Forum Discussion
Kapildev_C
Jan 04, 2024Copper Contributor
Possible tampering with protected processes on one endpoint
Hi,
Received an alert from endpoint stating that "Possible tampering with protected processes". Post checking the details it says "SenseCE.exe process protection level has dropped". Could someone help me with an investigation? SenseCE.exe is a Windows process don't know how it got downgraded. The screenshot is attached fyr.
- BillClarksonAntillIron Contributor
Hey Kapildev_C
Are you running any other antivirus or RMM (Remote Management and Monitoring) based services on that system by chance?
Im wondering if someone has tried to overrite the Microsoft Defender for Endpoint Sense Classification Engine (SenseCE.exe)
Are you running any labels or Data Loss Prevention policies across your fleet?
- Kapildev_CCopper ContributorWe are not using any other Antivirus on that machine. but DLP is enabled on that machine.