解决 Microsoft Defender for Endpoint 实时响应问题Troubleshoot Microsoft Defender for Endpoint live response issues

适用于:Applies to:

想要体验适用于终结点的 Defender?Want to experience Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

此页面提供解决实时响应问题的详细步骤。This page provides detailed steps to troubleshoot live response issues.

在实时响应会话期间无法访问文件File cannot be accessed during live response sessions

如果在实时响应会话期间尝试采取操作时,您遇到一条错误消息,指出无法访问该文件,您需要使用以下步骤来解决此问题。If while trying to take an action during a live response session, you encounter an error message stating that the file can't be accessed, you'll need to use the steps below to address the issue.

  1. 复制以下脚本代码段并将其另存为 PS1 文件:Copy the following script code snippet and save it as a PS1 file:

    $copied_file_path=$args[0] 
    $action=Copy-Item $copied_file_path -Destination $env:TEMP -PassThru -ErrorAction silentlyContinue
    
    if ($action){
         Write-Host "You copied the file specified in $copied_file_path to $env:TEMP Succesfully"
    }
    
    else{
        Write-Output "Error occoured while trying to copy a file, details:"
        Write-Output  $error[0].exception.message
    
    }
    
  2. 将脚本添加到实时响应库。Add the script to the live response library.

  3. 使用一个参数运行脚本:要复制的文件的文件路径。Run the script with one parameter: the file path of the file to be copied.

  4. 导航到 TEMP 文件夹。Navigate to your TEMP folder.

  5. 对复制的文件运行要执行的操作。Run the action you wanted to take on the copied file.

初始连接期间实时响应会话慢或延迟Slow live response sessions or delays during initial connections

实时响应利用 Defender for Endpoint 传感器注册和 Windows 中的 WNS 服务。Live response leverages Defender for Endpoint sensor registration with WNS service in Windows. 如果实时响应的连接问题,请确认以下详细信息:If you are having connectivity issues with live response, confirm the following details:

  1. notify.windows.com 不会在你的环境中被阻止。notify.windows.com is not blocked in your environment. 有关详细信息,请参阅配置 设备代理和 Internet 连接设置For more information, see, Configure device proxy and Internet connectivity settings.
  2. 未 (WpnService) Windows 推送通知系统服务。WpnService (Windows Push Notifications System Service) is not disabled.

请参阅以下文章,以完全了解 WpnService 服务行为和要求:Refer to the articles below to fully understand the WpnService service behavior and requirements: