User Profile
Kapildev_C
Copper Contributor
Joined 3 years ago
User Widgets
Recent Discussions
Possible tampering with protected processes on one endpoint
Hi, Received an alert from endpoint stating that "Possible tampering with protected processes". Post checking the details it says "SenseCE.exe process protection level has dropped". Could someone help me with an investigation?SenseCE.exe is a Windows process don't know how it got downgraded. The screenshot is attached fyr.Investigate the exported logs
Hi, I have exported timeline logs of the offboarded machine to investigate the unusual activity and it was almost 2 months ago. So now I need to investigate the logs of the machine and it is a little hectic to work on Excel to identify the malicious activity. Is there any option available to upload the logs to Defender to investigate? Or any other tool will be helpful.662Views0likes6CommentsRe: Advanced Hunting Query - Endpoint Security
Hi Yash_Mudaliar Thanks for the response. When I run the query only for the machine "ZZZ" I'm getting results and showing 'Join Type' as 'Hybrid Azure AD Join'. But when I use "in" instead of "contains" to get results for multiple devices it's not even showing the name of Hybrid Azure AD Joined machines. Screenshot attached fyr. Query used to ZZZ machine:(Single machine) DeviceInfo | where DeviceName contains "ZZZ"913Views0likes0CommentsAdvanced Hunting Query - Endpoint Security
Hi, I'm using the below Advanced Hunting query to find the domain details of the machine, unfortunately, I'm not getting any results for Hybrid Azure AD Join machines. Could someone please help? It gives results only for AAD Joined and AAD Registered. Query: DeviceInfo | where DeviceName in ("XXX", "YYY", "ZZZ") | project DeviceName, JoinType | summarize make_set(JoinType) by DeviceName For example: If the device "XXX" is AAD registered machine, "YYY" is AAD joined, and "ZZZ" is Hybrid Azure AD joined. I'm getting results for XXX and YYY. "ZZZ machine" results are not shown.Device inventory endpoint and Microsoft Defender Antivirus endpoint count is getting differ
Hi, I just want to know how many devices are in my environment using Microsoft 365 Defender so, I cross verified using Microsoft Defender Antivirus health count and Device inventory some devices are active but it is not listed in Microsoft Defender Antivirus health. I don't know the reason for this cause could someone help me please? Warm regards Kapildev Chandrasekaran1.7KViews0likes8Comments