deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Joey Caparas 2017-11-01 16:27:41 -07:00
parent 9d79c614ef
commit b24fe89332
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
View File

@ -107,8 +107,9 @@ You can roll back and remove a file from quarantine if youve determined that
You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization. You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
>[!NOTE] >[!NOTE]
>This feature is only available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br> >- This feature is only available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. This response action is available for machines on Windows 10, version 1703 or later. >- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time.
>- This response action is only available for machines on Windows 10, version 1703 or later.
>[!IMPORTANT] >[!IMPORTANT]
> The PE file needs to be in the machine timeline for you to be able to take this action. > The PE file needs to be in the machine timeline for you to be able to take this action.

4
windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
View File

@ -29,13 +29,13 @@ ms.date: 10/17/2017
Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center. Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center.
>[!IMPORTANT] >[!IMPORTANT]
> These response actions are only available for PCs on Windows 10, version 1703 and above. > These response actions are only available for PCs on Windows 10, version 1703 and later.
## Collect investigation package from machines ## Collect investigation package from machines
As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker. As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.
>[!IMPORTANT] >[!IMPORTANT]
> This response action is only available for machines on Windows 10, version 1703 and above. > This response action is only available for machines on Windows 10, version 1703 and later.
You can download the package (Zip file) and investigate the events that occurred on a machine. You can download the package (Zip file) and investigate the events that occurred on a machine.