Microsoft Defender for Endpoint | Microsoft Community Hub

Forum Widgets

Latest Discussions

MS Defender - Installation Error version 101.25072 on macOS
Dear experts, The latest version of MS Defender can't be installed. I'm getting an error message since release date (5th Aug). I have tested to restart the computer, tested with different networks, same issue 🙁
Solved
Yassin Koleilat
Brass Contributor
Sep 17, 2025
3.5KViews
6likes
21Comments
Endpoint menu missing in settings in security center
Hello, I'm trying to understand while endpoint menu is missing in security center. (security.microsoft.com). I currently have a Microsoft 365 E5 Security License but I can't access to endpoint menu. I'm currently logging with a global admin account with the "Microsoft 365 E5 Security" license assigned but I can't access to the endpoint menu at all. Am I doing something wrong? My current license is a trial license, could be the issue (I don't think so)? Thanks
Sara2022
Copper Contributor
Sep 17, 2025
15KViews
1like
5Comments
MDE-Onboarding issue
Hello Community, while i am trying to onboard a windows 10 machine into MDE where there is already another AV running which is Kaspersky, i am facing that issue that Microsoft AV is not able to revert its status from disabled into running state (passive mode). even if i am trying to start the service manually, it will revert itself back to the disable status. Did anyone experience that issue before between Defender AV and Kaspersky?
MahmoudFarag
Copper Contributor
Sep 15, 2025
60Views
0likes
1Comment
Ransomeware query
If any ransomware detection i need following query for advance hunting in defender Look for rapid file modification or creation or deletion 2. Rapid file encryption one 3. look for a ransom note 4. look for encryption algorithms 5. look for double extension 6. Also query for birth time of the file
Yogeesh143
Copper Contributor
Sep 15, 2025
49Views
0likes
1Comment
Registry modifications
If a file was downloaded, executed, and created a registry entry for persistence, is it enough to just delete the file from its original location? Or does the registry entry also need to be removed? What happens if it is not removed? If a malicious file created an entry under HKLM Run, HKCU Run, or RunOnce, and the file is later deleted but the registry entry is left behind, will the system still try to execute it at startup?
Yogeesh143
Copper Contributor
Sep 15, 2025
61Views
0likes
1Comment
Can't update Defender app on macOS
Hello, We started getting this situation where Defender for macOS can't be updated: Microsoft Defender 101.25072 Current Version: 101.25062 Installed: 2025-08-05 Update error: The update could not be installed at this time. Please try again later. Microsoft AutoUpdate is up to date. Operating System Version: 15.6.1 Device managed by Mosyle MDM. All of our active users have been updated to 15.6.1 (and this problem was observed on OS versions from 15.1 to 15.6.1) What could be causing this? And what can we do about it?
Solved
djolenole
Brass Contributor
Sep 12, 2025
1.5KViews
5likes
7Comments
KQL query
I wanted to best KQL query to check registry modifications, run key value , startup items in defender
Solved
Yogeesh143
Copper Contributor
Sep 11, 2025
80Views
0likes
3Comments
Endpoint settings missing in Microsoft Defender for Endpoint
Hi, I am currently using the Microsoft 365 Developer program and is trying to setup an Intune and Microsoft defender for endpoint tenant however when i am trying to integrate Defender with Intune, the endpoint setting is not showing in the settings despite that i have the Security administrator role. Is this expected when using the developer program or am i missing something? Would appreciate your kind advise.
Solved
777LDV777
Copper Contributor
Sep 08, 2025
72Views
0likes
1Comment
Defender detection caused by monitoring script
Dear Community We use PRGT, which monitors various things for our customers. One of our customers uses Microsoft Defender, which issued an alert for “SmokeLoader.” After some research, we found that this is caused by two of our scripts, which establish a connection to our servers and query various things. This raised the question of how we can best whitelist this, since the detection comes from “WinRM” and not directly from the script itself. However, the script itself establishes a connection to the servers and requests some information. Are there any sensible measures that can be taken here, because only whitelisting the script (folder or hash) makes limited sense here, since the detection in this case was for the WinRM process. So the behavior analysis would kick in again. Thank you for your time! Best regards, SleeperHead
Solved
SleeperHead
Copper Contributor
Sep 08, 2025
88Views
0likes
1Comment
Bad quality of Defender / Intunesdocubannoying
Whenever i need learning.microsoft.com, i found their describing A) very often menulinks, which does not exist (guess its rearranged) B) very often mistakes happen: in this article https://learn.microsoft.com/en-us/defender-endpoint/android-configure-mam several parameters are described with an integer value and the same parameter a Seconds time at the same place as boolean. And so many mistakes morebi found. Well: some companies wanna earn money maybe doing training with their customers, which is necessary onlY, as the docu is unreadable or written so boring that you fall a sleep and understand nothing. Please do more quality
dafreak
Copper Contributor
Sep 08, 2025
14Views
0likes
0Comments

Resources

Tags

defender14 Topics
MDATP13 Topics
Defender for Endpoint13 Topics
ATP10 Topics
defender atp10 Topics
security7 Topics
Defender Advanced Threat Protection6 Topics
microsoft defender for endpoint6 Topics
Microsoft Defender ATP5 Topics
MDE5 Topics