This article describes the enhancements in Microsoft Advanced Threat Analytics (ATA) v1.8, and also includes Update 1 for ATA v1.8, for more information, see KB4036650.
- Adds detection of abnormal modification of sensitive groups
- Adds detection of suspicious authentication failures (behavioral brute force)
- Improves remote execution detection
- Improves unusual protocol implementation to detect WannaCry malware
- Enhances Kerberos Golden Ticket detection
- Single sign-on
- Better management of suspicious activity: exclusion, deletion and suppression
- Auditing logs
- Local collection of events while you are using lightweight gateway
- Center performance improvements
- Reports module
For more information, see What's new in ATA 1.8.
How to get this update
Method 1: Microsoft Update
Use Microsoft Update to automatically download and install the update.
Method 2: Microsoft Download Center
The following file is also available for download from the Microsoft Download Center:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Update detail information
To install this update, you should first install Microsoft Advanced Threat Analytics v1.7 with Update 2 (1.7.5757) or with Update 1 (1.7.5647) or v1.8 (1.8.6645). If you are using version 1.7.5402, you must first upgrade to 1.7.5757.
To apply this update, you don't have to make any changes to the registry.
You may have to restart the computer after you apply this update.
Update replacement information
This update doesn't replace a previously released update.