Microsoft Defender for Endpoint | Microsoft Community Hub

Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Forum Widgets

Latest Discussions

Web content filtering and indicator aren't working on third party browser
Hi, we have just noticed that web content filtering and customized indicators are not working on third party browsers after upgraded defender for endpoint to 4.18.23050.3, the issue has happened to both Win10 and Win11 machines. Has anyone else got the same issue?
Spark Zhang
Brass Contributor
Jun 05, 2023
28KViews
5likes
81Comments
SenseNdr.exe is slowly eating the memory
Hello, For a few days now, we have some Windows Server 2019 physical machines where almot all the memory is commited to sensendr.exe. If you terminate sensendr.exe, the process comes back after a few minutes. On one machine the problem came back after a little bit more than one day, on the others the problem has not come back (yet). All the machines are patches with the 2024-09 CU. Here is a view of the resource monitor : On another machine : Do you have any idea what could cause that and how to avoid it ? We can't find any error messages that could explain the problem. Thanks in advance for your answers Marc
MarcVDH
Iron Contributor
Oct 14, 2024
12KViews
4likes
53Comments
ASR - Behavior Changes - Blocking under User Context Now?
Since July 7-27-2022 I have been seeing around 40 of 1800 machines in my work environment that are showing blocks under %userprofile% or usercontext for .dll blocks. This is new behavior and is recent. All of our machines have the same ASR rule applied, I checked on the machines via registry and their ASR rules are the same. ASR Rule/Example Path - that is having this issue Block executable content from email client and webmail GUID: be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 Path: %userprofile%\AppData\Local\Assembly\tmp*variousfilesandpaths.dll Did this behavior change, is this a preview of a new feature or is this a bug? I am afraid this may spread to more machines. We have E5 License and an MS Ticket Open as well. Hoping someone hear knows something as well.
Solved
brink668
Brass Contributor
Aug 03, 2022
21KViews
1like
52Comments
Antivirus deletes all shortcuts from the desktop
After this morning's update of security intelligence to version 1.381.2140.0, defender is deleting on all clients all links to applications; does anyone have the same problem?
Solved
micheleariis
Steel Contributor
Jan 13, 2023
65KViews
1like
47Comments
Web access performance issue when enabling network protection
Hi, this is another issue by following the upgrade to 4.18.23050.5 for fixing the Web content filtering issue. (The previous post can be found from Here . After upgraded to 4.18.23050.5, the web content filtering has backed to be working again, but now I've just noticed that another web access performance issue, the website loading time in the first time access from a 3rd party browsers are extremely longer than before. Has anyone got the same issue? My current MDE version is: AMEngineVersion : 1.1.23060.1005 AMProductVersion : 4.18.23050.5 AMServiceVersion : 4.18.23050.5 AntispywareSignatureVersion : 1.391.1600.0 AntivirusSignatureVersion : 1.391.1600.0 FullScanSignatureVersion : 1.385.1482.0 NISEngineVersion : 1.1.23060.1005 NISSignatureVersion : 1.391.1600.0 QuickScanSignatureVersion : 1.391.1418.0
Spark Zhang
Brass Contributor
Jun 16, 2023
13KViews
2likes
33Comments
Blocking file uploads to all sites, unless safelisted
We're trying to verify if we can block file uploads through the browser to all sites, unless these sites are part of an approved list or the user has an exception. We currently have a similar solution through a different vendor, but wanted to see if Defender for Endpoint is an alternative. So, if someone creates a new site, this site would not be allowed to be uploaded to unless the domain is added to an approved list. The alternative would be to block if the file has a specific label. Thanks,
DanSec
Copper Contributor
Apr 05, 2023
25KViews
0likes
29Comments
ASR: Block abuse of exploited vulnerable signed drivers
Hey there, I am seeing a recommendation to apply the ASR Rule as listed above. It looks like a fairly new edition to the series of 16 ASR rules that can be configured. However, on closer inspection there doesn't yet appear to be an Intune/Endpoint Manager option to add this under the standard Endpoint Security / Attack Surface Rules section. There's an "Intune name" and a GUID but... I don't want to push this out via a MEM OMA-URI, it fractures where all the policies are kept and makes things messy. Can I ask when it is expected to have this baked into the main Attack Surface Reduction rules section? Seems a bit daft to make recommendations to implement the setting across all your endpoints when it's not as easy as all the other rules to actually implement? Thanks very much. James
Solved
James_Gillies
Brass Contributor
Oct 08, 2021
24KViews
1like
29Comments
Remove devices from MDATP portal
We have a couple of devices that are showing in MDATP which we would like to get rid of, however we are not in a position to run any scripts... One was registered in InTune by mistake and has been unregistered, and we cannot contact the owner anymore - and its still checking in. One device failed and was rebuilt with the same name but is now showing twice. Can we remove these? Neil
Solved
neilcarden
Brass Contributor
May 21, 2020
125KViews
0likes
28Comments
Defender for Endpoint issues on Apple Silicon Macs (Issue: Action Needed)
Hi y'all, We are using Defender for Endpoint on our Intel Macs without a hitch (both corp & BYOD devices). Now we are trying to have BYOD Apple Silicon Macs deployed with Defender for Endpoint. This gives us a strange issue: The Defender for Endpoint icon in the menubar shows a warning: Action Needed. Protection works fine and everything looks okay. Only the Defender for Endpoint icon keeps showing a warning (Action Needed). When we click on the warning, just the normal Defender for Endpoint interface is shown, without any issues or actions. We can't find anything online and it's driving us crazy. To be clear: This works fine on our Intel Macs. Please some help! We are using Jamf Pro.
Solved
LeoJohn
Brass Contributor
Mar 29, 2022
14KViews
2likes
26Comments
Modern Unified MsSense.exe and CPU/disk usage on 2012 R2 after March updates
After updating servers this month, the 2012 R2 that have the ATP modern unified solution agent are seeing a massive increase in disk and cpu activity. Process monitor revealed that MsSense.exe is aggressively scanning the C:\Windows\System32\catroot directory which contains thousands of files. It seems to do this about every 10 minutes and it takes a while so it's pushing CPU to near 100 constantly. There was a MsSense.exe version update to 10.8047.22439.1056 with security update KB5005292. I am suspecting that is the cause and will be doing some comparison testing in attempts to confirm it. Anyone else seeing this behavior?
Solved
watercoold
Copper Contributor
Mar 22, 2022
24KViews
1like
25Comments

Resources

Tags

Defender14 Topics
MDATP13 Topics
Defender for Endpoint13 Topics
defender atp10 Topics
ATP10 Topics
security7 Topics
microsoft defender for endpoint6 Topics
Defender Advanced Threat Protection6 Topics
MDE5 Topics
Microsoft Defender ATP5 Topics

Share