[taspeotis]

Personal: Nothing - Windows Defender is built into Windows.

Business: Nothing - Windows Defender Advanced Threat Protection is built into the higher Microsoft 365 license tiers.

It amazes me people chose to pay money to have all their PCs bluescreen.

[qaq]

large orgs want something that will run across all of their fleet so linux servers, Macs etc.

[taspeotis]

Linux: https://learn.microsoft.com/en-us/defender-endpoint/microsof...

macOS: https://learn.microsoft.com/en-us/defender-endpoint/microsof...

It does iOS and Android too.

Again, if you're an organisation big enough to care about single-pane-of-glass-monitoring you probably already have access to this via the Microsoft 365 license tier you're on.

[digitalsushi]

if you had used 'some' before 'people' i could agree but some industries have to use a siem or they can be fined, so, i mean if there's a list of siems that are definitely not going to ever crash by messing around in the kernel lets get a list going

[willy_k]

Luckily the concern isn’t simply whether they could make a mistake and cause a crash by easing around in the kernel, it’s whether they’re likely to, and I’d argue that CrowdStrike is particularly likely to do so given their testing and rollout processes, and the culture that encompasses those failures

[taspeotis]

Microsoft Sentinel seems like a pretty unlikely candidate for SIEM to crash every machine it’s receiving data from.

[Aeolun]

mdatp is also a virus. So slow…

[taspeotis]

It can record some telemetry to help you understand why it's slow: https://learn.microsoft.com/en-us/defender-endpoint/troubles...

[neverrroot]

This is a good example of very limited thinking.