Forum Discussion
365 Defender missing Alert Content
Strange one this one... We recently performed some pentesting via a VM and workstation, in one of the tests, The Bloodhound tool was used and defender caught it and dealt with it
HackTool:PowerShell/BloodHound.G!MSR
Remediation action :quarantine
so the next step was to disable defender on the endpoint with the simple regedit so we could continue.
Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force
I saw all this the 365 Alerts window, and I Ieven took a copy and pasted into notepad of what I saw from the Alerts. 1 week later I get back into this Alert to close it out and , I see the "Defender detected and quarantined" etc but the regedit used to disable defender is no longer showing in the Alert??
I checked the time line, no sign of it but I saw it as part of the alert as it was coming in.. Any idea?
Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force
I saw all this the 365 Alerts window, and I Ieven took a copy and pasted into notepad of what I saw from the Alerts. 1 week later I get back into this Alert to close it out and , I see the "Defender detected and quarantined" etc but the regedit used to disable defender is no longer showing in the Alert??
I checked the time line, no sign of it but I saw it as part of the alert as it was coming in.. Any idea?
No RepliesBe the first to reply