From a0f9cd72c0bc04ceefdae5f9f8b33f3eea51198c Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 5 Jul 2019 13:22:38 -0400 Subject: [PATCH 1/3] added note on limitations of getfile --- .../live-response-command-examples.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md index c431ecb195..6d34294e83 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md @@ -95,6 +95,15 @@ getfile c:\Users\user\Desktop\work.txt getfile c:\Users\user\Desktop\work.txt -auto ``` +>[!NOTE] +> +> The following file types are **not** supported: +> +> 1. [Reparse point files](/windows/desktop/fileio/reparse-points/) +> 1. [Sparse files](/windows/desktop/fileio/sparse-files/) +> 1. Empty files +> 1. Virtual files, or files that are not fully present locally + ## processes ``` # Show all processes From 4b23be0c205562df53baa5b299c5b5cd72f0182a Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Fri, 5 Jul 2019 14:00:01 -0400 Subject: [PATCH 2/3] made numbered list into bullet list --- .../live-response-command-examples.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md index 6d34294e83..dc71d8372c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md @@ -99,10 +99,10 @@ getfile c:\Users\user\Desktop\work.txt -auto > > The following file types are **not** supported: > -> 1. [Reparse point files](/windows/desktop/fileio/reparse-points/) -> 1. [Sparse files](/windows/desktop/fileio/sparse-files/) -> 1. Empty files -> 1. Virtual files, or files that are not fully present locally +> * [Reparse point files](/windows/desktop/fileio/reparse-points/) +> * [Sparse files](/windows/desktop/fileio/sparse-files/) +> * Empty files +> * Virtual files, or files that are not fully present locally ## processes ``` From 9040c32125942e1ee4640f8799bec2ea2f5863bf Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Tue, 9 Jul 2019 10:58:52 -0400 Subject: [PATCH 3/3] updated note to mention powershell --- .../live-response-command-examples.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md index dc71d8372c..89649bba47 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md @@ -97,12 +97,16 @@ getfile c:\Users\user\Desktop\work.txt -auto >[!NOTE] > -> The following file types are **not** supported: +> The following file types **cannot** be downloaded using this command from within Live Response: > > * [Reparse point files](/windows/desktop/fileio/reparse-points/) > * [Sparse files](/windows/desktop/fileio/sparse-files/) > * Empty files > * Virtual files, or files that are not fully present locally +> +> These file types **are** supported by [PowerShell](/powershell/scripting/overview?view=powershell-6/). +> +> Use PowerShell as an alternative, if you have problems using this command from within Live Response. ## processes ```