Forum Widgets
Latest Discussions
Microsoft Defender network extension issue after macOS 15 Upgrade
Hello all, don't know where to post this or get support. If there is a better forum or some mail address to report this, please provide the link. I have upgraded to macOS 15 and have Microsoft Defender installed. After investigating some issues with our phone software, I've noticed several crash reports on macos related to the "netext" process, which seems to be a part of Microsoft Defender for macOS. Anyone else updated to macOS15 already and having these crash issues? I have the latest available Microsoft Defender version installed. Latest definitions are installed as well. ------------------------------------- Translated Report (Full Report Below) ------------------------------------- Process: netext [14182] Path: /Library/SystemExtensions/*/netext Identifier: com.microsoft.wdav.netext Version: 101.24072.0006 (101.24072.0006) Code Type: ARM-64 (Native) Parent Process: launchd [1] User ID: 0 Date/Time: 2024-09-18 11:52:47.7178 +0200 OS Version: macOS 15.0 (24A335) Report Version: 12 Anonymous UUID: CB6A6847-15D8-0FAD-257C-ACBAD9B7E5D8 Sleep/Wake UUID: 45F9E09D-349D-4D48-95A2-BA96DE05A531 Time Awake Since Boot: 20000 seconds Time Since Wake: 13966 seconds System Integrity Protection: enabled Crashed Thread: 6 Dispatch queue: NEFilterExtensionProviderContext queue Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x000000000000016a Exception Codes: 0x0000000000000001, 0x000000000000016a Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11 Terminating Process: exc handler [14182] VM Region Info: 0x16a is not in any region. Bytes before following region: 4297817750 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 1002b8000-1007fc000 [ 5392K] r-x/r-x SM=COW /Library/SystemExtensions/*/netext Thread 0: 0 libsystem_kernel.dylib 0x18abd53c8 __semwait_signal + 8 1 libsystem_c.dylib 0x18aab4714 nanosleep + 220 2 libc++.1.dylib 0x18ab4b2f4 std::__1::this_thread::sleep_for(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l>> const&) + 84 3 netext 0x1002d556c 0x1002b8000 + 120172 4 netext 0x1002d5480 0x1002b8000 + 119936 5 libsystem_pthread.dylib 0x18ac132e4 _pthread_start + 136 6 libsystem_pthread.dylib 0x18ac0e0fc thread_start + 8 Thread 1: 0 libsystem_kernel.dylib 0x18abda710 poll + 8 1 netext 0x10044bbd4 0x1002b8000 + 1653716 2 netext 0x10044c44c 0x1002b8000 + 1655884 3 netext 0x10040bc14 0x1002b8000 + 1391636 4 libsystem_pthread.dylib 0x18ac132e4 _pthread_start + 136 5 libsystem_pthread.dylib 0x18ac0e0fc thread_start + 8 Thread 2: 0 libsystem_kernel.dylib 0x18abda710 poll + 8 1 netext 0x10044bbd4 0x1002b8000 + 1653716 2 netext 0x10044c44c 0x1002b8000 + 1655884 3 netext 0x10040bc14 0x1002b8000 + 1391636 4 libsystem_pthread.dylib 0x18ac132e4 _pthread_start + 136 5 libsystem_pthread.dylib 0x18ac0e0fc thread_start + 8 Thread 3: 0 libsystem_kernel.dylib 0x18abd9564 __sigsuspend_nocancel + 8 1 libdispatch.dylib 0x18aa73aac _dispatch_sigsuspend + 48 2 libdispatch.dylib 0x18aa73a7c _dispatch_sig_thread + 60 Thread 4: 0 libsystem_kernel.dylib 0x18abda710 poll + 8 1 netext 0x10044bbd4 0x1002b8000 + 1653716 2 netext 0x10044ed74 0x1002b8000 + 1666420 3 netext 0x10043e4b0 0x1002b8000 + 1598640 4 libboost_context.dylib 0x100937c08 make_fcontext + 24 Thread 5: 0 libsystem_kernel.dylib 0x18abda710 poll + 8 1 netext 0x10044bbd4 0x1002b8000 + 1653716 2 netext 0x10044ed74 0x1002b8000 + 1666420 3 netext 0x10043e4b0 0x1002b8000 + 1598640 4 libboost_context.dylib 0x100937c08 make_fcontext + 24 Thread 6 Crashed:: Dispatch queue: NEFilterExtensionProviderContext queue 0 NetworkExtension 0x19cf1e858 -[NEFilterDataSavedMessageHandler executeWithFlow:context:] + 72 1 NetworkExtension 0x19cf20ee0 __63-[NEFilterDataExtensionProviderContext resumeFlow:withVerdict:]_block_invoke + 428 2 libdispatch.dylib 0x18aa5e8f8 _dispatch_call_block_and_release + 32 3 libdispatch.dylib 0x18aa60658 _dispatch_client_callout + 20 4 libdispatch.dylib 0x18aa67c60 _dispatch_lane_serial_drain + 744 5 libdispatch.dylib 0x18aa6879c _dispatch_lane_invoke + 432 6 libdispatch.dylib 0x18aa737e8 _dispatch_root_queue_drain_deferred_wlh + 288 7 libdispatch.dylib 0x18aa73034 _dispatch_workloop_worker_thread + 540 8 libsystem_pthread.dylib 0x18ac0f3d8 _pthread_wqthread + 288 9 libsystem_pthread.dylib 0x18ac0e0f0 start_wqthread + 8 Thread 7: 0 libsystem_pthread.dylib 0x18ac0e0e8 start_wqthread + 0 Thread 8: 0 libsystem_pthread.dylib 0x18ac0e0e8 start_wqthread + 0 Thread 9: 0 libsystem_pthread.dylib 0x18ac0e0e8 start_wqthread + 0 Thread 10: 0 libsystem_pthread.dylib 0x18ac0e0e8 start_wqthread + 0 Thread 6 crashed with ARM Thread State (64-bit): x0: 0x000000000000015a x1: 0x2d000001ef8ee5b5 x2: 0x0000600002868000 x3: 0x0000600001d3abc0 x4: 0x0000600003e2e600 x5: 0x00000000c505191a x6: 0x00000000000034b0 x7: 0x0000000000000000 x8: 0x000000000000015a x9: 0xf04e1dc8119f0074 x10: 0x00000000000001ff x11: 0x0000000000002ba0 x12: 0x00000000000007fb x13: 0x00000000000007fd x14: 0x00000000fe0aa95e x15: 0x00000000fdeaa15a x16: 0x2d000001ef8ee5b5 x17: 0x2e000001ef8ee5b5 x18: 0x0000000000000000 x19: 0x0000600002444460 x20: 0x0000600002868000 x21: 0x000060000131d2c0 x22: 0x0000600001d3aba0 x23: 0x0000600001d3aba0 x24: 0x00006000033624e8 x25: 0x0000000000000000 x26: 0x0000000000000000 x27: 0x0000600000834300 x28: 0x0000000000000000 fp: 0x00000001701d2820 lr: 0x000000019cf1e848 sp: 0x00000001701d27e0 pc: 0x000000019cf1e858 cpsr: 0x60001000 far: 0x000000000000016a esr: 0x92000006 (Data Abort) byte read Translation fault Binary Images: 0x1002b8000 - 0x1007fbfff com.microsoft.wdav.netext (101.24072.0006) <91b64cf4-234e-349a-bae0-6c440e686754> /Library/SystemExtensions/*/netext 0x100970000 - 0x1009affff libboost_locale.dylib (*) <3433a65f-9a0a-37b4-9731-4b4e2f06123b> /Library/SystemExtensions/*/libboost_locale.dylib 0x100864000 - 0x1008e3fff libzstd.1.dylib (*) <96f7b727-515b-3416-9b43-e374386147e0> /Library/SystemExtensions/*/libzstd.1.dylib 0x100934000 - 0x100937fff libboost_context.dylib (*) <c1a59af6-adb4-358c-b7b2-76e964c13321> /Library/SystemExtensions/*/libboost_context.dylib 0x100a80000 - 0x100aabfff libminizip.2.5.dylib (*) <460e8f1a-23af-3eac-a934-90ecbf5028d9> /Library/SystemExtensions/*/libminizip.2.5.dylib 0x103bd8000 - 0x10525ffff libwdavdaemon_edr_dylib.dylib (*) <8be7aacf-4d67-3a42-84dc-446c024ed34f> /Library/SystemExtensions/*/libwdavdaemon_edr_dylib.dylib 0x100cc0000 - 0x100d2ffff libboost_log.dylib (*) <e62a6618-49e2-3e03-a31e-2ee77ae38add> /Library/SystemExtensions/*/libboost_log.dylib 0x10094c000 - 0x10094ffff libboost_chrono.dylib (*) <dacbe588-4728-37ac-ab02-072cf79c32f5> /Library/SystemExtensions/*/libboost_chrono.dylib 0x100900000 - 0x100913fff libboost_filesystem.dylib (*) <50718b32-aea3-30a5-b2e8-a769903b4f83> /Library/SystemExtensions/*/libboost_filesystem.dylib 0x100a34000 - 0x100a37fff libboost_atomic.dylib (*) <e268ca31-7758-3c93-8027-73a4aace81f6> /Library/SystemExtensions/*/libboost_atomic.dylib 0x100b84000 - 0x100bbbfff libboost_regex.dylib (*) <da636c57-8094-3c5f-8630-ca5ed3a23358> /Library/SystemExtensions/*/libboost_regex.dylib 0x1009f0000 - 0x1009fbfff libboost_thread.dylib (*) <158db4b6-9669-35d6-9f5b-542677e130a1> /Library/SystemExtensions/*/libboost_thread.dylib 0x100ac4000 - 0x100b27fff libazure-storage-lite.dylib (*) <1c3fec71-2b13-3197-a1af-a1937fbfbeaf> /Library/SystemExtensions/*/libazure-storage-lite.dylib 0x100be0000 - 0x100c57fff libcurl.4.dylib (*) <f992a709-f27a-356e-935c-b8cb1ac6b0e2> /Library/SystemExtensions/*/libcurl.4.dylib 0x100c70000 - 0x100ca3fff libmagic.1.dylib (*) <1b5167ed-7aa5-3bb0-b7b3-7c65128a6537> /Library/SystemExtensions/*/libmagic.1.dylib 0x100a18000 - 0x100a1bfff libboost_random.dylib (*) <ebfafc20-4cd2-3ba6-9ba5-5e38ed3f29bb> /Library/SystemExtensions/*/libboost_random.dylib 0x100b58000 - 0x100b5bfff libboost_date_time.dylib (*) <5494df72-e782-3599-be56-d6b9821eb874> /Library/SystemExtensions/*/libboost_date_time.dylib 0x100b68000 - 0x100b6bfff libboost_system.dylib (*) <97901a28-cefa-3755-9b87-a1eff5fae28b> /Library/SystemExtensions/*/libboost_system.dylib 0x101484000 - 0x1016d3fff libcpprest.2.10.dylib (*) <edc81c0c-496b-3d20-bb9f-abe73a8840f4> /Library/SystemExtensions/*/libcpprest.2.10.dylib 0x100f08000 - 0x100f6ffff libssl.3.dylib (*) <1cdfa1f3-db7e-38ea-a381-e1f96a53ded1> /Library/SystemExtensions/*/libssl.3.dylib 0x100fac000 - 0x1011dbfff libcrypto.3.dylib (*) <705082e6-b61d-321e-b8ab-860f5797d985> /Library/SystemExtensions/*/libcrypto.3.dylib 0x100db4000 - 0x100ebffff libsqlite3.0.dylib (*) <1b6bc108-aaf9-32ca-ae83-767e9e5b6141> /Library/SystemExtensions/*/libsqlite3.0.dylib 0x18abd1000 - 0x18ac0bff7 libsystem_kernel.dylib (*) <9a72fd37-d827-3d6d-b6f4-422621e36c94> /usr/lib/system/libsystem_kernel.dylib 0x18aaa6000 - 0x18ab27ffb libsystem_c.dylib (*) <a63f0ef9-59f1-3976-8a7e-2037cd50c605> /usr/lib/system/libsystem_c.dylib 0x18ab28000 - 0x18abb5ffb libc++.1.dylib (*) <57ffcb9d-a6c9-3e9a-aa82-40f192626527> /usr/lib/libc++.1.dylib 0x18ac0c000 - 0x18ac18fff libsystem_pthread.dylib (*) <d09f4078-adad-3dd0-b17b-ce0142887b28> /usr/lib/system/libsystem_pthread.dylib 0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ??? 0x18aa5c000 - 0x18aaa2fff libdispatch.dylib (*) <465565e8-ef8a-3188-80fa-598063c54161> /usr/lib/system/libdispatch.dylib 0x19cebe000 - 0x19d130fff com.apple.NetworkExtension (1.0) <fe6a1926-a7d9-3a07-9fe6-5380b887bdf7> /System/Library/Frameworks/NetworkExtension.framework/Versions/A/NetworkExtension External Modification Summary: Calls made by other processes targeting this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by all processes on this machine: task_for_pid: 0 thread_create: 0 thread_set_state: 0 VM Region Summary: ReadOnly portion of Libraries: Total=891.7M resident=0K(0%) swapped_out_or_unallocated=891.7M(100%) Writable regions: Total=1.5G written=498K(0%) resident=498K(0%) swapped_out=0K(0%) unallocated=1.5G(100%) VIRTUAL REGION REGION TYPE SIZE COUNT (non-coalesced) =========== ======= ======= Activity Tracing 256K 1 Kernel Alloc Once 32K 1 MALLOC 1.4G 32 MALLOC guard page 96K 6 STACK GUARD 144K 9 Stack 6016K 12 Stack Guard 64.0M 4 __AUTH 1045K 213 __AUTH_CONST 17.8M 362 __DATA 4885K 363 __DATA_CONST 13.9M 383 __DATA_DIRTY 691K 112 __FONT_DATA 2352 1 __LINKEDIT 586.6M 23 __OBJC_RW 2353K 1 __TEXT 305.1M 398 __TPRO_CONST 272K 2 mapped file 31.5M 4 owned unmapped memory 32K 1 page table in kernel 498K 1 shared memory 64K 3 =========== ======= ======= TOTAL 2.5G 1932 ----------- Full Report ----------- {"app_name":"netext","timestamp":"2024-09-18 11:52:48.00 +0200","app_version":"101.24072.0006","slice_uuid":"91b64cf4-234e-349a-bae0-6c440e686754","build_version":"101.24072.0006","platform":1,"bundleID":"com.microsoft.wdav.netext","share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"macOS 15.0 (24A335)","roots_installed":0,"name":"netext","incident_id":"6F184DCB-BD68-4C18-B73C-8AEBD649EB46"} { "uptime" : 20000, "procRole" : "Unspecified", "version" : 2, "userID" : 0, "deployVersion" : 210, "modelCode" : "Mac14,7", "coalitionID" : 574, "osVersion" : { "train" : "macOS 15.0", "build" : "24A335", "releaseType" : "User" }, "captureTime" : "2024-09-18 11:52:47.7178 +0200", "codeSigningMonitor" : 1, "incident" : "6F184DCB-BD68-4C18-B73C-8AEBD649EB46", "pid" : 14182, "translated" : false, "cpuType" : "ARM-64", "roots_installed" : 0, "bug_type" : "309", "procLaunch" : "2024-09-18 10:53:13.6648 +0200", "procStartAbsTime" : 408733619761, "procExitAbsTime" : 494509975007, "procName" : "netext", "procPath" : "\/Library\/SystemExtensions\/*\/netext", "bundleInfo" : {"CFBundleShortVersionString":"101.24072.0006","CFBundleVersion":"101.24072.0006","CFBundleIdentifier":"com.microsoft.wdav.netext"}, "parentProc" : "launchd", "parentPid" : 1, "coalitionName" : "NetworkExtension.com.microsoft.wdav.netext.101.24072.0006.101.24072.0006", "crashReporterKey" : "CB6A6847-15D8-0FAD-257C-ACBAD9B7E5D8", "throttleTimeout" : 10, "codeSigningID" : "com.microsoft.wdav.netext", "codeSigningTeamID" : "UBF8T346G9", "codeSigningFlags" : 570503953, "codeSigningValidationCategory" : 6, "codeSigningTrustLevel" : 4294967295, "instructionByteStream" : {"beforePC":"9gMAquADAapEQgaU8wMAquADFKpBQgaU9AMAqtYHALTABkD56AMAqg==","atPC":"CQ1B+CgJP9f9Ax2qRUIGlPUDAKrgAAC0qDZAOWgBADfgAxaq4QMTqg=="}, "bootSessionUUID" : "C541720A-397B-4357-8276-E571644D0D39", "wakeTime" : 13966, "sleepWakeUUID" : "45F9E09D-349D-4D48-95A2-BA96DE05A531", "sip" : "enabled", "vmRegionInfo" : "0x16a is not in any region. Bytes before following region: 4297817750\n REGION TYPE START - END [ VSIZE] PRT\/MAX SHRMOD REGION DETAIL\n UNUSED SPACE AT START\n---> \n __TEXT 1002b8000-1007fc000 [ 5392K] r-x\/r-x SM=COW \/Library\/SystemExtensions\/*\/netext", "exception" : {"codes":"0x0000000000000001, 0x000000000000016a","rawCodes":[1,362],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_INVALID_ADDRESS at 0x000000000000016a"}, "termination" : {"flags":0,"code":11,"namespace":"SIGNAL","indicator":"Segmentation fault: 11","byProc":"exc handler","byPid":14182}, "vmregioninfo" : "0x16a is not in any region. Bytes before following region: 4297817750\n REGION TYPE START - END [ VSIZE] PRT\/MAX SHRMOD REGION DETAIL\n UNUSED SPACE AT START\n---> \n __TEXT 1002b8000-1007fc000 [ 5392K] r-x\/r-x SM=COW \/Library\/SystemExtensions\/*\/netext", "extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0}, "faultingThread" : 6, "threads" : [{"id":575389,"frames":[{"imageOffset":17352,"symbol":"__semwait_signal","symbolLocation":8,"imageIndex":22},{"imageOffset":59156,"symbol":"nanosleep","symbolLocation":220,"imageIndex":23},{"imageOffset":144116,"symbol":"std::__1::this_thread::sleep_for(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l>> const&)","symbolLocation":84,"imageIndex":24},{"imageOffset":120172,"imageIndex":0},{"imageOffset":119936,"imageIndex":0},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":25},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":25}],"threadState":{"x":[{"value":4},{"value":0},{"value":1},{"value":1},{"value":60},{"value":0},{"value":52},{"value":0},{"value":8308229416,"symbolLocation":0,"symbol":"clock_sem"},{"value":16387},{"value":17},{"value":2},{"value":0},{"value":0},{"value":0},{"value":0},{"value":334},{"value":8444346648},{"value":0},{"value":6170193456},{"value":6170193456},{"value":6170193648},{"value":6170193584},{"value":0},{"value":60000000000},{"value":0},{"value":0},{"value":0},{"value":1}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6621447956},"cpsr":{"value":1610616832},"fp":{"value":6170193440},"sp":{"value":6170193392},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6622630856},"far":{"value":0}}},{"id":575391,"frames":[{"imageOffset":38672,"symbol":"poll","symbolLocation":8,"imageIndex":22},{"imageOffset":1653716,"imageIndex":0},{"imageOffset":1655884,"imageIndex":0},{"imageOffset":1391636,"imageIndex":0},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":25},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":25}],"threadState":{"x":[{"value":4},{"value":0},{"value":4294967295},{"value":67111167},{"value":8308204368,"symbolLocation":48,"symbol":"_OS_dispatch_queue_global_vtable"},{"value":32},{"value":105553125019584},{"value":0},{"value":5},{"value":6},{"value":1},{"value":8308208560,"symbolLocation":1264,"symbol":"_dispatch_root_queues"},{"value":64},{"value":105553149171232},{"value":2095104},{"value":2043},{"value":230},{"value":8444346824},{"value":0},{"value":4302272666},{"value":105553156521984},{"value":1},{"value":4303553640,"symbolLocation":0,"symbol":"stdext::logging::details::logger"},{"value":4303401680},{"value":0},{"value":0},{"value":5265971192},{"value":4303401424},{"value":4299458884}],"flavor":"ARM_THREAD_STATE64","lr":{"value":4299471828},"cpsr":{"value":2684358656},"fp":{"value":6171339888},"sp":{"value":6171339856},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6622652176},"far":{"value":0}}},{"id":575392,"frames":[{"imageOffset":38672,"symbol":"poll","symbolLocation":8,"imageIndex":22},{"imageOffset":1653716,"imageIndex":0},{"imageOffset":1655884,"imageIndex":0},{"imageOffset":1391636,"imageIndex":0},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":25},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":25}],"threadState":{"x":[{"value":4},{"value":0},{"value":4294967295},{"value":105553165943216},{"value":6171914240},{"value":419432703},{"value":0},{"value":0},{"value":8},{"value":9},{"value":1},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":230},{"value":0},{"value":0},{"value":4302272666},{"value":105553156522192},{"value":105553146824192},{"value":4303553640,"symbolLocation":0,"symbol":"stdext::logging::details::logger"},{"value":4303401680},{"value":0},{"value":0},{"value":0},{"value":4303401424},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":4299471828},"cpsr":{"value":2684358656},"fp":{"value":6171913328},"sp":{"value":6171913296},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6622652176},"far":{"value":0}}},{"id":575393,"frames":[{"imageOffset":34148,"symbol":"__sigsuspend_nocancel","symbolLocation":8,"imageIndex":22},{"imageOffset":96940,"symbol":"_dispatch_sigsuspend","symbolLocation":48,"imageIndex":27},{"imageOffset":96892,"symbol":"_dispatch_sig_thread","symbolLocation":60,"imageIndex":27}],"threadState":{"x":[{"value":4},{"value":0},{"value":0},{"value":6172487616},{"value":6172487744},{"value":419432703},{"value":0},{"value":0},{"value":6172487616},{"value":6172487616},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":410},{"value":8444348768},{"value":0},{"value":6621343120,"symbolLocation":0,"symbol":"_dispatch_sigsuspend.mask"},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6621182636},"cpsr":{"value":536875008},"fp":{"value":6172487584},"sp":{"value":6172487568},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6622647652},"far":{"value":0}}},{"id":575487,"frames":[{"imageOffset":38672,"symbol":"poll","symbolLocation":8,"imageIndex":22},{"imageOffset":1653716,"imageIndex":0},{"imageOffset":1666420,"imageIndex":0},{"imageOffset":1598640,"imageIndex":0},{"imageOffset":15368,"symbol":"make_fcontext","symbolLocation":24,"imageIndex":3}],"threadState":{"x":[{"value":4},{"value":0},{"value":4294967295},{"value":67111167},{"value":4299420936},{"value":32},{"value":105553124852288},{"value":4563691800},{"value":13},{"value":15},{"value":1},{"value":8308208560,"symbolLocation":1264,"symbol":"_dispatch_root_queues"},{"value":64},{"value":105553149168672},{"value":2095104},{"value":2043},{"value":230},{"value":8444346824},{"value":0},{"value":4563954792},{"value":4563954976},{"value":105553162682368},{"value":0},{"value":4563954496},{"value":105553146924272},{"value":105553136275536},{"value":1},{"value":4294967295},{"value":105553136275536}],"flavor":"ARM_THREAD_STATE64","lr":{"value":4299471828},"cpsr":{"value":1610616832},"fp":{"value":4563953216},"sp":{"value":4563953184},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6622652176},"far":{"value":0}}},{"id":575491,"frames":[{"imageOffset":38672,"symbol":"poll","symbolLocation":8,"imageIndex":22},{"imageOffset":1653716,"imageIndex":0},{"imageOffset":1666420,"imageIndex":0},{"imageOffset":1598640,"imageIndex":0},{"imageOffset":15368,"symbol":"make_fcontext","symbolLocation":24,"imageIndex":3}],"threadState":{"x":[{"value":4},{"value":0},{"value":4294967295},{"value":67111167},{"value":4299420936},{"value":32},{"value":105553124824896},{"value":16383},{"value":19},{"value":20},{"value":1},{"value":8308208560,"symbolLocation":1264,"symbol":"_dispatch_root_queues"},{"value":64},{"value":105553149168160},{"value":2095104},{"value":2043},{"value":230},{"value":8444346824},{"value":0},{"value":4832914536},{"value":4832914720},{"value":105553162912384},{"value":0},{"value":4832914240},{"value":5278006288},{"value":105553136262512},{"value":1},{"value":4294967295},{"value":105553136262512}],"flavor":"ARM_THREAD_STATE64","lr":{"value":4299471828},"cpsr":{"value":1610616832},"fp":{"value":4832912960},"sp":{"value":4832912928},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6622652176},"far":{"value":0}}},{"triggered":true,"id":608068,"threadState":{"x":[{"value":346},{"value":3242591740020843957,"symbolLocation":3242591731706757125,"symbol":"OBJC_CLASS_$_NEFilterDataExtensionProviderContext"},{"value":105553158635520},{"value":105553146915776},{"value":105553181468160},{"value":3305445658},{"value":13488},{"value":0},{"value":346},{"value":17315810362412433524},{"value":511},{"value":11168},{"value":2043},{"value":2045},{"value":4262111582},{"value":4260012378},{"value":3242591740020843957,"symbolLocation":3242591731706757125,"symbol":"OBJC_CLASS_$_NEFilterDataExtensionProviderContext"},{"value":3314649334058771893,"symbolLocation":3314649325744685061,"symbol":"OBJC_CLASS_$_NEFilterDataExtensionProviderContext"},{"value":0},{"value":105553154294880},{"value":105553158635520},{"value":105553136308928},{"value":105553146915744},{"value":105553146915744},{"value":105553170146536},{"value":0},{"value":0},{"value":105553124868864},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6928066632},"cpsr":{"value":1610616832},"fp":{"value":6175926304},"sp":{"value":6175926240},"esr":{"value":2449473542,"description":"(Data Abort) byte read Translation fault"},"pc":{"value":6928066648,"matchesCrashFrame":1},"far":{"value":362}},"queue":"NEFilterExtensionProviderContext queue","frames":[{"imageOffset":395352,"symbol":"-[NEFilterDataSavedMessageHandler executeWithFlow:context:]","symbolLocation":72,"imageIndex":28},{"imageOffset":405216,"symbol":"__63-[NEFilterDataExtensionProviderContext resumeFlow:withVerdict:]_block_invoke","symbolLocation":428,"imageIndex":28},{"imageOffset":10488,"symbol":"_dispatch_call_block_and_release","symbolLocation":32,"imageIndex":27},{"imageOffset":18008,"symbol":"_dispatch_client_callout","symbolLocation":20,"imageIndex":27},{"imageOffset":48224,"symbol":"_dispatch_lane_serial_drain","symbolLocation":744,"imageIndex":27},{"imageOffset":51100,"symbol":"_dispatch_lane_invoke","symbolLocation":432,"imageIndex":27},{"imageOffset":96232,"symbol":"_dispatch_root_queue_drain_deferred_wlh","symbolLocation":288,"imageIndex":27},{"imageOffset":94260,"symbol":"_dispatch_workloop_worker_thread","symbolLocation":540,"imageIndex":27},{"imageOffset":13272,"symbol":"_pthread_wqthread","symbolLocation":288,"imageIndex":25},{"imageOffset":8432,"symbol":"start_wqthread","symbolLocation":8,"imageIndex":25}]},{"id":613021,"frames":[{"imageOffset":8424,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":25}],"threadState":{"x":[{"value":6173061120},{"value":22363},{"value":6172524544},{"value":0},{"value":409604},{"value":18446744073709551615},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":0},"cpsr":{"value":4096},"fp":{"value":0},"sp":{"value":6173061120},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6622863592},"far":{"value":0}}},{"id":623292,"frames":[{"imageOffset":8424,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":25}],"threadState":{"x":[{"value":6169620480},{"value":43823},{"value":6169083904},{"value":0},{"value":409604},{"value":18446744073709551615},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":0},"cpsr":{"value":4096},"fp":{"value":0},"sp":{"value":6169620480},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6622863592},"far":{"value":0}}},{"id":623293,"frames":[{"imageOffset":8424,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":25}],"threadState":{"x":[{"value":6174781440},{"value":64631},{"value":6174244864},{"value":0},{"value":409604},{"value":18446744073709551615},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":0},"cpsr":{"value":4096},"fp":{"value":0},"sp":{"value":6174781440},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6622863592},"far":{"value":0}}},{"id":626402,"frames":[{"imageOffset":8424,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":25}],"threadState":{"x":[{"value":6176501760},{"value":0},{"value":6175965184},{"value":0},{"value":278532},{"value":18446744073709551615},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":0},"cpsr":{"value":4096},"fp":{"value":0},"sp":{"value":6176501760},"esr":{"value":0,"description":" Address size fault"},"pc":{"value":6622863592},"far":{"value":0}}}], "usedImages" : [ { "source" : "P", "arch" : "arm64", "base" : 4297818112, "CFBundleShortVersionString" : "101.24072.0006", "CFBundleIdentifier" : "com.microsoft.wdav.netext", "size" : 5521408, "uuid" : "91b64cf4-234e-349a-bae0-6c440e686754", "path" : "\/Library\/SystemExtensions\/*\/netext", "name" : "netext", "CFBundleVersion" : "101.24072.0006" }, { "source" : "P", "arch" : "arm64", "base" : 4304863232, "size" : 262144, "uuid" : "3433a65f-9a0a-37b4-9731-4b4e2f06123b", "path" : "\/Library\/SystemExtensions\/*\/libboost_locale.dylib", "name" : "libboost_locale.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4303765504, "size" : 524288, "uuid" : "96f7b727-515b-3416-9b43-e374386147e0", "path" : "\/Library\/SystemExtensions\/*\/libzstd.1.dylib", "name" : "libzstd.1.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4304617472, "size" : 16384, "uuid" : "c1a59af6-adb4-358c-b7b2-76e964c13321", "path" : "\/Library\/SystemExtensions\/*\/libboost_context.dylib", "name" : "libboost_context.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4305977344, "size" : 180224, "uuid" : "460e8f1a-23af-3eac-a934-90ecbf5028d9", "path" : "\/Library\/SystemExtensions\/*\/libminizip.2.5.dylib", "name" : "libminizip.2.5.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4357718016, "size" : 23625728, "uuid" : "8be7aacf-4d67-3a42-84dc-446c024ed34f", "path" : "\/Library\/SystemExtensions\/*\/libwdavdaemon_edr_dylib.dylib", "name" : "libwdavdaemon_edr_dylib.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4308336640, "size" : 458752, "uuid" : "e62a6618-49e2-3e03-a31e-2ee77ae38add", "path" : "\/Library\/SystemExtensions\/*\/libboost_log.dylib", "name" : "libboost_log.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4304715776, "size" : 16384, "uuid" : "dacbe588-4728-37ac-ab02-072cf79c32f5", "path" : "\/Library\/SystemExtensions\/*\/libboost_chrono.dylib", "name" : "libboost_chrono.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4304404480, "size" : 81920, "uuid" : "50718b32-aea3-30a5-b2e8-a769903b4f83", "path" : "\/Library\/SystemExtensions\/*\/libboost_filesystem.dylib", "name" : "libboost_filesystem.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4305666048, "size" : 16384, "uuid" : "e268ca31-7758-3c93-8027-73a4aace81f6", "path" : "\/Library\/SystemExtensions\/*\/libboost_atomic.dylib", "name" : "libboost_atomic.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4307042304, "size" : 229376, "uuid" : "da636c57-8094-3c5f-8630-ca5ed3a23358", "path" : "\/Library\/SystemExtensions\/*\/libboost_regex.dylib", "name" : "libboost_regex.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4305387520, "size" : 49152, "uuid" : "158db4b6-9669-35d6-9f5b-542677e130a1", "path" : "\/Library\/SystemExtensions\/*\/libboost_thread.dylib", "name" : "libboost_thread.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4306255872, "size" : 409600, "uuid" : "1c3fec71-2b13-3197-a1af-a1937fbfbeaf", "path" : "\/Library\/SystemExtensions\/*\/libazure-storage-lite.dylib", "name" : "libazure-storage-lite.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4307419136, "size" : 491520, "uuid" : "f992a709-f27a-356e-935c-b8cb1ac6b0e2", "path" : "\/Library\/SystemExtensions\/*\/libcurl.4.dylib", "name" : "libcurl.4.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4308008960, "size" : 212992, "uuid" : "1b5167ed-7aa5-3bb0-b7b3-7c65128a6537", "path" : "\/Library\/SystemExtensions\/*\/libmagic.1.dylib", "name" : "libmagic.1.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4305551360, "size" : 16384, "uuid" : "ebfafc20-4cd2-3ba6-9ba5-5e38ed3f29bb", "path" : "\/Library\/SystemExtensions\/*\/libboost_random.dylib", "name" : "libboost_random.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4306862080, "size" : 16384, "uuid" : "5494df72-e782-3599-be56-d6b9821eb874", "path" : "\/Library\/SystemExtensions\/*\/libboost_date_time.dylib", "name" : "libboost_date_time.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4306927616, "size" : 16384, "uuid" : "97901a28-cefa-3755-9b87-a1eff5fae28b", "path" : "\/Library\/SystemExtensions\/*\/libboost_system.dylib", "name" : "libboost_system.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4316479488, "size" : 2424832, "uuid" : "edc81c0c-496b-3d20-bb9f-abe73a8840f4", "path" : "\/Library\/SystemExtensions\/*\/libcpprest.2.10.dylib", "name" : "libcpprest.2.10.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4310728704, "size" : 425984, "uuid" : "1cdfa1f3-db7e-38ea-a381-e1f96a53ded1", "path" : "\/Library\/SystemExtensions\/*\/libssl.3.dylib", "name" : "libssl.3.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4311400448, "size" : 2293760, "uuid" : "705082e6-b61d-321e-b8ab-860f5797d985", "path" : "\/Library\/SystemExtensions\/*\/libcrypto.3.dylib", "name" : "libcrypto.3.dylib" }, { "source" : "P", "arch" : "arm64", "base" : 4309336064, "size" : 1097728, "uuid" : "1b6bc108-aaf9-32ca-ae83-767e9e5b6141", "path" : "\/Library\/SystemExtensions\/*\/libsqlite3.0.dylib", "name" : "libsqlite3.0.dylib" }, { "source" : "P", "arch" : "arm64e", "base" : 6622613504, "size" : 241656, "uuid" : "9a72fd37-d827-3d6d-b6f4-422621e36c94", "path" : "\/usr\/lib\/system\/libsystem_kernel.dylib", "name" : "libsystem_kernel.dylib" }, { "source" : "P", "arch" : "arm64e", "base" : 6621388800, "size" : 532476, "uuid" : "a63f0ef9-59f1-3976-8a7e-2037cd50c605", "path" : "\/usr\/lib\/system\/libsystem_c.dylib", "name" : "libsystem_c.dylib" }, { "source" : "P", "arch" : "arm64e", "base" : 6621921280, "size" : 581628, "uuid" : "57ffcb9d-a6c9-3e9a-aa82-40f192626527", "path" : "\/usr\/lib\/libc++.1.dylib", "name" : "libc++.1.dylib" }, { "source" : "P", "arch" : "arm64e", "base" : 6622855168, "size" : 53248, "uuid" : "d09f4078-adad-3dd0-b17b-ce0142887b28", "path" : "\/usr\/lib\/system\/libsystem_pthread.dylib", "name" : "libsystem_pthread.dylib" }, { "size" : 0, "source" : "A", "base" : 0, "uuid" : "00000000-0000-0000-0000-000000000000" }, { "source" : "P", "arch" : "arm64e", "base" : 6621085696, "size" : 290816, "uuid" : "465565e8-ef8a-3188-80fa-598063c54161", "path" : "\/usr\/lib\/system\/libdispatch.dylib", "name" : "libdispatch.dylib" }, { "source" : "P", "arch" : "arm64e", "base" : 6927671296, "CFBundleShortVersionString" : "1.0", "CFBundleIdentifier" : "com.apple.NetworkExtension", "size" : 2568192, "uuid" : "fe6a1926-a7d9-3a07-9fe6-5380b887bdf7", "path" : "\/System\/Library\/Frameworks\/NetworkExtension.framework\/Versions\/A\/NetworkExtension", "name" : "NetworkExtension", "CFBundleVersion" : "1" } ], "sharedCache" : { "base" : 6618365952, "size" : 4728717312, "uuid" : "d997b0e9-e31b-35fe-b129-3171b279b087" }, "vmSummary" : "ReadOnly portion of Libraries: Total=891.7M resident=0K(0%) swapped_out_or_unallocated=891.7M(100%)\nWritable regions: Total=1.5G written=498K(0%) resident=498K(0%) swapped_out=0K(0%) unallocated=1.5G(100%)\n\n VIRTUAL REGION \nREGION TYPE SIZE COUNT (non-coalesced) \n=========== ======= ======= \nActivity Tracing 256K 1 \nKernel Alloc Once 32K 1 \nMALLOC 1.4G 32 \nMALLOC guard page 96K 6 \nSTACK GUARD 144K 9 \nStack 6016K 12 \nStack Guard 64.0M 4 \n__AUTH 1045K 213 \n__AUTH_CONST 17.8M 362 \n__DATA 4885K 363 \n__DATA_CONST 13.9M 383 \n__DATA_DIRTY 691K 112 \n__FONT_DATA 2352 1 \n__LINKEDIT 586.6M 23 \n__OBJC_RW 2353K 1 \n__TEXT 305.1M 398 \n__TPRO_CONST 272K 2 \nmapped file 31.5M 4 \nowned unmapped memory 32K 1 \npage table in kernel 498K 1 \nshared memory 64K 3 \n=========== ======= ======= \nTOTAL 2.5G 1932 \n", "legacyInfo" : { "threadTriggered" : { "queue" : "NEFilterExtensionProviderContext queue" } }, "logWritingSignature" : "62249708b7ef8de2d4e62a44c5da827854986c62" }Daniel9876Nov 13, 2024Copper Contributor1.4KViews0likes1CommentOn-prem, Server2022, onboarded via GPO, not visible in Portal..?
Per Title, this affects just one server (AFAIK). Additional info: Onboarding GPO configured as per docs (and identically to other AOK machines in this Domain) Application Log, EventID 20: "Successfully onboarded machine to Microsoft Defender for Endpoint" as expected MDE Client Analyzer Results correct OrgID is shown DeviceID is shown One error (MDECloud cert pinning: "Certificate pinning validation for https://ecs.office.com/config/v1/MicrosoftWindowsDefenderClient/1.0.0.0 has failed. The test has failed because an error occured when fetching the root CA in the cert chain. The certificate issuer that was fetched from the URL was: CN=DigiCert Cloud Services CA-1, O=DigiCert Inc, C=US") But FW logs show successful connections to ecs.office.com, no drops/denies manual navigation to that URL from affected box returns some JSON, inc StatusCode: 200 (which I assume is "OK") Using old connectivity mode/method (not streamlined) Unlike all other devices, this one cannot be found in the Portal, by name, DeviceID, account logins, etc. No trace at all... Could this be explained by the Certificate Pinning issue? What are best steps to troubleshoot this box's non-appearance in Portal?autopoiesisNov 13, 2024Copper Contributor7Views0likes1CommentDefender GPO deployment not working
We followed the guide located here: https://learn.microsoft.com/en-us/defender-endpoint/configure-endpoints-gp The GPO is being applied to the test endpoints but they are still showing as "can be onboarded" in Defender. I went through and checked the registry entries that are in the script, and I see that they are present. Task scheduler shows that the task created via the GPO ran successfully as well. However, the devices still aren't onboarded in Defender.habbababbaNov 13, 2024Occasional Reader7Views0likes0CommentsBlock Copy/Paste in MS Teams
Hello, Despite finding this question asked frequently online, I haven't been able to find a definitive answer. We are trying to completely disable the copy/paste function in the Microsoft Teams application when users are logged in from a Windows 10/11 PC. We've successfully implemented this restriction for users accessing Teams via a web browser on a PC, but the same solution doesn't seem to apply to the desktop application. Could anyone provide guidance on whether this is possible and, if so, share any references or helpful links? Thanks in advance!drivesafelyNov 13, 2024Brass Contributor1.1KViews1like5CommentsGet-MpPerformanceReport results meaning
Does anyone know what are the options and their meaning for results in "Scan Type" column when reading etl report via Get-MpPerformanceReport -TopScans parameter? I have a result where all lines are described as "FileScan" but I have not found explanation in the documentation to the meaning of this description or any possible other results.LamiakkNov 13, 2024Occasional Reader14Views0likes2CommentsMDE Updates on Co-Managed Devices
Hello Team, We've onboarded our devices to Microsoft Defender for Endpoint (MDE) with the following setup: Devices are hybrid-joined to Entra. Enrolled in Intune via on-prem SCCM co-management. Onboarded to MDE from Intune through an EDR policy. Previously, these devices used a third-party EDR, with Defender disabled via Group Policy. After removing the third-party EDR, we found many devices with outdated Defender updates (from 2019), as follows: Security Intelligence: Version 1.303.25.0 Engine: 1.1.16400.2 Platform: 4.18.1909.6 Currently, SCCM manages the "Windows Update policies" workload in this co-managed environment. However, post-onboarding, Defender updates are not being applied through SCCM. Could someone advise on how to ensure these devices receive the latest Defender updates, or suggest troubleshooting steps? Thank youdrivesafelyNov 13, 2024Brass Contributor53Views0likes8CommentsDuplicate alerts generated when unsanctioned app is accessed
We use defender for endpoint and also sanction/unsanction cloud applications in defender. When unsanctioned application is blocked we get two alerts generated for it. One titled "Connection to a custom network indicator" and second "Unsanctioned cloud app access was blocked" We expect and want only one of these alerts, but can't seem to find correct area to edit policy for "Unsanctioned cloud app access was blocked" and editing "Connection to a custom network indicator" seems to require editing alert settings for each indicator. Maybe there is better way for latter one. Connection to a custom network indicator When application is unsanctioned, it creates a custom indicator which is further vieweable at Defender > System > Settings > Endpoints > Rules > Indicators URLs/Domains. Application column is displaying cloud app which was sanctioned and alert with title "Unsanctioned cloud app access was blocked" for each indicator can be furter edited from this area. This would be one place we can turn off these alerts, but hoping there is bulk edit or a global setting to not create these alerts when cloud app is unsanctioned. This is the alert policy/rule we would like to turn off and not have created automatically for each unsanctioned cloud app. Is there a setting to disable autoamtic creating of these alerts with each new unsanctioned cloud app? Unsanctioned cloud app access was blocked Only severity can be changed for these alerts as far as I can find under Settings > Cloud apps > Cloud Discovery > Microsoft Defender for Endpoint. That is okay as this is the preffered alert that would like to retainVOatMH1265Nov 13, 2024Copper Contributor163Views0likes4CommentsIssues Enrolling Devices to Microsoft Defender for Business via Intune
Hi All, I am in the process of adding devices (Mainly Surfaces) onto Microsoft Intune and enrolling them into Microsoft Defender for Business. Everything appears to be correct and I have followed countless guides to ensure this, but the devices aren't automatically enrolling to Defender. I have even manually added devices into Microsoft Defender and they all appear as 'Onboarded', but under Assets > Devices, but when checking the Antivirus policies on Intune which is applied to all devices, the assignment status is showing as pending for all devices. Does anyone have any idea why these aren't connecting?JL_SECNov 12, 2024Occasional Reader47Views0likes3CommentsMicrosoft Defender for Endpoint iOS auto sign in / auto logon
Hello, We have our fleet of iOS devices managed through Jamf Pro. We have deployedMicrosoft Defender as required app to our iOS devices and have setup SSO and everything is working fine. So I wonder if it is possible to auto sign in users into Microsoft Defender and automate the rest of the steps that follows through without any user interaction, as SSO is setup up already on the device for every enterprise app. To clarify further, right now this is how it works. I open Microsoft Defender on the device and see my account. I then manually click on my account and go through the process of accepting terms & conditions etc. Look at the pictures of how the process looks like. Can we automate this process? If this is not possible where can I post a future request for this?RandomUser45Nov 11, 2024Copper Contributor593Views3likes2CommentsSenseNdr.exe is slowly eating the memory
Hello, For a few days now, we have some Windows Server 2019 physical machines where almot all the memory is commited to sensendr.exe. If you terminate sensendr.exe, the process comes back after a few minutes. On one machine the problem came back after a little bit more than one day, on the others the problem has not come back (yet). All the machines are patches with the 2024-09 CU. Here is a view of the resource monitor : On another machine : Do you have any idea what could cause that and how to avoid it ? We can't find any error messages that could explain the problem. Thanks in advance for your answers MarcMarcVDHNov 08, 2024Iron Contributor10KViews4likes47Comments
Resources
Tags
- Defender14 Topics
- MDATP13 Topics
- Defender for Endpoint13 Topics
- defender atp10 Topics
- ATP10 Topics
- security7 Topics
- Microsoft Defender for Endpoint6 Topics
- Microsoft Defender ATP5 Topics
- MDE5 Topics