Forum Widgets
Latest Discussions
SenseNdr.exe is slowly eating the memory
Hello, For a few days now, we have some Windows Server 2019 physical machines where almot all the memory is commited to sensendr.exe. If you terminate sensendr.exe, the process comes back after a few minutes. On one machine the problem came back after a little bit more than one day, on the others the problem has not come back (yet). All the machines are patches with the 2024-09 CU. Here is a view of the resource monitor : On another machine : Do you have any idea what could cause that and how to avoid it ? We can't find any error messages that could explain the problem. Thanks in advance for your answers MarcMarcVDHDec 03, 2024Iron Contributor11KViews4likes52CommentsDevice logon user showing mismatch in Microsoft Defender for Cloud (Server)
Hello Team, We have onboarded Exchange server in Microsoft Defender for Cloud (Server). And this server successfully showing in Microsoft Defender for Endpoint Assets lists. When we view a single asset details, we found that in logon user details there have 417 users in user lists. They all are not directly login in this Server. Then why it is showing total 417 users in user lists? Thanks NoyonnoyondasDec 02, 2024Copper Contributor28Views1like1CommentIssue with MSSENSE.EXE scanning
We have been working with Microsoft on an issue and they asked that we exclude a couple folders from scanning. We've excluded the folders and Defender MSMPENG.exe isnt scanning them anymore, but MSSENSE.EXE still is, which is ATP / Defender for Endpoint How do I stop MSSENSE.EXE from scanning those folders? Thanks,BrianPittDec 02, 2024Brass Contributor13Views0likes1CommentMicrosoft Enable Programs and Features Settings in Windows 11
If you were a business or organization that was new to Purview, what advice would you give them to turn on or set up as their first steps with the product? On Windows 11, the Settings app lets you install additional features to extend the system's functionalities. You will need an internet connection to download these features since the components are not stored in the default installation. Bur Windows 11 Insider Preview 10.0.26120.2415 (ge_release_upr) fixes issueRayhanDec 02, 2024Copper Contributor17Views0likes0CommentsVerify the device is connected to the network and has internet access to communicate with MDE.
When onboarding a device using the DFE (Device Functionality Enhancement) onboarding script, it is expected that the device will be properly enrolled in Microsoft Defender for Endpoint (MDE) and reflect its status as "Managed" in the Defender portal. However, if the device is showing as "Managed by Unknown" and the "MDE Enrollment status" is displayed as "N/A," it indicates that the device has not successfully registered or communicated with the MDE service. This issue can occur for several reasons, including incorrect configuration of the DFE onboarding script, connectivity issues between the device and Defender for Endpoint services, or issues with permissions or policies applied during the enrollment process. It may also be a result of the device not receiving the required Defender for Endpoint agent or its enrollment being interrupted during the onboarding process. To resolve this issue, try the following steps: Verify the device is connected to the network and has internet access to communicate with MDE. Ensure that the onboarding script is correctly executed with the appropriate permissions and settings. Confirm that the correct version of the Defender for Endpoint agent is installed on the device. Review the Defender for Endpoint portal for any alerts or errors related to the device enrollment. Restart the device and check the enrollment status again. If the issue persists, re-running the onboarding script or re-enrolling the device may be necessary.thomidwiNov 30, 2024Copper Contributor51Views0likes1CommentSuspicious attachment opened with no detection technology or VT matches
We received the alert “Suspicious attachment opened” for an Excel file, but it’s unclear why it was flagged. Here’s what I found: No detection technology triggered. No VT matches. File wasn’t detonated in the Microsoft sandbox. Deep analysis is unavailable (not a PE). I reviewed the file and, apart from generic terms like “invoice” or “file” in the name, I see no clear indicators of suspicion or ways to adjust this in XDR. Any tips for better understanding or fine-tuning the verdict?MarnikNov 26, 2024Brass Contributor22Views1like0CommentsGuidance Needed: Excluding Non-Corporate Devices from Vulnerability Management
We are encountering an issue where non-corporate devices are appearing in our Vulnerability Management and reporting. This is causing inconsistencies in our reports across the tenant and potentially impacting our overall security posture. Hoping to get some guidance in resolving this issue.OluseyiTJNov 26, 2024Copper Contributor23Views0likes1CommentMDE for Linux with ARM processors?
Is MDE supported on Linux server distributions with ARM processors. The minimum requirements outlined states only x64 (AMD64/EM64T) and x86_64 versions are supported. https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint-linux#system-requirements If yes, is there any additional setup needed.Chandra_SathyanarayanaNov 26, 2024Copper Contributor25Views0likes0CommentsDefender exclusions
Are windows defender av exclusions in effect of when the it's disabled. We have an outside consulting agency wanted us to add exclusions to windows defender even tho it's disabled. We use crowdstrike. But what is the point of adding exclusions if it's off?Nb4real2024Nov 25, 2024Copper Contributor38Views0likes1Comment
Resources
Tags
- Defender14 Topics
- Defender for Endpoint13 Topics
- MDATP13 Topics
- ATP10 Topics
- defender atp10 Topics
- security7 Topics
- microsoft defender for endpoint6 Topics
- MDE5 Topics
- Microsoft Defender ATP5 Topics