Microsoft Defender Log4j Problem Scanner finds non-existent bugs

Updated: Feb 18

The media reports that Microsoft Defender for Endpoint is showing false warnings about some kind of “sensor tampering” associated with the recently deployed Microsoft 365 Defender scanner for Log4j processes.

According to Bleeping Computer , such warnings mostly appear on Windows Server 2016 systems and read: “Microsoft Defender for Endpoint has detected possible sensor tampering with memory.” These warnings apply to the OpenHandleCollector.exe process.


Microsoft representatives have already told outraged administrators that there is really nothing to worry about, as these are false positives. It is known that at the present time the company’s engineers are already studying the problem and are working on a patch , which should soon be released for all systems affected by the problem.


“THIS IS PART OF OUR ACTIVITY TO FIND INSTANCES OF LOG4J ON DISK. OUR TEAM IS ALREADY ANALYZING WHY A WARNING APPEARS BECAUSE OF THIS (OF COURSE, IT SHOULD NOT BE SO), ”THE COMPANY EXPLAINS.

Journalists note that administrators are most likely already accustomed to the oddities in Microsoft Defender for Endpoint. After all, he previously marked Office documents as Emotet payloads, reported that network devices were infected with Cobalt Strike, and considered Chrome updates to be PHP backdoors.


from Threat IT Staffhttps://threatit.com

5 views0 comments

Recent Posts

See All

9 hot (and not) cybersecurity trends: Hot – Ransomware Hot – Cryptomining/Cryptojacking Hot – Deepfakes Hot – Videoconferencing attacks Cold – VPNs Hot – IoT and OT attac

Zero Trust has become one of cybersecurity’s most used buzzwords. It’s imperative to understand what Zero Trust is, as well as what Zero Trust isn’t. Zero Trust is a strategic approach to cybersecu

Create a blog post subtitle that summarizes your post in a few short, punchy sentences and entices your audience to continue reading. Welcome to your blog post. Use this space to connect with your rea