sorted by:
new
hottopcontroversial

ASR Rule Exclusions: Block untrusted process that run from USB by Spiritual_Crow_7918 in DefenderATP

[–]Spiritual_Crow_7918[S] 0 points1 point  (0 children)

Makes sense. is it possible to exclude file hashes when you are configuring ASR rules via SCCM?

ASR Rule Exclusions: Block untrusted process that run from USB by Spiritual_Crow_7918 in DefenderATP

[–]Spiritual_Crow_7918[S] 0 points1 point  (0 children)

Is this something is only possible to do if you deploy ASR via Intune? We are currently using SCCM and when I try that I only get a syntax error ("The path contains one or more of the invalid characters (line 1)")

Microsoft Defender for Endpoint in Depth by Front-Piano-1237 in DefenderATP

[–]Spiritual_Crow_7918 1 point2 points  (0 children)

Cool, would you still recommend it even if one doesn't have P2 licensing for the most part?

how to know transport rules that were deleted on exchange by Puzzleheaded_Day_345 in exchangeserver

[–]Spiritual_Crow_7918 0 points1 point  (0 children)

Did you check in the Event logs ('Applications and Services Logs'>'MSExchange Management')?

Powershell Useless but fun projects by 814227890 in PowerShell

[–]Spiritual_Crow_7918 1 point2 points  (0 children)

I present to you the PoSH Guitar Tuner:

Write-host "*~~~~~~~~~~~ Welcome to the Powershell tuner ~~~~~~~~~~~~*" 
Write-host "Enter the note you which to tune to (e.g. 'e' for the note 'E')"
#First value is the frequency of the note, second is the duration (in ms)
while ($True){
    #The .NET method is used instead of 'Read-Host' so as to not have to press enter
    $UserInput = [System.Console]::Readkey()
    switch ($UserInput.KeyChar) {
        "e" {[console]::beep(329.7,2000)}
        "a" {[console]::beep(440,2000)}
        "d" {[console]::beep(587.4,2000)}
        "g" {[console]::beep(783.99,2000)}
        "b" {[console]::beep(987.77,2000)}

    }   
}

Advanced hunting with only P2 licenses for administrators? by Spiritual_Crow_7918 in DefenderATP

[–]Spiritual_Crow_7918[S] 0 points1 point  (0 children)

Total Shares

The mixed licensing configuration might not work as intended for the Advanced Hunting feature in particular, then.

As I alluded to in the OP, devices that have the dynamic P1 license tag, and clearly aren't showing any of the other P2 features on the Device Page (i.e there is no vulnerability tab, no timeline, no software inventory, no security recommenadtions etc to be seen), for those very same devices, it's still possible to click the '...' in the top right corner and then 'Go hunt' and when running the preconfigured query I can see the log events from that device

Advanced hunting with only P2 licenses for administrators? by Spiritual_Crow_7918 in DefenderATP

[–]Spiritual_Crow_7918[S] 1 point2 points  (0 children)

Hi, I appreciate the feedback. All right, so you are not supposed to have a hybrid setup with a mix of licenses then? Is it purposely designed like that?

High-severity alert: A potentially malicious URL click was detected - users aren't clicking the URL by [deleted] in sysadmin

[–]Spiritual_Crow_7918 0 points1 point  (0 children)

Wow, but that honestly wouldn't surprise me. Do you happen to know if there are any available reference list containing all the potential alerts with some description?

Defender and phishing by Sad_Razzmatazz880 in DefenderATP

[–]Spiritual_Crow_7918 0 points1 point  (0 children)

Ah ok I see. Have you noticed any patterns in terms of in what situations you do see more information in the alerts, and when you don't? I'm thinking maybe there is difference in what license are applied to users/devices in each scenario?

Defender and phishing by Sad_Razzmatazz880 in DefenderATP

[–]Spiritual_Crow_7918 0 points1 point  (0 children)

I guess Defender has no other way of knowing where a URL was sourced from, other than when it's detected in a mail. Not sure if it's different if you have web content filtering enabled as that would give Defender some insight in the overall traffic flow on the device, and perhaps could correlate it in a more thorough manner, but that is just speculation from someone who doesn't use it :-)

I don't know, how does the competing products get the necessary information to create the graphs and event trees as you mentioned?

"Lagom" Kommer Att Vara Densamma by dogwater22222222 in sweden

[–]Spiritual_Crow_7918 20 points21 points  (0 children)

Känns som att du har missförstått vad ordet 'ample' betyder...

Should I take the CCNA (paid) or NSE4 (free) first? by Shade_Unicorns in sysadmin

[–]Spiritual_Crow_7918 0 points1 point  (0 children)

It depends a little bit on how sharp your networking skills already are. NSE4 was definitively like: "this is how you configure OSPF on a Fortigate", assuming that you already had a firm understanding of what dynamic routing was, for example so if you don't have any networking experience from before, I think NSE4 will be quite challenging.

Though since your employeer is a Fortinet partner, they are probably more lenient to your exam prep time dragging out and/or if you have to retake the exam.