User Profile

Juulw

Copper Contributor

Joined May 12, 2021

5 Posts2 LikesLikes received1 Solution

View All Badges

User Widgets

Recent Discussions

Delay in Alert generation
Hi, we have received from Defender for Endpoint which says a certain malware was detected. The alert was generated on Apr 5, 2022 12:45 PM. But according to the Alert Story and Device Timeline the actual File Interactions took place on March 10, 2022 3:18 PM. I was not able to find these file interactions using advanced hunting queries on both dates. Therefore, does anybody know if Defender for Endpoint is able to generate alerts for events that took place in the past, but would only be detected now due to updated definitions?
Apr 06, 2022 Place Microsoft Defender for Endpoint
3.3KViews
0likes
1Comment
Re: Devices with malware detections Report
While reverse engineering the reports in M365D I was able to find out the 'Devices with malware detections' report contains hosts that were active within the last 24h, and had malware detections within at least the past 15 days, but that might be a longer period. I used the following query: DeviceInfo //| summarize by DeviceName | where Timestamp > startofday(datetime(2021-11-15 00:00:01)) | join (AlertEvidence | where Timestamp > ago(15d)) on DeviceName | summarize count() by DeviceName
Nov 16, 2021 Place Microsoft Defender for Endpoint
15KViews
1like
0Comments
Devices with malware detections Report
Hi, in our MDE portal the 'Devices with malware detections' contains a few devices which supposedly have active malware, however, the devices do not have any (active) alerts in Defender for Endpoint. It seems the information in the report is gathered from Intune, but the same information is displayed there and does not provide any further indications other than the threat name. How/where can I find the alerts associated with the 'active malware', if they are not in Defender for Endpoint?
Solved
Sep 23, 2021 Place Microsoft Defender for Endpoint
15KViews
1like
3Comments
Re: Detection of CVE-2021-28550
Schnittlauch Thanks for the reply. What I meant was if Defender is able to detect exploitation of this CVE on systems that have not been patched yet. Do you happen to know if Defender is capable of that?
May 18, 2021 Place Microsoft Defender for Endpoint
2.4KViews
0likes
0Comments
Detection of CVE-2021-28550
I would like to know whether Defender for Endpoint has detection capabilities for CVE-2021-28550? I can see in the MDE Portal Vulnerability Management this CVE is listed, but I'm not 100% sure if this also means the exploit of this cve will be detected.
May 12, 2021 Place Microsoft Defender for Endpoint
CVE-2021-28550
2.8KViews
0likes
2Comments

Recent Blog Articles

No content to show