ATP defender remediation slowness

%3CLINGO-SUB%20id%3D%22lingo-sub-2944709%22%20slang%3D%22en-US%22%3EATP%20defender%20remediation%20slowness%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2944709%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20community%2C%3CBR%20%2F%3Ewe%20are%20testing%20ATP%20Defender%20for%20endpoints%20in%20a%20test%20tenant.%3CBR%20%2F%3EWe%20are%20running%20a%20simple%20test%20with%20EICAR%20test%20file%20and%20another%20test%20with%20a%20simulation%20file%20provided%20by%20Microsoft%20in%20tutorials%20page.%20Automated%20remediation%20is%20enabled%20and%20we%20noticed%20alerts%20are%20running%20for%20long%20time%20%3A%20EICAR%2041%20minutes%20to%20complete%20the%20automated%20investigation!%3CBR%20%2F%3EThe%20other%20alert%20that%20use%20powershell%20scripts%20and%20it's%20more%20complex%20but%201h%20and%2010%20minutes%20to%20complete%20the%20remediation.%3CBR%20%2F%3EThe%20API%20logs%20shows%20a%20status%20of%20active%20for%20this%20time%2C%20what%20is%20behind%20slowness%3F%3CBR%20%2F%3EScreenshots%20are%20in%20attachment.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello community,
we are testing ATP Defender for endpoints in a test tenant.
We are running a simple test with EICAR test file and another test with a simulation file provided by Microsoft in tutorials page. Automated remediation is enabled and we noticed alerts are running for long time : EICAR 41 minutes to complete the automated investigation!
The other alert that use powershell scripts and it's more complex but 1h and 10 minutes to complete the remediation.
The API logs shows a status of active for this time, what is behind slowness?
Screenshots are in attachment.

0 Replies