User Profile

mbhmirc

Brass Contributor

Joined Mar 22, 2019

15 Posts9 LikesLikes received1 Solution

View All Badges

User Widgets

Recent Discussions

Re: URL Blocking incidents and action log
PhilTappUK I was trying to do it from the Alert, not the page. Just saw you can do it in a better fashion on the page. Thank you.
May 07, 2020 Place Microsoft Defender for Endpoint
2.6KViews
0likes
0Comments
Re: URL Blocking incidents and action log
_UAEx Hello, we would like to block and not generate the alert. It causes a lot of noise in the dashboard as people keep trying a URL that is blocked.
May 06, 2020 Place Microsoft Defender for Endpoint
2.4KViews
0likes
0Comments
URL Blocking incidents and action log
Hello All, Is there a way when you block a URL in ATP to not to generate an alert or incident. For example blocking a url where people keep trying it will generate lots of alerts. If i want to turn off the IOC it looks like it will turn off other things. or am I missing something? Also I can't seem to find any log of actions taken on a single page by everyone. This would be handy for when you want to check on file downloads you have initiated etc. Is it just I am missing something or is this a feature request? 🙂
Solved
May 05, 2020 Place Microsoft Defender for Endpoint
2.6KViews
0likes
4Comments
Re: Questions Based on Webinar
HeikeRitter Perfect, thank you. Just one more item..... Regards the False positives that's great for ATP. However for a defender detection that ATP also reports we sometimes need to clean it up quickly as it can stop production. Currently we download the file with the rather cool download file tool and then submit it to the Defender team who double check the file and then update the intelligence files. It would be great if we could automate this submission, or is it a case this is automatic when we do false positive at all levels?
Apr 08, 2020 Place Microsoft Defender for Endpoint
1.3KViews
1like
1Comment
Questions Based on Webinar
Hello, First of all thank you for a very helpful overview. Was a great session. I have some specific questions: 1. There seems to be no way to auto-submit a false positive from MDATP to the Defender website? 2. Is cyren still the only web filter provider? During testing we found it missed "proxy" websites and people could easy visit banned sites still. 3. Is there an additional charge for threat experts over and above the license? 4. Can we get ongoing lab machines, limited number each month, so we can test detonate in a more rich environment? 5. When testing windows 7 we never got the rich view shown in the blog, is this now in a reduced from? We installed AV from SCCM and joined but the view is extremely limited for win 7 and no remediation seemed to take place? Thank you in advance! 🙂
Solved
Apr 02, 2020 Place Microsoft Defender for Endpoint
1.4KViews
0likes
3Comments

Recent Blog Articles

No content to show