MAPP Active Protections Form

MAPP Active Protections Form

Hello MAPP Applicant,

Thank you for your interest in joining the Microsoft Active Protections Program (MAPP). You have read and agreed to the initial MAPP criteria, and now we would like to ask you for some detailed information about your company’s technologies. Please provide the information requested below and send this completed form to

Please give complete names of the following products that your company supports:

•  Intrusion detection systems:

•  Intrusion prevention systems:

•  Realtime Block Listings:

•  Antivirus software:

(Please complete all of the following questions and provide as much detail as possible to assist us in the evaluation process.)

1. Please verify that you have active protections as defined: “Active protection technologies” are technologies that by themselves can protect a Microsoft system by either blocking or defending against any exploitation attempts without the availability of a Microsoft update.;

2. List all products that your organization plans to use MAPP vulnerability information for with product URLs, relevant specifications and technical details, and the global regions that are covered by each product.

Product Name #1:

Product Url:

Product Specifications:

Coverage by Region:

Product Name #2:

Product Url:

Product Specifications:

Coverage by Region:

3. Provide a detailed technical explanation of how you will use the MAPP vulnerability information to develop signatures to block or defend against exploitation attempts.

4. Provide a detailed example of a Microsoft vulnerability (already patched with public CVE) and how you would create detections for that vulnerability?

5. What type of information would you expect MAPP to provide to help you release protection in the example above?

6. Do you have parsing capability to detect file type vulnerabilities? If yes, please explain.

7. Are all signatures developed in-house by your organization? Please provide a statement confirming that your signatures are developed in-house.

8. Please describe your signature development cycle and how long it takes between development, QA and public release?

9. List the steps that you take to ensure your signatures cannot be reverse-engineered. What is your level of encryption?

10. How often are signatures updated?

11. Describe your delivery mechanism for signatures.

12. Do you have the capability to collect detection metrics from your customers on specific signatures released? Microsoft does not want to collect your customer information. Microsoft wants to collect generic detection counts against the signatures you develop based on the guidance we provide. Ideally, you would be able to break out the counts by geography but that is not a requirement.

13. Will you be able to provide us a report of signatures released using our MAPP data, number of detections, or number of exploit attempts after you have released a signature? What kind of telemetry are you able to collect? Examples: Malicious URLs, raw detections, and geography.

14. Please provide an estimate of your customer base that are Microsoft users, which are protected by your company’s technology.

15. Can you provide proof of this customer base if asked?

16. What are the main geographical regions that your company offers protection coverage in?