Forum Discussion
Suspicious remote activity false alert - how to deal with
Hello, we have a customer, who is using Defender for Endpoint and is getting a lot of "suspicious remote activity" because they are using a software on many clients, which is updated via a remote se...
Can you check what the detection is these alerts?
Have you tried an alert suppression rule?
Have you tried an alert suppression rule?
The detection technologies are Behavioral and Network. A suppression rule does not work.
The detected actions are "... service was created remotely by ..." and "suspicious change to service executable path". I have also excluded the service name in the configuration of the security settings in Endpoint manager.