Hi, The last few days we are experiencing mass endpoint quarantines
because otelrules.azureedge.net is flagged as an indicator of compromise
on our Fortigates / FortiAnalyzer. otelrules.azureedge.net is number 92
on the required urls for Office 365 t...
The last few weeks we are seeing Microsoft or Intel Signed files classed
as FSA/RISK_HIGH in both the FortiClient as the Fortigates. Our
FortiClients are configured to explicitely NOT upload files signed by
trusted sources (Like Microsoft, Intel, etc...
We are fine with some false positives, we understand they happen, and
think it is better to be safe then sorry in most cases. But if you issue
an IOC on known urls for Microsoft cloud services...you have to be super
duper sure of your case, otherwise...
Hi Vraev, License of post breach detection installed.License
expiration_str: 2025-03-25 The other commands just completed, no
results...This night again around midnight, a lot of IOC's on
otelrules.azureedge.net.
Already did, yesterday, and today again. Also got report that they
removed it from IOC database, checked our version was higher than the
version in which they whitelisted. Still IOC's are being triggered.
Hi Robert, I also opened a case at TAC for these files.They assured me
that the files are now flagged clean (we already whitelisted in EMS)
What I do not understand is why the sandbox flags files as malicious
when they are signed by Microsoft. If the...
Hi Graham, For PXE to work with SCCM we need a SECOND IP helper, next to
the DHCP IP helper. This is because the DHCP scope options are
officially not support by Microsoft.(I know it works, but running
unsupported configs is never a good idea) PXE cl...