deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added exception details

Browse Source
This commit is contained in:
Dulce Montemayor
2019-10-29 00:13:26 -07:00
committed by GitHub
parent 407c852aaa
commit 9697bd40ee
1 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
View File

@ -51,7 +51,37 @@ You also have the option to export all remediation activity data to CSV for reco
The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the **Remediation** page. You can mark the remediation activity as completed after the IT administration team remediates the task.
However, if the security recommendation stemmed from a false positive report, or if there are existing business justification that blocks the remediation, such as compensating control, productivity needs, compliance, or if there's already a planned remediation grace period, you can file an exception and indicate the reason. The exceptions you've filed will also show up in the **Remediation** page, in the **Exceptions** tab.
## When to file for exception instead of remediating issues
You can file exceptions to exclude certain recommendation from showing up in reports and affecting risk scores or secure scores.
When you select a security recommendation, it opens up a flyout screen with details and options for next step. You can either **Open software page**, choose from **Remediation options**, go through **Exception options** to file for exceptions, or **Report inaccuracy**.
Select **Exception options** and a flyout screen opens.
![Screenshot of exception flyout screen](images/tvm-exception-flyout.png)
###Exception justification
If the security recommendation stemmed from a false positive report, or if there are existing business justification that blocks the remediation, such as compensating control, productivity needs, compliance, or if there's already a planned remediation grace period, you can file an exception and indicate the reason.
Compensating/alternate control - A 3rd party control that mitigates this recommendation exists, for example, if Network Firewall prevents access to a machine, third party antivirus
Productivity/business need - Remediation will impact productivity or interrupt business-critical workflow
Accept risk - Poses low risk and/or implementing a compensating control is too expensive
Planned remediation (grace) - Already planned but is awaiting execution or authorization
Other - False positive
![Screenshot of exception reason dropdown menu](images/tvm-exception-dropdown.png)
###Exception visibility
The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab.
However, you also have the option to filter your view based on exception justification, type, and status.
![Screenshot of exception tab and filters](images/tvm-exception-filters.png)
###Actions on exceptions
- Cancel - You can cancel the exceptions you've filed any time
- Resurface - The exception that you've filed automatically becomes void and resurfaces in the security recommendation section when dynamic environmental factors change, which adversely affect the exposure impact associated with a recommendation that had previously been excluded
###Exception status
- Cancelled - The exception has been cancelled and is no longer in effect
- Expired - The exception that you've filed is no longer in effect
- In effect - The exception that you've filed is in progress
## Related topics
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)