From 455cd230dee5872a586f930a47cf3822d067a6a9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 21 May 2020 13:52:33 -0700 Subject: [PATCH] Update feedback-loop-blocking.md --- .../microsoft-defender-atp/feedback-loop-blocking.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md index 0bac7f80f3..2c17fb301c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md @@ -24,4 +24,10 @@ ms.collection: - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -## Overview \ No newline at end of file +## Overview + +Feedback-loop blocking, also referred to as rapid protection, is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/). With feedback-loop blocking, devices in your organization are protected better protected from threats. When a suspicious behavior or file is detected, such as by Microsoft Defender Antivirus, it's treated as a potential false negative. With machine learning and and is observed more closely. Once confirmed as malicious, on a device is confirmed as malicious, + +Feedback-loop blocking Within a few moments of confirming a file as malicious, , the file, machine learning models operating on the EDR data, which come with richer granular details, determined the file to be malware, raised an alert, and provided feedback to the rapid protection loop engine. This insight led to the immediate blocking of the file on subsequent machines. + +Behavioral detections feed into protection stack as potential FNs, generating new protection based on patient 0 behavioral intelligence. Patient 1+ are now protected and threats prevented higher in the stack