[ad_1]
Microsoft Defender for Endpoint is at present exhibiting “sensor tampering” alerts linked to the corporate’s newly deployed Microsoft 365 Defender scanner for Log4j processes.
The alerts are reportedly primarily proven on Home windows Server 2016 methods and warn of “potential sensor tampering in reminiscence was detected by Microsoft Defender for Endpoint” created by an OpenHandleCollector.exe course of.
Admins have been coping with this situation since not less than December 23, in line with buyer studies.
Whereas this Defender course of’ habits is tagged as malicious, there’s nothing to fret about since these are false positives, as revealed by Tomer Teller, Principal Group PM Supervisor at Microsoft, Enterprise Safety Posture.
Microsoft is at present trying into this Microsoft 365 Defender situation and dealing on a repair that the corporate ought to quickly ship to affected methods.
“That is a part of the work we did to detect Log4J cases on disk. The staff is analyzing why it triggers the alert (it should not in fact),” Teller defined.
As Microsoft shared on Tuesday, this newly deployed Log4j scanner was rolled out with a new consolidated Microsoft 365 Defender portal Log4j dashboard for risk and vulnerability administration.
The brand new dashboard is designed to assist prospects determine and remediate recordsdata, software program, and units uncovered to assaults exploiting Log4j vulnerabilities.
Since October 2020, Home windows admins needed to take care of different Defender for Endpoint, together with one which marked Workplace paperwork as Emotet malware payloads, one which confirmed community units contaminated with Cobalt Strike, and one other that tagged Chrome updates as PHP backdoors.
Identical. and appears prefer it’s acquired one thing to do with in search of log4j based mostly on commandline. emails began throughout the final hour for me and have not stopped”OpenHandleCollector.exe” -p:java.exe -p:javaw.exe -p:eclipse.exe -f:log4j
— Blake (@irestartpcs) December 29, 2021
It is a growing story …
[ad_2]