Blog Post

Microsoft Defender for Endpoint Blog
2 MIN READ

Announcing File page enhancements in Microsoft Defender for Endpoint

Oren_Saban's avatar
Oren_Saban
Icon for Microsoft rankMicrosoft
Jul 28, 2022

Have you ever investigated files in Microsoft Defender for Endpoint? We now make it even easier with our recent announcement of enhancements to the File page and side panel. Users can now streamline processes by having a more efficient navigation experience that hosts all this information in one place.


Try it out: File page – Microsoft Defender for Endpoint  

 

See all file information in one place

 

With these enhancements you will now be able to:

 

  • Pivot to first and last seen devices
    With a single click from the Overview tab, you can pivot to the first and last observations of the file on devices in the last 30 days. The first occurrence of the file on the device is typically quite important for establishing the timeframe and origin of how the file got there.
  • Determine if the file is in your indicators list
    If the file is in the custom indicators list, a red banner will be displayed, so you can easily spot malicious files that were already handled.
  • See PE metadata of the file
    When PE metadata is available for this file, it will be shown in the file summary, providing better indication of its origins.
  • See related incidents in the alerts view  

    A new “Incidents” column now shows the incident in which the alert is part of, so you can pivot to the incident directly. 

  • Approve pending actions and see the action history 

    The new Action center tab is a filtered view of the global action center with pending actions and history of actions taken on the file.

Approve pending actions and see actions history for a specific file

 

With these new features, you can now more easily investigate files, pivot to the most important related devices, take and audit actions on a file, all from the file page. Have you tried working with the enhanced file page and side panel just yet? If not, give it a try today! If you have, we would love to hear what you think!

 

Learn more

Updated Jul 27, 2022
Version 1.0
  • Frac's avatar
    Frac
    Copper Contributor

    The "Download File" button calls an api behind apiproxy.

    Currently the Defender File API only support the GET file information, are you planning to expose the download functionality also via API? And if so, by when is it expected to be GA? 

    Best