Use Cases for Defender Management
Last modified by Sabrina V. on 2025/03/04 12:29
Below are two possible use cases for Defender Management:
- ASR rules: Event IDs 1121 and 1122 occur in conjunction with an lsass.exe and block the operation
- VirTool: Win32/DefenderTamperingRestore triggers a threat alert
- Full Microsoft Defender system scan uses too much CPU