Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Microsoft Defender for Endpoint
FIN-271
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 09:03
Verified
What It Detects
A device has not checked in with Defender for over 30 days and has a high exposure level. The stale agent means security updates, policy changes, and detection signatures are not being applied, while the high exposure level indicates the device has known attack surface that adversaries can exploit. Together these conditions mean the device is both maximally exposed and completely unmonitored — vulnerabilities are accumulating with no detection or remediation occurring.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
lastSeen
older_than_days
30
exposureLevel
equals
High
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum