Defender ATP Demo - not seeing Auomated Investigations...? OS is not supported

David Caddick
Iron Contributor
May 03, 2018
Thanks Benny,

I'm just reviewing some of the details that the Investigation goes thru + the fact that it's taking quite some time to run thru all the logs (having said that this is a Test VM in Hyper-V on my laptop - so the speed is not great - now strongly considering adding a second SSD for VM's to run from)

It might be useful to have an Alert at the Users end "Your PC has detected some potentially malicous files and is now running an Automated Investigation by Windows Defender ATP" ??

OR - once we can add an option to automatically isolate this - "Your PC has detected some potentially malicous files and has now been placed in Quarantine pending an Automated Investigation by Windows Defender ATP - you will only be able to use Outlook & Skype until complete"

Ideally this would still allow Quick Assist? the Message could be customized with the Corporate logo + Help Desk contact details & a link to start Quick Assist?
- Benny Lakunishok
  Former Employee
  May 07, 2018
  Thanks for the suggestions David.
  These are ideas we are already considering.
  
  Let me know if you need anything else.
David Caddick
Iron Contributor
May 02, 2018
Thanks Benny, We got that sorted yesterday and now working a treat.

Having said that - it seems that the "Automated Investigation" is stalling even though I can clearly see that Defender on the end point has already Quarantined/Deleted the malicious file?

Is this something that needs to be troubleshooted? Any advice?
- Benny Lakunishok
  Former Employee
  May 02, 2018
  Can you give some more details as to what do you mean by stalling?
  - David Caddick
    Iron Contributor
    May 02, 2018
    Hi Ben, I have an alert for:
    "Windows Defender AV detected 'Tiggre' malware" that has now been running for 2h 45mins...?

Forum Discussion

Defender ATP Demo - not seeing Auomated Investigations...? OS is not supported