Possible tampering with protected processes on one endpoint

Copper Contributor

Hi,

Received an alert from endpoint stating that "Possible tampering with protected processes". Post checking the details it says "SenseCE.exe process protection level has dropped". Could someone help me with an investigation? SenseCE.exe is a Windows process don't know how it got downgraded. The screenshot is attached fyr.

2 Replies

Hey @Kapildev_C 

 

Are you running any other antivirus or RMM (Remote Management and Monitoring) based services on that system by chance?

 

Im wondering if someone has tried to overrite the Microsoft Defender for Endpoint Sense Classification Engine (SenseCE.exe)

 

Are you running any labels or Data Loss Prevention policies across your fleet?

We are not using any other Antivirus on that machine. but DLP is enabled on that machine.