From 25f4a79e2251e9967ba98e36f145ba13b9002d76 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 12 Sep 2017 16:33:19 -0700 Subject: [PATCH 1/4] add explicit PE files only --- ...-alerts-windows-defender-advanced-threat-protection.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index 328a0ff719..3a6162d10c 100644 --- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -93,12 +93,16 @@ You can roll back and remove a file from quarantine if you’ve determined that > Windows Defender ATP will remove all files that were quarantined on this machine in the last 30 days. ## Block files in your network -You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization. +You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization. >[!NOTE] >This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).

This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. The coverage will be extended over time. The action takes effect on machines with the latest Windows 10 Insider Preview build. +>[!IMPORTANT] +> The PE file needs to be in the machine timeline for you to be able to take this action. + + ### Enable the block file feature 1. In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**. @@ -109,9 +113,7 @@ This feature is designed to prevent suspected malware (or potentially malicious 3. Type a comment and select **Yes, block file** to take action on the file. - The Action center shows the submission information: - ![Image of block file](images/atp-blockfile.png) - **Submission time** - Shows when the action was submitted.
From 8f79ff9660dc530846faa5929a1afafb6f731dc2 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 12 Sep 2017 16:47:29 -0700 Subject: [PATCH 2/4] update note --- ...d-file-alerts-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index 3a6162d10c..16aee5e453 100644 --- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -97,7 +97,7 @@ You can prevent further propagation of an attack in your organization by banning >[!NOTE] >This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).

-This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. The coverage will be extended over time. The action takes effect on machines with the latest Windows 10 Insider Preview build. +This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. The action takes effect on machines with the latest Windows 10 Insider Preview build. >[!IMPORTANT] > The PE file needs to be in the machine timeline for you to be able to take this action. From 006c6ed1f372232ac0ea27bf28bd74302c76a74f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 13 Sep 2017 09:42:21 -0700 Subject: [PATCH 3/4] update windows version --- ...d-file-alerts-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index 16aee5e453..d72c4014ff 100644 --- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -97,7 +97,7 @@ You can prevent further propagation of an attack in your organization by banning >[!NOTE] >This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).

-This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. The action takes effect on machines with the latest Windows 10 Insider Preview build. +This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. The action takes effect on machines with Windows 10, version 1703 or later. >[!IMPORTANT] > The PE file needs to be in the machine timeline for you to be able to take this action. From 58fbef0bb476b06ad0257ba8090b15f0e0440fb9 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 13 Sep 2017 10:09:20 -0700 Subject: [PATCH 4/4] feature availability --- ...d-file-alerts-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index d72c4014ff..89beeaac45 100644 --- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -97,7 +97,7 @@ You can prevent further propagation of an attack in your organization by banning >[!NOTE] >This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).

-This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. The action takes effect on machines with Windows 10, version 1703 or later. +This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. This response action is available for machines on Windows 10, version 1703 or later. >[!IMPORTANT] > The PE file needs to be in the machine timeline for you to be able to take this action.