From 32e68562c541701899b2ebd314e6a9a5e9d026ac Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:49:57 -0700 Subject: [PATCH] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 9c1f7a4a15..dd00d1c8bd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -41,7 +41,7 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | -|Full or semi automation |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).