During my consultancy work, I have received feedback from numerous clients indicating that they consistently encountered difficulties when attempting to troubleshoot issues with Defender for Endpoint on their local endpoints. They often found it a struggle to navigate through various locations, such as PowerShell for security configuration, the event viewer for log files, the registry for exclusions, and a separate section in the registry for tenant information.
Therefore, I made the decision to develop a tool that could assist both myself and my clients in overcoming this struggle. Initially, I began by creating a graphical user interface (GUI) wrapper around the well-known PowerShell commands “Get-MpPreference” and “Get-MpComputerStatus.” However, I soon realized that additional features were necessary. This realization led to the birth of the MDE-Troubleshooter, a PowerShell script integrated with a GUI built using WPF. The tool is currently in version 1, and although I am not completely satisfied with the available features, I wanted to gather feedback from the community regarding its usefulness before proceeding with further development. I warmly welcome new ideas and features, and I am open to incorporating them into the tool. If you have any suggestions, please feel free to reach out to me on my social media platforms, such as Twitter (@thomasvrhydn) or LinkedIn.
The MDE-troubleshooter consist currently of the following feature:
- Computername and tenant ID
- Security configuration settings
- Attack surface reduction rules
- Check for latest Engine, platform and signature version with Microsoft (loading takes while)
- Quick access to the Performance Analyzer
- Show performance report when the performance analyzer has been run by the tool (saves locally the .ETL file)
- View Top 10 Files, Extensions, Process , Scans in seperated reports
- Show SENSE logs files
- Show Defender AV log files
- Show Exclusions
I warmly welcome new ideas and features, and I am open to incorporating them into the tool. If you have any suggestions, please feel free to reach out to me on my social media platforms, such as Twitter (@thomasvrhydn) or LinkedIn.