From bac04464feed4ee422704ba3842bc37a47beca39 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 17 Apr 2020 11:54:26 -0700 Subject: [PATCH] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 62199ea6b6..f4da4cd929 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -21,7 +21,7 @@ ms.topic: conceptual ## Remediation actions -When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *Clean*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organization’s security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed. +When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organization’s security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed. When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defender Advanced Threat Protection takes one of the following remediation actions automatically: - Quarantine a file