Deep analysis feature in Microsoft Defender ATP

The Deep analysis feature executes a file in a secure, fully instrumented cloud environment. Deep analysis results show the file’s activities, observed behaviors, and associated artifacts, such as dropped files, registry modifications, and communication with IPs. Deep analysis currently supports extensive analysis of portable executable (PE) files (including .exe and .dll files).

The Deep analysis summary includes a list of observed behaviors, some of which can indicate malicious activity, and observables, including contacted IPs and files created on the disk. If nothing was found, these sections will simply display a brief message.

Results of deep analysis are matched against threat intelligence and any matches will generate appropriate alerts.

Learn more:

Start a Microsoft Defender ATP trial or request a quote:

Post Author: hatefull