sysmon-modular
sysmon-modular copied to clipboard
Suggested additions to Microsoft Defender ProcessCreation event
Hi Olaf,
I would recommend to add those exclusions for Windows Defender for endpoints (EDR): C:\Program Files\Windows Defender Advanced Threat Protection\SenseNdr.exe C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
There are also other binaries, but they are located within the C:\Program Files\Windows Defender\ folder, which is already excluded.
HTH. Thanks.
Phil