This page provides detailed steps to troubleshoot live response issues.
File cannot be accessed during live response sessions
If while trying to take an action during a live response session, you encounter an error message stating that the file can’t be accessed, you’ll need to use the steps below to address the issue.
- Copy the following script code snippet and save it as a PS1 file:
PowerShell
$copied_file_path=$args[0] $action=Copy-Item $copied_file_path -Destination $env:TEMP -PassThru -ErrorAction silentlyContinue if ($action){ Write-Host "You copied the file specified in $copied_file_path to $env:TEMP Succesfully" } else{ Write-Output "Error occoured while trying to copy a file, details:" Write-Output $error[0].exception.message }
- Add the script to the live response library.
- Run the script with one parameter: the file path of the file to be copied.
- Navigate to your TEMP folder.
- Run the action you wanted to take on the copied file.
Slow live response sessions or delays during initial connections
Live response leverages Defender for Endpoint sensor registration with WNS service in Windows. If you are having connectivity issues with live response, confirm the following details:
notify.windows.com
is not blocked in your environment. For more information, see, Configure device proxy and Internet connectivity settings.- WpnService (Windows Push Notifications System Service) is not disabled.
Refer to the articles below to fully understand the WpnService service behavior and requirements:
- Windows Push Notification Services (WNS) overview
- Enterprise Firewall and Proxy Configurations to Support WNS Traffic
- Microsoft Push Notifications Service (MPNS) Public IP ranges