SOC alert with Microsoft defender

[dudi007]

According to the customers SOC team, the scripts like mimikatz.py, sniff.py are malicious to the environment and force Windows Systems to block the scipts and move the servers to quarantine.
Customer is using Microsoft Defender on their Windows Systems.

[anadrianmanrique]

impacket code is prone to be detected by AV/EDR. We suggest to add exceptions in your AV detection solution in order to avoid scenarios where code is being detected as a potential threat.
Thanks
reopen if needed