Month: August 2024
Indexing/Accessing Entire Columns of Nested Array
I have a nested cell array {48×691}. I would like to isolate an entire column of the nested cell array while grabbing all of the rows such that I would get the nested arrays in this way:
{:,1} {:, 2} {:,3} … {:,691}
In other words, how do I get all of the 691 columns from the nested array extracted such that I grab the 48 rows each time?
Thank you!I have a nested cell array {48×691}. I would like to isolate an entire column of the nested cell array while grabbing all of the rows such that I would get the nested arrays in this way:
{:,1} {:, 2} {:,3} … {:,691}
In other words, how do I get all of the 691 columns from the nested array extracted such that I grab the 48 rows each time?
Thank you! I have a nested cell array {48×691}. I would like to isolate an entire column of the nested cell array while grabbing all of the rows such that I would get the nested arrays in this way:
{:,1} {:, 2} {:,3} … {:,691}
In other words, how do I get all of the 691 columns from the nested array extracted such that I grab the 48 rows each time?
Thank you! indexing nested cell array, nested cell array, indexing MATLAB Answers — New Questions
Work Around for Convolution1DLayer
I am trying to do code generation of a trained deep learning network however it uses a convolution1dlayer. It seems this is not currently supported by matlab. What are some possible solutions to this problem?I am trying to do code generation of a trained deep learning network however it uses a convolution1dlayer. It seems this is not currently supported by matlab. What are some possible solutions to this problem? I am trying to do code generation of a trained deep learning network however it uses a convolution1dlayer. It seems this is not currently supported by matlab. What are some possible solutions to this problem? deep learning, code generation MATLAB Answers — New Questions
sharepoint dlp policies not detecting pdf files with label
Hello Everyone,
I have a Microsoft purview sharepoint DLP policy with a following condition.
I have targeted this to sharepoint online workload and specific site. I have labeled a file using Microsoft purview information protection client in windows explorer and same has been uploaded to sharepoint site(that is in scope of the policy). whenever I am trying to share the pdf file labeled with (confidential / All users encrypted) it is not getting blocked.
Please let me know if I am missing something related to sharepoint.
Note: There is no encryption settings in label, it is just a name.
Notify users with email and policy tips
Restrict access to the content for external users
Send alerts to Administrator
Hello Everyone, I have a Microsoft purview sharepoint DLP policy with a following condition. I have targeted this to sharepoint online workload and specific site. I have labeled a file using Microsoft purview information protection client in windows explorer and same has been uploaded to sharepoint site(that is in scope of the policy). whenever I am trying to share the pdf file labeled with (confidential / All users encrypted) it is not getting blocked.Please let me know if I am missing something related to sharepoint. Note: There is no encryption settings in label, it is just a name. ConditionsContent contains any of these sensitive info types: U.S. Social Security Number (SSN), Credit Card Number, Content contains any of these sensitivity labels: Confidential/All Users (Encrypted)Evaluate predicate for Message or attachmentAndContent is shared from Microsoft 365 with people outside my organizationActionsNotify users with email and policy tipsRestrict access to the content for external usersSend alerts to AdministratorOn Read More
Transferring Your Azure Subscription to a New Microsoft Entra ID
Could FastTrack assist in the scenario of Transferring an Azure Subscription to a New Microsoft Entra ID
Could FastTrack assist in the scenario of Transferring an Azure Subscription to a New Microsoft Entra ID Read More
Resize my Powerpoint Presentation
I am trying to resize my PPT and I was able to resize it in my previous file. I have a page of text from a book that is the basis of the page but the headings were corrupted so I added text boxes with new headings. I was able to make 3 new sizes of the PPT and it automatically adjusted the text box sizes and the fonts within it to the new size. Now when I try it the text box shrinks but the font stays the same size.
How can I shrink the whole page with multiple text boxes and fonts so that everything adjusts at once? Need assistance on this at the earliest possible!
I am trying to resize my PPT and I was able to resize it in my previous file. I have a page of text from a book that is the basis of the page but the headings were corrupted so I added text boxes with new headings. I was able to make 3 new sizes of the PPT and it automatically adjusted the text box sizes and the fonts within it to the new size. Now when I try it the text box shrinks but the font stays the same size. How can I shrink the whole page with multiple text boxes and fonts so that everything adjusts at once? Need assistance on this at the earliest possible! Read More
Recommendations to set up complex permissions site and library
We have a process in SP2016 where one collection has about 200 subsites and another similar collection about 50 subsites. Each subsite is for 1 user, some profile data, and their documents. A couple times a year a group of subsites need to have read access for three other employees (3 different per subsite, not 3 for the group of subsites). After about a month, these permissions are removed. This is a very manual process. This system needs to be converted to SPO, but subsites are not permitted and since the subsite template may change, does not seem appropriate. My process has been to create a record per user, linked to a folder per user and accessed via a PowerApp. I have some workflows to help manage permissions, but it’s not comprehensive yet. I’m interested in finding out how someone else would tackle this migration, keeping in mind that ultimately it is managed by non-tech HR staff. Thank You!
We have a process in SP2016 where one collection has about 200 subsites and another similar collection about 50 subsites. Each subsite is for 1 user, some profile data, and their documents. A couple times a year a group of subsites need to have read access for three other employees (3 different per subsite, not 3 for the group of subsites). After about a month, these permissions are removed. This is a very manual process. This system needs to be converted to SPO, but subsites are not permitted and since the subsite template may change, does not seem appropriate. My process has been to create a record per user, linked to a folder per user and accessed via a PowerApp. I have some workflows to help manage permissions, but it’s not comprehensive yet. I’m interested in finding out how someone else would tackle this migration, keeping in mind that ultimately it is managed by non-tech HR staff. Thank You! Read More
Exchange Hybrid to Exchange Online – AD Sync enabled
Hi All,
I have a scenario with two redudants exchanges 2019 onprem and Office 365.
All mailboxes are hosted in cloud and we are using no smtp in onprem server.
Is there a known process to proceed with decomm of onprem server? Does the Microsoft cover this process?
Just did some researches and AD Sync could be a issue to proceed with this migration.
Thanks in advance
Hi All,I have a scenario with two redudants exchanges 2019 onprem and Office 365.All mailboxes are hosted in cloud and we are using no smtp in onprem server. Is there a known process to proceed with decomm of onprem server? Does the Microsoft cover this process?Just did some researches and AD Sync could be a issue to proceed with this migration. Thanks in advance Read More
Comment Threshold using Question Responses Filter
Has anybody else run into this? I opened a ticket because comments were being suppressed even if there were 10+ respondents when using ‘Question Response’ filters. Our threshold is 10. The engineering team said that ‘Question Response’ threshold are always 20 for comments regardless thresholds set in configuration. Why would the threshold configuration work for some filters but not others?! I can’t find documentation either. Anyone else?
Has anybody else run into this? I opened a ticket because comments were being suppressed even if there were 10+ respondents when using ‘Question Response’ filters. Our threshold is 10. The engineering team said that ‘Question Response’ threshold are always 20 for comments regardless thresholds set in configuration. Why would the threshold configuration work for some filters but not others?! I can’t find documentation either. Anyone else? Read More
Bridging the On-premises to Cloud Security Gap: Cloud Credentials Detection
Identities lie at the heart of cloud security. One of the most common tactics used to breach cloud environments is Credential Access. User credentials may be obtained using various techniques. Credentials may be cracked through brute force attempts, obtained in social engineering campaigns, or stolen from compromised resources, where they are stored fand used.
In this blog, we demonstrate that properly securing cloud environments requires securing credentials in the organization’s non-cloud environments. To this end, we dive into our innovative capability to detect cloud credentials in on-premises environments and user devices. By integrating it with Microsoft Security Exposure Management, customers are able to identify attack paths starting in non-cloud environments and reaching critical cloud assets using cloud credentials. Customers are then able to effectively prioritize and mitigate those attack paths, thereby improving their enterprise and cloud security posture.
Credentials in On-premises Environments and User Devices: the Achilles Heel of Cloud Security
Awareness of the risk of credential theft in cloud environments is increasing, with security vendors offering secret scanning in various cloud-based resources, such as virtual machines and code repositories. However, cloud-credential theft from on-premises environments and user devices is a substantial blind spot in cloud protection solutions.
Consider the following attack scenario: To work with cloud infrastructures, employees must constantly use credentials on their personal computers. Most predominantly, users access cloud provider services either using the web portal or a CLI tool. Both methods can leave long-term credentials on the employee’s computer, such as authentication cookies and access tokens. A malicious actor who gains access to the user’s computer can easily steal those credentials and breach the customer’s cloud environment. The attacker immediately gains all the current permissions of the compromised user.
This scenario is a reality that we witness over and over with our customers. Our security research team has recently uncovered a crypto mining campaign targeting a large financial organization. The attack began by executing malware on an endpoint machine used by one of the organization’s administrators. The attacker then extracted a browser cookie from the compromised machine, which allowed them to bypass MFA and gain an initial foothold in the cloud environment with global administrator permissions.
The Technical Challenge: Identifying and Mapping Browser Cookies
The most widespread credential type that is used to access the cloud from user devices are authentication cookies. When logging in to a cloud provider’s website, authentication cookies are saved on the user’s browser to enable easy, password-free access in future sessions.
While the exact format varies, these cookies appear as long, randomized strings, and do not contain any identifier of the user that they be used to authenticate as. This poses a significant challenge to the security vendor, who needs to infer this exact connection.
The trivial way to solve the challenge this out would be to collect the authentication cookie from the user’s machine, and actively send it to the relevant website. This solution has several disadvantages which make it complex and unattractive:
Authentication cookies are highly sensitive secrets. Collecting and saving those cookies adds an unwanted risk to the customer.
Actively sending the cookies on a mass scale may look suspicious and cause false alarms on the website’s side.
High operational and engineering costs on the vendor’s side.
The Solution: Smart Analysis of Browser Artifacts
To overcome this challenge, we have come up with an innovative solution that is based on analysis of browser artifacts. The artifacts, saved by the website upon successful user authentication, contain the identifier of the authenticated user. This solution also provides information on the cookie’s validity, as the artifacts also indicate when a user logs out, or when a cookie is expired due to lack of usage.
The analysis runs periodically over Microsoft Defender for Endpoint and supports detection of both Azure Portal and AWS Console authentication cookies. On the first release, all Chromium-based browsers are supported.
In addition, we’re introducing an ability to detect cloud secrets used by the CLI tools of Azure, AWS and GCP. These secrets are stored locally and include refresh tokens, certificates, and access keys. Here, too, we’re able to correlate them to the relevant user that they can be used to authenticate as.
Reducing the Attack Surface and Enhancing Threat Detection
This new ability to detect cloud credentials in on-premises environments and user devices is fully integrated into Microsoft Security Exposure Management. This comes in addition to our existing abilities to detect credentials in cloud and hybrid environments. By ingesting the data to the exposure graph, customers are now able to:
Gain Visibility to the Attack Surface created by Cloud Credentials: Effectively prioritize protection on critical areas of the network which should be better protected.
Reduce the Attack Surface: Identify and mitigate attack paths involving cloud credentials.
Enhance Threat Detection of Hybrid Attacks: Having knowledge of the connection between on-premises and cloud environments provides important context in threat detection, enhancing detection and response of hybrid attack incidents.
Below is a screenshot from the Exposure Management user interface showing an on-premises to cloud attack scenario involving cloud credentials. The scenario begins with a vulnerable on-premises machine, which contains a browser cookie of an Azure user with the global administrator role. The cookie may be used to access a sensitive Azure storage account, which contains customer credit card details. This scenario and many more will soon be available in Microsoft Security Exposure Management.
Learn More
Dive into Exposure Management in our blog series
Announcing new CNAPP capabilities in Defender for Cloud
Contextual Risk Estimation for Effective Prioritization
Start Using Microsoft Security Exposure Management
Microsoft Tech Community – Latest Blogs –Read More
Can I run protected Simulink models in External mode before R2023b?
I am trying to run a Simulink mode via External Mode. Part of my model is a Protected Model Reference and I am using a release before release MATLAB R2023b.
If I attempt to run this model in External Mode it fails with the following error message:
Protected models do not work in External mode or rapid accelerator simulations.
Is it possible to protect a model and still be able to run it in External mode on these releases?I am trying to run a Simulink mode via External Mode. Part of my model is a Protected Model Reference and I am using a release before release MATLAB R2023b.
If I attempt to run this model in External Mode it fails with the following error message:
Protected models do not work in External mode or rapid accelerator simulations.
Is it possible to protect a model and still be able to run it in External mode on these releases? I am trying to run a Simulink mode via External Mode. Part of my model is a Protected Model Reference and I am using a release before release MATLAB R2023b.
If I attempt to run this model in External Mode it fails with the following error message:
Protected models do not work in External mode or rapid accelerator simulations.
Is it possible to protect a model and still be able to run it in External mode on these releases? protected, external, mode MATLAB Answers — New Questions
Can i use protected models in external mode?
I want created a Simulink Library for my Arduino Hardware. I created a model reference block and then convert a protected this block using callback.
But I run on External Mode, get this error :
Protected models do not work in External mode or rapid accelerator simulations.
Is there any solution method for this problem ?I want created a Simulink Library for my Arduino Hardware. I created a model reference block and then convert a protected this block using callback.
But I run on External Mode, get this error :
Protected models do not work in External mode or rapid accelerator simulations.
Is there any solution method for this problem ? I want created a Simulink Library for my Arduino Hardware. I created a model reference block and then convert a protected this block using callback.
But I run on External Mode, get this error :
Protected models do not work in External mode or rapid accelerator simulations.
Is there any solution method for this problem ? protected block, block, referenced model MATLAB Answers — New Questions
Date Return From Calendar
Hello everyone: new here Thanks in advance
Goal: I need to return the latest date a manager co-travelled with a Sales Rep.
I created a basic calendar, stating in Cell A3 I put all calendar dates running down column A. I then have 13 reps starting in cell B2 – N2 (running across row 2). All of the cells within are drop down menus containing the names of the same 5 managers.
I need to know when the last time a manager co-travelled with a Sales Rep. Knowing that a manager can co-travel with a single rep more then one time through out the year.
Thoughts?
Thanks
Steve
Hello everyone: new here Thanks in advance Goal: I need to return the latest date a manager co-travelled with a Sales Rep. I created a basic calendar, stating in Cell A3 I put all calendar dates running down column A. I then have 13 reps starting in cell B2 – N2 (running across row 2). All of the cells within are drop down menus containing the names of the same 5 managers. I need to know when the last time a manager co-travelled with a Sales Rep. Knowing that a manager can co-travel with a single rep more then one time through out the year. Thoughts? ThanksSteve Read More
Sort feature in Grid View
Hi,
Does someone know how I can submit a request to the developers? I’d like to request for grid view to have a sort option for all fields.
Thanks!
Hi, Does someone know how I can submit a request to the developers? I’d like to request for grid view to have a sort option for all fields. Thanks! Read More
Use sprints to be more Agile in Planner
The Planner team uses the sprints feature in premium plans to schedule tasks, balance our team’s workload, and run team retrospectives. Today, we want to share some of our tips for how sprints planning in the new Planner app in Teams can transform both your individual task management and collaborative team processes.
Why use sprints?
If you find yourself or your team needing to break down a complex project into manageable chunks, sprints are the tool for you. By separating tasks into time-boxed iterations, sprints allow you to focus on a set of tasks within a defined period so that your team can deliver value rapidly and continuously adapt to feedback.
Getting started
To use sprints in the new Planner, you’ll need a premium license. If you don’t have a premium license, you can still try the feature by acquiring a free 30-day trial.
To view and schedule your tasks by sprints, follow these three steps:
Open any premium plan in Planner. Note: To jumpstart the process and see what sprints could look like in a pre-existing plan, you can select our Sprint Planning template. This template can be found when creating a new plan.
Change to the Board view.
Select Group by > Sprint. In this view, you can set dates for each sprint and assign tasks to sprints. These sprints can be viewed in the Grid, Timeline and Charts views by selecting Filters > Sprints.
How should I use sprints?
The following is a list of ways our team uses sprints in our feature development processes. How else do you use sprints on your team? Feel free to drop a comment down below!
Scheduling tasks: Select Group by > Sprint in Board view to add tasks to sprints, create new sprints, or view all sprints and their associated tasks at a glance.
Balancing workloads: Select the Sprints filter in People view to track what each team member is working on for the sprint. You can modify team members’ workloads by dragging and dropping tasks from one person to another in this view.
Sprint retrospectives: Use Filters > Sprints in Board view to reflect on your team’s accomplishments by evaluating task progress and remaining tasks in the sprint. You can also create buckets in the general Board view to track what went well and what could be better.
Share your feedback
Your feedback helps inform our feature updates and we look forward to hearing from you as you try out Planner’s new and existing capabilities! To share your feedback about the new Planner app in Teams, you can navigate to the ? icon in the Planner app and select ‘Feedback’ as seen in the GIF below. We also encourage you to share any features you would like to see in the app by adding it to our Planner Feedback Portal.
Learn more about the new Planner
To get the inside scoop on the new Planner watch the Meet the Makers and our AMA.
Read about our investments for organizations using the new Planner with frontline workers.
Try out the new Copilot in Planner (preview) today in the new Microsoft Planner in Teams
Check out the new Planner adoption website and explore new resources such as Day in the Life Guides to use Planner for task management, collaborative work management and project management.
We’ve got a lot more ‘planned’ for the new Planner this year! Stay tuned to the Planner Blog – Microsoft Community Hub for news.
For future updates coming to the new Planner app, please view the Microsoft 365 roadmap here.
Learn about Planner and Project plans and pricing here.
Read the FAQs here.
Microsoft Tech Community – Latest Blogs –Read More
Matlab asks me to sign in when I’m offline
Matlab asks me to sign in when I’m offline, as this is impossible I can’t use Matlab while offline.
I can use Matlab no problem when I’m online and it does not ask me to sign in.
When I’m offline a Sign In window appears with this error:
Unable to contact login services. There may be a problem with your internet connection, or the service may be temporarily unavailable. If the problem persists contact MathWorks technical support.
Any fix for this?Matlab asks me to sign in when I’m offline, as this is impossible I can’t use Matlab while offline.
I can use Matlab no problem when I’m online and it does not ask me to sign in.
When I’m offline a Sign In window appears with this error:
Unable to contact login services. There may be a problem with your internet connection, or the service may be temporarily unavailable. If the problem persists contact MathWorks technical support.
Any fix for this? Matlab asks me to sign in when I’m offline, as this is impossible I can’t use Matlab while offline.
I can use Matlab no problem when I’m online and it does not ask me to sign in.
When I’m offline a Sign In window appears with this error:
Unable to contact login services. There may be a problem with your internet connection, or the service may be temporarily unavailable. If the problem persists contact MathWorks technical support.
Any fix for this? login, offline MATLAB Answers — New Questions
Bar chart from Excel with hidden columns
Hi there
I want to create the attached chart (plus an average line per section) with Matlab. I can do it super quick with Excel, but unfortunately it didn´t work well with Matlab.
There are three complications for me. 1 – How can I can exclude the hidden columns? 2 – What is the best way to deal with German numbers with comma instead of point? 3 -And Is there any way to have an average line per section?
Seems the "readtable" doesn´t work well with commas.
ThanksHi there
I want to create the attached chart (plus an average line per section) with Matlab. I can do it super quick with Excel, but unfortunately it didn´t work well with Matlab.
There are three complications for me. 1 – How can I can exclude the hidden columns? 2 – What is the best way to deal with German numbers with comma instead of point? 3 -And Is there any way to have an average line per section?
Seems the "readtable" doesn´t work well with commas.
Thanks Hi there
I want to create the attached chart (plus an average line per section) with Matlab. I can do it super quick with Excel, but unfortunately it didn´t work well with Matlab.
There are three complications for me. 1 – How can I can exclude the hidden columns? 2 – What is the best way to deal with German numbers with comma instead of point? 3 -And Is there any way to have an average line per section?
Seems the "readtable" doesn´t work well with commas.
Thanks excel MATLAB Answers — New Questions
how to mirror plots?
i hv theta value as 60 and 61 each theta value has phi of 120 240 with corresponding total values.
i hv to mirror data that is phi values data from 120 to 180 should be mirrored to 180 to 240 and then its plot is plotted. aim is to get plots symmetry xaxis is phi y axis is total with respect to theta percentile plots.i hv tried with excel sheet but my data is in .tab file how to import that format file and plot from it
a=xlsread(‘1GHzHH.xlsx’);
theta=a(:,1);
phi=a(:,2);
total=a(:,3);
figure
plot(phi,total)
% f=[1];
% pol=[‘HH”VV’];
%
% for i=1:size(pol)
% m=strcat(pol,’GHz’)
% j=strcat(f,m) %i m trying to read file which i hv imported file name is 1GHzHH.tab
% theta=data(:,1);
% phi=data(:,2);
% total=data(:,3);
% for j=1:nume1(theta)
% for k=1:nume1(phi)
%
% end
% end
% endi hv theta value as 60 and 61 each theta value has phi of 120 240 with corresponding total values.
i hv to mirror data that is phi values data from 120 to 180 should be mirrored to 180 to 240 and then its plot is plotted. aim is to get plots symmetry xaxis is phi y axis is total with respect to theta percentile plots.i hv tried with excel sheet but my data is in .tab file how to import that format file and plot from it
a=xlsread(‘1GHzHH.xlsx’);
theta=a(:,1);
phi=a(:,2);
total=a(:,3);
figure
plot(phi,total)
% f=[1];
% pol=[‘HH”VV’];
%
% for i=1:size(pol)
% m=strcat(pol,’GHz’)
% j=strcat(f,m) %i m trying to read file which i hv imported file name is 1GHzHH.tab
% theta=data(:,1);
% phi=data(:,2);
% total=data(:,3);
% for j=1:nume1(theta)
% for k=1:nume1(phi)
%
% end
% end
% end i hv theta value as 60 and 61 each theta value has phi of 120 240 with corresponding total values.
i hv to mirror data that is phi values data from 120 to 180 should be mirrored to 180 to 240 and then its plot is plotted. aim is to get plots symmetry xaxis is phi y axis is total with respect to theta percentile plots.i hv tried with excel sheet but my data is in .tab file how to import that format file and plot from it
a=xlsread(‘1GHzHH.xlsx’);
theta=a(:,1);
phi=a(:,2);
total=a(:,3);
figure
plot(phi,total)
% f=[1];
% pol=[‘HH”VV’];
%
% for i=1:size(pol)
% m=strcat(pol,’GHz’)
% j=strcat(f,m) %i m trying to read file which i hv imported file name is 1GHzHH.tab
% theta=data(:,1);
% phi=data(:,2);
% total=data(:,3);
% for j=1:nume1(theta)
% for k=1:nume1(phi)
%
% end
% end
% end plot MATLAB Answers — New Questions
Script.SQL to .MSF/.LOG
Good afternoon
I’m downgrading a sql 2019 database with 8GB to sql 2014, I’ve already created the script (it ended up with 32GB), now I’m trying to open it in Studio Management to run the script and create the MDF and Log and gives the error in the print, can anyone help
I’m doing this on a machine with a lot of resources 32GB RAM Ryzen7 etc…
Good afternoon
I’m downgrading a sql 2019 database with 8GB to sql 2014, I’ve already created the script (it ended up with 32GB), now I’m trying to open it in Studio Management to run the script and create the MDF and Log and gives the error in the print, can anyone help
I’m doing this on a machine with a lot of resources 32GB RAM Ryzen7 etc… Read More
Trigger to send email if a table has had a INSERT, UPDATE OR DELETE
We need a trigger to be sent out if ProcessSchedule has had an INERT, UPDATE or DELETE
We don’t need details just a heads up type of email.
The send email part is easy.
EXEC msdb.dbo.sp_send_dbmail @profile_name = ‘SQLMail’
,@recipients = ’email address removed for privacy reasons’
,@body = ‘Press Schedule Changed’
,@subject = ‘Press Schedule Changed’
The trigger part I have not done before.
Any help would be greatly appreciated.
We need a trigger to be sent out if ProcessSchedule has had an INERT, UPDATE or DELETE We don’t need details just a heads up type of email.The send email part is easy. EXEC msdb.dbo.sp_send_dbmail @profile_name = ‘SQLMail’,@recipients = ’email address removed for privacy reasons’,@body = ‘Press Schedule Changed’,@subject = ‘Press Schedule Changed’ The trigger part I have not done before.Any help would be greatly appreciated. Read More
Batch file with Defender Deception
Hi all,
Last year when Defender Deception was introduced, we enabled the default rule. By July this year, we started noticing some bat.backup files with these deception users in few computers which are in scope of this deception rule. (Mostly C:usersdefault or C:UsersUsername directory) and file names are usually loginmonitor.bat.backup)
Content of the file sample as below
net user \devicenamemonitor /USER:DECEPTION_USER PASSWORD
ping 8.8.8.8 >> \devicenamemonitor%HOSTNAEM%.txt
date >> \devicenamemonitor%HOSTNAEM%.txt
ipconfig /a >> \devicenamemonitor%HOSTNAEM%.txt
Some devices will have ping 1.1.1.1
Could map those users to deception users created, but wondering what happend in the last month or so that Defender creating these, possibly lure files as mentioned in the setup window (attached)
Anyone else noticed this?
Hi all, Last year when Defender Deception was introduced, we enabled the default rule. By July this year, we started noticing some bat.backup files with these deception users in few computers which are in scope of this deception rule. (Mostly C:usersdefault or C:UsersUsername directory) and file names are usually loginmonitor.bat.backup) Content of the file sample as belownet user \devicenamemonitor /USER:DECEPTION_USER PASSWORDping 8.8.8.8 >> \devicenamemonitor%HOSTNAEM%.txtdate >> \devicenamemonitor%HOSTNAEM%.txtipconfig /a >> \devicenamemonitor%HOSTNAEM%.txtSome devices will have ping 1.1.1.1Could map those users to deception users created, but wondering what happend in the last month or so that Defender creating these, possibly lure files as mentioned in the setup window (attached)Anyone else noticed this? Read More
