This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat Analysis Center / Detections: "Vulnerability SRP path rules missing" caused by MDR checks

The detections section in Threat Analysis Center is filling with many of these events caused by MDR checks.
SRP seems to be related to Microsoft Software Restriction Policies.
What is the intension of this check?
"COMPLIANCE-SRP-DISALLOWED-PATHS"



This thread was automatically locked due to age.
Parents Reply Children
  • I have asked Support the question why it detects this seemingly harmless deprecated function, and like what's said in Central itself, the response was "These detections are for information only unless you have an MDR license." Which I don't (hoping to get one soon). It's still a shame it clutters up the new, extremely useful dashboard so much.

    Today I've created a default SRP policy on my workstation and set the default security level to "Basic User" to test if it has any adverse side-effects and to see if the detections change. I'll post the results in a few days as the detections occur on different times of day.

    Edit: A default SRP policy with default security level set to 'basic' doesn't change a thing. It still complains about missing rules, and I'm not prepared to deploy an application whitelisting system just to get rid of the detection. Guess I'm living with it.

  • Ah I see makes sense that they are just for information purpose (no MDR either) but indeed it clutters pretty much around (poor dashboard)

  • "detections identify activity on your devices that's unusual or suspicious but hasn't been blocked. They're different from events where we detect and block activity that we already know to be malicious." Sadly you dont get any information via support. The reason is simple, they want to sell MDR ;-)