Yesterday, Microsoft announced the first Update for ATA that is rolling through Windows Update. You can find the KB details here


After you run Microsoft Advanced Threat Analytics (ATA) v1.6 for several weeks, the ATA console may display many unexpected suspicious activities of type “Suspicion of identity theft based on abnormal behavior”. If notification is configured, some unexpected health notifications may be generated.


This issue occurs because the detection mechanism infrastructure does not work correctly.


To resolve this issue, install the update described in the article. The build number of this update is 1.6.4317.10945.

Being that this is the first ATA update rolling through Windows Update, let’s take a look at the process.

First, we see an update for ATA as expected in Windows Update. Let’s hit install.


After downloading the update, instead of a normal silent install, it pops up with the ATA update UI.

I do wish this would be done silently in the future.


Standard validation process, let’s hit Update

062916_1616_InstallingA3.png 062916_1616_InstallingA4.png 062916_1616_InstallingA5.png

Looks like it completed without any issues!


And Windows update shows healthy as well!


It may take a few minutes after the upgrade (and note the console may go down a few times), but if you have the automatic Gateway upgrades checked, it will cycle the Gateways as well as it deploys the latest update. Nice, even for my environment with only 3!

062916_1616_InstallingA8.png 062916_1616_InstallingA9.png

It may just be me, but I believe the Notifications pane has also changed slightly


And we can see everything is back to normal, or well mostly! 🙂


Leave a Reply

Your email address will not be published. Required fields are marked *