Forum Discussion

sumo83's avatar
sumo83
Iron Contributor
Sep 24, 2024

Suppress DEFENDER alerts for endpoint (Windows 10/11)

Hello,   I am trying to find out whether there is a way to suppress Defender for endpoint notification in Windows 10/11. The reason is that we run security testing regularly and I do not want to ge...
sumo83's avatar
sumo83
Iron Contributor
Sep 25, 2024

thank you rahuljindal 

 

was reading through the post, and correct me if I'm wrong, but this will block notification in general. So even a real threat notification will be blocked. What I try to achieve is that only the threats generated by our tests will be ignored. We have a folder (e.g. "C:\TESTING") where an agent is located that runs the tests....

rahuljindal's avatar
rahuljindal
Bronze Contributor
Sep 25, 2024
Critical notifications will still be displayed.
  • sumo83's avatar
    sumo83
    Iron Contributor
    Sep 25, 2024

    the problem is that we run adversary emulations that runs modified malware etc... so lots of our testing is marked as "critical" by Defender. I need to disable notifications for the ones generated with our tests so that when, lets say a CEO is on a meeting, he is not getting multiple defender popups reporting threats...

     

    The ones that are not triggered by our testing, I want them to work as usual -> defender notification will pop up

    • jbmartin6's avatar
      jbmartin6
      Iron Contributor
      Sep 25, 2024
      Why not suppress all AV alert popups? You will still get detection events through MDE alerts, this only affects end users seeing them. Surely you are not relying on your users to take some vital action when seeing the alert popup.
      • sumo83's avatar
        sumo83
        Iron Contributor
        Sep 25, 2024
        well... that's what I consider... However, as we are a small organization... I would like to train ppl to report unusual activities (of course, not relying on that only :))

        If I cant filter it, I will probably disable it completely

Resources