Yesterday, Microsoft announced the first Update for ATA that is rolling through Windows Update. You can find the KB details here

Symptoms

After you run Microsoft Advanced Threat Analytics (ATA) v1.6 for several weeks, the ATA console may display many unexpected suspicious activities of type “Suspicion of identity theft based on abnormal behavior”. If notification is configured, some unexpected health notifications may be generated.

Cause

This issue occurs because the detection mechanism infrastructure does not work correctly.

Resolution

To resolve this issue, install the update described in the article. The build number of this update is 1.6.4317.10945.

Being that this is the first ATA update rolling through Windows Update, let’s take a look at the process.

First, we see an update for ATA as expected in Windows Update. Let’s hit install.

062916_1616_InstallingA1.png

After downloading the update, instead of a normal silent install, it pops up with the ATA update UI.

I do wish this would be done silently in the future.

062916_1616_InstallingA2.png

Standard validation process, let’s hit Update

062916_1616_InstallingA3.png 062916_1616_InstallingA4.png 062916_1616_InstallingA5.png

Looks like it completed without any issues!

062916_1616_InstallingA6.png

And Windows update shows healthy as well!

062916_1616_InstallingA7.png

It may take a few minutes after the upgrade (and note the console may go down a few times), but if you have the automatic Gateway upgrades checked, it will cycle the Gateways as well as it deploys the latest update. Nice, even for my environment with only 3!

062916_1616_InstallingA8.png 062916_1616_InstallingA9.png

It may just be me, but I believe the Notifications pane has also changed slightly

062916_1616_InstallingA10.png

And we can see everything is back to normal, or well mostly! 🙂

062916_1616_InstallingA11.png

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>