Alert Page Makeover
We've redesigned the Alert page, to make information in the header clearer and easier to understand, changed the alert descriptions and recommended actions sections to be expandable - so the alert process tree is immediately available when landing on the Alert page.
Alert Process Tree Enhancements
Showing files from parsing command lines
We parse command lines of common processes to extract executed filenames, and show these in the alert process tree.
WMI Logical Parent support [Internal Preview]
We now show the logical parents of processes triggered by running WMI queries against the Win32_Process class, instead of WmiPrvSE.exe
URLs of downloaded files [Internal Preview]
We now show download URLs of files downloaded by Edge or Chrome (Creators Update machines) to add important data to investigations.
Elevation Reparenting support
We've enhanced alert process trees that contain elevated processes to display the calling processes as parents in the process tree instead of the reported svchost.exe, to provide an accurate logical picture to SecOPS.
Windows Defender ATP & O365 integration - Open for business
We've all being waiting for this to arrive for a long time, and we can finally announce: it's here!!
Information how to enable WDATP and O365 ATP integration is publicly available here
Updated Oct 18, 2017
Version 4.0Yarden Albeck
Microsoft
Joined July 23, 2017
Microsoft Defender for Endpoint Blog
When evaluating various solutions, your peers value hearing from people like you who’ve used the product. Review Defender for Endpoint by filling out a Gartner Peer Insights survey and receive a $25 USD gift card (for customers only). Microsoft Privacy Statement