PeterLane-0978 avatar image
0 Votes"
PeterLane-0978 asked vipulsparsh-MSFT commented

Microsoft Defender Endpoint Application Control

Hi all,

I would like to find out if MDE application control is capable of the following (Im not expecting all to be answered):-

  • Monitoring of process launch attempts

  • Can processes be block

  • Can processes be defined by fingerprint/hash

  • Process exclusion based on argument regex string

  • File read/create/delete/write attempt monitoring

  • Is DLL Load monitoring possible

  • Can processes be monitored whilst allowing further rules to be analyzed (continue processing other rules)

  • Can log events including severity

  • Can notify user of policy actions

  • Can processes be monitored based on wildcard expressions

Any help is much appreciated, thank you.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PeterLane-0978 Thanks for reaching out. This can be best answered in the dedicated forum for M365 Defender :

Appreciate if you can ask it there.

1 Vote 1 ·

0 Answers