SwiftOnSecurityAug 12, 2025

RT by @SwiftOnSecurity: Defender AV Platform v4.18.25070.5

◽Enhanced Passive Mode Scanning Behavior ◽Improved Tamper Protection Handling ◽Digital Signature Verification Performance Boost ◽Refined ASR Rule Exclusion Processing

#MDAV #MDE #ASR

🐦🔗: https://nitter.oksocial.net/fabian_bader/status/1955339624777228540#m

[2025/08/12 18:44]

Fabian BaderAug 12, 2025

Defender AV Platform v4.18.25070.5

◽Enhanced Passive Mode Scanning Behavior
◽Improved Tamper Protection Handling
◽Digital Signature Verification Performance Boost
◽Refined ASR Rule Exclusion Processing

#MDAV #MDE #ASR

Fabian BaderJul 10, 2023

Microsoft Defender for Endpoint news

▫️MacOS support isolation (Preview)
▫️MacOS and Linus support on demand AV scanning (Preview)
▫️Manage all your #MDE #MDAV client settings directly from the portal without hybrid join 🎉

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?WT.mc_id=AZ-MVP-5004810#july-2023

What's new in Microsoft Defender for Endpoint

See what features are generally available (GA) in the latest release of Microsoft Defender for Endpoint, and security features in Windows 10 and Windows Server.

Fabian BaderMar 11, 2023

As of 07.03.2023 (Release of signature 1.383.1159.0) tamper protection is no longer enforcing "Allow Scanning Network Files".

If you still want this to be enabled, make sure your Intune or GPO configuration has this value set.

#MDAV #MDE #M365D #TamperProtection

RaphaelFeb 24, 2023

Easy script to update AV exclusions on #Exchange 2019 #MDAV #MDE
https://github.com/0x3e4/PowerShell/blob/main/Exchange/Get-Exchange2019AVExclusions/Get-Exchange2019AVExclusions.ps1

Related: https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464?WT.mc_id=AZ-MVP-5004810

PowerShell/Get-Exchange2019AVExclusions.ps1 at main · 0x3e4/PowerShell

Contribute to 0x3e4/PowerShell development by creating an account on GitHub.

GitHub
Fabian BaderFeb 23, 2023

Update on the #Exchange Server Antivirus Exclusions

Microsoft finally removed the recommendation to exclude PowerShell.exe and w3wp.exe and two others from the official documentation

#MDAV #MDE

https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464?WT.mc_id=AZ-MVP-5004810

Update on the Exchange Server Antivirus Exclusions

For years we have been saying how running antivirus (AV) software on your Exchange Servers can enhance the security and health of your Exchange organization. We’ve also said that if you are deploying file-level scanners on Exchange servers, make sure that the appropriate exclusions, such as director...

TECHCOMMUNITY.MICROSOFT.COM
Fabian BaderFeb 2, 2023

100% pure cloud based management of #MDE devices is coming closer.

See the latest Microsoft blog "Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices"

#ASR #MDAV

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/push-asr-rules-with-security-settings-management-on-microsoft/ba-p/3635129?WT.mc_id=AZ-MVP-5004810

Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices

In May 2022, we announced the general availability of Security Settings Management for Microsoft Defender for Endpoint. This release empowered security teams to configure devices with their desired antivirus, EDR and firewall settings without needing to deploy and implement additional tools or infra...

TECHCOMMUNITY.MICROSOFT.COM
Fabian BaderJan 21, 2023

Just published a small update to my "The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions" post, adding information on the new tamper protection capabilties for custom exclusions.

#MDAV #MDE #Exclusions #tamperprotection

https://cloudbrothers.info/en/guide-to-defender-exclusions/

The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions

Since Microsoft Defender for Endpoint is a suite of products, rather than just one single piece of software, there are various places where you can create exclusions for different features. Also, there are integrations in other products, that result in possible side effects when enabling certain settings. Most of these products have separate documentations, there is no single documentation page that contains all the information about exclusions available in Microsoft Defender for Endpoint.

Fabian BaderJan 16, 2023

Version 1.1 of the Microsoft LNK recovery script with added support to restore from the Volume Shadow Copy Service released

#ASRmagedon #MDE #MDAV

https://github.com/microsoft/MDE-PowerBI-Templates/blob/master/ASR_scripts/AddShortcuts.ps1

MDE-PowerBI-Templates/AddShortcuts.ps1 at master · microsoft/MDE-PowerBI-Templates

A respository for MDATP PowerBI Templates. Contribute to microsoft/MDE-PowerBI-Templates development by creating an account on GitHub.

GitHub
Fabian BaderJan 15, 2023

My blog post from July last year became more relevant since last Friday then I had hoped.

But now is a good time to think about using the gradual rollout process for Microsoft Defender updates.

#M365D #MDAV #MDE #ASRmagedon

https://cloudbrothers.info/en/gradual-rollout-process-microsoft-defender/

Gradual rollout process for Microsoft Defender

One of the features of Microsoft Defender Antivirus that, in my opinion, is overlooked by most, is the ability to control the rollout of all components of Microsoft Defender Antivirus by selecting different release channels. This allows for a more gradual rollout of security intelligence updates, the engine as well as the AV platform. Different update types But let’s take a step back and get a common understanding whats the difference between those different updates is and how they are deployed.