From b24fe893325b29b09dba603cafcb03679064f090 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 Nov 2017 16:27:41 -0700 Subject: [PATCH] updates --- ...ile-alerts-windows-defender-advanced-threat-protection.md | 5 +++-- ...ine-alerts-windows-defender-advanced-threat-protection.md | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index db6ecc2b69..583a583988 100644 --- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -107,8 +107,9 @@ You can roll back and remove a file from quarantine if you’ve determined that You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization. >[!NOTE] ->This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).

-This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. This response action is available for machines on Windows 10, version 1703 or later. +>- This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).

+>- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. +>- This response action is only available for machines on Windows 10, version 1703 or later. >[!IMPORTANT] > The PE file needs to be in the machine timeline for you to be able to take this action. diff --git a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md index dbed86a45a..8d6f2ada9e 100644 --- a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -29,13 +29,13 @@ ms.date: 10/17/2017 Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center. >[!IMPORTANT] -> These response actions are only available for PCs on Windows 10, version 1703 and above. +> These response actions are only available for PCs on Windows 10, version 1703 and later. ## Collect investigation package from machines As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker. >[!IMPORTANT] -> This response action is only available for machines on Windows 10, version 1703 and above. +> This response action is only available for machines on Windows 10, version 1703 and later. You can download the package (Zip file) and investigate the events that occurred on a machine.