cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

False positive alert of defense evasion behavior was blocked on one endpoint

ThreatHunter007
Copper Contributor

‎Mar 03 2022 12:51 PM

‎Mar 03 2022 12:51 PM

False positive alert of defense evasion behavior was blocked on one endpoint

I am receiving a lots of alert from defender saying dense evasion was blocked on one endpoint. Normally when outlook.exe interact with .JPG file and follows by runddll32.exe used by photoviewer.dll, it trigger this alert. Does any one experience similar experience ? 

1,410 Views
0 Likes
1 Reply
Reply
1 Reply
Gary Bushey

‎Mar 04 2022 12:37 PM

‎Mar 04 2022 12:37 PM

Re: False positive alert of defense evasion behavior was blocked on one endpoint

I would think you have better luck posting this in the Defender for Endpoint group
0 Likes
Reply