Forum Widgets
Latest Discussions
telemetryd_v2 High CPU in macOS
I've been seeing this process have consistently high CPU use. According to Activity Monitor, it's a child process of wdavdaemon_enterprise. I tried disabling realtime protection, but that did not decrease the CPU use. The other notable change that I can think of is that I downloaded the Chromium codebase yesterday and built it, so I'm wondering if that's causing the cloud submission process to go crazy. I looked at https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-support-perf?view=o365-worldwide, but it only discusses realtime scanning. Can anyone provide insight on what this specific process is responsible for? Thanks.
Defender for Business - No alert after process lock out ?
Hello all, A few days ago, I have setup Defender for business server on a Windows Server 2019. I can see that server in the Microsoft security portail devices list. I have also tested the "suspicious" powershell command provided by Microsoft and it went all good. Powershell blocked, alert escaladed as incident in the security portal, email received, ... But the next day, I tried to install a service on that server that got blocked by Virus & Thread Protection because it was attempting to modify a lot of files. That was a good point for Defender (it was not a real thread and was later added as exception). My worry is that it was never escaladed to the security portal, I didn't received a alert email, .. The system blocked that "thread" multiple times during my attempt to deploy it and no incident were throw. What could be wrong ? Thank you.
Using MDE (Passive Mode) with Palo Alto Cortex XDR to enable Defender for IoT (Enterprise IoT)
Hi everyone! I’m working with a customer that uses Palo Alto Cortex XDR as their primary EDR. We want to leverage Microsoft Defender for IoT specifically for Enterprise IoT (not OT/ICS). I have a few questions: MDE in Passive Mode as a sensor: Can Microsoft Defender for Endpoint (MDE) running in Passive mode act as a sensor to enable Enterprise IoT discovery/monitoring for Defender for IoT? Are there any feature limitations when MDE is not the primary EDR? Appliance sensor in Enterprise IT: If we cannot use the MDE agent, is it supported to deploy the Defender for IoT appliance sensor in an enterprise IT network (e.g., offices/campuses) to cover Enterprise IoT use cases? Coexistence / Complementary sensors: Is it possible (and recommended) to run the appliance sensor alongside MDE (sensor) to complement coverage/features? Any guidance on architecture, data overlap/deduplication, or licensing implications?
Whom to report when several days after a 'file submission' displayed status is 'In progress'...
Hello all, could anyone be so kind to tell me whom should I report these issues to, when : - after several days (since submission took place on June 29, 2024) reported Status for same below mentioned 'Submission ID' is still displayed as 'In progress' ? - no details for an already Submitted 'File submission' are available (because after clicking on ' 90d794a0-3a0d-4bc2-9d8f-2169d477fb30' only this error message is shown 'The details for the submission were not found or the submission has expired. You can view recent items in your submission history.') ? P.S. If I'd rather (better) submit this post/question into another Discussion Space then please just let me know ASAP. Below you find a screenshot showing main issue I described. Please also note that I also already tried to report same main issue same day of submission and also today via same 'Provide feedback' smiley icon (also shown in screenshot below and evidenced in a squared box) but with no results so far. Thanks in advance for any update. Best Regards Rob
MS Defender setting
Hello, I have a question. I'm not an English-speaking country, so please understand any shortcomings. I'm trying to block or alert on specific URLs in Microsoft Defender > Settings > Endpoint > Rules > Indicators. I've completed the setup, but I'd like to customize the screen that appears on the webpage when an alert is triggered. Is there a way to do this? Thank you in advance for your help.Recovering Quarantined File without Restoring
Hello Microsoft Community, I have been exploring the Defender for Endpoint API and noticed that it mentions the ability to fetch copies of files associated with alerts using a LiveResponse request using (GetFile). However, I've observed that for some alerts, Microsoft Defender quarantines the associated files. Is there a way to obtain a copy of a quarantined file or get the file itself without restoring it? Additionally, is there a way to determine if a file associated with an alert has been quarantined through the API, rather than manually logging into the Microsoft Defender for Endpoint portal? I understand there are two common methods for restoring a file from quarantine: through the Microsoft Defender for Endpoint portal or via the command line. Both methods are detailed here: https://learn.microsoft.com/en-us/defender-endpoint/respond-file-alerts#restore-file-from-quarantine. My concern is that restoring the file will cause Defender to quarantine it again, resulting in a new alert for the same file. In summary, is there a way to retrieve a copy of a quarantined file or the file itself without restoring it? And how can I know whether or not has been quarantined, by using the Microsoft Defender For Endpoint API or other Microsoft based API. Thank you!Save the date - January 26, 2026 - AMA: Secure your endpoints with policy and Microsoft Defender
Save the date for January 26 at 8:00 AM PT! Have questions about using Microsoft Intune to enforce device compliance? Curious how to configure devices to help prevent security breaches and limit the impact of threats? Ask Microsoft Anything (AMA) about integrating Microsoft Defender for Endpoint with Microsoft Intune at Tech Community Live! Product teams will be answering your questions live and in chat. Get tips using policy to onboard devices, define risk level, block non-compliant devices from accessing corporate resources, and more. Go to aka.ms/AMA/SecureEndpoints to save the date and add this event to your calendar!
