Antimalware Updates Change Log - Microsoft Security Intelligence · Full

If a system was compromised, reviewing the changelog helps determine whether the threat was known (and thus blockable) at the time of infection. You can check if a signature for a specific Trojan existed before an incident.

Imagine your SOC receives multiple alerts for Behavior:Win32/Persistence.A . All endpoints show a new scheduled task named UpdaterTask . If a system was compromised, reviewing the changelog