User Profile
mhmmdrn
Copper Contributor
Joined Mar 16, 2023
User Widgets
Recent Discussions
MDDlpSvc service crashes and can not be started
Hi everyone, we are facing an issue about DLP service process on a server which can not be started. It gives only this error and i could not find any helpful solution for that. As far as i know it is a DLP process which has been seperated from AV prozess. I can not find also any clear events log. Is there anybody who has the same problem? Service: MDDlpSvc Error: Error 0x80070032, The request is not supported Server OS: Windows Server 2019 64-bit (Release 1809 Build 17763.6293) AV Platform Version: 4.18.24080.9 Troubleshooting steps: The server and windows AV are up to date and it has been restarted.ZAP Failed to move the messages
Hi Community, we are getting for two weeks a lot of "Messages containing malicious entity not removed after delivery" Alerts, which i could not understand the reason. In Email Entity it says "ZAP failed to move the message". As one sample Email from Alert; Email was classified as Spam and into the Junk Folder sent. But after 12 Minutes it was as Phish / Normal classified but it could not be moved to quarantine (it should be so because we set the anti-spam Policy with this action). Is there anything related to our Policies? or is it a a problem at microsoft backend? How can i find the reason and solution for that ? ThanksMixed Licencing quota
Hi Community, i have a tenant with 50 MDE Plan 2 and 170 MDE Plan 1 licenced users. As far as i know you can enroll 5 Devices per Licence. But when i look the licence menu in MDE settings. My subscription state is Plan 2 and assigned licence(Plan 2) 180 (this is the enrolled device number - my assumption) It says "Your organization is using more Plan 2 licenses than you own". If i have to purchase a Plan 2 licence for every device, what is the point of this advantage (5 device per licence). I can use the mixed licencing model but at this time i can not benefit Plan 2 features. I would appreciate your help. ThanksQualys Vulnerability Assessment agent installation on healthy resource
Hi Community, i have set MDVM as a Vulnerability Assesment tool in Defender for Cloud and it was installed on my VMs. But then i have set it to "Qualys". After this change Qualys agent is installed on all the new VMs but i can not figure out how i can install the agent on a healthy resource(the VMs on which MDVM has been selected as vuln. assessment tool). Under the recommendations, i can not choose the healthy ones. Is there a way to do that?Re: Automated Investigation Exclusions
Thanks for the answer but it didnt solve the issue. I have tested it with different three folders; 1. ordinary folder with no exclusions neither Antivirus Policy nor Automated folder exclusions 2. A folder which has been excluded via Intune Antivirus Policy 3. A folder which has been excluded via Intune Antvirus Policy and Automated Folder Exclusion(%userprofile%\Downloads) I have extracted the malware on the folders and as i expected on the folder1, AV has detected it but then after the MDE Investigation the other two malwares has been remediated. I expected that the malware should be remediated from Folder2 because it was not excluded via Automation Folder Exclusion but for Folder3 i dont have any idea. It must be noted that the post remediated malwares have been detected from the Windows Defender as "unwanted application".Automated Investigation Exclusions
Hi Community, i have a question about AIR exclusions folders in Defender for Endpoint. I need to test this feature to be able to provide information to customers when they need some folders which must be excluded from Automated Investigation. For that i have tested the following Scenario. Automation folder exclusion : C:\users\pradeepgupta\downloads\ Antivirus Exclusion Folder (via Intune Policy) : C:\Users\PradeepGupta\Downloads I have downloaded a sample malware into the folder "Downloads". As i expected, there was no Detection from Windows Defender because i have excluded this folder via Intune Policy Then i have copied this malware to another folder which is not excluded and as i expected Windows Defender has it detected and quarantined. In the Defender for Endpoint Portal an Investigation started and a few minutes later i have seen the malware in the non excluded folder has been remediated But also the malware in the excluded folder - Downloads folder- (via Automation folder exclusions) has been remediated. I have expected that the folder which i have added in the Automation Folder Exclusions should not be analyzed and no files or malwares detected or quarantined. Can anyone explain to me how this feature works? All entries would be appreciated. Thanks.SAP Data Connector - Sentinel
Hi Community, we are using SAP Data connector for Sentinel for one Month. According to Microsoft the connector charges for production environments 2 $ per hour after 1. May. Our SAP Environment is a Demo and it can be also viewed at the T000 Table. We have seen that the connector has started to charge us for three days (it is also not understandable because it is supposed to charge us from the beginning of the month, if the environment type has been read as Production and we have not changed anything in the infrastructure). It is also displayed in the Connector page as Demo. As a result i had to stop Agent and it stopped to charge. I couldnot find the reason, is there anybody who uses the this connector with demo SAP env. I appreciate your answers. Thank you in advance.Defender for Cloud Apps REST API - Authentication
Hi Everyone, I am trying to automate deployment of policies on MDCAS with Powershell and for testing envrironment i have a test tenant which includes Defender for Cloud Apps. I have created a API Token and used it in my Script but i am getting following error It works on production Tenant. I dont understand the reason. I have also tried Oauth2 Authentication by adding an WebApp in Azure Active Directory and have assigned all neccessary permissions but at this time i am getting the following error here is the permissons; Can anyone tell me what i miss? Or is there another way to deploy policies ? Graph API or PS cmdlets? Thank you in advance.
