deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-23 10:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update behavioral-blocking-containment.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-04-29 11:23:35 -07:00
parent f32b0dcb70
commit af52f52570
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
View File

@ -24,10 +24,12 @@ ms.collection:
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
## Overview of behavioral blocking and containment ## Behavioral blocking and containment overview
Not all cyberattacks involve a simple piece of malware that's found and removed. Some attacks, such as fileless attacks, are much more difficult to identify, let alone contain. Microsoft Defender ATP includes behavioral blocking and containment capabilities that can help identify and stop threats with machine learning, pre- and post-breach. In almost real-time, when a suspicious behavior or artifact is detected and determined to be malicious, the threat is blocked. Pre-execution models learn about that threat, and prevent it from running on other endpoints. Not all cyberattacks involve a simple piece of malware that's found and removed. Some attacks, such as fileless attacks, are much more difficult to identify, let alone contain. Microsoft Defender ATP includes behavioral blocking and containment capabilities that can help identify and stop threats with machine learning, pre- and post-breach. In almost real-time, when a suspicious behavior or artifact is detected and determined to be malicious, the threat is blocked. Pre-execution models learn about that threat, and prevent it from running on other endpoints.
## Behavioral blocking and containment capabilities
Behavioral blocking and containment capabilities include the following: Behavioral blocking and containment capabilities include the following:
- **Client behavioral blocking**. Threats on endpoints are detected through machine learning, and then are blocked and remediated automatically. (This is enabled by default.) - **Client behavioral blocking**. Threats on endpoints are detected through machine learning, and then are blocked and remediated automatically. (This is enabled by default.)