question

PeterLane-0978 avatar image
0 Votes"
PeterLane-0978 asked vipulsparsh-MSFT commented

Microsoft Defender Endpoint Application Control

Hi all,

I would like to find out if MDE application control is capable of the following (Im not expecting all to be answered):-

  • Monitoring of process launch attempts


  • Can processes be block


  • Can processes be defined by fingerprint/hash


  • Process exclusion based on argument regex string


  • File read/create/delete/write attempt monitoring


  • Is DLL Load monitoring possible


  • Can processes be monitored whilst allowing further rules to be analyzed (continue processing other rules)


  • Can log events including severity


  • Can notify user of policy actions


  • Can processes be monitored based on wildcard expressions


Any help is much appreciated, thank you.




windows-10-security
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PeterLane-0978 Thanks for reaching out. This can be best answered in the dedicated forum for M365 Defender :
https://techcommunity.microsoft.com/t5/microsoft-365-defender/bd-p/MicrosoftThreatProtection

Appreciate if you can ask it there.

1 Vote 1 ·

0 Answers