Forum Discussion

stmarko's avatar
stmarko
Copper Contributor
Jan 12, 2022

Can Defender for Endpoint detect JNDI Lookup workaround

Hi,

 

can Defender for Endpoint detect, that JNDI lookup workaround was implemented on log4j library ?

 

Will venerability disappear in venerability dashboard or device software inventory when  JNDI lookup workaround is implemented ?

3 Replies

  • alesuds's avatar
    alesuds
    Copper Contributor
    Jan 24, 2022

    stmarko 

     I have the same question: if the JNDILookup class is manually removed, will Defender pick that up?

  • David_Caddick's avatar
    David_Caddick
    Brass Contributor
    Jan 12, 2022
    Here ya go:
    https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/#TVM-mitigation
    • stmarko's avatar
      stmarko
      Copper Contributor
      Jan 17, 2022

      David_Caddick 

      Hi David, I think this Mitigation status works only when you click on Mitigation option in Defender and

      Defender agent applies the JNDL lookup workaround.

      My question was, can Defender detect when JNDL Lookup workaround is performed manually by server admins.