The media reports that Microsoft Defender for Endpoint is showing false warnings about some kind of “sensor tampering” associated with the recently deployed Microsoft 365 Defender scanner for Log4j processes.
According to Bleeping Computer , such warnings mostly appear on Windows Server 2016 systems and read: “Microsoft Defender for Endpoint has detected possible sensor tampering with memory.” These warnings apply to the OpenHandleCollector.exe process.
Microsoft representatives have already told outraged administrators that there is really nothing to worry about, as these are false positives. It is known that at the present time the company’s engineers are already studying the problem and are working on a patch , which should soon be released for all systems affected by the problem.
“This is part of our activity to find instances of Log4J on disk. Our team is already analyzing why a warning appears because of this (of course, it should not be so), ”the company explains.
Journalists note that administrators are most likely already accustomed to the oddities in Microsoft Defender for Endpoint. After all, he previously marked Office documents as Emotet payloads, reported that network devices were infected with Cobalt Strike, and considered Chrome updates to be PHP backdoors.