deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

minor change

Browse Source
This commit is contained in:
Joey Caparas 2017-11-01 17:01:05 -07:00
parent d2f2c7b515
commit 0ce44c44e1
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
View File

@ -106,12 +106,12 @@ You can roll back and remove a file from quarantine if youve determined that
## Block files in your network
You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
>[!NOTE]
>[!IMPORTANT]
>- This feature is only available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
>- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time.
>- This response action is only available for machines on Windows 10, version 1703 or later.
>[!IMPORTANT]
>[!NOTE]
> The PE file needs to be in the machine timeline for you to be able to take this action.

2
windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
View File

@ -29,7 +29,7 @@ ms.date: 10/17/2017
Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center.
>[!IMPORTANT]
> These response actions are only available for PCs on Windows 10, version 1703 and later.
> These response actions are only available for machines on Windows 10, version 1703 and later.
## Collect investigation package from machines
As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.