Forum Discussion

ThreatHunter007's avatar
ThreatHunter007
Copper Contributor
Mar 03, 2022

False positive alert of defense evasion behavior was blocked on one endpoint

I am receiving a lots of alert from defender saying dense evasion was blocked on one endpoint. Normally when outlook.exe interact with .JPG file and follows by runddll32.exe used by photoviewer.dll, it trigger this alert. Does any one experience similar experience ? 

  • GaryBushey's avatar
    GaryBushey
    Bronze Contributor
    I would think you have better luck posting this in the Defender for Endpoint group

Resources