Forum Discussion
What is going on with ATA?
For me it's endless false positives for pass-the-hash when Citrix is being used that really devalues the product for my Company. It's still not been addressed more than two years after dumps were provided to the team! Recently raised it again as a Premier call, so will see what transpires.
Unfortunately the answer was nothing! If you are thinking of using ATA but also have a large Citrix capability you may want to reconsider, alternatively be ready for a great deal of false positives for pass-the-hash! Response to my Premier call below. 'Risk of missing genuine alerts' is ironic - it's for that reason I raised the issue in the first place, as we are highly likely to miss genuine PTH amongst all the false positives. Very unimpressed.
I have discussed this with the ATA Product Group, and unfortunately this will not be included in the next version of ATA.
There were several reasons which went in to the decision: technical challenges; risk of missing genuine alerts; but primarily this features had very few requests for immediate implementation. User feedback is one of the main ways that we prioritise new feature requests. Your feedback has been added to the list, and this is something we may see in future versions, but as of now this is not going to make it in to at least the next release.
Sorry it is not more positive news.