Process '\Device\HarddiskVolume2\Windows\System32\spoolsv.exe' (PID 4516) would have been blocked from generating dynamic code. Process '\Device\HarddiskVolume2\Windows\System32\spoolsv.exe' (PID 4516) would have been blocked from loading the non-Microsoft-signed binary '\Windows\System32\spool\drivers\x64\3\SU2EECO.dll'. Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value: New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpEngineRing = 0x4 Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpCampRing = 0x4 New value: Process '\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' (PID 10952) was blocked from loading the non-Microsoft-signed binary '\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#\ffca4c1d9d4f475608648\Microsoft.PowerShell.Security.ni.dll'. Process '\Device\HarddiskVolume3\Users\(user)\AppData\Local\Microsoft\Teams\current\Teams.exe' (PID 18628) was blocked from making system calls to Win32k.sys. Microsoft Defender Exploit Guard audited an operation that is not allowed by your IT administrator. For more information please contact your IT administrator. ID: 9E6Cff1F-7D60-472F-BA1AA39EF669E4B2 Detection time: 2022-04-22T13:51:43.705Z User: NT AUTHORITY\SYSTEM Path: C:\Windows\System32\lsass.exe Process Name: C:\Windows\System32\svchost.exe Target Commandline: Parent Commandline: Involved File: Inheritance Flags: 0x00000000 Security intelligence Version: 1.363.802.0 Engine Version: 1.1.19100.5 Product Version: 4.18.2203.5 Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value: New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\14 = 0x1