Forum Discussion
Defender detected malware but didn't quarantine it
Hi All, Recently saw a malware detection in Defender for Endpoint for a downloaded zip folder linked to alert A file or network connection related to ransomware-linked actor Storm-0494 detected i...
you can add an indicator to block or allow the file in the MDE settings.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide
elieelkarkafi thanks for the reply but shouldn't block happen automatically rather than having to add a file indicator? I have checked we have our remediation level set to full.
- raise a ticket with the security team so can check that kind of ransomware received to this endpoint
- Thanks everyone for your input, Ill get this raised with support and let you know what they feedback with.
- yeah that shouldn't have been allowed to run from what was described. I would log a ticket with support. I wonder if there were any other fun oopsie's this month other than breaking network inspection for over a fortnight
