deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update edr-in-block-mode.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-04-09 15:48:55 -07:00
parent 126ef65b1a
commit 79cdca349c
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
View File

@ -1,7 +1,7 @@
--- ---
title: Endpoint detection and response in block mode title: Endpoint detection and response in block mode
description: Learn about endpoint detection and response in block mode description: Learn about endpoint detection and response in block mode
keywords: Microsoft Defender ATP, EDR blocking, passive mode blocking keywords: Microsoft Defender ATP, EDR in block mode, passive mode blocking
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
ms.pagetype: security ms.pagetype: security
author: denisebmsft author: denisebmsft
@ -31,22 +31,22 @@ When enabled, endpoint detection and response (EDR) in block mode blocks malicio
## What happens when something is detected? ## What happens when something is detected?
When EDR blocking is turned on, and a malicious artifact is detected, the detection results in blocking and remediation actions. You'll see detection status as **Blocked** or **Remediated** as completed actions in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#review-completed-actions). When EDR in block mode is turned on, and a malicious artifact is detected, the detection results in blocking and remediation actions. You'll see detection status as **Blocked** or **Remediated** as completed actions in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#review-completed-actions).
The following images shows an instance of unwanted software that was detected and blocked through EDR blocking: The following images shows an instance of unwanted software that was detected and blocked through EDR in block mode:
:::image type="content" source="images/shadow-protection-detection.jpg" alt-text="Malware detected by EDR blocking"::: :::image type="content" source="images/shadow-protection-detection.jpg" alt-text="Malware detected by EDR in block mode":::
## Enable EDR in block mode ## Enable EDR in block mode
> [!IMPORTANT] > [!IMPORTANT]
> Make sure the [requirements](#requirements-for-edr-in-block-mode) are met before turning EDR blocking on. > Make sure the [requirements](#requirements-for-edr-in-block-mode) are met before turning EDR in block mode on.
1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
2. Choose **Settings** > **Advanced features**. 2. Choose **Settings** > **Advanced features**.
:::image type="content" source="images/turn-shadow-protection-on.jpg" alt-text="Turn EDR blocking on"::: :::image type="content" source="images/turn-shadow-protection-on.jpg" alt-text="Turn EDR in block mode on":::
3. Turn on EDR in block mode. 3. Turn on EDR in block mode.