Blocked Threat feature request

[Semiazas]

In the alert details please include the process ID of any outbound/inbound threat blocked.  At the moment it appears all we get is application name, destination IP and port.  Application alone is ambiguous when there are multiple threads/copies resident.  For example Chrome could have hundreds of threads active at any one time (at least for me).  If the 'blocked threat' alert pops it's impossible to determine which window and/or tab (if any), or other process was responsible.  Just that it was Chrome.  Additional detail, even if only the process ID responsible/targeted, would go a LONG way towards figuring out why Chrome was making such an attempt.  Inbound may be problematical assuming it's difficult to gather process info based upon what's listening at the destination port, so if this is too costly so be it.  Outbound is what really matters, again at least to me.  Given the process ID I can track down which Chrome window/tab was responsible (assuming it was a specific one) and hopefully narrow down what might have triggered the attempt. 

This is assuming there's no specific reason for not including this detail...?

Thanks for listening. 

[exile360]

Greetings,

Thank you for the suggestion.  Yes, it should be trivial to include the PID for block events, at least outgoing.  For incoming it is far less likely only because blocks occur at the network/adapter level within the network stack (Web Protection functions through an implementation of the same WFP APIs used by the built in Windows Firewall) so incoming blocks are intercepted long before reaching the application level/user mode.

Either way, I will provide your feedback to the Product team and hopefully we will see additional details added in a future release (and I will include the request for more specifics on incoming blocks as well, if possible just in case the Devs know of a way to accomplish this).

If you have any further feedback, suggestions or feature requests please don't hesitate to let us know.

Thanks