From 2e2c4df2d011f9d7cef71f7fd2e1c06eda7fad03 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Mar 2018 18:00:57 -0700 Subject: [PATCH 1/6] udpate toc --- windows/security/threat-protection/TOC.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 3c051adf05..585fbd524a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -190,13 +190,14 @@ ####Permissions ##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md) ##### [Create machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md) + ####APIs ##### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md) ##### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md) -####Rules -[Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md) -[Manage automation exclusion lists](windows-defender-atp\manage-automation-exclusion-list-windows-defender-advanced-threat-protection.md) +####Rules +##### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md) +##### [Manage automation exclusion lists](windows-defender-atp\manage-automation-exclusion-list-windows-defender-advanced-threat-protection.md) #### [Configure Windows Defender ATP time zone settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md) From 8ac515e3887e935dc61f5171f4559ef72759f9da Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Mar 2018 18:15:53 -0700 Subject: [PATCH 2/6] add file uploads --- windows/security/threat-protection/TOC.md | 2 ++ ...ows-defender-advanced-threat-protection.md | 35 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 585fbd524a..3cb9e6c474 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -198,6 +198,8 @@ ####Rules ##### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md) ##### [Manage automation exclusion lists](windows-defender-atp\manage-automation-exclusion-list-windows-defender-advanced-threat-protection.md) +##### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) + #### [Configure Windows Defender ATP time zone settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..8765a5caa7 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md @@ -0,0 +1,35 @@ +--- +title: Manage automation file uploads +description: Enable content analysis and configure the file extension and email attachment extensions that will be sumitted for analysis +keywords: automation, file, uploads, content, analysis, file, extension, email, attachment +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 04/16/2018 +--- + +# Manage automation file uploads + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) + + + + +## Related topics +- Automation file uploads +- Automation folder exclusions \ No newline at end of file From d8dbca0bf2b0425c6724da0f65488327b582f84e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Mar 2018 18:19:40 -0700 Subject: [PATCH 3/6] add automation file upload file --- ...ile-uploads-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md index 8765a5caa7..903bc568f2 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md @@ -25,11 +25,11 @@ ms.date: 04/16/2018 [!include[Prerelease information](prerelease.md)] ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink) ## Related topics -- Automation file uploads +- Automation allowed/blocked lists - Automation folder exclusions \ No newline at end of file From 1b45f68b398467d42e00c10f993c733ac8b6e2f6 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Mar 2018 18:25:55 -0700 Subject: [PATCH 4/6] update file uploads --- ...uploads-windows-defender-advanced-threat-protection.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md index 903bc568f2..01446c2e40 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md @@ -27,6 +27,14 @@ ms.date: 04/16/2018 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink) +You can submit suspicious files identified by automated investigation to the cloud for additional inspection by enabling content analysis. + +1. In the navigation pane, select **Settings** > **Rules** > **Automation file uploads**. + +2. Toggle the content analysis setting to **On**. + +3. Configure the file extension and email attachment extensions that will be submitted for analysis. + From 4c5b1b0c82307958cfcacc8f344cd30a0703c324 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Mar 2018 18:36:55 -0700 Subject: [PATCH 5/6] update file uploads --- ...-uploads-windows-defender-advanced-threat-protection.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md index 01446c2e40..e803e9bb77 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md @@ -31,10 +31,11 @@ You can submit suspicious files identified by automated investigation to the clo 1. In the navigation pane, select **Settings** > **Rules** > **Automation file uploads**. -2. Toggle the content analysis setting to **On**. - -3. Configure the file extension and email attachment extensions that will be submitted for analysis. +2. Toggle the content analysis setting between **On** and **Off**. +3. Configure the following extension names and separate extension names with a comma: + - **File extension names** - Suspicious files except email attachments will be submitted for additional inspection + - **Attachment extension names** - Suspicious email attachments with these extension names will be submitted for additional inspection From 68f9cefe3989d0f7cb23b149b1bd5cec2643fa7f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Mar 2018 18:41:34 -0700 Subject: [PATCH 6/6] add machine management --- windows/security/threat-protection/TOC.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 3cb9e6c474..3b530dd325 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -200,6 +200,8 @@ ##### [Manage automation exclusion lists](windows-defender-atp\manage-automation-exclusion-list-windows-defender-advanced-threat-protection.md) ##### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) +####Machine management + #### [Configure Windows Defender ATP time zone settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)