From fd46fdefc9fdbf701c6f7adca77a259a587baec8 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 24 Jul 2020 13:51:09 -0700 Subject: [PATCH 1/3] Updating note about collected diagnostic data --- .../microsoft-defender-antivirus/collect-diagnostic-data.md | 3 +++ .../microsoft-defender-atp/investigate-machines.md | 3 +++ 2 files changed, 6 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md index 840b26d06e..ea6ee23720 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md @@ -25,6 +25,9 @@ manager: dansimp This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Microsoft Defender AV. +> [!NOTE] +> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices). + On at least two devices that are experiencing the same issue, obtain the .cab diagnostic file by taking the following steps: 1. Open an administrator-level version of the command prompt as follows: diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 5fd56526b0..19f12472bc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -27,6 +27,9 @@ ms.topic: article Investigate the details of an alert raised on a specific device to identify other behaviors or events that might be related to the alert or the potential scope of the breach. +> [!NOTE] +> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices). + You can click on affected devices whenever you see them in the portal to open a detailed report about that device. Affected devices are identified in the following areas: - [Devices list](investigate-machines.md) From 7551a2b349b0d61907a5caef844b0e6d8820f27c Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 24 Jul 2020 14:15:23 -0700 Subject: [PATCH 2/3] Update collect-diagnostic-data.md --- .../microsoft-defender-antivirus/collect-diagnostic-data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md index ea6ee23720..876f707fc7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md @@ -26,7 +26,7 @@ manager: dansimp This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Microsoft Defender AV. > [!NOTE] -> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices). +> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices). On at least two devices that are experiencing the same issue, obtain the .cab diagnostic file by taking the following steps: From ecc19d563e847b7011eea592d17227a88c9afeb3 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 24 Jul 2020 14:15:40 -0700 Subject: [PATCH 3/3] Update investigate-machines.md --- .../microsoft-defender-atp/investigate-machines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 19f12472bc..bd6a081f9a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -28,7 +28,7 @@ ms.topic: article Investigate the details of an alert raised on a specific device to identify other behaviors or events that might be related to the alert or the potential scope of the breach. > [!NOTE] -> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices). +> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices). You can click on affected devices whenever you see them in the portal to open a detailed report about that device. Affected devices are identified in the following areas: