Recent Discussions
Web content filtering and indicator aren't working on third party browser
Hi, we have just noticed that web content filtering and customized indicators are not working on third party browsers after upgraded defender for endpoint to 4.18.23050.3, the issue has happened to both Win10 and Win11 machines. Has anyone else got the same issue?
SenseNdr.exe is slowly eating the memory
Hello, For a few days now, we have some Windows Server 2019 physical machines where almot all the memory is commited to sensendr.exe. If you terminate sensendr.exe, the process comes back after a few minutes. On one machine the problem came back after a little bit more than one day, on the others the problem has not come back (yet). All the machines are patches with the 2024-09 CU. Here is a view of the resource monitor : On another machine : Do you have any idea what could cause that and how to avoid it ? We can't find any error messages that could explain the problem. Thanks in advance for your answers Marc
Web access performance issue when enabling network protection
Hi, this is another issue by following the upgrade to 4.18.23050.5 for fixing the Web content filtering issue. (The previous post can be found from Here . After upgraded to 4.18.23050.5, the web content filtering has backed to be working again, but now I've just noticed that another web access performance issue, the website loading time in the first time access from a 3rd party browsers are extremely longer than before. Has anyone got the same issue? My current MDE version is: AMEngineVersion : 1.1.23060.1005 AMProductVersion : 4.18.23050.5 AMServiceVersion : 4.18.23050.5 AntispywareSignatureVersion : 1.391.1600.0 AntivirusSignatureVersion : 1.391.1600.0 FullScanSignatureVersion : 1.385.1482.0 NISEngineVersion : 1.1.23060.1005 NISSignatureVersion : 1.391.1600.0 QuickScanSignatureVersion : 1.391.1418.0Blocking file uploads to all sites, unless safelisted
We're trying to verify if we can block file uploads through the browser to all sites, unless these sites are part of an approved list or the user has an exception. We currently have a similar solution through a different vendor, but wanted to see if Defender for Endpoint is an alternative. So, if someone creates a new site, this site would not be allowed to be uploaded to unless the domain is added to an approved list. The alternative would be to block if the file has a specific label. Thanks,
MDE repeatable false positive "Multi-stage incident involving Privilege escalation..." How to fix?
Anyone else seeing this? It always has 57 alerts, too, and the Detection source is always 'Custom TI' and always at the same time in the morning. Doesn't matter if the machine is managed, AD joined, etc. More details - all show windows error manager process (the other week I saw similar, but triggered by windows activation check) Any ideas? I didn't set this tenant up, so I wonder if there is some weird setting somewhere that is causing these false positives. I don't see any entries under Endpoint settings, Rules, Indicators which is what I thought would have been causing this?Onboarding servers to MDE after September 2022
Paul_Huijbregts marysia_k HeikeRitter (Just mentioning a few of the employees active in the community in the hope that someone knows something) So I am rather confused how to handle MDE in servers now that stand-alone licensing for "MDE for servers" is being phased out, leaving just Defender for Servers. Servers in Azure are OK I suppose, since they are visible in Defender for Cloud to begin with, but this is not the case with servers in AWS, GCP, and On-premise. Q1: Azure Arc Do we now have to install the Azure Arc agent in servers outside of Azure, just to be able to activate the Defender for Servers plan in Defender for Cloud? Does this require Azure Arc licensing, or is this usage free like with AMA (AMA requires Arc outside of Azure, and can be used free when you just need to fulfill this prereq for AMA) Q2: Onboarding Can we still use GPO, MECM, local scripts etc for onboarding, or do we need to deploy via Defender for Cloud (by activating the Defender for Servers plan) Me and my colleagues are all very confused here, which also hinders our pre-sales as a MS partner, so any sort of information would be much appreciated. (We have been unable to get any real info from support or from our MS representatives it seems)Device Control Printer Protection - Blocks Print to PDF
When using the OMA URI policy ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControl to block printing via non-corporate printers. It is observed it blocks Print to PDF and Print to XPS function. Using the Application Guard Security Policy under ASR does not provide the required exclusion. Does anyone have any idea how to resolve. Thanks
MDE apparently blocks MacOS Monterey 12.1 / 12.2 upgrades?
The last days we have encountered a situation where the upgrade to MacOS Monterey 12.1 or 12.2 fails. After several reboots the machine returns to the state before the upgrade started, with the addition of several applications crashing upon startup and needing reinstalls of these. This has happened to several machines, both Intel and ARM models when trying to upgrade from various MacOS versions such as 12.0.1 and 11.6.x. Several repeated attempts give the same result: It occurred that we might have a compatibility issue with Defender ATP (101.56.35) - and after removing this application completely and retrying the OS upgrade, this was completed without any issues. Defender ATP was then reinstalled and now works without issues. The same goes for other applications that were "corrupted" during the first tries. Among them are OneDrive and Teams. After a "delete and reinstall" they all now work fine. A less "Brutal" approach is also tried out (edit: which did not help) disabling various Defender modules, but this is rather time consuming since we do not know the result before the whole upgrade process is "complete". Anyone else seeing a similar pattern?Defender Web Content filtering for Chrome/Firefox
Hello all, We have recently configured Web Content Filtering. I am struggling with finding what is required to have the setup effect on Chrome and Firefox, exactly as it is seen via Edge. Has anyone had success with this? Any information would be greatly appreciated. thank you.Create and Manage Device Groups area is missing from my tenant
I tried following along with the documentation https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-worldwide#create-a-device-group but I do not have a Permissions section (let alone Device Groups) under the Endpoint settings. Here is what the setting is supposed to look like And this is what my tenant looks like. I initially thought there was a problem with the documentation but after I submitted feedback they said there might be something wrong with the tenant. I just wanted to check with other users to see if they are seeing things properly or if others see the same as what I do. The doc reply said I should open a support ticket however this always redirects us to our reseller who for the lack of better words, are totally incompetent, and I'm unable to open tickets with MS directly. Would rather not waste my time. Regarding licenses, we have Business Premium. Am I just looking in the wrong spot or is something going on with our tenant?problems with MS Defender for Endpoint on iOS device
Hi. We recently deployed MS Defender for Endpoint on all our iOS devices through Intune. However, since then, people are complaining their internet browsing experience is not good. It's slow, some sites take forever to load (when they do), etc. When we manually disable the Defender VPN connection, it's working again. How can we fix this issue? Thanks.
Recent Blogs
- As of today, October 14, 2025, Microsoft is officially ending support for Windows 10. This means that Windows 10 devices will no longer receive security or feature updates, nor technical support from...Oct 14, 2025
- We’re excited to announce a key milestone in Defender’s multi-tenant management journey—Microsoft Defender for Endpoint security policies can now be distributed across multiple tenants from the Defen...Aug 07, 2025
