troubleshoot live response

windows/security/threat-protection/TOC.md

@@ -421,6 +421,11 @@
 #### [Troubleshoot Microsoft Defender ATP service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
 ##### [Check service health](microsoft-defender-atp/service-status.md)
 
+
+#### [Troubleshoot live response issues]()
+##### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
+
+
 ####Troubleshoot attack surface reduction
 ##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
 ##### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)

windows/security/threat-protection/microsoft-defender-atp/TOC.md

@@ -417,10 +417,14 @@
 ### [Troubleshoot Microsoft Defender ATP service issues](troubleshoot-mdatp.md)
 #### [Check service health](service-status.md)
 
+
+### [Troubleshoot live response issues]()
+#### [Troubleshoot issues related to live response](troubleshoot-live-response.md)
+
 ### Troubleshoot attack surface reduction
 #### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
 #### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
-#### [Collect diagnostic data for files](../windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md)
+#### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md)
 
  
 ### [Troubleshoot next generation protection](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)

windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md

@@ -0,0 +1,56 @@
+---
+title: Troubleshoot Microsoft Defender ATP live response issues
+description: Troubleshoot issues that might arise when using live response in Microsoft Defender ATP 
+keywords: troubleshoot live response, live, response, locked, file
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: troubleshooting
+---
+
+# Troubleshoot Microsoft Defender Advanced Threat Protection live response issues
+
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+This page provides detailed steps to troubleshoot live response issues.
+
+## File cannot be accessed during live response sessions
+If while trying to take an action during a live response session, you encounter an error message stating that the file can't be accessed, you'll need to use the steps below to address the issue.
+
+1.	Copy the following script code snippet and save it as a PS1 file:
+
+    ```
+    $copied_file_path=$args[0] 
+    $action=Copy-Item $copied_file_path -Destination $env:TEMP -PassThru -ErrorAction silentlyContinue
+        
+    if ($action){
+         Write-Host "You copied the file specified in $copied_file_path to $env:TEMP Succesfully"
+    }
+    
+    else{
+        Write-Output "Error occoured while trying to copy a file, details:"
+        Write-Output  $error[0].exception.message
+ 
+    }
+    ```
+
+
+2.	Add the script to the live response library.
+3.	Run the script with one parameter: the file path of the file to be copied.
+4.	Navigate to your TEMP folder.
+5.	Run the action you wanted to take on the copied file.
+
+
+