Microsoft Defender Log4j scanner triggers false constructive alerts
Microsoft Defender for Endpoint is at present displaying “sensor tampering” alerts linked to the corporate’s newly deployed Microsoft 365 Defender scanner for Log4j processes.
The alerts are reportedly primarily proven on Home windows Server 2016 programs and warn of “potential sensor tampering in reminiscence was detected by Microsoft Defender for Endpoint” created by an OpenHandleCollector.exe course of.
Admins have been coping with this difficulty since no less than December 23, in line with buyer studies.
Whereas this Defender course of’ conduct is tagged as malicious, there’s nothing to fret about since these are false positives, as revealed by Tomer Teller, Principal Group PM Supervisor at Microsoft, Enterprise Safety Posture.
Microsoft is at present trying into this Microsoft 365 Defender difficulty and engaged on a repair that the corporate ought to quickly ship to affected programs.
“That is a part of the work we did to detect Log4J cases on disk. The workforce is analyzing why it triggers the alert (it should not in fact),” Teller defined.
As Microsoft shared on Tuesday, this newly deployed Log4j scanner was rolled out with a new consolidated Microsoft 365 Defender portal Log4j dashboard for menace and vulnerability administration.
The brand new dashboard is designed to assist clients determine and remediate information, software program, and gadgets uncovered to assaults exploiting Log4j vulnerabilities.
Since October 2020, Home windows admins needed to take care of different Defender for Endpoint, together with one which marked Workplace paperwork as Emotet malware payloads, one which confirmed community gadgets contaminated with Cobalt Strike, and one other that tagged Chrome updates as PHP backdoors.
Identical. and appears prefer it’s received one thing to do with on the lookout for log4j based mostly on commandline. emails began inside the final hour for me and have not stopped
“OpenHandleCollector.exe” -p:java.exe -p:javaw.exe -p:eclipse.exe -f:log4j
— Blake (@irestartpcs) December 29, 2021
This can be a creating story …
