Forum Discussion

Iron Contributor

May 01, 2018

Solved

Defender ATP Demo - not seeing Auomated Investigations...? OS is not supported

I have Defender ATP running fine in a Demo.microsoft.com Tenant - with a Windows 10 Client connected to it and validated nicely - after unzipping some virus's and messing around with mimikatz I have ...

Benny Lakunishok
May 02, 2018
It is not supported as we require Windows 10, version 1803 (spring creators update).

We are working on enhancing the automation capabilities to also automate isolation, so it is on the road map (I can't commit to when just yet).

Benny Lakunishok

Former Employee

May 02, 2018

It is not supported as we require Windows 10, version 1803 (spring creators update).

We are working on enhancing the automation capabilities to also automate isolation, so it is on the road map (I can't commit to when just yet).

David Caddick

Iron Contributor

May 02, 2018

Thanks Benny, We got that sorted yesterday and now working a treat.

Having said that - it seems that the "Automated Investigation" is stalling even though I can clearly see that Defender on the end point has already Quarantined/Deleted the malicious file?

Is this something that needs to be troubleshooted? Any advice?

Benny Lakunishok
Former Employee
May 02, 2018
Can you give some more details as to what do you mean by stalling?
- David Caddick
  Iron Contributor
  May 02, 2018
  Hi Ben, I have an alert for:
  "Windows Defender AV detected 'Tiggre' malware" that has now been running for 2h 45mins...?
  - Benny Lakunishok
    Former Employee
    May 02, 2018
    I need to get some more details on why has it been running so long, is the investigation pending as it is waiting for the machine? waiting for a pending action approval?
    Can you check the log and see what is the latest action it is performing or pending?