It should be possible to blacklist, delete, submit to cynic and collect file from the "Endpoint Search" result.
And it should be possible to collect all file types, not only executables.
In current version 2.0.2, it is only possible to submit the hash to virustotal.
If this tools is supposed to work as a Incident Respons tool it really needs to be able to search for all file types and be able to collect. This would also increase the ability of the tool to cover basic forensics that is not necessary malware related.
For example: I had a customer that receieved a bunch of *.docm files that was malicious. I would then have liked to search for all samples of the *.docm file and block/delete it with one click across all endpoints. This is not possible with the current version of ATP.