question

JanSefrna-7189 avatar image
0 Votes"
JanSefrna-7189 asked

Microsoft Defender for Endpoint - too many *.ps1 scripts in C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection

Hi there,

I have several identical laptops that are used the same, but on several of them Microsoft Defender for endpoint runs .ps1 scripts in the folder C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection. Because there are dozens of these scripts, Microsoft Sentinel constantly generates Incidents based on the Process execution frequency anomaly rule. But nothing like this happens on other laptops. I can't find out what the content of these scripts is and how I should proceed to eliminate this behavior. Please, advice. Thanks, Jan.

microsoft-sentinel
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers