deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 08:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add topics update image

Browse Source
This commit is contained in:
Joey Caparas 2017-06-12 13:57:00 -07:00
parent ea4ec3fb65
commit 2c4f5e09a2
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/threat-protection/windows-defender-atp/images/atp-isolate-machine.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 20 KiB

After

Width:  |  Height:  |  Size: 14 KiB

8
windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
View File

@ -32,6 +32,8 @@ Depending on the severity of the attack and the sensitivity of the machine, you
This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine.
On Windows 10, version 1710 and above, you'll have additional control over the network isolation level. You can also choose to enable Outlook and Skype for Business connectivity.
>[!NOTE]
>Youll be able to reconnect the machine back to the network at any time.
@ -77,6 +79,12 @@ Depending on the severity of the attack and the state of the machine you can cho
3. Type a comment (optional) and select **Yes** to take action on the file. The machine will be reconnected to the network.
## Restrict applications from running
## Undo restriction of applications from running
## Collect investigation package from machines
As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.