Views:
Problem: The Defender ATP console is showing 430+ duplicate machines.  
 
Solution: 
Next Steps for Gathering Data/Logs: (Latest Version with -I Input switch)
  1. Download latest MDE Client Analyzer (even if you have downloaded the Analyzer in the past download again as the Analyzer is updated frequently)
  2. Unzip to C:\MDATP
  3. Extract contents to "C:\MDE\MDEClientAnalyzer
  4. From an elevated CMD prompt, run: "C:\MDATP\MDATPClientAnalyzer\MDEClientAnalyzer.cmd -i"
  5. When asked - input 6 minutes as the number of minutes for trace collection (a CNC heartbeat is sent every 5 minutes so we will catch at least 1)
  6. Reproduce the action that is showing the error.
  7. When completed, send us "C:\MDE\MDEClientAnalyzer\MDEClientAnalyzerResult.zip"

Case Number: CAS-00695-X3F4C8

Case Link: Here

Keywords: Alerts, Data, Logs