Forum Discussion
MDE repeatable false positive "Multi-stage incident involving Privilege escalation..." How to fix?
Anyone else seeing this? It always has 57 alerts, too, and the Detection source is always 'Custom TI' and always at the same time in the morning. Doesn't matter if the machine is managed, AD joined, ...
OK, this happens every seven days at the exact same time, when Windows 10 is carrying out its behind the scenes operating system scheduled tasks. Example (similar to the original screenshot):
do you any special agent on your devices that run every 7 days for example and send data somewhere other than MDE ?