Forum Discussion
Questions Based on Webinar
mbhmirc No, it does not. If I am not mistaken, the team is looking into such options though. I'll pass your feedback on 🙂
Microsoftmbhmirc Hi there!
I am glad to read you found the webcast helpful and you liked it 🙂
I am trying to answer as many questions as possible
1. you can mark alerts as FP within the console and we can use this data to measure SNR & tune our detectors where needed.
2. yes, its currently in preview and we are collecting feedback (I'll pass your proxy feedback on).
3. Threat Experts comes with two components "Targeted attack notification" and "experts on demand". The first one is included, the second is a separate subscription - but after you applied and got accepted to the program, you can test Experts on demand first free of charge.
4. we get this request frequently and the team is looking into options as those are very high costs in the backend. Currently the answer is no.
5. You should see everything we are capable of picking up from the endpoint, beside logged-on users. And yes, not all response actions are available because they would require changes in Windows 7.
Greetings from Seattle and stay safe!
Heike
HeikeRitter Perfect, thank you. Just one more item.....
Regards the False positives that's great for ATP. However for a defender detection that ATP also reports we sometimes need to clean it up quickly as it can stop production. Currently we download the file with the rather cool download file tool and then submit it to the Defender team who double check the file and then update the intelligence files. It would be great if we could automate this submission, or is it a case this is automatic when we do false positive at all levels?
- HeikeRitter
mbhmirc No, it does not. If I am not mistaken, the team is looking into such options though. I'll pass your feedback on 🙂