Description of Microsoft Advanced Threat Analytics v1.8 including Update 1

This article describes the enhancements in Microsoft Advanced Threat Analytics (ATA) v1.8, and also includes Update 1 for ATA v1.8, for more information, see KB4036650.

Detection enhancements

• Adds detection of abnormal modification of sensitive groups 
• Adds detection of suspicious authentication failures (behavioral brute force) 
• Improves remote execution detection
• Improves unusual protocol implementation to detect WannaCry malware
• Enhances Kerberos Golden Ticket detection 

Infrastructure enhancements

• Single sign-on
• Better management of suspicious activity: exclusion, deletion and suppression
• Auditing logs
• Local collection of events while you are using lightweight gateway
• Center performance improvements
• Reports module

For more information, see What's new in ATA 1.8.

Method 1: Microsoft Update

Use Microsoft Update to automatically download and install the update.

Method 2: Microsoft Download Center

The following file is also available for download from the Microsoft Download Center:

Download the ATA 1.8 with Update 1 package now.

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update detail information

Prerequisites

To install this update, you should first install Microsoft Advanced Threat Analytics v1.7 with Update 2 (1.7.5757) or with Update 1 (1.7.5647) or v1.8 (1.8.6645). If you are using version 1.7.5402, you must first upgrade to 1.7.5757.

Registry information

To apply this update, you don't have to make any changes to the registry.

Restart requirement

You may have to restart the computer after you apply this update.

Update replacement information

This update doesn't replace a previously released update.