From 0ce44c44e19625d51661c484b9a885426ad9d0f1 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 Nov 2017 17:01:05 -0700 Subject: [PATCH] minor change --- ...file-alerts-windows-defender-advanced-threat-protection.md | 4 ++-- ...hine-alerts-windows-defender-advanced-threat-protection.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index a559e0f478..20cd52d1c5 100644 --- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -106,12 +106,12 @@ You can roll back and remove a file from quarantine if you’ve determined that ## Block files in your network You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization. ->[!NOTE] +>[!IMPORTANT] >- This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).

>- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. >- This response action is only available for machines on Windows 10, version 1703 or later. ->[!IMPORTANT] +>[!NOTE] > The PE file needs to be in the machine timeline for you to be able to take this action. diff --git a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md index 8d6f2ada9e..bbef37d999 100644 --- a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -29,7 +29,7 @@ ms.date: 10/17/2017 Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center. >[!IMPORTANT] -> These response actions are only available for PCs on Windows 10, version 1703 and later. +> These response actions are only available for machines on Windows 10, version 1703 and later. ## Collect investigation package from machines As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.