Forum Widgets
Latest Discussions
MDVM - Patch Publication Date
Dear Microsoft MDVM Development Team, Please could you as quickly as possible implement the "Patch Publication Date" for the vulnerabilities you report on. Any major Vulnerability management platform has this simple field/record please advise you are implementing this and the timeframe for it? Kind Regards, GraemecipherdellJul 16, 2026Copper Contributor15Views0likes1CommentDefender Web Content filtering for Chrome/Firefox
Hello all, We have recently configured Web Content Filtering. I am struggling with finding what is required to have the setup effect on Chrome and Firefox, exactly as it is seen via Edge. Has anyone had success with this? Any information would be greatly appreciated. thank you.MagsonJul 13, 2026Tin Contributor7.9KViews1like20CommentsUnderstanding AI workloads on Linux
Hi everyone, I’m a PM working on security for Linux environments and trying to better understand how AI workloads are actually showing up in production today. Would appreciate hearing from folks here: Are you running any AI workloads on Linux today? Or actively exploring? What does your deployment/setup look like — e.g., model training/inference, agents, MCP servers, data pipelines, etc.? How are you thinking about securing this stack, if at all? If you’re open to a quick 30-min chat, I’d love to learn more from your experience as well. Thanks in advance — this will directly help shape where we invest next.tejaskashyapJul 11, 2026Microsoft77Views0likes1CommentDVM Certificate Inventory Shows No Data Despite Healthy Endpoints in Defender for Endpoint
Hi Team, I'm testing Microsoft Defender Vulnerability Management. Current status: - Defender Vulnerability Management Add-on enabled - Certificates inventory tab is visible - Software Inventory populated - Security Recommendations populated - Windows and Linux devices onboarded - Linux mdatp health = healthy:true, licensed:true, cloud_enabled:true - Devices have local certificates installed - Certificate Inventory page shows "No data" The DVM Add-on was enabled more than 36 hours ago. Has anyone experienced a delay in Certificate Inventory population or are there additional prerequisites beyond DVM licensing and device onboarding? Thanks.vijaysethiyaJul 10, 2026Copper Contributor31Views0likes1CommentMicrosoft Defender false positive and WDSI submission details page bug
Hello, I am the developer and publisher of Pulse Launcher, a legitimate signed Windows application / Minecraft mod launcher. I already submitted this through Microsoft Security Intelligence and also opened a Microsoft Q&A thread, but I am posting here because the WDSI submission portal itself appears to be broken for these submissions. Related Microsoft Q&A thread: https://learn.microsoft.com/en-us/answers/questions/5929545/microsoft-defender-false-positive-and-wdsi-submiss There are two related issues: 1. Microsoft Defender cloud ML false positives keep appearing on public multi-engine scan results for the same signed application/product family. The Microsoft detection name changes across rescans and equivalent builds, including: - PUA:Win32/Puwaders.C!ml - Program:Win32/Wacapew.C!ml - Trojan:Win32/Wacatac.B!ml - Trojan:Win32/Wacatac.C!ml - Trojan:Win32/Sabsik.EN.A!ml 2. Microsoft Security Intelligence submissions are visible in Submission history and show status "In progress", but opening the submission details page returns: "The details for the submission were not found or the submission has expired." Affected submission IDs: - dd476efa-fc04-4f13-82cf-631bbfd145a6 - efc6514c-d700-4d6a-a7e2-67a9a83334a2 - ff8d04b7-c5fc-4a05-bd53-ee7ac5981284 File details: - File name: pulse_launcher.exe - SHA-256: def6059c07c3e1f4a8c5649a1bbf190d4f355ee8e8b88c55c5b404edee99ecc8 - Signer: FOP Haponiuk Mykola Viktorovych - Certificate: GlobalSign EV Code Signing certificate The executable is not VMProtect-packed or obfuscated. It is EV-signed. A previous Microsoft analyst response stated that the file did not meet Microsoft criteria for malware or PUA, but Microsoft cloud detections continue to appear. Could someone route this to Microsoft Defender Security Intelligence / malware analysis, or advise how to escalate WDSI submissions that exist in history but whose details endpoint returns "not found or expired"? Thank you.MykolaHaponiukJul 02, 2026Copper Contributor51Views0likes1CommentContent blocked by IT Admin
I am the IT Admin and I keep seeing this Windows Security pop up notification on my system about blocking mtalk.google.com. I do not have this installed nor can I find anything about it in the registry. How can I find and remove this completely to stop these notifications? Driving me crazy....SolvedBlacksuit2375Jun 26, 2026Copper Contributor34KViews0likes20CommentsWays to fetch quarantine files
We are working with quarantine files and have a few questions: 1. Is there a public API available to retrieve quarantined files from Microsoft Defender for Endpoint? 2. Is there a documented method to map an alert or a file SHA-1/SHA-256 hash to the corresponding object in the Defender quarantine store? 3. Is there a way to retrieve quarantined files other than using a PowerShell script through the Live Response API?Dhwani_ShahJun 17, 2026Copper Contributor162Views0likes4CommentsMicrosoft Defender for Endpoint and WDAC audit logs not include kernel audit/blocks
While testing WDAC on a fully patched Win11 pro machine - I noticed that kernel audit/block events do not get collected by MDE in the advanced hunting portal, only user mode audit/blocks are collected. Can anyone confirm they see this too and is this by design? My test case is to use a Strict Kernel Mode WDAC policy (as per: https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection) which is active, using the global secure access client as my test, when the machine boots, the below event is generated locally on the machine: This event is never shown on the MDE advanced hunting portal, though user events do show. Examples of events that are coming through: Not receiving these events centrally for auditing would make deploying a kernel mode wdac control impossible. Would be amazing if Microsoft product team could look into this and resolve as these alerts should be captured as well please to facilitate deployment of more secure controls.Warren212Jun 14, 2026Tin Contributor111Views0likes2CommentsrunHuntingQuery API and 'evaluate pivot'
Seem to have a problem where any request to the runHuntingQuery API with 'evaluate pivot' fails with error": { "code": "UnknownError", "message": "", Is this just a 'feature' ? The query happily runs trough the website/XDR portal. :-( Is there a way to simulate a pivot (easily) in powerapps ?Tim4May 26, 2026Copper Contributor78Views0likes1CommentLarac2shell: Turning MDE Live Response into a near real-time shell We are the EDR!
https://github.com/akefallonitis/larac2shell Turning MDE live response into a near real time interactive shell beta version out Features: - Internal (Thanks to https://www.linkedin.com/in/fabianbader/ - https://www.linkedin.com/in/nathanmcnulty/ and xdrinternals research ) vs External api authentication - Arbitrary command execution via pre-uploaded base64 wrapper script - Cross-OS support PS Two MSRC bugs reported for direct command execution bypass waiting for Microsoft Response in order to publish them Coming SOON TM Full LaraC2 Post Exploitation OST framework over MDE as C2/C3 Channel - We are the EDR / No external Infra / Onboarding to your controlled tenant silencing MDE Happy testing 🥳 🎉alkefallonitisMay 08, 2026Copper Contributor104Views0likes2Comments
Tags
- microsoft defender for iot80 Topics
- threat intelligence35 Topics
- IoT security17 Topics
- threat protection15 Topics
- defender14 Topics
- MDATP13 Topics
- Defender for Endpoint13 Topics
- security13 Topics
- ATP10 Topics
- defender atp10 Topics