Mar 15 2021 12:16 PM
Hi,
I'm trying to enable alerts for detected malicious files (to include sending an email notification), but NOT have Defender block files or actions taken by the detected file.
I've tried enabling passive mode which does not block malicious files, but also does not result in an alert/email being sent. When I download an EICAR file, it's allowed and not notification occurs.
When passive mode is disabled, the file is blocked and an alert/email is sent. I cannot download an EICAR file and a notification occurs.
How can I effectively "audit" Defender, whereby files are NOT blocked, but alerts are sent?
I am working on Linux devices.
Thanks.
Mar 15 2021 06:21 PM
Mar 16 2021 07:43 AM
@shoando thanks for the reply. I don't see anything that says "detection logs" in my threat hunting tab. Is that the table name I should be looking for?
Mar 17 2021 12:48 AM
@noooooooo I'm so sorry, If you don't see their events I don't have a solution.