diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index 72915e7619..bfb9e7d141 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -142,7 +142,7 @@ Type of the threat for which the behavior is configured.
| **Domain** | com.microsoft.wdav |
| **Key** | key |
| **Data type** | String |
-| **Possible values** | potentially_unwanted_application |
+| **Possible values** | potentially_unwanted_application
archive_bomb |
##### Action to take
@@ -209,7 +209,9 @@ To get started, we recommend the following configuration profile for your enterp
The following configuration profile will:
- Enable real time protection (RTP)
-- Enable the blocking of potentially unwanted applications (PUA), which by default are in *audit* (non-blocking) mode
+- Specify how the following threat types are handled:
+ - **Potentially unwanted applications (PUA)** are blocked
+ - **Archive bombs** (file with a very high compression rate) are audited to the product logs
- Enable cloud delivered protection
- Enable automatic sample submission
@@ -230,6 +232,12 @@ The following configuration profile will:
value
block
+
+ key
+ archive_bomb
+ value
+ audit
+
cloudService
@@ -293,6 +301,12 @@ The following configuration profile contains entries for all of the settings des
value
block
+
+ key
+ archive_bomb
+ value
+ audit
+
cloudService