deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Edits

Browse Source
This commit is contained in:
schmurky
2021-02-03 16:49:57 +08:00
parent 659936eb28
commit 5e01731eed
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
View File

@ -47,7 +47,13 @@ Selecting an alert's name in Defender for Endpoint will land you on its alert pa
![An alert page when you first land on it](images/alert-landing-view.png)
Note the detection status for your alert. Blocked, or prevented means actions were already taken by Defender for Endpoint.
Note the detection status for your alert.
- Prevented The attempted suspicious action was avoided. For example, a file either wasnt written to disk or executed.
- Blocked Suspicious behavior was executed and then blocked. For example, a process was executed but because it subsequently exhibited suspicious behaviors, the process was terminated.
- Detected An attack was detected and is possibly still active.
Blocked or prevented means actions were already taken by Defender for Endpoint.
Start by reviewing the *automated investigation details* in your alert's details pane, to see which actions were already taken, as well as reading the alert's description for recommended actions.
![A snippet of the details pane with the alert description and automatic investigation sections highlighted](images/alert-air-and-alert-description.png)