Microsoft Defender for Endpoint is presently displaying "sensor tampering" alarms for Log4j processes, which are related to the company's newly created Microsoft 365 Defender scanner.
Windows has been experiencing a variety of other alert difficulties with Defender for Endpoint since October 2020. This includes an alert that incorrectly identified Office documents as Emotet malware payloads, another that incorrectly identified network devices as Cobalt Strike infected, and still another that incorrectly identified Chrome upgrades as PHP backdoors.
Microsoft 365 Defender not only unifies your perspective on security events across many advancements but also offers a slew of advanced connectivity and automation capabilities.
This increases the effectiveness and viability of having a security investigator on staff. Microsoft has been working on the secret foundations for Microsoft 365 Defender for quite some time now, employing Microsoft 365 Defender will assist you with running inquiries that can recognize any or the entirety of the accompanying:
- Machines tainted with a particular payload.
- Altered letter drops.
- Malevolent action and the personalities in question.
- Weaknesses brought about by an uncovered CVE.
Microsoft 365 Defender consolidates the telemetry and bits of knowledge drawn from the accompanying items:
- Microsoft Defender for Office 365 (recently known as Office 365 Advanced Threat Protection)
- Microsoft Defender for Identity (recently known as Azure Advanced Threat Protection)
- Microsoft Defender for Endpoint (recently known as Microsoft Defender Advanced Threat Protection)
- Microsoft Cloud App Security (MCAS)
- Purplish blue Identity Protection (AIdP)
Microsoft 365 Defender brings all of these advancements together in a single security task center. You can see how Microsoft 365 Defender associates and provides information from these advancements in the control center, and you may use crucial automated exercises to address them.
Although the behavior of this Defender process is categorized as malicious, there is no need to be concerned because these are false positives, as per Tomer Teller, Principal Group PM Manager at Microsoft, Enterprise Security Posture,
Microsoft is presently researching the Microsoft 365 Defender issue and working on a patch that should be available to affected PCs soon. "This is a result of our efforts to detect Log4J instances on disc." "The team is looking into why this is causing the warning," Teller further added.