MC906487 – (Updated) Microsoft Defender XDR: InitiatingProcessFolderPath changes to include file names

cloudscout.one Icon

check before: 2024-11-03

Product:

Defender, Defender for Endpoint, Defender XDR

Platform:

Online, World tenant

Status:

Change type:

Admin impact, Feature update, Updated message

Links:

Details:

Summary:
Microsoft Defender for Endpoint will update the InitiatingProcessFolderPath to include file names, affecting all Advanced Hunting tables. Rollout begins November 18, 2024. Organizations should adjust custom detection rules and queries accordingly. The change applies only to Windows activity.

Details:
Updated November 5, 2024: We have updated the rollout timeline below. Thank you for your patience.
Coming soon: Microsoft Defender for Endpoint will modify the InitiatingProcessFolderPath column across all relevant Advanced Hunting tables to include the initiating process file name. This message applies to Windows activity only.
[When this will happen:]
General Availability (Worldwide): We will roll out to all Microsoft Defender for Endpoint customers on November 18, 2024 (previously November 4).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-10-08

updated:
2024-11-06

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Custom Detection Rules
Existing custom detection rules may fail or produce incorrect results due to the change in the InitiatingProcessFolderPath format.
   - roles: Security Analyst, IT Administrator
   - references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456

Advanced Hunting Queries
Advanced Hunting queries that rely on the old format of InitiatingProcessFolderPath will need to be updated, leading to potential data retrieval issues.
   - roles: Security Analyst, Data Analyst
   - references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456

User Experience
Users may experience delays in threat detection and response due to the need for adjustments in detection rules and queries.
   - roles: End User, Security Analyst
   - references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456

Documentation Updates
Documentation related to detection rules and queries may become outdated, leading to confusion among users and analysts.
   - roles: IT Administrator, Documentation Specialist
   - references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456

Training Needs
Staff may require additional training to understand the new format and its implications on detection and hunting processes.
   - roles: Security Analyst, IT Trainer
   - references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2024-11-06MC MessagesComing soon: Microsoft Defender for Endpoint will modify the InitiatingProcessFolderPath column across all relevant Advanced Hunting tables to include the initiating process file name. This message applies to Windows activity only.
[When this will happen:]
General Availability (Worldwide): We will roll out to all Microsoft Defender for Endpoint customers on November 4, 2024.
Updated November 5, 2024: We have updated the rollout timeline below. Thank you for your patience.
Coming soon: Microsoft Defender for Endpoint will modify the InitiatingProcessFolderPath column across all relevant Advanced Hunting tables to include the initiating process file name. This message applies to Windows activity only.
[When this will happen:]
General Availability (Worldwide): We will roll out to all Microsoft Defender for Endpoint customers on November 18, 2024 (previously November 4).
2024-11-06MC TitleMicrosoft Defender XDR: InitiatingProcessFolderPath changes to include file names(Updated) Microsoft Defender XDR: InitiatingProcessFolderPath changes to include file names
2024-11-06MC Last Updated10/08/2024 00:51:502024-11-06T00:58:33Z
2024-11-06MC MessageTagNamesFeature update, Admin impactUpdated message, Feature update, Admin impact
2024-11-06MC SummaryMicrosoft Defender for Endpoint will update the InitiatingProcessFolderPath to include file names in all tables, affecting Windows activity. This change will be globally available on November 4, 2024, requiring updates to custom detection rules and queries.Microsoft Defender for Endpoint will update the InitiatingProcessFolderPath to include file names, affecting all Advanced Hunting tables. Rollout begins November 18, 2024. Organizations should adjust custom detection rules and queries accordingly. The change applies only to Windows activity.

Last updated 4 days ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!