Dave M said:
You could post your event log here in the forum.
Curiously enough, I encountered one of these things for the first time just
after Defender upgraded to the latest engine version (5th October). My
firewall alerted me to the mp telemetry sample submission just before
Defender began its daily scheduled scan, the day after the engine update.
There's been no recurrence since, however.
Not sure if my event log entry is of any use to anyone, but here it is just
in case:
EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10
NIL.
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 38 00 30 00 30 00 .8.0.0.
0020: 37 00 32 00 65 00 65 00 7.2.e.e.
0028: 32 00 2c 00 20 00 65 00 2.,. .e.
0030: 6e 00 64 00 73 00 65 00 n.d.s.e.
0038: 61 00 72 00 63 00 68 00 a.r.c.h.
0040: 2c 00 20 00 73 00 65 00 ,. .s.e.
0048: 61 00 72 00 63 00 68 00 a.r.c.h.
0050: 2c 00 20 00 31 00 2e 00 ,. .1...
0058: 31 00 2e 00 31 00 35 00 1...1.5.
0060: 39 00 33 00 2e 00 30 00 9.3...0.
0068: 2c 00 20 00 6d 00 70 00 ,. .m.p.
0070: 73 00 69 00 67 00 64 00 s.i.g.d.
0078: 77 00 6e 00 2e 00 64 00 w.n...d.
0080: 6c 00 6c 00 2c 00 20 00 l.l.,. .
0088: 31 00 2e 00 31 00 2e 00 1...1...
0090: 31 00 35 00 39 00 33 00 1.5.9.3.
0098: 2e 00 30 00 2c 00 20 00 ..0.,. .
00a0: 77 00 69 00 6e 00 64 00 w.i.n.d.
00a8: 6f 00 77 00 73 00 20 00 o.w.s. .
00b0: 64 00 65 00 66 00 65 00 d.e.f.e.
00b8: 6e 00 64 00 65 00 72 00 n.d.e.r.
00c0: 2c 00 20 00 4e 00 49 00 ,. .N.I.
00c8: 4c 00 2c 00 20 00 4e 00 L.,. .N.
00d0: 49 00 4c 00 20 00 4e 00 I.L. .N.
00d8: 49 00 4c 00 0d 00 0a 00 I.L.....