deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update based on sme feedback

Browse Source
This commit is contained in:
Joey Caparas
2018-03-20 11:32:58 -07:00
parent 57db2d60ad
commit 70a942e4e1
4 changed files with 82 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/TOC.md
View File

@ -202,9 +202,9 @@
####Rules
##### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation exclusion lists](windows-defender-atp\manage-automation-exclusion-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
####Machine management
##### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)

73
windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,73 @@
---
title: Manage automation allowed/blocked lists
description: Create lists that control what items are automatically blocked or allowed during an automatic investigation.
keywords: manage, automation, whitelist, blacklist, block, clean, malicious
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 04/16/2018
---
# Manage automation allowed/blocked lists
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
Create an exclusion rule to control which entities are automatically allowed or blocked during automated investigations.
Entities added to the allowed list are considered safe and will not be analyzed during automated investigations.
Entities added to the blocked list are considered malicious and will automatically be blocked during automated investigations..
You can define the conditions for when entities are identified as malicious or safe based on certain attributes such as hash values or certificates.
## Create an allowed or blocked list
1. In the navigation pane, select **Settings** > **Rules** > **Automation allowed/blocked list**.
2. Select the type of entity you'd like to create an exclusion for. You can choose any of the following entities:
- File hash
- Certificate
3. Click **Add system exclusion**.
4. For each attribute specify the exclusion type, details, and the following required values:
- **Files** - Hash value
- **Certificate** - PEM certificate file
5. Click **Update rule**.
## Edit a list
1. In the navigation pane, select **Settings** > **Rules** > **Automation allowed/blocked list**.
2. Select the type of entity you'd like to edit the list from.
3. Update the details of the rule and click **Update rule**.
## Delete a list
1. In the navigation pane, select **Settings** > **Rules** > **Automation allowed/blocked list**.
2. Select the type of entity you'd like to delete the list from.
3. Select the list type by clicking the check-box beside the list type.
4. Click **Delete**.
## Related topics
- Automation file uploads
- Automation folder exclusions

67
windows/security/threat-protection/windows-defender-atp/manage-automation-exclusion-list-windows-defender-advanced-threat-protection.md
View File

@ -1,67 +0,0 @@
---
title: Manage automation exclusion lists
description: Add automation exclusions so that you can control what items are automatically blocked or allowed during an automatic investigation.
keywords: manage, automation, exclusion, whitelist, blacklist, block, clean, malicious
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 04/16/2018
---
# Manage automation exclusions
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
Automation exclusions allow you to create exclusion lists that dictate whether the automated investigation will proceed with an action or not. You can define the conditions for when attributes are marked as malicious or clean.
When you configure the exclusion list to identify specific attributes as malicious, the automated investigation automatically blocks it. Alternatively, if an exclusion list identifies specific attributes to be clean, then it's considered safe and is not analyzed.
## Add an exclusion
1. In the navigation pane, select **Settings** > **Rules** > **Automation allowed/blocked list**.
2. Select the attribute tab you'd like to create an exclusion for.
3. Create an exclusion rule by selecting the attribute and specifying the exclusion type. For each attribute you'll need to specify details and the following required values:
- **Files** - Hash value
- **Certificate** - PEM certificate file
4. Click **Update rule**.
## Edit an exclusion
1. In the navigation pane, select **Settings** > **Rules** > **Automation allowed/blocked list**.
2. Select the attribute tab you'd like to edit the exclusion for.
3. Update the details of the rule and click **Update rule**.
## Delete an exclusion
1. In the navigation pane, select **Settings** > **Rules** > **Automation allowed/blocked list**.
2. Select the attribute tab that you'd like to delete a rule for.
3. Select the list type by clicking the check-box beside the list type.
4. Click **Delete**.
## Related topics
- Automation file uploads
- Automation folder exclusions

8
windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
View File

@ -27,7 +27,13 @@ ms.date: 04/16/2018
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink)
You can submit suspicious files identified by automated investigation to the cloud for additional inspection by enabling content analysis.
Enable the content analysis capability so that certain files and email attachments can automatically be uploaded to the cloud for additional inspection during automated investigations.
Identify the files and email attachments by specifying the file extension names and email attachment extension names.
For example, if you add *exe* and *bat* as file or attachment extension names, then all files or attachments with those extensions will automatically be sent to the cloud for additional inspection during an automated investigation.
## Add file extension names and attachment extension names.
1. In the navigation pane, select **Settings** > **Rules** > **Automation file uploads**.