The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to view Advanced Threat Protection (ATP) Reports in Windows

Download Windows Speedup Tool to fix errors and make PC run faster

Advanced Threat Protection (ATP) service in Windows 11/10 helps you prevent zero-day malware attacks by analyzing inbound email attachments for any new threats and blocking them right away. Every ATP classifies a threat into:

  1. Clean – File classified has a minimal risk as no malicious indicators are found.
  2. Suspicious – File classified as medium risk. It poses a potential risk
  3. Malicious – File classified as high-risk. There’s a great likelihood of files being laced with malware.

It is, therefore, essential to review the ATP Report before determining whether to deliver the message.

How to view Advanced Threat Protection (ATP) Reports in Windows

You can view your ATP reports in the Security & Compliance Center. Go to Reports > Dashboard. There are three kinds of ATP reports:

  • Threat protection status report
  • ATP Message Disposition Report
  • Advanced Threat Protection File Types report

Let us take a look at them.

Threat protection status report

To view this report, navigate to Security & Compliance Center, select Threat management, and choose Advanced Threats.

Then, for a more detailed status for any day, hover over the graph. The report will offer an aggregated count of unique email messages with malicious content (files or links) blocked by built-in ATP protection features like ATP-safe links and ATP-safe attachments.

ATP

Underneath the chart, you’ll see a detailed list of the detections, including subject lines and how each item was detected. Simply select an item to view its observed behavior like, whether the item was inbound or outbound, how it was detected, and perform advanced analysis, if necessary.

ATP Message Disposition report

The ATP Message Disposition report basically displays the actions confirmed for email messages that were suspected to have malicious URLs or files.

To view this report, go to Reports section visible under the ‘Security & Compliance Center’> Dashboard and then, ATP Message Disposition.

Simply click the report to open it and get a more detailed view of the report.

Advanced Threat Protection File Types report

It informs a user about malicious website links (URLs) and malicious files detected through ATP safe links and safe attachments policies (we’ll cover this topic in our upcoming post)

To view this report, Reports section as outlined above, select ‘Dashboard’> ATP File Type.

Advanced Threat Protection (ATP) Reports

Next, when you move your mouse cursor over a particular day, you can notice the number of malicious URLs or files detected. Click the ATP File Types report to get a more detailed view of the report.

Thus, ATP provides a way for users to create and define policies that can ensure users access only to links in emails or attachments to emails that are identified as not malicious.

Read: How to manually clear Windows Defender Protection History.

HemantS@TWC

A post-graduate in Biotechnology, Hemant switched gears to writing about Microsoft technologies and has been a contributor to TheWindowsClub since then. When he is not working, you can usually find him out traveling to different places or indulging himself in binge-watching.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *