Forum Discussion
MDE Device Vulnerability False-Positives
I've been doing a lot of spot checking since we've implemented both Intune and MDE. Intune and MDE are working in concern with each other, but something isn't right in the device reporting. Case in ...
Quick update. I found all the locations in the registry where the ASR rules are defined, and I deleted those subkeys. After resyncing my computer, my configured ASR settings came back as they were supposed to, so the issue is what is preventing Intune from updating the existing keys in the registry. For reference, these are the ASR locations:
1) HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B469E1ED-0677-460C-BC29-A82E1BD521BC\default\Device\Defender
2) HKLM\SOFTWARE\Microsoft\Provisioning\NodeCache\CSP\Device\MS DM Server\Nodes\xxxx
3) HKLM\SOFTWARE\Microsoft\Provisioning\NodeCache\CSP\Device\MS DM Server\Nodes\xxxx
4) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager
5) HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Policy Manager
1) HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B469E1ED-0677-460C-BC29-A82E1BD521BC\default\Device\Defender
2) HKLM\SOFTWARE\Microsoft\Provisioning\NodeCache\CSP\Device\MS DM Server\Nodes\xxxx
3) HKLM\SOFTWARE\Microsoft\Provisioning\NodeCache\CSP\Device\MS DM Server\Nodes\xxxx
4) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager
5) HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Policy Manager