããã¢ã¯ã·ã§ã³ã瀺ããŸãã

å³7. Windows Defender ATPèŠåããã»ã¹ããªãŒïŒ2çªç®ã®ããã»ã¹ã³ãŒãã®çœ®æ
Windows Defender Exploit Guardã®ãšã¯ã¹ããã€ã ä¿è·ã³ã³ããŒãã³ãã¯ãããã»ã¹ã³ãŒãã®çœ®æãæ€åºããŸãã ãããè¡ãã«ã¯ãexplorer.exeããã»ã¹ã®ãšã¯ã¹ããŒãã¢ãã¬ã¹ãã£ã«ã¿ïŒEAFïŒä¿è·ãæå¹ã«ããŸãã ãã®å Žåãã³ã³ããŒãã³ãã¯ãã·ã§ã«ã³ãŒããLoadLibraryAããã³GetProcAddressé¢æ°ã®ãšã¯ã¹ããŒãã¢ãã¬ã¹ã¢ãžã¥ãŒã«ã調ã¹ããšãã«ãã¹ããŒãã£ã³ã°ãæ€åºããŸãã

å³8.ã€ãã³ããã°ã®EAFã€ãã³ã
Windows Defender Exploit Guardã€ãã³ãã¯ãWindows Defender ATPããŒã¿ã«ã§ãå©çšã§ããŸãã

å³9. Windows Defender ATPã®Windows Defender Exploit Guardã€ãã³ã
Windows Defender Exploit Guardã®EAFç£æ»ãŸãã¯ãããã¯ããªã·ãŒãexplorer.exeãcmd.exeãverclsid.exeãªã©ã®äžè¬çãªã·ã¹ãã ããã»ã¹ã察象ãšããå Žåãããã»ã¹ã³ãŒãã眮ãæãããã«ãŠã§ã¢ã䜿çšããã³ãŒããæ¿å ¥ããäž»èŠãªã¡ãœããã®æ€åºãšãããã¯ãå€§å¹ ã«ä¿é²ããŸãã ããªã·ãŒã¯ãã·ã§ã«ã³ãŒããšããŠæ©èœãããµãŒãããŒãã£ããã°ã©ã ã®åäœã«åœ±é¿ãäžããå¯èœæ§ããããããç¶ç¶çã«é©çšããåã«Windows Defender Exploit Guard ç£æ»ã¢ãŒãã§ãã¹ãããããšããå§ãããŸãã
管çããã³å¶åŸ¡ãµãŒããŒïŒCïŒCïŒããã³NameCoinãã¡ã€ã³
Dofoilã¯ãCïŒCãµãŒããŒã«æ¥ç¶ãããšãã«ç¹ã«æ³šæãæã£ãŠããŸãã ãã®ããã€ã®æšéŠ¬ã®ã³ãŒãã¯ããã§ãã¯ãããWebããŒãžã«æåã«æ¥ç¶ããŠãã€ã³ã¿ãŒãããæ¥ç¶ãããããããæ¬ç©ã§ããããã¹ãç°å¢ã§æš¡å£ãããŠããªãããšã確èªããããšããŸãã ã€ã³ã¿ãŒãããæ¥ç¶ã®ä¿¡é Œæ§ã確èªããåŸãæªæã®ããããã°ã©ã ã¯HTTPãä»ããŠå®éã®CïŒCãµãŒããŒãšéä¿¡ããŸãã

å³10.æ¢ç¥ã®ãµãŒããŒã«æ¥ç¶ããŠã€ã³ã¿ãŒãããæ¥ç¶ããã¹ããã
æªæã®ãããœãããŠã§ã¢ãNameCoinãã¡ã€ã³ããŒã ãµãŒããŒã«ã¢ã¯ã»ã¹ããŸãã NameCoinã¯ããããã¯ãã§ãŒã³ãã¯ãããžãŒã®ãããã§é«åºŠãªå¿åæ§ãæäŸããåæ£åDNSãµãŒããŒã·ã¹ãã ã§ãã äžè¬ã«ããããæäœããããšã¯éåžžã®DNSã¯ãšãªãšç¹ã«éãã¯ãããŸããããDNSã¯ã©ã€ã¢ã³ãã¯ç¹å®ã®NameCoin DNSãµãŒããŒã«ã¢ã¯ã»ã¹ããå¿ èŠããããŸãã NameCoinã¯ãããã¯ãã§ãŒã³ã¢ãã«ã«äŸåããŠããããããã¡ã€ã³åã®å€æŽå±¥æŽã¯ãããã¯ã§è¿œè·¡ã§ããŸãã

å³11.æªæã®ãããã¹ãã®DNSå€æŽãã°ïŒ https://namecha.in/name/d/vrubl ïŒ
Windows Defender ATPã䜿çšãããšããã«ãŠã§ã¢ã®ãããã¯ãŒã¯ã¢ã¯ãã£ããã£ã远跡ã§ããŸãã 次ã®èŠåããã»ã¹ããªãŒã¯ãæªæã®ããããã»ã¹ãCïŒCãµãŒããŒã«å¯Ÿå¿ãã.bitãã¡ã€ã³åã解決ããããããšã®æ¥ç¶ã確ç«ããæ¹æ³ã瀺ããŠããŸãã å®è¡å¯èœãã¡ã€ã«ã®ä»ã®ã¢ã¯ã·ã§ã³ã衚瀺ãããŸããããšãã°ãSMTPããŒããä»ããŠä»ã®ãµãŒããŒã«æ¥ç¶ããŸãã

å³12. Windows Defender ATPèŠåããã»ã¹ããªãŒïŒNameCoinãµãŒããŒãä»ããŠååã解決ããåŸã«CïŒCãµãŒããŒã«æ¥ç¶ãã
é«åºŠãªWindows Defender ATPè åšæ€çŽ¢æ©èœïŒè©ŠçšçãšããŠåŒãç¶ãå©çšå¯èœïŒã¯ãNameCoinãµãŒããŒã䜿çšããŠãããæªè³ªãªã³ãŒããµã³ãã«ãæ€åºã§ããŸãã ããšãã°ã次ã®ã¯ãšãªã䜿çšãããšãããããžã®æè¿ã®æ¥ç¶ã確èªã§ããŸãã ããã¯ãåãNameCoinãµãŒããŒã«é¢é£ä»ããããŠããä»ã®è åšã«ã€ããŠç¥ãã®ã«åœ¹ç«ã¡ãŸãã

å³13.åãNameCoinãµãŒããŒã䜿çšããè åšã®é«åºŠãªæ€çŽ¢
NameCoinã·ã¹ãã ã¯ããã¡ã€ã³ç®¡çã®ã€ã³ã¿ãŒã»ããïŒããããã·ã³ã¯ãïŒãè€éã«ããããã«èšèšãããŠããŸãã NameCoinãã¡ã€ã³åã¬ã³ãŒãã¯ãäžéšã®äžå€®èŠå¶åœå±ã«ãã£ãŠç®¡çãããŠããªããããæ³å·è¡æ©é¢ã®èŠè«ã«å¿ããŠãã®ãããªã¬ã³ãŒããå€æŽããããšã¯ã§ããŸããã ããã«ããã«ãŠã§ã¢ã¯NameCoin DNSãµãŒããŒã®ãã¹ãã«äŸåããŠãããããããåæ¢ããããšã¯éåžžã«å°é£ã§ãã
ãããã«
Dofoilã¯éåžžã«å±éºãªãã«ãŠã§ã¢ã§ãã ããŸããŸãªæ¹æ³ã䜿çšããŠãã·ã¹ãã ç°å¢ã®æ§è³ªãšã€ã³ã¿ãŒãããæ¥ç¶ã®ä¿¡é Œæ§ããã§ãã¯ããŠãåæç°å¢ãä»®æ³ãã·ã³ã§ã¯ãªããå®éã®ã³ã³ãã¥ãŒã¿ãŒã§ã®ã¿åäœããããã«ããŸãã ããã¯ãã¹ãŠåæãé ãããç 究ã·ã¹ãã ãæ··ä¹±ãããŸãã
Dofoilãã£ã³ããŒã³ã§ã¯ã Windows Defender Advanced Threat Protectionãœãªã¥ãŒã·ã§ã³ã¯ãã»ãã¥ãªãã£ã®å°é家ã被害è ã®ã³ã³ãã¥ãŒã¿ãŒäžã®ã€ãã³ãã®é åºãåæããããã»ã¹ã¹ããããCïŒCãµãŒããŒãžã®æ¥ç¶ãããã³ããã»ã¹ã³ãŒã眮ææäœã«é¢ãã詳现æ å ±ãååŸããã®ã«åœ¹ç«ã¡ãŸãã Windows Defender ATPã¯ããã¹ãç°å¢ã§ã·ã¹ãã æäœã®è©³çŽ°ãªè¿œè·¡ãæ§æã§ããåæãã©ãããã©ãŒã ãšããŠæ©èœã§ããŸãã ãããã£ãŠãææã®èª¿æ»ã«ãããæéãšãªãœãŒã¹ãå€§å¹ ã«ç¯çŽã§ããŸãã
ããã«ã Windows Defender Exploit Guardã¯ããšã¯ã¹ããŒãã¢ãã¬ã¹ããŒãã«ãã¹ãã£ã³ããæªæã®ããã·ã§ã«ã³ãŒãã®æ€åºã«åœ¹ç«ã¡ãŸãã ããã¯ããšã¯ã¹ããã€ãããã³ãã«ãŠã§ã¢ã®ã¢ã¯ã·ã§ã³ãæ€åºããŠãããã¯ããããã®åªããããŒã«ã§ãã
Windows Defender Exploit Guardã€ãã³ãã¯ã Windows Defender AntivirusãWindows Defender Application Guardãªã©ã®ä»ã®ãã€ã¯ããœããã»ãã¥ãªãã£ãœãªã¥ãŒã·ã§ã³ãçµ±åããWindows Defender ATPããŒã¿ã«ã§ã衚瀺ãããŸãã
Windows Defender ATPãè€éããå¢ããæ»æã®æ€åºãåæãããã³æéã«ã©ã®ããã«åœ¹ç«ã€ããå®éã«è©äŸ¡ããã«ã¯ã ç¡æã®è©Šçšçã«ã¢ã¯ã»ã¹ããŠãã ããã
Matt OhãStefan SellmerãJonathan Bar OrãMark Wodrich
Windows Defender ATPãªãµãŒãããŒã