wniens
commented
1 year ago possible that microsoft updated there system to check for POC code for mimikatz. Defender also triggered on this in our Tenant
Closed thaneye closed 1 year ago
wniens
commented
1 year ago possible that microsoft updated there system to check for POC code for mimikatz. Defender also triggered on this in our Tenant
wniens
commented
1 year ago @thaneye the 3.1.0.1 version no longer triggers defender. could be because of the changed hash.
vletoux
commented
1 year ago false positive from Microsoft
The recent 3.1.0.0 version has been classified as malware by MS Defender and due to Defender market share this causes difficulties for anyone using the auditor license. Any thoughts/ideas how this happened? Was there any major change in the coding related to passwords checks? AFAIK pingcastle does not process or attempts to read hashes.
https://www.virustotal.com/gui/file/47028053f05188e6a366fff19bedbcad2bc4daba8ff9e4df724b77d0181b7054