deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update edr-in-block-mode.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-04-14 17:41:31 -07:00
parent 097a8a2856
commit 2e128b41e4
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
View File

@ -16,7 +16,7 @@ ms.custom: next-gen
ms.collection:
---
# EDR in block mode
# Endpoint detection adn response (EDR) in block mode
**Applies to:**
@ -31,7 +31,7 @@ When enabled, endpoint detection and response (EDR) in block mode blocks malicio
## What happens when something is detected?
When EDR in block mode is turned on, and a malicious artifact is detected, the detection results in blocking and remediation actions. You'll see detection status as **Blocked** or **Remediated** as completed actions in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#review-completed-actions).
When EDR in block mode is turned on, and a malicious artifact is detected, blocking and remediation actions are taken. You'll see detection status as **Blocked** or **Remediated** as completed actions in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#review-completed-actions).
The following image shows an instance of unwanted software that was detected and blocked through EDR in block mode:
@ -59,8 +59,8 @@ The following image shows an instance of unwanted software that was detected and
|Requirement |Details |
|---------|---------|
|Permissions |Global Administrator or Security Administrator role assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions). |
|Operating system |One of the following: <br/>- Windows 10 (all releases) <br/>- Windows Server 2016 or later |
|Windows E5 enrollment |This is included in the following subscriptions: <br/>- Microsoft 365 E5 <br/>- Microsoft 365 E3 together with the Identity & Threat Protection offering <br/>See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [Features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). |
|Operating system |One of the following versions: <br/>- Windows 10 (all releases) <br/>- Windows Server 2016 or later |
|Windows E5 enrollment |Windows E5 is included in the following subscriptions: <br/>- Microsoft 365 E5 <br/>- Microsoft 365 E3 together with the Identity & Threat Protection offering <br/>See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [Features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). |
|Cloud-delivered protection |Make sure Windows Defender Antivirus is configured such that cloud-delivered protection is enabled. <br/>See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus). |
|Windows Defender Antivirus antimalware client |To make sure your client is up to date, using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator. In the **AMProductVersion** line, you should see **4.18.2001.10** or above. |
|Windows Defender Antivirus engine |To make sure your engine is up to date, using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator. In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. |
@ -73,7 +73,7 @@ The following image shows an instance of unwanted software that was detected and
### Will EDR in block mode have any impact on a user's antivirus protection?
No. EDR in block mode does not affect third-party antivirus protection running on users' machines. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like Windows Defender Antivirus in passive mode, with the additional steps of blocking and remediating malicious items that are detected.
No. EDR in block mode does not affect third-party antivirus protection running on users' machines. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like Windows Defender Antivirus in passive mode, with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected.
### Why do I need to keep Windows Defender Antivirus up to date?