Forum Discussion

vijay_260569's avatar
vijay_260569
Copper Contributor
Aug 18, 2020

Indicators and custom detections

When we create Indicators and Custom Detection block rules, how does MDATP enforces that setting to clients because in our environment we have only allowed one-way communication from clients to MDATP...
vijay_260569's avatar
vijay_260569
Copper Contributor
Aug 18, 2020

Gladys   - Thanks a lot for your response, i will checkout the links you have shared.

Also, are you implying that a bi-directional communication is a must?

Gladys's avatar
Gladys
Icon for Microsoft rankMicrosoft
Aug 18, 2020

vijay_260569 
Yes.

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure...
"The Microsoft Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.

The embedded Microsoft Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Microsoft Defender ATP cloud service."

Hope this helps,

 

Gladys
https://azsecuritypodcast.net/

  • vijay_260569's avatar
    vijay_260569
    Copper Contributor
    Aug 18, 2020

    Gladys  - Thank you so much, it really helps.