Aug 21 2023 07:18 PM
Hi,
We have encountered an issue with one of our applications whereby every time the application downloads a file from the application server, mssense.exe creates a RWD lock on the file very briefly but long enough to cause the application to throw an error when trying to access the file.
This has been confirmed by observing procmon data and the output from sysinternals handles.exe.
Considering that this doesn't exactly trigger an alert in Defender for Endpoint, how would I go about preventing the scanning of this application's directory?
thank you
Aug 22 2023 01:19 AM
@MoMo1980 hi you can exclude the folder of your application from the automated investigation in MDE Settings Manage automation folder exclusions | Microsoft Learn
Aug 29 2023 10:02 AM
Aug 30 2023 07:40 AM
Sep 19 2023 10:22 AM
Sep 19 2023 10:23 AM
Sep 19 2023 02:24 PM
SolutionThe issue has been resolved, in the end it wasn't the file locks or anything to do with Defender. It was an issue with the application. Got it working without needing to change anything in Defender.
Thanks for all the help regardless.
Oct 18 2023 12:15 PM
@MoMo1980 Curious what kind of issue was it with the application that was causing the issue? Thx.
Nov 30 2023 07:20 AM
@MoMo1980What was the issue in the application? We are experiencing a similar issue.
Jul 27 2024 10:14 AM
Greetings, @MoMo1980
What was the fix on the application side?
Sep 19 2023 02:24 PM
SolutionThe issue has been resolved, in the end it wasn't the file locks or anything to do with Defender. It was an issue with the application. Got it working without needing to change anything in Defender.
Thanks for all the help regardless.