I have been waiting for an article to reinforce what I am now posting. Below is such an article. Microsoft recently gained a "lot of free press" coverage in their recent article publication on how cloud based Windows ATP scanning was able to detect a recent Dofoil campaign attack via behavior detection. What tipped me off that "all is not as it appears" in this detection was a comment made in a bleepingcomputer.com article on the Microsoft published article: https://www.bleepingcomputer.com/ne...at-tried-to-infect-400-000-users-in-12-hours/ For reference, Microsoft states in their article, cloud Windows Defender ATP servers detected the attack at noon on Mar. 6. Also stated in the article was over half the AV vendors at VirusTotal also were detecting the malware at that time; a clear indication this was not 0-day malware. Next I went to VT myself and checked other vendors detection of the malware strain MS detected. Eset for example had a signature for this specific malware strain, Win32/Kryptik.GDYD, and it was developed on Mar. 5; one day prior to Microsoft's cloud detection of it. Proof that your best protection against the vast majority of malware is to use an AV product with excellent "generic" signature detection. https://www.darkreading.com/endpoint/privacy/malware-cocktails-raise-attack-risk/d/d-id/1331256