Skip to main content

Azure Advanced Threat Protection Notes

Last Updated: January 6, 2019

Issues

More information: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/troubleshooting-atp-known-issues

VMware virtual machine sensor issue

If you have an Azure ATP sensor on VMware virtual machines, you might receive the monitoring alert Some network traffic is not being analyzed.

To resolve the issue:

Set the following settings to 0 or Disabled in the virtual machine's NIC configuration: TsoEnable, LargeSendOffload, TSO Offload, Giant TSO Offload. For Azure ATP sensors, you only need to disable IPv4 TSO Offload under the NIC configuration.

GUI:

vm-sensor-issue

Server Core:

Set-NetAdapterAdvancedProperty `
-Name Ethernet0 `
-DisplayName "IPv4 TSO Offload" `
-DisplayValue "Disabled" `

Disable-NetAdapterLso `
-Name Ethernet0