From 997f2cff855d7764bf30144c4bc6ad521d978531 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 21 May 2020 14:18:45 -0700 Subject: [PATCH] Update feedback-loop-blocking.md --- .../microsoft-defender-atp/feedback-loop-blocking.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md index 2c17fb301c..62e9eb491c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md @@ -26,8 +26,7 @@ ms.collection: ## Overview -Feedback-loop blocking, also referred to as rapid protection, is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/). With feedback-loop blocking, devices in your organization are protected better protected from threats. When a suspicious behavior or file is detected, such as by Microsoft Defender Antivirus, it's treated as a potential false negative. With machine learning and and is observed more closely. Once confirmed as malicious, on a device is confirmed as malicious, +Feedback-loop blocking, also referred to as rapid protection, is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/). With feedback-loop blocking, devices in your organization are protected better protected from threats. When a suspicious behavior or file is detected, such as by [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10), the file or behavior is treated as a potential false negative, and is observed more closely. Once confirmed as malicious, artifacts are stopped in their tracks, and are reported to your cloud protection service. In almost real time, the other devices in your organization are scanned for and protected from those malicious artifacts. Thus, if a malicious behavior or file is detected on one device, it's analyzed and stopped, and other devices are protected from those artifacts as well. -Feedback-loop blocking Within a few moments of confirming a file as malicious, , the file, machine learning models operating on the EDR data, which come with richer granular details, determined the file to be malware, raised an alert, and provided feedback to the rapid protection loop engine. This insight led to the immediate blocking of the file on subsequent machines. +## Configuring feedback-loop blocking -Behavioral detections feed into protection stack as potential FNs, generating new protection based on patient 0 behavioral intelligence. Patient 1+ are now protected and threats prevented higher in the stack