Forum Discussion
MS Defender Suspected identity theft (pass-the-ticket) alerts
Hi We've been receiving a number of alerts as above. We think this may be related to our AOVPN solution reassigning identical IP addresses to users and Defender deciding these are pass the ticket accounts has anyone else seen something similar? Is this 'normal' behaviour from Defender?
2 Replies
- AOVPN here and MDI in recommended test mode. See several of these due to DA AOVPN. How did you go about suppressing these alerts? We are aware exhibited behavior is expected but any thoughts on exclusions for detection rule id? Raised case with support and response were unsatisfactory as it can directly introduced slippage on alerts.
Pd_Redcar We started to see these alerts yesterday as well. We are also using AoVPN and think that it may be an issue with re-assigning IPs. If you find anything out please let post a message here. I will do the same
