deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update allow block list

Browse Source
This commit is contained in:
Joey Caparas 2019-03-15 17:24:09 -07:00
parent b02e4e0610
commit 868de51409
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 11/16/2018
--- ---
# Configure advanced features in Windows Defender ATP # Configure advanced features in Windows Defender ATP

61
windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,61 @@
---
title: Manage allowed/blocked lists
description: Create lists that control what items are blocked or allowed during an investigation.
keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Manage allowed/blocked lists
**Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
Create a rule to define the response action to apply on entities. You can define the duration for when to apply the action as well as the scope of the machine group to apply it to.
## Create a rule
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities:
- File hash
- IP address
- URLs/Domains
- Certificate
3. Click **Add indicator**.
4. For each attribute specify the following details:
- Indicator - Specify the entity details and define the expiration of the indicator.
- Action - Specify the action to be taken and provide a description.
- Scope - Define the scope of the machine group.
5. Review the details in the Summary tab, then click **Save**.
## Manage a rule
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
2. Select the tab of the entity type you'd like to manage.
3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list.
## Related topics
- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)