Automated Investigation on endpoint

DanielBMA · ‎Feb 02 2024

Long story short, we got an alert about a file being malicious. I searched our environment using both the filename and SHA1 hash and located the file on one endpoint. I initiated an investigation and the investigation status shows as "Failed" providing no causality for the failure. Is there someplace I can look to see why it failed and what I can do to correct it?

Joe Stocker · ‎Feb 12 2024

When the investigation shows failed, it means "At least one investigation analyzer ran into a problem where it couldn't complete properly."
You just need to resubmit the investigation and if it continues to fail then I would recommend opening a support case.

SKadish · ‎Feb 13 2024

Hi Daniel,

In case you don't know by now, automated investigations have been a mess, for two months. We have over a hundred queued up or running, many with failures and errors. There is an advisory about it, go to your Microsoft 365 Admin Center and look for advisory DZ705297.

Automated Investigation on endpoint

Automated Investigation on endpoint

Re: Automated Investigation on endpoint

Re: Automated Investigation on endpoint

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Automated Investigation on endpoint