Forum Discussion

Kapildev_C's avatar
Kapildev_C
Copper Contributor
Jan 04, 2024

Possible tampering with protected processes on one endpoint

Hi,

Received an alert from endpoint stating that "Possible tampering with protected processes". Post checking the details it says "SenseCE.exe process protection level has dropped". Could someone help me with an investigation? SenseCE.exe is a Windows process don't know how it got downgraded. The screenshot is attached fyr.

  • Hey Kapildev_C 

     

    Are you running any other antivirus or RMM (Remote Management and Monitoring) based services on that system by chance?

     

    Im wondering if someone has tried to overrite the Microsoft Defender for Endpoint Sense Classification Engine (SenseCE.exe)

     

    Are you running any labels or Data Loss Prevention policies across your fleet?

    • Kapildev_C's avatar
      Kapildev_C
      Copper Contributor
      We are not using any other Antivirus on that machine. but DLP is enabled on that machine.

Resources