Mar 13 2019 07:09 AM - edited Mar 14 2019 01:21 AM
Hi all
We have recently deployed Windows Defender ATP and have been on boarding machines successfully and carrying out various test without issues.
In the last couple of weeks Defender ATP has alerted and kicked of an automatic investigation following Windows Defender AV detecting and blocking 2 instances of malware. Both investigations completed with the exception of the Get Process List Action which attempts to run for a long period and then changes status to: Queued - The action is waiting to be executed on the machine with the following error: Waiting for SenseIR Activation
All other actions in the investigation complete as expected, in the machine event log I can see the action being kicked off, but nothing else related to the action, and no other errors: Starting action GetProcessListAction. Action ID: iaid_270_get_process_list__6_1552
Has anyone else seen this or have any idea of why the action seems to be blocked?
Update: the action times out and the investigation is only partially completed with the following output:
Jun 18 2019 01:52 AM
@Adrian Harper have you solved this issue? We have the same problem!
Jun 18 2019 01:57 AM - edited Jun 18 2019 05:42 AM
@Davide Salsi - Unfortunately not despite a post here, a bug report to the development team (on the advice of MS employees at a tech event), direct support request etc.
Jul 26 2020 03:28 AM
Regarding the issue you are having:
This was fixed in 1903 and later OS Builds 18362.997 and 18363.997) - https://support.microsoft.com/en-us/help/4559004
Fixed for 1809 (OS Build 17763.1369) - https://support.microsoft.com/en-us/help/4559003
Jul 26 2020 03:29 AM