Malware updates

Author: chrisda

defender-office-365/anti-malware-protection-about.md

@@ -17,7 +17,7 @@ ms.collection:
 description: Admins can learn about anti-malware protection and anti-malware policies that protect against viruses, spyware, and ransomware in Exchange Online Protection (EOP).
 ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
-ms.date: 4/8/2024
+ms.date: 06/11/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -36,9 +36,9 @@ In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
 
 EOP offers multi-layered malware protection that's designed to catch all known malware in Windows, Linux, and Mac that travels into or out of your organization. The following options help provide anti-malware protection:
 
-- **Layered defenses against malware**: Multiple anti-malware scan engines help protect against both known and unknown threats. These engines include powerful heuristic detection to provide protection even during the early stages of a malware outbreak. This multi-engine approach has been shown to provide significantly more protection than using just one anti-malware engine.
-- **Real-time threat response**: During some outbreaks, the anti-malware team might have enough information about a virus or other form of malware to write sophisticated policy rules that detect the threat, even before a definition is available from any of the scan engines used by the service. These rules are published to the global network every 2 hours to provide your organization with an extra layer of protection against attacks.
-- **Fast anti-malware definition deployment**: The anti-malware team maintains close relationships with partners who develop anti-malware engines. As a result, the service can receive and integrate malware definitions and patches before they're publicly released. Our connection with these partners often allows us to develop our own remedies as well. The service checks for updated definitions for all anti-malware engines every hour.
+- **Layered defenses against malware**: Anti-malware scans help protect against both known and unknown threats. Microsoft's anti-malware includes powerful heuristic detection that provides protection even during the early stages of a malware outbreak.
+- **Real-time threat response**: During some outbreaks, the anti-malware team might have enough information about a virus or other form of malware to write sophisticated policy rules that detect the threat, even before a definition is available. These rules are published to the global network every 2 hours to provide your organization with an extra layer of protection against attacks.
+- **Fast anti-malware definition deployment**: The anti-malware team can receive and integrate malware definitions and patches before they're publicly released.
 
 In EOP, messages that are found to contain malware in _any_ attachments are quarantined<sup>\*</sup>. Whether the recipients can view or otherwise interact with the quarantined messages is controlled by _quarantine policies_. By default, messages that were quarantined due to malware can only be viewed and released by admins. Users can't release their own quarantined malware messages, regardless of any available settings that admins configure. For more information, see the following articles:
 

defender-office-365/anti-malware-protection-faq.yml

@@ -54,7 +54,7 @@ sections:
       - question: |
           How many anti-malware partners do you have? Can I choose which malware engines we use?
         answer: |
-          We have partnerships with multiple anti-malware technology providers. Messages are scanned with the Microsoft anti-malware engines, an additional signature based engine, and URL and file reputation scans from multiple sources. Our partners are subject to change, but EOP always uses anti-malware protection from multiple partners. You can't choose one anti-malware engine over another.
+          As of July 2024, messages are scanned with the Microsoft anti-malware engine only.
 
       - question: |
           Where does malware scanning occur?
@@ -74,14 +74,14 @@ sections:
           A standalone EOP subscription scans messages as they enter or leave the on-premises email organization. Messages sent between internal on-premises recipients aren't scanned for malware. However, you can use the built-in anti-malware scanning features of Exchange Server. For more information, see [Anti-malware protection in Exchange Server](/Exchange/antispam-and-antimalware/antimalware-protection/antimalware-protection).
 
       - question: |
-          Do all anti-malware engines used by the service have heuristic scanning enabled?
+          Is heuristic scanning enabled?
         answer: |
           Yes. Heuristic scanning scans for both known (signature match) and unknown (suspicious) malware.
 
       - question: |
           Can the service scan compressed files (such as .zip files)?
         answer: |
-          Yes. The anti-malware engines can drill into compressed (archive) files.
+          Yes. Anti-malware can drill into compressed (archive) files.
 
       - question: |
           Is the compressed attachment scanning support recursive (.zip within a .zip within a .zip) and if so, how deep does it go?
@@ -98,7 +98,7 @@ sections:
         answer: |
           A zero-day virus is a first generation, previously unknown variant of malware that's never been captured or analyzed.
 
-          After a zero-day virus sample is captured and analyzed by our anti-malware engines, a definition and unique signature is created to detect the malware.
+          After a zero-day virus sample is captured and analyzed by our anti-malware engine, a definition and unique signature is created to detect the malware.
 
           When a definition or signature exists for the malware, it's no longer considered zero-day.
 

defender-office-365/eop-about.md

@@ -92,7 +92,6 @@ For information about requirements, important limits, and feature availability a
 
 - EOP uses several URL block lists that help detect known malicious links within messages.
 - EOP uses a vast list of domains that are known to send spam.
-- EOP uses multiple anti-malware engines help to automatically protect our customers.
 - EOP inspects the active payload in the message body and all message attachments for malware.
 
 |Feature|Comments|

defender-office-365/protection-stack-microsoft-defender-for-office365.md

@@ -88,9 +88,9 @@ In this phase the filtering stack begins to handle the specific contents of the
 
 1. **Transport rules** (also known as mail flow rules or Exchange transport rules) allow an admin to take a wide range of actions when an equally wide range of conditions are met for a message. All messages that flow through your organization are evaluated against the enabled mail flow rules / transport rules.
 
-2. **Microsoft Defender Antivirus** and a *third-party Antivirus engine* are used to detect all known malware in attachments.
+2. **Microsoft Defender Antivirus** is used to detect all known malware in attachments.
 
-3. The anti-virus (AV) engines use true type matching to detect the file type, regardless of the filename extension (for example, `exe` files renamed to `txt` are detected as `exe` files). This capability allows **Type blocking** (also known as the common attachment filter) to correctly block file types specified by admins. For the list of supported file types, see [True type matching in the common attachments filter](anti-malware-protection-about.md#true-type-matching-in-the-common-attachments-filter).
+3. The anti-virus (AV) engine uses true type matching to detect the file type, regardless of the filename extension (for example, `exe` files renamed to `txt` are detected as `exe` files). This capability allows **Type blocking** (also known as the common attachment filter) to correctly block file types specified by admins. For the list of supported file types, see [True type matching in the common attachments filter](anti-malware-protection-about.md#true-type-matching-in-the-common-attachments-filter).
 
 4. Whenever Microsoft Defender for Office 365 detects a malicious attachment, the file's hash, and a hash of its active content, are added to Exchange Online Protection (EOP) reputation. **Attachment reputation blocking** blocks that file across all Office 365, and on endpoints, through MSAV cloud calls.
 

defender-office-365/reports-email-security.md

@@ -607,7 +607,7 @@ In the **View data by Email \> Malware** and **Chart breakdown by Detection Tech
 - **File detonation**<sup>\*</sup>: [Safe Attachments](safe-attachments-about.md) detected a malicious attachment during detonation analysis.
 - **File detonation reputation**<sup>\*</sup>: File attachments previously detected by [Safe Attachments](safe-attachments-about.md) detonations in other Microsoft 365 organizations.
 - **File reputation**: The message contains a file that was previously identified as malicious in other Microsoft 365 organizations.
-- **Anti-malware engine**<sup>\*</sup>: Detection from anti-malware engines.
+- **Anti-malware engine**<sup>\*</sup>: Detection from anti-malware.
 - **URL malicious reputation**
 - **URL detonation**<sup>\*</sup>: [Safe Links](safe-links-about.md) detected a malicious URL in the message during detonation analysis.
 - **URL detonation reputation**<sup>\*</sup>: URLs previously detected by [Safe Links](safe-links-about.md) detonations in other Microsoft 365 organizations.

defender-office-365/step-by-step-guides/understand-detection-technology-in-email-entity.md

@@ -30,7 +30,7 @@ To resolve false positives like the ones listed in the table below, you should a
 |The Detection technology|How it reaches a verdict|Notes|
 | -------- | -------- | -------- |
 |Advanced filter|Machine learning models based detection on email & contents, to detect phish & spam|
-|Antimalware protection|Detection from signature based anti-malware engines||
+|Antimalware protection|Detection from signature based anti-malware||
 |Bulk|Detection for advertising / marketing and similar message types with their relative complaint levels|[Step-by-Step guide on how to tune bulk thresholds](tune-bulk-mail-filtering-walkthrough.md)|
 |Campaign|Messages identified and grouped as part of a malware or phish campaign|[Learn more about campaigns](track-and-respond-to-emerging-threats-with-campaigns.md)|
 |Domain reputation|The message was sent from a domain that was identified as spam or phish domain, based on internal or external signals||