Security News > 2020 > October > Microsoft Defender ATP Users Get False Positive Alerts for Mimikatz, Cobalt Strike

Microsoft Defender ATP Users Get False Positive Alerts for Mimikatz, Cobalt Strike
2020-10-29 09:36

Microsoft rushed to take action on Wednesday after Defender Advanced Threat Protection users reported getting Cobalt Strike and Mimikatz alerts that turned out to be false positives.

It's not surprising that some Microsoft Defender ATP users had a small heart attack on Wednesday when they saw multiple high-severity alerts for Cobalt Strike.

The issue was likely caused by a bad rule pushed to Defender ATP and Microsoft addressed the issue within hours.

"We've addressed the issue that led to false positive alerts and corrected notifications some customers may have received," a Microsoft spokesperson told SecurityWeek.

Jon Hencinski, director of SecOps at cybersecurity company Expel and one of the people who monitored the incident, advised organizations not to immediately dismiss Cobalt Strike alerts in Defender ATP and instead follow their triage process as normal.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/cfgQRZ0RvA4/microsoft-defender-atp-users-get-false-positive-alerts-mimikatz-cobalt-strike

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774