Stack Overflow
Stack Overflow

Questions tagged [windows-defender]

Use with Windows Security which was formally called Windows Defender Security Center

References:
Help protect my device with Windows Security

Related tag:
Windows-Security

180 questions
0
votes
1 answer

Windows Defender - Windows Server 2019 client onboarding - via squid proxy server

I have prepared Azure environment, VMs:winsrv2019, winsrv2012. Both VMs are deployed in the isolated azure subnet (only traffic to security tools and to proxy server is allowed). In second subnet I deployed Ubuntu 16 proxy squid server, I configured…
tester81
  • 533
  • 2
  • 9
  • 28
0
votes
1 answer

flask application accessible with localhost, not accessible by IP

I have a flask app installed on a new windows 10 virtual machine. I can access the app as localhost:8081 - I want to make this available on the network. I added the firewall rule for port 8081 on windows defender as follows: When I try to access…
afshin
  • 1,783
  • 7
  • 22
  • 39
0
votes
0 answers

Parsing Windows Defender event log in PowerShell

I need to parse Windows Defender event log. With this command Get-WinEvent -LogName "Microsoft-Windows-Windows Defender/Operational" | Where-Object { $_.LevelDisplayName -ne "Information" } | Select-Object -ExpandProperty Message I get this…
rga.cz
  • 53
  • 6
0
votes
1 answer

How do I use Get-MPComputerStatus from Remote PC?

I am trying to get Domain pc's Antimalware status remotely, using powershell script. The following code works as expected, except I do not know how to pass the -computername parameter to the Get-MpComputerStatus command. It will return the Malware…
mikey814
  • 3
  • 1
  • 2
0
votes
1 answer

Running a kusto query to find servers not reporting in ATP for more than 24 hours does not provide with correct information

I am trying to get the servers which did not report for more than 24 hours in ATP and running the following, but getting incorrect data: DeviceInfo | where isnotnull(OSBuild) | summarize last_seen = max(Timestamp) by DeviceId, DeviceName,…
1nkotb
  • 7
  • 9
0
votes
2 answers

Windows Defender Blocking Installer (MSI) for a 32-bit, MFC app on Customer PCs

I'm supporting a 32-bit, MFC-based application. For deployment to customers an MSI installer file is created via Visual Studio 2015. I have some customers reporting that the cannot install the application due to Microsoft Defender reporting a…
Mark Malburg
  • 125
  • 1
  • 9
0
votes
1 answer

Cannot Dismiss alert in Azure Security Center via REST operation. UnsupportedResourceOperation

I have Azure Storage with Windows Defender. When a file/component uploads with malware we have alerts in the Azure Security Center. I use Azure REST API to read and process that malware automatically. We have a custom workflow to process them. At…
Md Monjur Ul Hasan
  • 1,705
  • 1
  • 13
  • 36
0
votes
1 answer

How Can I Find The Current Windows Defender Executable Location? And Why Are There Many?

Microsoft has multiple versions of the Defender executable (MpCmdRun.exe) installed on my computer. There is an obvious one in "C:\Program Files\Windows Defender\MpCmdRun.exe" but then two others in "C:\ProgramData\Microsoft\Windows…
BoCoKeith
  • 817
  • 10
  • 21
0
votes
1 answer

Find a domain within URL with Kusto (Defender ATP Advanced Hunting)

There's an external list of malicious domains/URL's, and I want to periodically search the logs, but there's an obvious problem: let abuse_domain = (externaldata(sentinel_domain: string…
Mullets4All
  • 39
  • 1
  • 8
0
votes
1 answer

Windows Defender and handling downloaded PowerShell scripts

I use Set-ExecutionPolicy RemoteSigned and download some scripts and modules. These are my scripts so they are not signed. I could use Bypass or RemoteSigned or Unrestricted. I feel that Unrestricted feels a bit over the top so I got with…
YorSubs
  • 3,194
  • 7
  • 37
  • 60
0
votes
1 answer

Problem with returning only subset of machines from Microsoft Defender ATP through API call using filter

I'm trying to get a subset of machines from Microsoft Defender ATP through API calls using OData $filter queries following Microsoft's instructions…
Planet-9
  • 37
  • 5
0
votes
1 answer

Controlled folder access blocked imager but no notifications from Windows defender in notification bar

I was attempting to use the Raspberry Pi imager - and it kept failing, it is a 32GB drive so I had to use the erase first or manually format as FAT32 - I found I could format the drive using the Storage manager , or on oher machines but then the…
Ross
  • 186
  • 1
  • 8
0
votes
0 answers

Python program being blocked by windows defender

Hi i have been trying to make a program for my school that can get questions form a web server and use TTS to say them on a speaker. When i try to upload the version that has been ran through Pyinstaller to any thing it gets blocked for being a…
Tyler Lewis
  • 13
  • 7
0
votes
1 answer

How to bypass Microsoft Defender from my qt installer?

I have created an installer using the qt Installer in W8.1. When I want to install it in W10, Microsoft Defender is showing me a security message: How I can bypass this message?, my software is using just a camera, I didn't have any problem in…
Kintaro Oe
  • 161
  • 1
  • 5
0
votes
1 answer

Windows Defender defines completely harmless code as potentially dangerous software

import ctypes shellcode = bytearray(b"SHELLCODE WAS HERE") ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40)) buf = (ctypes.c_char *…
Extrenz Arnautov
  • 1
1 2 3
11 12