Microsoft Defender Threat Intelligence

54 Topics

Question behavior same malware
Two malware with the same detection name but on different PCs and files, do they behave differently or the same? Example: Two detections of Trojan:Win32/Wacatac.C!ml 1) It remains latent in standby mode, awaiting commands. 2) It modifies, deletes, or corrupts files.
cloudff7
Oct 30, 2025 Place Microsoft Security
40Views
0likes
3Comments
Question malware detected Defender for Windows 10
Why did my Microsoft Defender detect a malicious file in AppData\Roaming\Secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) during a full scan and the Kaspersky Free and Malwarebytes Free scans didn't detect it? Was it maliciously modifying, corrupting, or deleting various files on my PC before detection? I sent it to Virus Total, the hash: 935cd9070679168cfcea6aea40d68294ae5f44c551cee971e69dc32f0d7ce14b Inside the same folder as this DLL, there's another folder with a suspicious file, Caller.exe. I sent it to Virus Total, and only one detection from 72 antivirus programs was found, with the name TrojanPSW.Rhadamanthys. VT hash: d2251490ca5bd67e63ea52a65bbff8823f2012f417ad0bd073366c02aa0b3828
cloudff7
Oct 24, 2025 Place Microsoft Security
48Views
0likes
2Comments
My companies app incorrectly detected as a trojan
Hi Team. I am the developer of a gaming geo fence and your system had falsely detected my app as Trojan:Script/Wacatac.C!ml I need help to remove it as it seems like analysts are no longer checking false detections anymore? ( at least to me it seems automatic now )? My app is a geo fence which creates firewall rules and use npcaap for packet capture to display server locations and the exe is encrypted to help fight against software pirates. Here is an example submission of my exe for my application https://www.microsoft.com/en-us/wdsi/submission/5ab00c91-ea84-4fbb-a739-613316b32dfe Please get an analyst to manually inspect the file and whitelist it as its a pain telling my customers to turn off their anti virus and also its not advice i should have to give to be honest. My company is called sbmmoff ltd https://papagal.bg/eik/207176266/58b9 Website is bflocker.com I really would appreciate a speedy response to resolve the situation and thank you for your time.
Solved
bffan44
Oct 24, 2025 Place Microsoft Defender Threat Intelligence
88Views
0likes
4Comments
Microsoft Defender doesn't, Spy hunter shows a Hijacker
Spy Hunter indicates a "Elex Hijacker" and three other problems were as Defender and McAfee do not show any problem. Is Spy Hunter legitimate? I did have a Search engine redirect problem that has a name "ext.ladispatcher.com" and "search-load.com" while using Chrome browser with Chrome search engine. But no problem with Microsoft Edge and Bing. My monitor screen occasionally momentary collapses and reverts back to normal in a split second. Could there be a connection to malware.? Please let me know if i am posting on the wrong site.
JKFISH
Oct 06, 2025 Place Microsoft Defender Threat Intelligence
51Views
0likes
1Comment
Massive reduction in Threat Intelligence IP data since Monday 10th June
Hi, Anyone else see a massive reduction in Threat Intelligence IP data since Monday 10th June into Sentinel platforms? I operate two Sentinel environments and they both seen the same change. The screenshot below is the past 30 days. The past 48 hours still reports some IP information being sent but at a very reduced rate. What's changed with the feed?
MikeP751860
Sep 11, 2025 Place Microsoft Defender Threat Intelligence
304Views
1like
1Comment
Incorrect Detected as Malware
Dear team, Our apps have been detected incorrectly as malware and we've submitted for screening somehow still flagged as malware. We tried to appeal and looking for someone to help us how can we remove this flag from defender.
anguslii
Sep 11, 2025 Place Microsoft Defender Threat Intelligence
330Views
0likes
1Comment
Need information on generating sample events for Threat Intelligence
Hi community, I am working on exploring MS Threat Intelligence and its features. But I am not able to generate sample data for this product, nor able to view the Threat Intelligence logs using Microsoft Management API following the schema - https://learn.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype I tried sending some mails from external email account to my organisation's test user containing EICAR files, and also tried with some safe but malicious test URLs. But still unable to get data inside Threat Intelligence. Can someone please help me here for generating events and viewing the content using Management APIs?
aslin
Sep 08, 2025 Place Microsoft Defender Threat Intelligence
64Views
1like
2Comments
Need information on generating sample events for Threat Intelligence
Hi community, I am working on exploring MS Threat Intelligence and its features. But I am not able to generate sample data for this product, nor able to view the Threat Intelligence logs using Microsoft Management API following the schema - https://learn.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype I tried sending some mails from external email account to my organisation's test user containing EICAR files, and also tried with some safe but malicious test URLs. But still unable to get data inside Threat Intelligence. Can someone please help me here for generating events and viewing the content using Management APIs?
swaradajalukar
Sep 01, 2025 Place Microsoft Defender Threat Intelligence
120Views
0likes
1Comment
Python Update Recommendation Not Desapearing from Microsoft Vulnerability Management list
Hello, Microsoft Defender Vulnerability Management is recommending to update Python in my Azure VM Machines since version 3.9 has some critical vulnerabilities. We did the update to version 3.12 but only the Windows 2019 Datacenter machine is not appearing as Exposed Device anymore. The procedure to update Python in all machines was the same but the Windows 2016 Datacenter VM´s remains in the Exposed Device list. Because Python relies on Anaconda, it is not possible to remove the older version completely. The strange thing is why the same proceduro to update the software is seen as diferent by Microsoft Defender Vulnerability Management apparently. Any advice is highly appreciated. Thanks in advance Mirella
mpellizzon
Aug 20, 2025 Place Microsoft Defender Threat Intelligence
1KViews
1like
3Comments
Can the Microsoft Defender portal show the server details as per security group?
I'm using Microsoft Defender to monitor the servers. I have multiple groups of people working from various other vendors. I would like create multiple security groups and add people based on their company and configure the defender such a manner that only people from Company "A" can see their own servers and people working from Campany "B" can see their respective servers. Also, I as admin can see both "A's" and "B's" servers. Can this be achieved using Microsoft Defender? If yes, how to achieve this? Any step-by-step approach would help. Or if there are any other ways, please suggest. Thanks
jr-rout
Aug 20, 2025 Place Microsoft Defender Threat Intelligence
60Views
0likes
1Comment