Forum Discussion
noooooooo
Mar 15, 2021Copper Contributor
Enable alerts but disable action on detected file
Hi,
I'm trying to enable alerts for detected malicious files (to include sending an email notification), but NOT have Defender block files or actions taken by the detected file.
I've tried enabling passive mode which does not block malicious files, but also does not result in an alert/email being sent. When I download an EICAR file, it's allowed and not notification occurs.
When passive mode is disabled, the file is blocked and an alert/email is sent. I cannot download an EICAR file and a notification occurs.
How can I effectively "audit" Defender, whereby files are NOT blocked, but alerts are sent?
I am working on Linux devices.
Thanks.
- shoandoBrass ContributorIs the detection log displayed in Advanced Hunting when operating in Passive Mode?
If it is displayed, I think you can use the Custom detection rule to alert without action.