What's new in the WDATP Portal? May 25th 2017
Published Sep 04 2017 01:04 AM 559 Views

Alert Page Makeover

We've redesigned the Alert page, to make information in the header clearer and easier to understand, changed the alert descriptions and recommended actions sections to be expandable - so the alert process tree is immediately available when landing on the Alert page.




Alert Process Tree Enhancements

Showing files from parsing command lines

We parse command lines of common processes to extract executed filenames, and show these in the alert process tree.


WMI Logical Parent support [Internal Preview]

We now show the logical parents of processes triggered by running WMI queries against the Win32_Process class, instead of WmiPrvSE.exe


URLs of downloaded files [Internal Preview]

We now show download URLs of files downloaded by Edge or Chrome (Creators Update machines) to add important data to investigations.



Elevation Reparenting support

We've enhanced alert process trees that contain elevated processes to display the calling processes as parents in the process tree instead of the reported svchost.exe, to provide an accurate logical picture to SecOPS.



Windows Defender ATP & O365 integration - Open for business

We've all being waiting for this to arrive for a long time, and we can finally announce: it's here!!

Information how to enable WDATP and O365 ATP integration is publicly available here






Version history
Last update:
‎Oct 18 2017 08:58 AM
Updated by: