Microsoft has decided to use Intel technology to block malware dedicated to mining cryptocurrency on the computers.
Microsoft has announced that Microsoft Defender for Endpoint (MDE) — for the intended business version of its Windows Defender antivirus — now includes support for blocking cryptojacking malware by integrating Intel Threat Detection Technology (TDT).
This technology combines running low-level hardware telemetry using the PMUs (performance monitoring unit) of Intel processors with artificial intelligence to allow Windows to detect cryptomining malware.
Intel TDT is one of the tools offered in these processors as part of the Hardware Shield package dedicated to technology. These are included directly in the processors and do not depend on any type of software to be able to take advantage of them. The idea lies in being able to detect these threats without hackers knowing it and, furthermore, that this does not affect the performance of our computer.
Furthermore, machine learning integrated into the Intel TDT process can be trained to recognize attack vectors of other types. According to Karthik Selvaraj, principal research director for the Microsoft 365 Defender research team said: “We have enabled this technology specifically for cryptocurrency mining, it expands the horizons for detecting more aggressive threats like side-channel attacks and ransomware.”
Intel TDT, on the other hand, does not affect the overall performance of the system even if it constantly analyzes the telemetry data of the virtual machines. This is because these workloads are relegated to the integrated GPUs of Intel processors, preventing an immediate effect on the CPU itself. In fact, this new capability will be available to all Intel Core users and Intel platforms such as vPro.
Unfortunately, for now, it will be available for Microsoft Defender for Endpoint, and we will have to wait for it to reach consumer computers.