03.11.2020 Do you know that feeling when you use your favorite search engine with “this should be easy, someone will already have figured out how to do this” in mind? This is how my work on the topic I´m describing in this post started. And because this blogpost exists, you might assume correctly that this…
Category: Security
Microsoft Defender Malware Details in MEM admin center (Intune) #WhatILearnedToday
Today (21.09.2020) a long awaited addition to Intune has been released in public preview: Microsoft Defender Antivirus active Malware reporting! You might ask what is so special about it? Well, it´s the fact that we can finally get some actual malware status data from your clients within the Endpoint Manager admin center. Before that, only…
Application Guard for Office #WhatILearnedToday
Hi and welcome to this post. It´s been a while, I know. In the last days I had a thought over and over again. We are learning things every day. But how should I keep track of all those learned things? You know, besides the typical “I´ll not forget that”, which typically does not work…
Sysmon v2.0 – new version of a small but great tool
Yesterday Microsoft released Sysmon v2.0 which was again put together by Mark Russinovich (@ and Thomas Garnier under the famous label of Sysinternals. Here is a blogpost about the first release of Sysmon from my blog. New in version two are: Include a session GUID in each events to allow correlation of events on same…
Sysinternals Sysmon – a great way to see what´s happening on your system
Two days ago Mark Russinovic released a new tool call sysmon in his Sysinternals Suite (which is owned by Microsoft now). This tool can help you getting an overview about things that often happen on your system while it is or is getting compromised by creating events for specific things like the change a…