Forum Discussion
Unusual volume of file deletion
Our company is starting to get alot of alerts regarding 'Unusual volume of file deletion'. It seems like every deletion path is c\users\appdata\local or c\users\appdata\local As we investigate, the...
I've just started seeing these come up in my environment recently. While I could definitely see a malicious actor deleting temp files from the user profile to hide it's tracks, I can't help but wonder if these might just be a new monitor that is a little overzealous. The fact that I'm seeing posts from others who got these alerts as far back as november though has me wondering what changed that they're suddenly happening here.
- Since my last post, these alerts have only increased. I have received over 30 of these messages in past ~3 hours. It's getting ridiculous. Has anyone found a solution to adjust the sensitivity on these?
- I have this same scenario, I received 190 alerts of this type, I analyzed most of them and they all point to the appdata folder, I realized that they are false positives, I will close the incidents on the defender portal with the false positive information, now I need to wait if I will still receive this large mass of incidents of this type
