Windows 10: Defender ATP, Storage Servers, $Home Drives

In an enterprise, users can have $Home drives, Roaming Profiles, and/or Shell folders like Desktop/Documents located on a storage server.

Is anyone seeing DATP quarantining the same file non-malicious file, creating the same alert, because it doesn't get removed? How is the false-positive file returning if it says it was quarantined??


--

I know it should be deleted in both places.

So, there's a couple of ways to ask this question.


Can there be a situation where Defender ATP quarantines a file on a computer, but the storage server puts it back and creates a loop of alerts?

Is there ever a case where DATP removes something, but doesn't sync to storage and delete that copy?

Could the large enterprise have a setup where the file has to be removed on a computer and specific from the server's drive itself?


You might have seen when DATP keeps quarantining the same file over and over, creating the same alert. I'm not truly concerned with malware persistence or the Registry/bigger concerns/types of malware/etc, but instead quarantining any file and continuously creating an alert because of how infrastructure is set up.


Technically, DATP should delete your file and it's gone everywhere, but Microsoft can create unexpected, variable situations where its not fixed by definition. I had a situation like this with OneDrive syncing to my personal computer after a reimage. The file name was in a .tmp state, so AV>OneDrive>AV>OneDrive, and I couldn't go and just delete it.

:)

 

Defender ATP

Hi,



Thank you for writing to Microsoft Community Forums.



Usually we do not suggest to disable Windows Defender feature, Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents, and improves security posture. However, if you
still wish to disable it, please follow the steps mentioned below and check if it helps:

1. Open Windows Settings (Windows key + I).
   
2. Then click on Updates & Settings.
   
3. Then click on Windows Security.
   
4. You can disable Cloud based and automatic submissions.
   

If you need any additional assistance, then please write back with the following information:

1. What is the exact error message which you are getting?
   
2. Is the issue specific to an application?
   
3. Could you please
   post a screenshot for a better understanding?
   

Regards,

 

How to setup window defender ATP?

I would like to know on how to setup window defender ATP

Does anyone have any suggestions?

Thanks in advance for any suggestions

 

Windows Defender ATP.

Why isn't the Windows Defender ATP platform available with Windows 10 Pro for free? What's the difference between Windows Defender and Windows Defender ATP? If you're going to make Windows 10 the best operating system ever, the virus and malware protection
has to be the best too. So having one Windows Defender ATP across the whole Windows 10 ecosystem for free is better then having two different virus and malware platforms?