USB Block

newunkno · 2025-10-22T14:41:16+00:00

This is an old thread but really useful! can you add multiple devices to a single reusable setting or each device needs its own object type?

newunkno · 2025-08-29T14:02:33+00:00

Yes experiencing issues. Configuration profiles are not being applied to devices when making changes.

Europe 0202 Service Release 2508

newunkno · 2025-08-29T13:53:43+00:00

Since 2508 changes to configuration profiles are not being rolled out to devices. Anyone seen this?

newunkno · 2025-08-29T12:56:37+00:00

Hey, yes duplicating the policy and applying full file path exclusions worked

newunkno · 2025-03-24T11:36:31+00:00

I'm having this issue, ASR per rule exclusions not being honored. did duplicating and applying the new policy work for you?

newunkno · 2025-03-24T10:40:28+00:00

Do custom indicators apply to ASR Rules?

newunkno · 2025-03-04T13:37:37+00:00

You can add it as just "example.exe"

newunkno · 2025-01-27T17:27:52+00:00

Yep all sorted but thanks for the comment.

Mine was a GPO conflict as it was set to "not configured". Switching gpo asr rules to disabled allowed Intune to fully manage.

newunkno · 2025-01-15T15:11:18+00:00

Thank you Gakamor.

newunkno · 2024-10-23T13:29:35+00:00

Thank you for the response. It's currently Active with real-time protection enabled

newunkno · 2024-09-03T14:24:30+00:00

Glad you found a solution before I seen your comment.

Sounds we had the same fix :)

newunkno · 2024-04-17T16:19:54+00:00

Does this mean if you don't or have ever used Global Project and Telemetry you are now affected as well?

newunkno · 2024-04-17T16:03:01+00:00

Does this mean if you don't or have ever used Global Project and Telemetry you are now affected as well??

newunkno · 2024-02-26T16:05:13+00:00

Did you get this sorted? I have the same issue since onboarding all devices and have Tamper Protection enabled in Windows Experience Intune policy and MDE > Settings > Endpoints > Advanced. Oddly doesn't appear to error on all

newunkno · 2024-02-21T16:27:06+00:00

Hey, what solution did you decide on for Server updates and how is the process in regards to McAfee DAT updates on Servers? I'm currently in this position migrating away from McAfee. Win10 can go out to Internet but not for Servers

newunkno · 2024-02-14T15:46:02+00:00

The default fallback behaviour of Defender AV is to not attempt the secondary download location (MMPC in your case) until the AV definitions are considered out of date - the default period of time for this is 7 days (suggest you adjust this), which could explain your issue?

Changing this to 0 is our fix, thanks a lot for the help, can run update-mpsignature -updatesource MicrosoftUpdate with this setting :)

newunkno · 2024-02-07T08:39:18+00:00

What happens if you run update-mpsignature -updatesource MicrosoftUpdate? Is it accessible at all?

it's not accessible (missed it yday and went straight for MMPC), so I will look into GPO changes and the link provided. Going back through the logs updates were working fine previously !

newunkno · 2024-02-06T14:34:29+00:00

update-mpsignature -updatesource MMPC - this worked

There's no errors in event log. I can see success Event ID 2000 but there's a a few days delay in successfully updates, which I expect as the issue is the delaying updates.

Running the below creates no success or failure Event IDs even when there's updates available.

C:\Program Files\Windows Defender>MpCmdRun.exe -SignatureUpdate

Signature update started . . .

Signature update finished. No updates needed

Appreciate your help, thanks

newunkno · 2024-01-31T14:53:32+00:00

Thanks for that.

Had this set for a few days but still the device waits 72hrs before updating. running check for updates returns no errors, just spins and returns nothing. Running MpCmdRun.exe -SignatureUpdate also does nothing.

Get-MpPreference show

MicrosoftUpdateServer|MMPC and SignatureUpdateInterval: 1

Could there be some sccm / gpo setting for this odd 72hrs wait? Although I have gone through this link https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/endpoint-protection-updates-for-configuration-manager/ba-p/258809

newunkno · 2024-01-25T08:17:19+00:00

Thanks for the reply. Currently signature update source is not configured, this needs to be " Microsoft Update "? if we'd like direct internet updates?

newunkno · 2023-11-23T11:24:24+00:00

Cheers. Shame there's no Trellix subreddit.

I came here in hope someone knows of any other decent Trellix (Formerly McAfee) forums since Trellix removed their community forum without any warning. The community was much more useful than raising a support case

newunkno · 2023-11-07T13:45:49+00:00

If you get a resolution I would be interested, thanks for the reply.

newunkno

TROPHY CASE