check before: 2024-11-03
Product:
Defender, Defender for Endpoint, Defender XDR
Platform:
Online, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Summary:
Microsoft Defender for Endpoint will update the InitiatingProcessFolderPath to include file names, affecting all Advanced Hunting tables. Rollout begins November 18, 2024. Organizations should adjust custom detection rules and queries accordingly. The change applies only to Windows activity.
Details:
Updated November 5, 2024: We have updated the rollout timeline below. Thank you for your patience.
Coming soon: Microsoft Defender for Endpoint will modify the InitiatingProcessFolderPath column across all relevant Advanced Hunting tables to include the initiating process file name. This message applies to Windows activity only.
[When this will happen:]
General Availability (Worldwide): We will roll out to all Microsoft Defender for Endpoint customers on November 18, 2024 (previously November 4).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-10-08
updated:
2024-11-06
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Custom Detection Rules
Existing custom detection rules may fail or produce incorrect results due to the change in the InitiatingProcessFolderPath format.
- roles: Security Analyst, IT Administrator
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456
Advanced Hunting Queries
Advanced Hunting queries that rely on the old format of InitiatingProcessFolderPath will need to be updated, leading to potential data retrieval issues.
- roles: Security Analyst, Data Analyst
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456
User Experience
Users may experience delays in threat detection and response due to the need for adjustments in detection rules and queries.
- roles: End User, Security Analyst
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456
Documentation Updates
Documentation related to detection rules and queries may become outdated, leading to confusion among users and analysts.
- roles: IT Administrator, Documentation Specialist
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456
Training Needs
Staff may require additional training to understand the new format and its implications on detection and hunting processes.
- roles: Security Analyst, IT Trainer
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-endpoint-advanced-hunting/ba-p/123456
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
Date | Property | old | new |
2024-11-06 | MC Messages | Coming soon: Microsoft Defender for Endpoint will modify the InitiatingProcessFolderPath column across all relevant Advanced Hunting tables to include the initiating process file name. This message applies to Windows activity only.
[When this will happen:] General Availability (Worldwide): We will roll out to all Microsoft Defender for Endpoint customers on November 4, 2024. | Updated November 5, 2024: We have updated the rollout timeline below. Thank you for your patience.
Coming soon: Microsoft Defender for Endpoint will modify the InitiatingProcessFolderPath column across all relevant Advanced Hunting tables to include the initiating process file name. This message applies to Windows activity only. [When this will happen:] General Availability (Worldwide): We will roll out to all Microsoft Defender for Endpoint customers on November 18, 2024 (previously November 4). |
2024-11-06 | MC Title | Microsoft Defender XDR: InitiatingProcessFolderPath changes to include file names | (Updated) Microsoft Defender XDR: InitiatingProcessFolderPath changes to include file names |
2024-11-06 | MC Last Updated | 10/08/2024 00:51:50 | 2024-11-06T00:58:33Z |
2024-11-06 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
2024-11-06 | MC Summary | Microsoft Defender for Endpoint will update the InitiatingProcessFolderPath to include file names in all tables, affecting Windows activity. This change will be globally available on November 4, 2024, requiring updates to custom detection rules and queries. | Microsoft Defender for Endpoint will update the InitiatingProcessFolderPath to include file names, affecting all Advanced Hunting tables. Rollout begins November 18, 2024. Organizations should adjust custom detection rules and queries accordingly. The change applies only to Windows activity. |
Last updated 4 days ago