Jan 10 2019 08:32 AM
We import all the system logs including PowerShell logs into a seim solution that's based on $/GB but both sccm and scom run powershell scripts that get detected as malware which is overwhelming our storage and increasing costs. I think there are many different way to resolve this not sure which is best but was wondering if there was a way to manipulate these detections via the AMSI within defender?
thanks