Forum Discussion
ChristianFrielingsdorf
Dec 07, 2020Copper Contributor
Suspicious remote activity false alert - how to deal with
Hello, we have a customer, who is using Defender for Endpoint and is getting a lot of "suspicious remote activity" because they are using a software on many clients, which is updated via a remote se...
Thijs Lecomte
Dec 08, 2020Bronze Contributor
Can you check what the detection is these alerts?
Have you tried an alert suppression rule?
Have you tried an alert suppression rule?
ChristianFrielingsdorf
Dec 09, 2020Copper Contributor
The detection technologies are Behavioral and Network. A suppression rule does not work.
The detected actions are "... service was created remotely by ..." and "suspicious change to service executable path". I have also excluded the service name in the configuration of the security settings in Endpoint manager.