Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [windows-defender]

21 questions
6
votes
1 answer

Managing Windows Defender in small business domain (is a nightmare)

I've spent a few months rolling out Group Policy for Windows Defender on a small business domain (about 25 workstations), and gathering the results with Event Viewer. (We are not running SCCM) I have it set to run a quick scan everyday, and a full…
corporate_IT_drone
  • 61
  • 4
2
votes
2 answers

Defender ATP public IP addresses

Does anybody know the IP addresses Microsoft uses for their Defender ATP Service? I can find the associated domain names but not a reliable source of the IP addresses being used.
TobyU
  • 191
  • 1
  • 8
1
vote
0 answers

Windows Firewall - Protected network connections?

In Windows Defender Firewall, under Advanced Settings, there is a "Protected network connections" setting for each profile (Domain, Public, Private). An image of this setting: Protected network connections My goal is to block all connections on…
Rudolfking
  • 11
  • 1
1
vote
2 answers

Is it safe to delete Windows Defender Scans History Files?

OS: Windows 10 Pro (used as production server to host websites, and mail functions.) I've noticed that de-fragmenting my hard drive (using MyDefrag v4.3.1) it's taking for ever to work itself through this C:\ProgramData\Microsoft\Windows…
MeSo2
  • 203
  • 2
  • 13
1
vote
0 answers

MMC crash during remote firewall management

Using MMC, I'm attempting to remotely manage the Windows Defender Firewall on our Hyper-V Server 2019 instance (no GUI, CLI only). The NetBIOS name is SERVER1. The Windows Defender Firewall Remote Management rules are enabled: Name …
InteXX
  • 703
  • 12
  • 29
0
votes
0 answers

BSOD Critical_Process_Died after enabling Windows Defender Firewall

Server 2019 1809 17763.914 running Remote Desktop Services and all updates are applied. On reboot, the Windows Defender Firewall is stopped (even though it is set to automatically start) and when I manually start the service (via any command line,…
SkywalkerIsNull
  • 1
  • 2
0
votes
0 answers

How to make Windows Defener trust my applications at company level

In my company, I made some Windows form applications for internal use. They're some client-server applications, client is C# windows form (.NET4.6), server is ASP.NET REST API, publish using ClickOnce. Everytime user start application, Windows…
Luke
  • 101
  • 1
  • 9
0
votes
1 answer

Windows defender real-time protection "disabled"

Initially windows defender was disabled for some reason in Windows server 2016. I enabled it from gpedit.msc by disabling "Turn off windows defender". When opening Windows defender, it shows real-time protection "disabled". I went to settings and…
Bose
  • 1
  • 2
0
votes
0 answers

Windows Defender Real Time Scan

Windows Defender would not detect in real time a new Malware hidden in a .zip file. If I scan the .zip file after it was downloaded from the website it does detect it and deletes it. Zip file is not protected and it has a simple .exe inside; there…
KCJ
  • 1
  • 1
  • 3
0
votes
0 answers

Performance issues running VBScript code because of calls to th Antimalware Scan Interface (AMSI)

I am working with an application that processes a table and for each row it is creating a very simply visual basic script and executing it before other processes are executed. The Vbs script is just an If - Else statement with some simple logic that…
Sergio Prats
  • 101
  • 1
0
votes
1 answer

Exchange Online - Reporting on blocked users

There is a feature in Exchange Online which blocks users from being able to send email when they send too many emails in a time period. It usually triggers either when a user sends a load of emails via Mail Merge or when their account gets…
Norphus
  • 165
  • 1
  • 2
  • 12
0
votes
1 answer

Whitelist mailboxes from being blocked from sending emails due to the "User restricted from sending email" alert policy in microsoft365 security?

I have a couple of mailboxes that are periodically being blocked from sending emails due to the "User restricted from sending email" alert policy within the security and compliance center in microsoft 365. I can unblock them fine, but would like to…
Blimey
  • 1
0
votes
0 answers

Defender for Identity health issues

I am having some difficulties in fixing health issues on my companies MDI instance. The error I am facing on all our virtualized domain controllers is : "Some network traffic could not be analyzed" According to Micorosft docs, they are suggesting…
Cranta Ionut
  • 179
  • 3
  • 3
  • 12
0
votes
0 answers

How do I observe Windows Defender Alerts/Prompts on Server Core

We've got this situation that's been going on for awhile where installing our product on our own server core production machine just hangs up. The ops guy is actually logged into the server over remote desktop, runs the installer, and watches it run…
joshudson
  • 395
  • 3
  • 10
0
votes
0 answers

Windows Defender - Windows Server 2019 client onboarding - via squid proxy server

I have prepared Azure environment, VMs:winsrv2019, winsrv2012. Both VMs are deployed in the isolated azure subnet (only traffic to security tools and to proxy server is allowed). In second subnet I deployed Ubuntu 16 proxy squid server, I configured…
tester81
  • 111
  • 2
1
2