Forum Discussion
Defender365 Alerts for high volume file deletion
- HussaynNov 22, 2022Copper ContributorInteresting you mention this, I sitll have a MS ticket open, they asked me to check it again, I reenabled this rule I beleive on 7th Nov, then MS asked whats the status of the rule, I went to check and I thought I was going crazy as it was not there on the 8th.
I was informed yesterday 21st Nov that it was deleted by MS, however I assumed it was just in my tenant and that was infuriating, however it seems you have the same, no rule. This is extremly frustrating that they would simply delete the rule without giving notification. These 1st line guys from MS said it wsa done because my origional issues was getting too many alerts... Jokers.
What I would say is they did come back to me before the 7th and say MS had adjusted the algorithm which was too agresive, then they changed it agian, but I only got 1 alert email between 7th and 8th.
I was also informed by on of their 1st line guys that they may soon remove this alerting rule and we would need to create one in its place manually, but I was not expecting it to be deleted straight away.
Today they said they will check why it was deleted and get it added back in
Lets see what these jokers come back with tomorrow.- Leo_LopezNov 22, 2022Copper Contributor
I was also informed my MS support that the policy is "...in the process of being deprecated based on customer feedback..." Then, I was told I can just recreate the policy myself.
- HussaynNov 24, 2022Copper Contributor
Hahh, I just spotted this MC447684 which explains but tbh I dont recall being asked or giving any feedback to say I want to remove this old rule - do any of you?
It took these MS support people 6 weeks of this case being open to corrolate this. I wish they would have pointed me to this when I opened the case.
I'm 100% . Thanks Microsoft
- Steve WhitcherNov 10, 2022Bronze Contributor
Leo_Lopez To the contrary, I had disabled the original rule and created a custom one per support's recommendation. That did seem to help, we were seeing few alerts from it, right up until about 8am CST on 11/8/22. I received 22 emails from this alert, again related to appdata folders on the local machine, over the next 48 hours.
The date does coincide though, I wonder if something was changed that day?