Hi there,
I have several identical laptops that are used the same, but on several of them Microsoft Defender for endpoint runs .ps1 scripts in the folder C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection. Because there are dozens of these scripts, Microsoft Sentinel constantly generates Incidents based on the Process execution frequency anomaly rule. But nothing like this happens on other laptops. I can't find out what the content of these scripts is and how I should proceed to eliminate this behavior. Please, advice. Thanks, Jan.