This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 15%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Hi All,
Need your support in providing or suggesting or reference best custom KQL for Teamviewer & Anydesk for custom detection rule creation in Defender for Endpoint services. Since I am not an expert, kindly provide best available query as per your expertise.
Thanks
@karthik palani
Thank you for your post!
To gain a better understanding of your issue, can you share what you're trying to do? Any screenshots, documentation, or additional information would be greatly appreciated.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
What's your goal for the detection rule? You can retrieve the process activity for TeamViewer using the simple query below but you'll need to be specific in what you're looking for to build a detection rule.
DeviceProcessEvents
| where InitiatingProcessVersionInfoProductName == "TeamViewer"
@karthik palani
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?