Hello,

I have a few questions that I hope you can help clarify.

Filtering MDE Alerts by Detection Source: In Microsoft Defender for Endpoint (MDE), is it possible to filter alerts based on their detection source? Specifically, if we want to view only those alerts generated by MDE itself, how can we achieve that? Any guidance on this would be greatly appreciated.

Quarantine Location in MDE: According to a Google search, the quarantine location for MDE is specified as “/ProgramData/Microsoft/Windows Defender/Quarantine”. Could you please confirm if this information is accurate? If there’s an official reference from Microsoft documentation, I would appreciate it if you could share the link.Regards,

​Hello, I have a few questions that I hope you can help clarify.Filtering MDE Alerts by Detection Source: In Microsoft Defender for Endpoint (MDE), is it possible to filter alerts based on their detection source? Specifically, if we want to view only those alerts generated by MDE itself, how can we achieve that? Any guidance on this would be greatly appreciated.Quarantine Location in MDE: According to a Google search, the quarantine location for MDE is specified as “/ProgramData/Microsoft/Windows Defender/Quarantine”. Could you please confirm if this information is accurate? If there’s an official reference from Microsoft documentation, I would appreciate it if you could share the link.Regards,  Read More

​