Home
%3CLINGO-SUB%20id%3D%22lingo-sub-103115%22%20slang%3D%22en-US%22%3EWhat's%20new%20in%20the%20WDATP%20Portal%3F%20May%2025th%202017%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-103115%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20color%3D%22%23993366%22%3E%3CSTRONG%3EAlert%20Page%20Makeover%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EWe've%20redesigned%20the%20Alert%20page%2C%20to%20make%20information%20in%20the%20header%20clearer%20and%20easier%20to%20understand%2C%20changed%20the%20alert%20descriptions%20and%20recommended%20actions%20sections%20to%20be%20expandable%20-%20so%20the%20alert%20process%20tree%20is%20immediately%20available%20when%20landing%20on%20the%20Alert%20page.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20998px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F22399i06C34CC33ADCCF5B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%2254.jpg%22%20title%3D%2254.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%23993366%22%3E%3CSTRONG%3EAlert%20Process%20Tree%20Enhancements%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EShowing%20files%20from%20parsing%20command%20lines%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe%20parse%20command%20lines%20of%20common%20processes%20to%20extract%20executed%20filenames%2C%20and%20show%20these%20in%20the%20alert%20process%20tree.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWMI%20Logical%20Parent%20support%20%5BInternal%20Preview%5D%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe%20now%20show%20the%20logical%20parents%20of%20processes%20triggered%20by%20running%20WMI%20queries%20against%20the%20Win32_Process%20class%2C%20instead%20of%20WmiPrvSE.exe%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EURLs%20of%20downloaded%20files%20%5BInternal%20Preview%5D%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe%20now%20show%20download%20URLs%20of%20files%20downloaded%20by%20Edge%20or%20Chrome%20(Creators%20Update%20machines)%20to%20add%20important%20data%20to%20investigations.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F19588i73CD5A3548CF477F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%2225.jpg%22%20title%3D%2225.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EElevation%20Reparenting%20support%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe've%20enhanced%20alert%20process%20trees%20that%20contain%20elevated%20processes%20to%20display%20the%20calling%20processes%20as%20parents%20in%20the%20process%20tree%20instead%20of%20the%20reported%20svchost.exe%2C%20to%20provide%20an%20accurate%20logical%20picture%20to%20SecOPS.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F19589iBB60D21B7D6FE398%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%2226.jpg%22%20title%3D%2226.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CFONT%20color%3D%22%23993366%22%3EWindows%20Defender%20ATP%20%26amp%3B%20O365%20integration%20-%20Open%20for%20business%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe've%20all%20being%20waiting%20for%20this%20to%20arrive%20for%20a%20long%20time%2C%20and%20we%20can%20finally%20announce%3A%20%3CSTRONG%3Eit's%20here%3C%2FSTRONG%3E!!%3C%2FP%3E%0A%3CP%3EInformation%20how%20to%20enable%20WDATP%20and%20O365%20ATP%20integration%20is%20publicly%20available%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fthreat-protection%2Fwindows-defender-atp%2Fadvanced-features-windows-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F22400iEF4276BC6C0B4738%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%2255.jpg%22%20title%3D%2255.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F22401i7EA478A0C2316AA7%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%2256.jpg%22%20title%3D%2256.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Alert Page Makeover

We've redesigned the Alert page, to make information in the header clearer and easier to understand, changed the alert descriptions and recommended actions sections to be expandable - so the alert process tree is immediately available when landing on the Alert page.

 

54.jpg

 

Alert Process Tree Enhancements

Showing files from parsing command lines

We parse command lines of common processes to extract executed filenames, and show these in the alert process tree.

 

WMI Logical Parent support [Internal Preview]

We now show the logical parents of processes triggered by running WMI queries against the Win32_Process class, instead of WmiPrvSE.exe

 

URLs of downloaded files [Internal Preview]

We now show download URLs of files downloaded by Edge or Chrome (Creators Update machines) to add important data to investigations.

 25.jpg

 

Elevation Reparenting support

We've enhanced alert process trees that contain elevated processes to display the calling processes as parents in the process tree instead of the reported svchost.exe, to provide an accurate logical picture to SecOPS.

 26.jpg

 

Windows Defender ATP & O365 integration - Open for business

We've all being waiting for this to arrive for a long time, and we can finally announce: it's here!!

Information how to enable WDATP and O365 ATP integration is publicly available here

 55.jpg

 56.jpg