Sep 07 2023 02:38 AM
Hi,
i have a strange behavior - one some of my servers the Firewall Log folder is gone. It happens to Win2019 server - maybe related to that i accessed the folder - to get the log file and added the admin user to the NTFS table.
But it should not happen - as it seems like a kind of "attack". So i am trying to find out when it happend and which process did this.
I tried to create a folder at my client - and then search the timeline - but nothin appears. Do i need to setup NTFS auditing so that i can hunt for it - or is it just impossible with Defender?
BR
Stephan
Sep 07 2023 06:01 AM
Sep 07 2023 06:51 AM
Sep 07 2023 07:12 AM
Sep 07 2023 07:30 AM
Sep 07 2023 10:06 AM
that was my experience too 🙂 so it is not just me
Sep 08 2023 06:42 AM