The recently released Log4j update for Microsoft 365 Defender generates a flood of false alerts. Microsoft is working hard to fix this issue.
Recently, Microsoft released an update to its Microsoft 365 Defender solution against the now highly active Log4j vulnerability. As it turns out, this update generates a flood of false alerts about potential breaches. This is to the annoyance of the various SOCs that have to run after all these false reports.
More specifically, Microsoft Defender for Endpoint now generates a stream of notifications about sensor breaches. The tool makes these notifications based on the new Microsoft 365 Defender scanner tool optimized for Log4j processes.
The notifications, which are said to occur mainly on Windows Server 2016 systems, indicate that there are possible sensor violations on the memory of these systems. These breaches would be caused by a so-called OpenHandleCollector.exe process.
Microsoft comes with fix
According to Microsoft, these alerts marked as malicious are not malicious. However, the tech giant understands the irritation among the various security experts and working hard now to a solution to this problem. This fix will soon be available for all systems that now suffer from these false reports, the tech giant indicates.
Tip: Microsoft updates Defender against Log4j vulnerability
