Microsoft Defender Log4j scanner triggers false constructive alerts

January 1, 2022

239

[ad_1]

Microsoft Defender Log4j scanner triggers false constructive alerts

Microsoft Defender for Endpoint is presently exhibiting “sensor tampering” alerts linked to the corporate’s newly deployed Microsoft 365 Defender scanner for Log4j processes.

The alerts are reportedly primarily proven on Home windows Server 2016 techniques and warn of “doable sensor tampering in reminiscence was detected by Microsoft Defender for Endpoint” created by an OpenHandleCollector.exe course of.

Admins have been coping with this challenge since a minimum of December 23, in keeping with buyer experiences.

Whereas this Defender course of’ conduct is tagged as malicious, there’s nothing to fret about since these are false positives, as revealed by Tomer Teller, Principal Group PM Supervisor at Microsoft, Enterprise Safety Posture.

Microsoft is presently trying into this Microsoft 365 Defender challenge and engaged on a repair that the corporate ought to quickly ship to affected techniques.

“That is a part of the work we did to detect Log4J cases on disk. The staff is analyzing why it triggers the alert (it should not in fact),” Teller defined.

As Microsoft shared on Tuesday, this newly deployed Log4j scanner was rolled out with a new consolidated Microsoft 365 Defender portal Log4j dashboard for menace and vulnerability administration.

The brand new dashboard is designed to assist clients determine and remediate information, software program, and gadgets uncovered to assaults exploiting Log4j vulnerabilities.

Since October 2020, Home windows admins needed to take care of different Defender for Endpoint, together with one which marked Workplace paperwork as Emotet malware payloads, one which confirmed community gadgets contaminated with Cobalt Strike, and one other that tagged Chrome updates as PHP backdoors.

Similar. and appears prefer it’s received one thing to do with searching for log4j based mostly on commandline. emails began inside the final hour for me and have not stopped

“OpenHandleCollector.exe” -p:java.exe -p:javaw.exe -p:eclipse.exe -f:log4j

— Blake (@irestartpcs) December 29, 2021

It is a creating story …

[ad_2]

Microsoft Defender Log4j scanner triggers false constructive alerts

Microsoft Azure ‘AutoWarp’ Bug May Have Let Attackers Entry Prospects’ Accounts

Id Assaults Threaten Workloads, Not Simply People

Pattern Micro Endpoint Encryption vs. Broadcom Symantec Endpoint Encryption

LEAVE A REPLY Cancel reply

Most Popular

Engaged on a Scrum Group Coaching: Public Course Now Obtainable:

Introducing the Insider Incident Knowledge Trade Normal (IIDES)

Chris Patterson on MassTransit and Occasion-Pushed Methods – Software program Engineering Radio

LangChain and Agentic AI Engineering with Erick Friis

Free Video Coaching – Scrum Staff Reset – Video #1 Out there Now

Cyber-Knowledgeable Machine Studying

Charles Humble on Skilled Expertise for Software program Engineers – Software program Engineering Radio

The Subsea Cable Community with Josh Dzieza

Digital Forensics with Emre Tinaztepe

Fallout: London with Daniel Morrison Neil and Jordan Albon

Recent Comments

ABOUT US

POPULAR POSTS

Engaged on a Scrum Group Coaching: Public Course Now Obtainable:

Introducing the Insider Incident Knowledge Trade Normal (IIDES)

Chris Patterson on MassTransit and Occasion-Pushed Methods – Software program Engineering Radio

POPULAR CATEGORY