Endpoint/Device Security Microsoft Defender for Endpoint to automatically isolate compromised devices May 26, 2026 Share By SC Staff Coverage from Bleeping Computer indicates that Microsoft is currently testing a new feature for Microsoft Defender for Endpoint that will automatically isolate compromised devices to prevent attackers from moving laterally across a network. This capability is now available in preview mode as part of the automatic attack disruption feature, designed to contain attacks and provide security teams with more time to respond. The new feature automatically disconnects compromised endpoints from the network, limiting the risk of further impact while maintaining connectivity to the Defender for Endpoint service for continued monitoring. Microsoft states that this automatic isolation helps reduce the risk of further impact, limits attacker lateral movement, and prevents data exfiltration and ransomware propagation. This functionality is currently limited to onboarded end-user workstations managed by Microsoft Defender for Endpoint. Security operators can release devices from isolation after completing investigations and mitigating risks. This builds upon previous efforts, including manual containment of unmanaged Windows devices announced in June 2022, and isolation support for Linux endpoints introduced in preview in January 2023 and generally available by October 2023. In October 2023, Microsoft also enabled isolation of compromised user accounts to block lateral movement in hands-on-keyboard ransomware attacks. The company has also been testing features to block traffic to and from undiscovered Windows endpoints and to schedule antivirus scans on Linux systems. Source: Bleeping Computer SC Staff Related Endpoint/Device Security Windows 10 KB5087544 update fixes Remote Desktop warnings and Secure Boot reporting SC Staff May 13, 2026 The KB5087544 update for Windows 10, available for Enterprise LTSC and ESU program participants, primarily delivers security fixes and bug resolutions, addressing 120 vulnerabilities patched in May 2026. Security Operations Tanium and ServiceNow partner for autonomous IT operations SC Staff May 8, 2026 The collaboration merges Tanium's real-time endpoint intelligence with ServiceNow's workflow orchestration to address the gap between IT visibility and action. Endpoint/Device Security Microsoft Defender false positives trigger DigiCert certificate alerts SC Staff May 4, 2026 The false positives involved specific DigiCert root certificates, identified by their SHA-1 hashes, which were flagged as Trojan:Win32/Cerdigent.A!dha. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Anti-Malware Antivirus Software Bring Your Own Device (BYOD) Ephemeral Port Extranet Endpoint Security Firmware Keylogger Registry You can skip this ad in 5 seconds