deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update shadow-protection.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-03-09 13:54:55 -07:00
parent bfc6006ae1
commit c6095fc669
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md
View File

@ -49,30 +49,28 @@ Shadow protection extends behavioral-based blocking and containment capabilities
3. Turn shadow protection on. 3. Turn shadow protection on.
> [!NOTE]
> Currently, shadow protection can be turned on only in the Microsoft Defender Security Center. You cannot use registry keys, Intune, or group policies to turn shadow protection on or off at this time.
## What happens when something is detected ## What happens when something is detected
When shadow protection is turned on, and something is detected, you'll see it in the [Microsoft Defender Security Center](https://securitycenter.windows.com). If the item detected is malicious, you'll see its detection status as Blocked or Remediated. When shadow protection is turned on, and something is detected, you'll see it in the [Microsoft Defender Security Center](https://securitycenter.windows.com). If the item detected is malicious, you'll see its detection status as Blocked or Remediated.
## Frequently asked questions ## Frequently asked questions
Will this feature have any impact on the active AV on the device? ### Will shadow protection have any impact on a user's antivirus protection?
No, there would not be, the detection usually happens if there is miss by primary AV or if there is detected during post breach. This will work in similar way you have defender AV in passive mode, with additional step blocking and remediation. No, there would not be, the detection usually happens if there is miss by primary AV or if there is detected during post breach. This will work in similar way you have defender AV in passive mode, with additional step blocking and remediation.
Can I set this feature using registry/MDM/GP? ### Can I set this feature using registry/MDM/GP?
No the feature is only supported through Microsoft Defender Security Center portal https://securitycenter.windows.com No the feature is only supported through Microsoft Defender Security Center portal https://securitycenter.windows.com
Why do I need to keep defender UpToDate? ### Why do I need to keep Windows Defender Antivirus up to date?
MDATP stack works in integration and to get best protection value, you would want to keep Defender AV UpToDate as well. MDATP stack works in integration and to get best protection value, you would want to keep Defender AV UpToDate as well.
Why do we need cloud protection on? ### Why do we need cloud protection on?
Cloud Protection is needed to turn on the feature on the device, in addition it allows MDATP to deliver latest and greatest based on the optics received, behavioral and Machine learning model we run on the backend and so on. Cloud Protection is needed to turn on the feature on the device, in addition it allows MDATP to deliver latest and greatest based on the optics received, behavioral and Machine learning model we run on the backend and so on.
Contact
If you are interested in being design partner with us to help design this feature, please send email to shwjha@microsoft.com
## Next steps