From 004b18437323f6c434d2f2c9b642b17237669c02 Mon Sep 17 00:00:00 2001 From: lomayor Date: Thu, 19 Sep 2019 12:45:09 -0700 Subject: [PATCH] Update custom-detection-rules.md --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 8686342663..c3655fb6d6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -64,7 +64,7 @@ Your custom detection rule can automatically take actions on files or machines t #### Actions on machines These actions are automatically applied to machines in the `MachineId` column in the query results: -- **Isolate machine** — prevent the machine from connecting to the network. [Learn more about machine isolation](respond-machine-alerts.md#isolate-machines-from-the-network) +- **Isolate machine** — applies full network isolation, preventing the machine from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about machine isolation](respond-machine-alerts.md#isolate-machines-from-the-network) - **Collect investigation package** — collects machine information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-machines) - **Run antivirus scan** — perform a full Windows Defender Antivirus scan on the machine - **Initiate investigation** — initiate an [automated investigation](automated-investigations.md) on the machine