An obfuscated command line sequence was identified was detected by Microsoft Defender for Endpoint

%3CLINGO-SUB%20id%3D%22lingo-sub-2557658%22%20slang%3D%22en-US%22%3EAn%20obfuscated%20command%20line%20sequence%20was%20identified%20was%20detected%20by%20Microsoft%20Defender%20for%20Endpoint%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2557658%22%20slang%3D%22en-US%22%3E%3CP%3Ewe%20are%20getting%20a%20bunch%20of%20%22An%20obfuscated%20command%20line%20sequence%20was%20identified%20was%20detected%20by%20Microsoft%20Defender%20for%20Endpoint%20%22%20alerts%20from%20ATP%20that%20are%20triggered%20by%20SenseIR.exe%20itself.%20These%20seem%20to%20be%20false%20positives.%20Is%20anyone%20else%20having%20this%20problem%20and%20what's%20the%20best%20way%20to%20prevent%20them%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

we are getting a bunch of "An obfuscated command line sequence was identified was detected by Microsoft Defender for Endpoint " alerts from ATP that are triggered by SenseIR.exe itself. These seem to be false positives. Is anyone else having this problem and what's the best way to prevent them?

0 Replies