locked
How to resolve attack from ATP portal? RRS feed

  • Question


  • I tried to execute few malware on machines protected by WDATP. It could able to detect attack and I can see alerts on ATP portal. Is there any way to resolve attack from ATP portal. Suppose malware infected N number of system and I could able to see alert on ATP portal, but did not find any way to resolve or quarantine malware from all the infected system or blacklist domain/IP from the ATP. Please suggest a way to resolve it from ATP portal. 

    Wednesday, June 8, 2016 6:25 AM

Answers

  • Actually the scope of ATP is to give you information and help you to understand threats. But as for action, you need to use your own Anti-Malware product, for example, you may deploy policy using System Center to scan systems or update them. Or create policy using AppLocker to block files which are infecting your systems. If you find the root of problem, for example, if it is from USB, you may block USB access on affected device. Basically ATP, gives you inside and you may use those insides to take action.

    Monday, November 14, 2016 3:27 PM
  • Think of this as forensics, and information, not a portal to clean up the system.  It's to help the IT admin to understand how the attack occurred, not to fix it via the portal.
    Tuesday, November 22, 2016 5:44 AM

All replies

  • Actually the scope of ATP is to give you information and help you to understand threats. But as for action, you need to use your own Anti-Malware product, for example, you may deploy policy using System Center to scan systems or update them. Or create policy using AppLocker to block files which are infecting your systems. If you find the root of problem, for example, if it is from USB, you may block USB access on affected device. Basically ATP, gives you inside and you may use those insides to take action.

    Monday, November 14, 2016 3:27 PM
  • Think of this as forensics, and information, not a portal to clean up the system.  It's to help the IT admin to understand how the attack occurred, not to fix it via the portal.
    Tuesday, November 22, 2016 5:44 AM
  • Enroll your machine to the Windows Insider program, and stand by. Some exciting new features are coming up in a few weeks that will help resolve your challenge above.
    Wednesday, November 30, 2016 9:16 AM