Some MacOS users of Microsoft Defender for Endpoint may receive excessive toast notifications and false positive alerts

Title: Some MacOS users of Microsoft Defender for Endpoint may receive excessive toast notifications and false positive alerts

User impact: Users of Microsoft Defender for Endpoint may receive excessive toast notifications and false positive alerts.

More info: Affected users may be getting excessive toast notifications showing: “Send files to Microsoft?”

Some users’ clients may also crash upon clicking the notifications.

Current status: We’ve included a short-term mitigation in “Security Intelligence Update” version 1.409.338.0 or newer that allows users to restart and clear the user interface (UI) submission sample, providing relief from this issue. Our long-term fix, contained in “Platform Update” version 101.24032.0006, has entered the early stages of deployment, and we anticipate that it may complete and be widely available to resolve the issue at the end of April or early May. We’re continuing to monitor this process and will provide a more precise resolution timeline once available.

Scope of impact: Any MacOS users of Microsoft Defender for Endpoint may be affected.

Start time: Tuesday, April 16, 2024, at 5:06 AM UTC

Root cause: A recent “Security Intelligence Update,” version 1.409.314.0, to the Microsoft Defender for Endpoint libraries contains an error, leading to false positive alerts and notifications, which is resulting in impact.

Next update by: Wednesday, April 24, 2024, at 5:00 PM UTC