From 77e64919e89cc8fab0c71a69f17eb8b8a60a4ad8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 22 May 2020 11:12:11 -0700 Subject: [PATCH] Update client-behavioral-blocking.md --- .../client-behavioral-blocking.md | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md index 264351e391..cbba035321 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md @@ -1,7 +1,7 @@ --- -title: Feedback-loop blocking -description: Feedback-loop blocking, also called rapid protection, is part of behavioral blocking and containment capabilities in Microsoft Defender ATP -keywords: behavioral blocking, rapid protection, feedback blocking, Microsoft Defender ATP +title: Client behavioral blocking +description: Client behavioral blocking is part of behavioral blocking and containment capabilities in Microsoft Defender ATP +keywords: behavioral blocking, rapid protection, client behavior, Microsoft Defender ATP search.product: eADQiWindows 10XVcnh ms.pagetype: security author: denisebmsft @@ -18,7 +18,7 @@ ms.custom: ms.collection: --- -# Feedback-loop blocking +# Client behavioral blocking **Applies to:** @@ -26,16 +26,14 @@ ms.collection: ## Overview -Feedback-loop blocking, also referred to as rapid protection, is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/). With feedback-loop blocking, devices across your organization are better protected from attacks. +Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/). As threats are detected on devices (clients), they are blocked and remediated automatically. -## How feedback-loop blocking works - -When a suspicious behavior or file is detected, such as by [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10), information about that artifact is sent to multiple classifiers. The rapid protection loop engine inspects and correlates the information with other signals to arrive at a decision as to whether to block a file. All of this happens very quickly. It results in rapid blocking of confirmed malware, and drives protection across the entire ecosystem. - -With rapid protection in place, an attack can be stopped on a device, other devices in the organization, and devices in other organizations, as an attack attempts to broaden its foothold. +## How client behavioral blocking works -## Configuring feedback-loop blocking + + +## Configuring client behavioral blocking If your organization is using Microsoft Defender ATP, feedback-loop blocking is enabled by default. However, rapid protection occurs through a combination of Microsoft Defender ATP capabilities, machine learning protection features, and signal-sharing across Microsoft security services. Make sure the following features and capabilities of Microsoft Defender ATP are enabled and configured: