deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 15081: add more pre-reqs for block file

Browse Source 
add more pre-reqs for block file
This commit is contained in:
Joey Caparas
2019-04-03 18:55:41 +00:00
parent da677d509e d648846dfb
commit 892e1f412a
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# Take response actions on a file # Take response actions on a file
@ -109,13 +108,17 @@ You can roll back and remove a file from quarantine if youve determined that
You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization. You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
>[!IMPORTANT] >[!IMPORTANT]
>- This feature is available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br> >- This feature is available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
>- The Antimalware client version must be 4.18.1901.x or later.
>- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. >- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time.
>- This response action is available for machines on Windows 10, version 1703 or later. >- This response action is available for machines on Windows 10, version 1703 or later.
>- The allow or block function cannot be done on files if the file's classification exists on the device's cache prior to the allow or block action.
>[!NOTE] >[!NOTE]
> The PE file needs to be in the machine timeline for you to be able to take this action. > The PE file needs to be in the machine timeline for you to be able to take this action.
>- There may be a couple of minutes of latency between the time the action is taken and the actual file being blocked.
### Enable the block file feature ### Enable the block file feature
Before you can block files, you'll need to enable the feature. Before you can block files, you'll need to enable the feature.
@ -149,6 +152,9 @@ Before you can block files, you'll need to enable the feature.
When the file is blocked, there will be a new event in the machine timeline.</br> When the file is blocked, there will be a new event in the machine timeline.</br>
>[!NOTE]
>-If a file was scanned before the action was taken, it may take longer to be effective on the device.
**Notification on machine user**:</br> **Notification on machine user**:</br>
When a file is being blocked on the machine, the following notification is displayed to inform the user that the file was blocked: When a file is being blocked on the machine, the following notification is displayed to inform the user that the file was blocked: