WD-ATP actually block attacks or does it just report them? RRS feed

  • Question

  • Is Windows Defender ATP purely a detect -> report -> post-breach tool or does it actually detect and stop attacks such as file injections, memory scrapping, etc (like a Carbon Black or Crowdstrike does)?  


    Friday, March 31, 2017 2:38 PM


  • Windows Defender ATP is a post breach tool - to detect, investigate and respond to attacks. As such, by itself, it doesn't block attacks automatically but provides security teams with alerts and analysis of an attack as well as tools to help isolate or remediate affected machines. It works in tandem with other protection/blocking technologies from Microsoft such as Windows Defender AV, Office 365 ATP and EMET to provide the pre-breach protection capabilities you are asking about. 
    • Marked as answer by Zabulon Monday, April 10, 2017 5:28 PM
    Saturday, April 8, 2017 4:21 PM