diff --git a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md index fe17df31f7..d007635575 100644 --- a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md @@ -71,15 +71,16 @@ Active malware is defined as threats that were actively executing at the time of Hover over each bar to see the number of active malware detections (as **Malware detections**) and the number of endpoints with at least one active detection (as **Machines**) over the past 30 days. -![The Machines with active malware detections tile shows the number of threats and machines for each threat category](images/machines-active-threats-tile.png) +![The Machines with active malware detections tile shows the number of threats and machines for each threat category](images/atp-machines-active-threats-tile.png) The chart is sorted into five categories: -- **Password stealer** - threats that attempt to steal credentials. - **Ransomware** - threats that prevent user access to a machine or its files and demand payment to restore access. +- **Credential theft** - threats that attempt to steal credentials. - **Exploit** - threats that use software vulnerabilities to infect machines. -- **Threat** - all other threats that don't fit into the **Password stealer**, **Ransomware**, or **Exploit** categories. This includes trojans, worms, backdoors, and viruses. -- **Low severity** - threats with low severity, including adware and potentially unwanted software such as browser modifiers. +- **Backdoor** - threats that gives a malicious hacker access to and control of machines. +- **General** - threats that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. +- **PUA** - applications that install and perform undesirable activity without adequate user consent. Threats are considered "active" if there is a very high probability that the malware was executing on your network, as opposed to statically located on-disk. diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-active-threats-tile.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-active-threats-tile.png new file mode 100644 index 0000000000..fd0625088a Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machines-active-threats-tile.png differ