From 2c4c946de82b96a00ef40892fbdf096763a25fb8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Apr 2020 10:12:34 -0700 Subject: [PATCH] Update live-response.md --- .../microsoft-defender-atp/live-response.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index f26999eaef..4628684a6f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -94,17 +94,13 @@ The dashboard also gives you access to: 3. Use the built-in commands to do investigative work. For more information see, [Live response commands](#live-response-commands). 4. After completing your investigation, select **Disconnect session**, then select **Confirm**. -## Download a file in the background - - - ## Live response commands Depending on the role that's been granted to you, you can run basic or advanced live response commands. User permissions are controlled by RBAC custom roles. For more information on role assignments see, [Create and manage roles](user-roles.md). ### Basic commands -The following commands are available for user roles that's been granted the ability to run **basic** live response commands. For more information on role assignments see, [Create and manage roles](user-roles.md). +The following commands are available for user roles that are granted the ability to run **basic** live response commands. For more information on role assignments see, [Create and manage roles](user-roles.md). Command | Description :---|:---|:--- @@ -124,9 +120,8 @@ scheduledtasks| Shows all scheduled tasks on the machine. services | Shows all services on the machine. trace | Sets the terminal's logging mode to debug. - ### Advanced commands -The following commands are available for user roles that's been granted the ability to run **advanced** live response commands. For more information on role assignments see, [Create and manage roles](user-roles.md). +The following commands are available for user roles that are granted the ability to run **advanced** live response commands. For more information on role assignments see, [Create and manage roles](user-roles.md). Command | Description :---|:--- @@ -152,6 +147,14 @@ For scenarios when you'd like get a file from a machine you're investigating, yo >[!NOTE] >There is a file size limit of 750mb. +### Download a file in the background + +To enable your security operations team to continue investigating an impacted device, files can now be downloaded in the background. + +#### To download a file in the background + +1. + ### Put a file in the library Live response has a library where you can put files into. The library stores files (such as scripts) that can be run in a live response session at the tenant level.