Blog Post

Microsoft Defender for Endpoint Blog
1 MIN READ

What's new in the WDATP Portal? May 25th 2017

Yarden Albeck's avatar
Yarden Albeck
Icon for Microsoft rankMicrosoft
Sep 04, 2017

Alert Page Makeover

We've redesigned the Alert page, to make information in the header clearer and easier to understand, changed the alert descriptions and recommended actions sections to be expandable - so the alert process tree is immediately available when landing on the Alert page.

 

 

Alert Process Tree Enhancements

Showing files from parsing command lines

We parse command lines of common processes to extract executed filenames, and show these in the alert process tree.

 

WMI Logical Parent support [Internal Preview]

We now show the logical parents of processes triggered by running WMI queries against the Win32_Process class, instead of WmiPrvSE.exe

 

URLs of downloaded files [Internal Preview]

We now show download URLs of files downloaded by Edge or Chrome (Creators Update machines) to add important data to investigations.

 

 

Elevation Reparenting support

We've enhanced alert process trees that contain elevated processes to display the calling processes as parents in the process tree instead of the reported svchost.exe, to provide an accurate logical picture to SecOPS.

 

 

Windows Defender ATP & O365 integration - Open for business

We've all being waiting for this to arrive for a long time, and we can finally announce: it's here!!

Information how to enable WDATP and O365 ATP integration is publicly available here

 

 

 

 

 

Updated Oct 18, 2017
Version 4.0
No CommentsBe the first to comment