cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Microsoft Defender for Endpoint - Network Issues

SteveTheITDude
Copper Contributor

‎Feb 19 2021 10:37 AM

‎Feb 19 2021 10:37 AM

Microsoft Defender for Endpoint - Network Issues

Hello,

 

We recently started onboarding our machines into the Microsoft Security Center and using Defender for Endpoint. 

 

After doing so, we've noticed what seems to be related to how defender is handing network traffic.

 

Issue 1 - We have an on-premise file share. When accessing network shares we're unable to open files randomly. We'll get generic errors like "Sorry we couldn't find [File Name]. Is it possible it was moved, renamed or deleted? and "Microsoft Excel cannot access the file [File Name]. There are several possible reasons".

 

However, if we access the same files from a machine that has not been onboard yet there are no issues whatever so. 

 

Issue 2 - When accessing flow.microsoft.com from a machine with defender for endpoint enabled, I can not edit any flows or do any work. The flow constantly comes back as "invalid connection". I've deleted and re-added the connection multiple times, re-authenticated etc and nothing seems to work.

 

However, same situation as above. When I access flow.microsoft.com from a machine that has not been onboarded yet there are no issues editing or working with the flows. 

 

I've disabled EDR in Block Mode and also the Customer network indicators just to see if it would help but no luck. So far the only thing that works is offboard the device. 

 

Thanks.

1,865 Views
0 Likes
3 Replies
Reply
3 Replies
Ambarish RH

‎Feb 19 2021 12:21 PM

‎Feb 19 2021 12:21 PM

Re: Microsoft Defender for Endpoint - Network Issues

@SteveTheITDudeDid you configure firewall rules either on MEM portal or via Group Policy?

0 Likes
Reply
kelvin_flare

‎May 06 2021 04:18 PM

‎May 06 2021 04:18 PM

Re: Microsoft Defender for Endpoint - Network Issues

Im also experiencing the same issue. We have Server 2019 and we configure windows firewall via GPO and have it disabled.
I have a case open right now but I also see some old article that dates back to 2018 about this and supposedly was going to get fixed?
0 Likes
Reply
best response confirmed by SteveTheITDude (Copper Contributor)
SteveTheITDude

‎May 07 2021 11:41 AM

‎May 07 2021 11:41 AM

Solution

Re: Microsoft Defender for Endpoint - Network Issues

Here's what ended up resolving my issues (although it sounds like it wont apply to your situation)

Issue 1 - File Shares - We discovered this was only happening on a file server that had Server 2012 R2. We ended up upgrading the server to 2019 and the issue disappeared.

Issue 2 - Access to Flow - Our DNS was also being filtered by a third party provider (DNSFilter). Once we disabled DNSFilter and just let Defender for Endpoint do the filtering, the access issues resolved.
2 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by SteveTheITDude (Copper Contributor)
SteveTheITDude

‎May 07 2021 11:41 AM

‎May 07 2021 11:41 AM

Solution

Re: Microsoft Defender for Endpoint - Network Issues

Here's what ended up resolving my issues (although it sounds like it wont apply to your situation)

Issue 1 - File Shares - We discovered this was only happening on a file server that had Server 2012 R2. We ended up upgrading the server to 2019 and the issue disappeared.

Issue 2 - Access to Flow - Our DNS was also being filtered by a third party provider (DNSFilter). Once we disabled DNSFilter and just let Defender for Endpoint do the filtering, the access issues resolved.

View solution in original post

2 Likes
Reply