MDE

This post cover the following: An overview of the steps to create the parent virtual disk A script to automate creation of child VMs with a differencing disk ...

Attackers can use Windows Firewall to block EDR telemetry leaving the endpoint. Read-on for how this is mitigated. ...

You may notice that Windows Firewall events are not available in Defender for Endpoint Advanced Hunting. This is a quick post on the steps required to enable Firewall audit events. ...