deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 3169: block on PE files

Browse Source 
block on PE files
This commit is contained in:
Joey Caparas 2017-09-13 17:58:31 +00:00
commit 2da327dccc
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
View File

@ -93,11 +93,15 @@ You can roll back and remove a file from quarantine if youve determined that
> Windows Defender ATP will remove all files that were quarantined on this machine in the last 30 days. > Windows Defender ATP will remove all files that were quarantined on this machine in the last 30 days.
## Block files in your network ## Block files in your network
You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization. You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
>[!NOTE] >[!NOTE]
>This feature is only available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br> >This feature is only available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. The coverage will be extended over time. The action takes effect on machines with the latest Windows 10 Insider Preview build. This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. This response action is available for machines on Windows 10, version 1703 or later.
>[!IMPORTANT]
> The PE file needs to be in the machine timeline for you to be able to take this action.
### Enable the block file feature ### Enable the block file feature
1. In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**. 1. In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**.
@ -109,9 +113,7 @@ This feature is designed to prevent suspected malware (or potentially malicious
3. Type a comment and select **Yes, block file** to take action on the file. 3. Type a comment and select **Yes, block file** to take action on the file.
The Action center shows the submission information: The Action center shows the submission information:
![Image of block file](images/atp-blockfile.png) ![Image of block file](images/atp-blockfile.png)
- **Submission time** - Shows when the action was submitted. <br> - **Submission time** - Shows when the action was submitted. <br>