MAV Detection Review by ThreatOps:
Added a MAV detector that looks for remediation recommendations from Defender so they can be used as Assisted Remediation steps https://app.shortcut.com/huntress/story/28838/create-additionalactionsbitmask-mav-detector
Enabled MAV detection filtering from MAV Needs Review, Account, Organization, and Host detection tables so that it’s easier for customers and ThreatOps to see specific types of detections. https://app.shortcut.com/huntress/story/31544/enable-mav-detection-filtering-from-multiple-portal-locations
Added an assisted remediation option for a full scan to MAV incident reports https://app.shortcut.com/huntress/story/28832/add-full-scan-remediation-action-option-to-mav-incident-reports
There are some cases where Defender recommends a full scan to entirely clear the malware infection.
Allowed for Reboot and Full Scan Remediations to be added to
- Updated Managed Antivirus host page with new layout
- The MAV host page is restructured and formatted to make the status of MAV for the host clearer to end-users. This includes rearranging table order and table layout within the MAV hosts page.
- The MAV host page has also added an indicator to show the number of policy settings that are out of compliance
- Added ability to delete file upon reboot
- In some situations, incident reports get hung because normal file deletion cannot be completed because the file is in use when we attempt to delete the file. This capability allows us to mark the file for deletion upon reboot if the normal deletion fails. When the machine is finally rebooted, the delete file task can be successfully completed and the report can be closed.
- Corrected MAV detection numbers for Monthly/Quarterly Reports
- Corrected sorting Last Seen column by date for Managed Antivirus dashboard
- Corrected task status of Delete Scheduled Task
- Delete scheduled task playbook items now report that the Delete Scheduled Task succeeded when the file associated with the scheduled task is not found. This corrects the user experience where a delete scheduled task appears as though it failed but in reality, the file is already gone.