Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on Azure systems.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1027 | Obfuscated Files or Information |
Comments
This control can detect file obfuscation.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1027.002 | Software Packing |
Comments
This control may detect malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1105 | Ingress Tool Transfer |
Comments
This control may scan created files for malware. This control is dependent on a signature being available.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1204.002 | Malicious File |
Comments
This control monitors activity in cloud services and on virtual machines to detect malware execution. This is dependent on a signature being available.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1566 | Phishing |
Comments
This control can detect phishing.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1027 | Obfuscated Files or Information |
Comments
This control can prevent file obfuscation.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1027.002 | Software Packing |
Comments
This control may quarantine and/or delete malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1105 | Ingress Tool Transfer |
Comments
This control may scan created files for malware and proceed to quarantine and/or delete the file. This control is dependent on a signature being available.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1204 | User Execution |
Comments
This control can protect against user execution.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1204.002 | Malicious File |
Comments
This control monitors activity in cloud services and on virtual machines to block malware execution. This is dependent on a signature being available.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1566 | Phishing |
Comments
This control can protect against phishing.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1566.001 | Spearphishing Attachment |
Comments
This control may quarantine and/or delete any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | partial | T1566.001 | Spearphishing Attachment |
Comments
This control may detect any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.006 | HTML Smuggling |
Comments
This control can protect against HTML smuggling.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.009 | Embedded Payloads |
Comments
This control can protect against embedded payloads.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.010 | Command Obfuscation |
Comments
This control can protect against command obfuscation attacks.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.011 | Fileless Storage |
Comments
This control can protect against fileless storage attacks.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.012 | LNK Icon Smuggling |
Comments
This control can protect against LNK icon smuggling.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.013 | Encrypted/Encoded File |
Comments
This control can protect against obsfucation via encrypted/encoded files.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.014 | Polymorphic Code |
Comments
This control can protect against obsfucation via polymorphic code.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1036.008 | Masquerade File Type |
Comments
This control can protect from malware.
References
|