From a45d98c0ac8051201ba4f111c68a92494c1d2ef4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 9 Mar 2020 11:50:13 -0700 Subject: [PATCH] Update next-gen-behavior-blocking.md --- .../next-gen-behavior-blocking.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/next-gen-behavior-blocking.md b/windows/security/threat-protection/windows-defender-antivirus/next-gen-behavior-blocking.md index e56abf5fe1..6b8adafe3c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/next-gen-behavior-blocking.md +++ b/windows/security/threat-protection/windows-defender-antivirus/next-gen-behavior-blocking.md @@ -24,13 +24,15 @@ ms.collection: ## What is behavioral blocking? -Behavioral blocking and containment capabilities in Microsoft Defender ATP use machine learning to identify threats through behavioral patterns. When threats are detected, Windows Defender Antivirus works together with your Microsoft cloud protection. Suspicious artifacts and behaviors are monitored, processed, and sent to your cloud protection for real-time classification by machine learning. If artifacts or behaviors are determined to be malicious, these threats are blocked and contained almost instantly. +Behavioral blocking and containment capabilities in Microsoft Defender ATP use machine learning to identify threats through behavioral patterns. When threats are detected, they are monitored, processed, classified by machine learning, and blocked, almost instantly. -Behavioral blocking is a post-execution protection, as shown in the following diagram: +> [!TIP] +> See [In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks](https://www.microsoft.com/security/blog/2019/10/08/in-hot-pursuit-of-elusive-threats-ai-driven-behavior-based-blocking-stops-attacks-in-their-tracks). + +Windows Defender Antivirus on your machine works together with Microsoft Defender ATP to offer this protection. Behavioral blocking is a post-execution protection, as shown in the following diagram: ![diagram of pre and post execution protection](images/pre-execution-and-post-execution-detection-engines.png) - Behavioral blocking consists of the following components: - Behavior-based machine learning