Defender for Business - No alert after process lock out ?

Question

Hello all,&nbsp;A few days ago, I have setup Defender for business server on a Windows Server 2019.I can see that server in the Microsoft security portail devices list.I have also tested the "suspicious" powershell command provided by Microsoft and it went all good. Powershell blocked, alert escaladed as incident in the security portal, email received, ...But the next day, I tried to install a service on that server that got blocked by Virus &amp; Thread Protection because it was attempting to modify a lot of files. That was a good point for Defender (it was not a real thread and was later added as exception).My worry is that it was never escaladed to the security portal, I didn't received a alert email, .. The system blocked that "thread" multiple times during my attempt to deploy it and no incident were throw.What could be wrong ?&nbsp;Thank you.&nbsp;&nbsp;

rishmishra0727 · Answer

Hi Karnalta,&nbsp;When file get detected as malicious it goes through series of check before the cloud protection service decide if its a malicious or not during that time it block the file for which you got toast notification And when that verdict made and the system decided its not harmful when it compared to Microsoft threat intelligence it doesnt raise an alert. There are some resources available online that you can search to test the Defender AV protection and alerting.&nbsp;thanksRish

Forum Discussion

Defender for Business - No alert after process lock out ?

1 Reply

Resources