Forum Discussion
Defender365 Alerts for high volume file deletion
All of a sudden we're getting large volumes of alerts from Defender for unusual volume of file deletions. We seldom get these and when we do it has previously turned out to be a user clearing old fil...
Joining the party. We're seeing this alert activity in multiple tenant defender consoles as well. Have also contacted support (early Sept) - they stated they knew and were working on the issue, and had offered similar advice of disabling default policy and creating a new one - This is what we tried.
Reporting back, over a month later, and we are getting the same alerts from the custom policy - Although volume is much less. I know there is a burn in period for these heuristic/ai policies but I thought it was only about a week, and we not seen any alerts for at least 6 weeks. Thought we had this one resolved, but apparently not... 😞
Oddly enough, the custom policy clearly states ‘files deleted from a site’, yet these are LOCAL temp/appdata/inetcache files.
Reporting back, over a month later, and we are getting the same alerts from the custom policy - Although volume is much less. I know there is a burn in period for these heuristic/ai policies but I thought it was only about a week, and we not seen any alerts for at least 6 weeks. Thought we had this one resolved, but apparently not... 😞
Oddly enough, the custom policy clearly states ‘files deleted from a site’, yet these are LOCAL temp/appdata/inetcache files.
- Sorry although i am late, i am joining the party
