HomeWinBuzzer NewsMicrosoft Project Freta Promises to Stop Azure Malware

Microsoft Project Freta Promises to Stop Azure Malware

Project Freta is a Microsoft Research “technology demonstration” that is a virtual-machine (VM) forensics platform that stops malware.


yesterday revealed Project Freta, a new development that is a virtual-machine (VM) forensics platform. Users will be able to leverage Freta to find malicious software on cloud infrastructure.

Of course, Microsoft has some enterprise-grade cloud security tools already. Most notable of them is Microsoft Defender Threat Protection (ATP). It seems Project Freta is not meant to replace ATP. In fact, this is still very much a research project that Microsoft describes as a “technology demonstration”.

“Project Freta intends to automate and democratize VM forensics to a point where every user and every enterprise can sweep volatile memory for unknown malware with the push of a button – no setup required,” says Mike Walker,who is  a senior director at Microsoft Research's New, or NExT, Security Ventures team.

Project Freta is free and is based on the cloud. Microsoft says it offers “automated full-system volatile memory inspection of Linux systems“. This basically means the service takes a memory snapshot of the Hyper-V Linux guest OS. When a user taps into Freta and submits images of the Linux OS running on Azure, they will see a memory dump.

Thwarting Malware?

Microsoft says Freta has the potential to stop all cloud-based malware attacks on Azure. Yes, that seems wholly unlikely on the surface, but it will be interesting to see how the company develops this goal.

Walker points out that Freta may simply provide a financial deterrent. It would become too expensive for malware writers to create rootkits for .

Below are some of the core benefits of Project Freta:

  • “Detect novel malicious software, kernel rootkits, process hiding, and other intrusion artifacts via agentless operation by operating directly on captured VM snapshots
  • Very easy to use: submit a captured image to generate a report of its content
  • Memory inspection means no software to install, no notice to malware to evacuate or destroy data

Designed for automating IR-like discovery tasks directly into a cloud fabric — though volatile memory snapshots captured from an acquisition tool can also be used for bare iron scenarios where virtualization is not available”

Last Updated on September 14, 2020 4:22 pm CEST

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News