deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-07 18:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

EDR in block mode images

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-04-09 16:37:04 -07:00
parent 79cdca349c
commit 5283f31c94
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
View File

@ -27,7 +27,7 @@ ms.collection:
When enabled, endpoint detection and response (EDR) in block mode blocks malicious artifacts or behaviors observed through post-breach protection. EDR extends behavioral-based blocking and containment capabilities in Microsoft Defender ATP. EDR in block mode works behind the scenes to remediate malicious entities identified in post-breach. When enabled, endpoint detection and response (EDR) in block mode blocks malicious artifacts or behaviors observed through post-breach protection. EDR extends behavioral-based blocking and containment capabilities in Microsoft Defender ATP. EDR in block mode works behind the scenes to remediate malicious entities identified in post-breach.
> [!NOTE] > [!NOTE]
> EDR in block mode is currently in [limited private preview](#can-i-participate-in-the-private-preview-of-shadow-protection). To get the best protection, [deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline). > EDR in block mode is currently in [limited private preview](#can-i-participate-in-the-private-preview-of-edr-in-block-mode). To get the best protection, [deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline).
## What happens when something is detected? ## What happens when something is detected?
@ -35,7 +35,9 @@ When EDR in block mode is turned on, and a malicious artifact is detected, the d
The following images shows an instance of unwanted software that was detected and blocked through EDR in block mode: The following images shows an instance of unwanted software that was detected and blocked through EDR in block mode:
:::image type="content" source="images/shadow-protection-detection.jpg" alt-text="Malware detected by EDR in block mode"::: :::image type="content" source="images/edr-in-block-mode.jpg" alt-text="Malware detected by EDR in block mode":::
## Enable EDR in block mode ## Enable EDR in block mode
@ -46,7 +48,7 @@ The following images shows an instance of unwanted software that was detected an
2. Choose **Settings** > **Advanced features**. 2. Choose **Settings** > **Advanced features**.
:::image type="content" source="images/turn-shadow-protection-on.jpg" alt-text="Turn EDR in block mode on"::: :::image type="content" source="images/turn-edr-in-block-mode-on.jpg" alt-text="Turn EDR in block mode on":::
3. Turn on EDR in block mode. 3. Turn on EDR in block mode.

0
windows/security/threat-protection/windows-defender-antivirus/images/shadow-protection-detection.jpg → windows/security/threat-protection/microsoft-defender-atp/images/edr-in-block-mode.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 44 KiB

0
windows/security/threat-protection/windows-defender-antivirus/images/turn-shadow-protection-on.jpg → windows/security/threat-protection/microsoft-defender-atp/images/turn-edr-in-block-mode-on.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 19 KiB