From 12e224150dd13b0885b1305ff9461dece4c37b60 Mon Sep 17 00:00:00 2001 From: Lucas Gabriel Schneider Date: Thu, 23 Jan 2020 20:51:38 +0000 Subject: [PATCH] Update live-response.md --- .../threat-protection/microsoft-defender-atp/live-response.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 3003c707b4..ddd34985a3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -119,11 +119,11 @@ The following commands are available for user roles that's been granted the abil Command | Description :---|:--- analyze | Analyses the entity with various incrimination engines to reach a verdict. -getfile | Gets a file from the machine.
NOTE: This command has a prerequisite command. You can use the `-auto` command in conjuction with `getfile` to automatically run the prerequisite command. +getfile | Gets a file from the machine.
NOTE: This command has a prerequisite command. You can use the `-auto` command in conjunction with `getfile` to automatically run the prerequisite command. run | Runs a PowerShell script from the library on the machine. library | Lists files that were uploaded to the live response library. putfile | Puts a file from the library to the machine. Files are saved in a working folder and are deleted when the machine restarts by default. -remediate | Remediates an entity on the machine. The remediation action will vary depending on the entity type:
- File: delete
- Process: stop, delete image file
- Service: stop, delete image file
- Registry entry: delete
- Scheduled task: remove
- Startup folder item: delete file
NOTE: This command has a prerequisite command. You can use the `-auto` command in conjuction with `remediate` to automatically run the prerequisite command. +remediate | Remediates an entity on the machine. The remediation action will vary depending on the entity type:
- File: delete
- Process: stop, delete image file
- Service: stop, delete image file
- Registry entry: delete
- Scheduled task: remove
- Startup folder item: delete file
NOTE: This command has a prerequisite command. You can use the `-auto` command in conjunction with `remediate` to automatically run the prerequisite command. undo | Restores an entity that was remediated.