Added information about CommandLine Scanning Engine

Added information about CommandLine Scanning Engine to the table in adv-tech-of-mdav.md
MicrosoftDocs · Jan 24, 2025 · d455355 · d455355
1 parent 1f7fa80
commit d455355
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/defender-endpoint/adv-tech-of-mdav.md b/defender-endpoint/adv-tech-of-mdav.md
@@ -53,6 +53,7 @@ When the client encounters unknown threats, it sends metadata or the file itself
 |**Heuristics engine** <br/> Heuristic rules identify file characteristics that have similarities with known malicious characteristics to catch new threats or modified versions of known threats.|**Detonation-based ML engine** <br/> Suspicious files are detonated in a sandbox. Deep learning classifiers analyze the observed behaviors to block attacks.|
 |**Emulation engine** <br/> The emulation engine dynamically unpacks malware and examines how they would behave at runtime. The dynamic emulation of the content and scanning both the behavior during emulation and the memory content at the end of emulation defeat malware packers and expose the behavior of polymorphic malware.|**Reputation ML engine** <br/> Domain-expert reputation sources and models from across Microsoft are queried to block threats that are linked to malicious or suspicious URLs, domains, emails, and files. Sources include Windows Defender SmartScreen for URL reputation models and Defender for Office 365 for email attachment expert knowledge, among other Microsoft services through the Microsoft Intelligent Security Graph.|
 |**Network engine** <br/> Network activities are inspected to identify and stop malicious activities from threats.|**Smart rules engine** <br/> Expert-written smart rules identify threats based on researcher expertise and collective knowledge of threats.|
+|**CommandLine scanning engine** <br/> This engine scans the commandlines of all processes before they execute. If the commandline for a process is found to be malicious it is blocked from execution.|**CommandLine ML engine** <br/> Multiple advanced ML models scan the suspicious commandlines in the cloud. If a commandline is found to be malicious, cloud sends a signal to the client to block the corresponding process from starting.|
 
 For more information, see [Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK&reg; Evaluations: Enterprise](https://www.microsoft.com/security/blog/2023/09/20/microsoft-365-defender-demonstrates-100-percent-protection-coverage-in-the-2023-mitre-engenuity-attck-evaluations-enterprise/).