Microsoft Advanced threat protection

Sakshi Singh 0 Reputation points
2024-01-31T18:07:37.2+00:00

Hi, Please can someone help identify for what .ps1 scripts in C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection location used for. I've a non-persistent VDI that is apparently having Defender antimalware memory consumption issue after recent patch install. When excluding C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection from scanning the consumption is normal. Without the exclusion defender services are continuously consuming memory resources.

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2024-02-01T21:35:34.92+00:00

    Hi @Sakshi Singh , it looks like these are used for data collection by Microsoft Defender for Cloud. Microsoft Defender for Cloud collects data from your virtual machines (VMs) to assess their security state, provide security recommendations, and alert you to threats. When you first access Defender for Cloud, data collection is enabled on all VMs in your subscription. Microsoft Defender for Cloud collects and processes security-related data, including configuration information, metadata, event logs, crash dump files, and more. If excluding the C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection location from scanning resolves the memory consumption issue, it is possible that the scanning of these files is causing the issue. We can always open a ticket to look at your environment if this is the case. Please let me know if you have any questions and I can help you further. If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.