cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Questions Based on Webinar

mbhmirc
Brass Contributor

‎Apr 02 2020 09:12 AM

‎Apr 02 2020 09:12 AM

Questions Based on Webinar

Hello,

 

First of all thank you for a very helpful overview.  Was a great session.

 

I have some specific questions:

 

1. There seems to be no way to auto-submit a false positive from MDATP to the Defender website?

2. Is cyren still the only web filter provider?  During testing we found it missed "proxy" websites and people could easy visit banned sites still.

3. Is there an additional charge for threat experts over and above the license?

4. Can we get ongoing lab machines, limited number each month, so we can test detonate in a more rich environment?

5. When testing windows 7 we never got the rich view shown in the blog, is this now in a reduced from?  We installed AV from SCCM and joined but the view is extremely limited for win 7 and no remediation seemed to take place?

 

Thank you in advance! :)

910 Views
0 Likes
3 Replies
Reply
3 Replies
Heike Ritter

‎Apr 07 2020 03:54 PM

‎Apr 07 2020 03:54 PM

Re: Questions Based on Webinar

@mbhmirc Hi there!

 

I am glad to read you found the webcast helpful and you liked it :)

I am trying to answer as many questions as possible

1. you can mark alerts as FP within the console and we can use this data to measure SNR & tune our detectors where needed.

2. yes, its currently in preview and we are collecting feedback (I'll pass your proxy feedback on).

3. Threat Experts comes with two components "Targeted attack notification" and "experts on demand". The first one is included, the second is a separate subscription - but after you applied and got accepted to the program, you can test Experts on demand first free of charge.

4. we get this request frequently and the team is looking into options as those are very high costs in the backend. Currently the answer is no.

5.  You should see everything we are capable of picking up from the endpoint, beside logged-on users. And yes, not all response actions are available because they would require changes in Windows 7.

 

Greetings from Seattle and stay safe!

Heike

 

0 Likes
Reply
mbhmirc

‎Apr 08 2020 09:40 AM

‎Apr 08 2020 09:40 AM

Re: Questions Based on Webinar

@Heike Ritter Perfect, thank you.   Just one more item.....

 

Regards the False positives that's great for ATP.  However for a defender detection that ATP also reports we sometimes need to clean it up quickly as it can stop production.  Currently we download the file with the rather cool download file tool and then submit it to the Defender team who double check the file and then update the intelligence files.  It would be great if we could automate this submission, or is it a case this is automatic when we do false positive at all levels?

1 Like
Reply
best response confirmed by mbhmirc (Brass Contributor)
Heike Ritter

‎Apr 12 2020 09:49 AM

‎Apr 12 2020 09:49 AM

Solution

Re: Questions Based on Webinar

@mbhmirc No, it does not. If I am not mistaken, the team is looking into such options though. I'll pass your feedback on :) 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by mbhmirc (Brass Contributor)
Heike Ritter

‎Apr 12 2020 09:49 AM

‎Apr 12 2020 09:49 AM

Solution

Re: Questions Based on Webinar

@mbhmirc No, it does not. If I am not mistaken, the team is looking into such options though. I'll pass your feedback on :) 

View solution in original post

0 Likes
Reply