Forum Discussion
ThreatHunter007
Mar 03, 2022Copper Contributor
False positive alert of defense evasion behavior was blocked on one endpoint
I am receiving a lots of alert from defender saying dense evasion was blocked on one endpoint. Normally when outlook.exe interact with .JPG file and follows by runddll32.exe used by photoviewer.dll, it trigger this alert. Does any one experience similar experience ?
- GaryBusheyBronze ContributorI would think you have better luck posting this in the Defender for Endpoint group