diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 3910cda2ff..ee0bb0ff9b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -40,6 +40,18 @@ Response actions run along the top of the file page, and include: You can also submit files for deep analysis, to run the file in a secure cloud sandbox. When the analysis is complete, you'll get a detailed report that provides information about the behavior of the file. You can submit files for deep analysis and read past reports by selecting the **Deep analysis** tab. It's located below the file information cards. +Some actions require certain permissions. The following table describes what action certain permissions can take on portable executable (PE) and non-PE files: + +Permission | PE files | Non-PE files +:---|:---|:--- +View data | X | X +Alerts investigation | ☑ | X +Live response basic | X | X +Live response advanced | ☑ |☑ + +For more information on roles, see [Create and manage roles for role-based access control](user-roles.md). + + ## Stop and quarantine files in your network You can contain an attack in your organization by stopping the malicious process and quarantining the file where it was observed.