Aug 06 2019 05:35 AM
Hi! Today windows defender one of the best solution for protect endpoint. But I think we have not enough live-response targets in action center. From this link we can find all targets.
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/respond-m...
I didn’t have enough yesterday additional targets.
For example https://github.com/EricZimmerman/KapeFiles/tree/master/Targets
It would also be very helpful to collect MFT
Thanks!
Sep 15 2019 06:54 AM
Hi there,
Are you aware of the newly released "Live Response" feature in MDATP? https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/live-resp...
With this feature you can perform a wide variety of forensic activities remotely on a machine, including running any PS script which allows you to extend to a lot of additional actions, including e.g. collecting the MFT. Hope this helps!