Can Defender for Endpoint detect JNDI Lookup workaround

%3CLINGO-SUB%20id%3D%22%5C%26quot%3Blingo-sub-3058528%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3ECan%20Defender%20for%20Endpoint%20detect%20JNDI%20Lookup%20workaround%26lt%3B%5C%2Flingo-sub%26gt%3B%3CLINGO-BODY%20id%3D%22%5C%26quot%3Blingo-body-3058528%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3E%3CP%3EHi%2C%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3Ecan%20Defender%20for%20Endpoint%20detect%2C%20that%20JNDI%20lookup%20workaround%20was%20implemented%20on%20log4j%20library%20%3F%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EWill%20venerability%20disappear%20in%20venerability%20dashboard%20or%20device%20software%20inventory%20when%26nbsp%3B%20JNDI%20lookup%20workaround%20is%20implemented%20%3F%26lt%3B%5C%2FP%26gt%3B%26lt%3B%5C%2Flingo-body%26gt%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3C%2FLINGO-SUB%3E
New Contributor

Hi,

 

can Defender for Endpoint detect, that JNDI lookup workaround was implemented on log4j library ?

 

Will venerability disappear in venerability dashboard or device software inventory when  JNDI lookup workaround is implemented ?

3 Replies

@David_Caddick 

Hi David, I think this Mitigation status works only when you click on Mitigation option in Defender and

Defender agent applies the JNDL lookup workaround.

My question was, can Defender detect when JNDL Lookup workaround is performed manually by server admins. 

@stmarko 

 I have the same question: if the JNDILookup class is manually removed, will Defender pick that up?