Tool: MDE-Troubleshooter is born !

ByThomas Verheyden

Background story

During my consultancy work, I have received feedback from numerous clients indicating that they consistently encountered difficulties when attempting to troubleshoot issues with Defender for Endpoint on their local endpoints. They often found it a struggle to navigate through various locations, such as PowerShell for security configuration, the event viewer for log files, the registry for exclusions, and a separate section in the registry for tenant information.

Therefore, I made the decision to develop a tool that could assist both myself and my clients in overcoming this struggle. Initially, I began by creating a graphical user interface (GUI) wrapper around the well-known PowerShell commands “Get-MpPreference” and “Get-MpComputerStatus.” However, I soon realized that additional features were necessary. This realization led to the birth of the MDE-Troubleshooter, a PowerShell script integrated with a GUI built using WPF. The tool is currently in version 1, and although I am not completely satisfied with the available features, I wanted to gather feedback from the community regarding its usefulness before proceeding with further development. I warmly welcome new ideas and features, and I am open to incorporating them into the tool. If you have any suggestions, please feel free to reach out to me on my social media platforms, such as Twitter (@thomasvrhydn) or LinkedIn.

THE MDE-troubleshooter tool

Features

The MDE-troubleshooter consist currently of the following feature:

  • Computername and tenant ID
  • Security configuration settings
  • Attack surface reduction rules
  • Check for latest Engine, platform and signature version with Microsoft (loading takes while)
  • Quick access to the Performance Analyzer
  • Show performance report when the performance analyzer has been run by the tool (saves locally the .ETL file)
  • View Top 10 Files, Extensions, Process , Scans in seperated reports
  • Show SENSE logs files
  • Show Defender AV log files
  • Show Exclusions

Download

link: https://github.com/ThomasVrhydn/MDE-troubleshooter/

Feedback

I warmly welcome new ideas and features, and I am open to incorporating them into the tool. If you have any suggestions, please feel free to reach out to me on my social media platforms, such as Twitter (@thomasvrhydn) or LinkedIn.

Reference

https://github.com/ugurkocde/Intune/blob/main/Defender%20for%20Endpoint/MDE%20-%20Update%20Tool/MDE_Update_Tool.ps1
https://github.com/directorcia/Office365/blob/master/win10-asr-get.ps1
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq

Similar Posts

Your isolated device stuck in Defender for Endpoint Isolation mode , not anymore !

ByThomas Verheyden

Intro When you want to investigate a endpoint that has indication of being comprised you might want to put the endpoint in Defender for Endpoint isolation mode. Isolation will disconnected the potential comprised endpoint from the network and will only allow connection to Defender for Endpoint Service. Depending on your OS level you can also…

Leave a Reply