deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 08:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update respond-file-alerts.md

Browse Source 
added note from support
This commit is contained in:
Daniel Simpson 2020-11-30 19:18:18 -08:00 committed by GitHub
parent 4d8af41b5d
commit 67332d947f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
View File

@ -133,6 +133,9 @@ You can roll back and remove a file from quarantine if youve determined that
> >
> Defender for Endpoint will restore all custom blocked files that were quarantined on this device in the last 30 days. > Defender for Endpoint will restore all custom blocked files that were quarantined on this device in the last 30 days.
> [!NOTE]
> A file that was quarantined as a potential network threat might not be recoverable. If a user attempts to restore the file after quarantine, that file might not be accessible. This can be due to the system no longer having network credentials to access the file. Typically this is a result of a temporary log on to a system or shared folder and the access tokens expired.
## Add indicator to block or allow a file ## Add indicator to block or allow a file
You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on devices in your organization. You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on devices in your organization.