Microsoft DLP creditcard too many false positive
Hi all, I am new to the DLP world and performing some tests in my company. I wanted to discover if/who is sharing credit card numbers, cvv, data expiry, full name and address, because with all the information someone can harm the victim, right? The problem I am having is when people share bank statements containing just credit card numbers, it gets triggered, which is so annoying too many false positives. Is anyone there experiencing the same thing and can assist? I created two policies and enabled both at the same time. The first one is using just the SIT Credit Card Number The second one I am using SIT Credit Card Number, All Full Names, All Physical Addresses Please let me know if you need more information. Thanks in advance TZBuilt-in SSN sensitive info type - excluded values
Does Microsoft's built-in SSN sensitive info type exclude any values by default or do we need to customize it to remove potential false positives for scenarios like the following: SSNs beginning with the number "666" in positions 1-3 SSNs beginning with the number "9" SSNs beginning with the number "000" in positions 1-3 SSNs with the numbers "00" in positions 4-5 SSNs with the number "0000" in positions 6-9 SSNs with repeating values. All 1's, 2's, 3's, etc. SSNs in a predictable sequence; 123456789 or 987654321
Defender detected powershell_ise.exe as 'Trojan:PowerShell/Mountsi.A!ml'
One of our users is experiencing a problem when it comes to creating scripts in the powershell ISE, when they are autosaved to appdata, it blocks them on his machine and does not create an alert/incident in the defender ATP portal. However one has managed to appear in the portal (see screenshot). We only recently implemented Defender ATP so im not 100% sure how to interpret the alert, and since this behaviour isnt happening on anyone elses machine I dont know if white listing powershell_ise.exe is a good idea (i assume not), or if theres a better explanation for it? The current defender ATP settings are the stock standard for GPO as stated in the deployment guide. Appreciate any help with this!Downloads from www.seedr.cc are being blocked as Unsafe by Edge insider MSFT Defender Smartscreen
When I try to download multimedia files (.mp4, .mkv, etc) from https://www.seedr.cc/ they get marked as unsafe and harmful (which is totally false alarm) and it gets annoying because Edge insider keeps asking me all the time whether I want to keep the file or not. the files are totally Safe and I've been using this website for years, so please add an option to Edge insider to Remember our choice and don't ask the same thing again. P.S https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx Q: How are false warnings handled? A: Our goal is to minimize false warnings or blocks. In the rare case of a false warning, we offer a web-based feedback system to help users and website owners report any errors as quickly as possible. These reports are verified by our support team and mistakes are corrected. Please also add this "web-based feedback system" that this article is referring to to the Edge insider download UI when such false warnings happen, so users can report them easily. Thanks.
