question

DatTruongManh-1313 avatar image
0 Votes"
DatTruongManh-1313 asked DatTruongManh-1313 commented

How Microsoft 365 Defender detect malware on user device, and how to see a detail report about it?

Hi All,

Recently the Microsoft 365 Defender on my tenant has detected some malware activity on some devices, but I have a hard time finding where the detailed report on those activities lies.

For instance, in the picture below, I can only see that there are 2 devices have malware detected, but there is no other information such as which type of malware, where the malware is on the device, how M365 Defender detects them, and if the device is not Intune-enrolled, can the Defender still detect malware.

127506-image.png

I hope that someone can give some guidance about this.

Warm regards,
DatTM

PS: I do not know which is the correct tag for this question, so I leave it at windows-10-security.


windows-10-security
image.png (11.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

sbairu avatar image
0 Votes"
sbairu answered DatTruongManh-1313 commented

Hi DatTruongManh-1313

Let’s have a look at the alert dashboard in the portal as shown in the ATTACHED PIC. You can navigate to the alert overview by selecting Incidents & Alerts and then select Alerts. Note that you can also filter alerts for specific products, like Microsoft Defender for Endpoint, with the built-in filtering capability in the portal

127552-defender.png




Reference:https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/alerts?view=o365-worldwide

If this article helps, please mark this post as helpful.


defender.png (99.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi sbairu,
I have tried to look into the alerts and filtered them out as you suggested, but there is no data to display.
133405-image.png

Hence, one of the two devices is marked as active malware, yet there is still no alert about when the malware becomes active on the user device.
133423-image.png


0 Votes 0 ·
image.png (95.3 KiB)
image.png (56.7 KiB)