Tag: Microsoft Defender for Endpoint

Uncovering Insider Risks with Full Summary in Uncoder AI: A Microsoft Defender for Endpoint Case
Uncovering Insider Risks with Full Summary in Uncoder AI: A Microsoft Defender for Endpoint Case

Identifying unauthorized access to sensitive data—especially passwords—remains a critical concern for cybersecurity teams. When such access happens through legitimate tools like Notepad, visibility becomes a challenge. But with Uncoder AI’s Full Summary feature, security analysts can immediately understand the logic behind detection rules targeting exactly that type of threat. Explore Uncoder AI In a recent […]

Read More
Visualizing clfs.sys Threat Activity in Microsoft Defender with Uncoder AI’s Decision Tree
Visualizing clfs.sys Threat Activity in Microsoft Defender with Uncoder AI’s Decision Tree

Loading legitimate system drivers from illegitimate or suspicious directories is a known tactic for persistence, evasion, or execution by adversaries. One high-value target in this category is clfs.sys — a legitimate Windows driver tied to the Common Log File System. To detect this activity, Microsoft Defender for Endpoint supports advanced KQL-based detection logic. But to […]

Read More
Exposing Suspicious Scripting via CrushFTP with Uncoder AI in Microsoft Defender
Exposing Suspicious Scripting via CrushFTP with Uncoder AI in Microsoft Defender

File transfer services like CrushFTP are critical for business operations—but they can also be leveraged as stealthy launchpads for post-exploitation activity. When a server process such as crushftpservice.exe spawns command-line interpreters like powershell.exe , cmd.exe , or bash.exe , it may signal that an attacker is executing commands or deploying payloads under the radar. In […]

Read More