From 91ca71150374b0787d62c04095405d3f9834b726 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 29 Aug 2019 10:15:01 -0700 Subject: [PATCH] add table --- .../microsoft-defender-atp/respond-file-alerts.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 3910cda2ff..ee0bb0ff9b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -40,6 +40,18 @@ Response actions run along the top of the file page, and include: You can also submit files for deep analysis, to run the file in a secure cloud sandbox. When the analysis is complete, you'll get a detailed report that provides information about the behavior of the file. You can submit files for deep analysis and read past reports by selecting the **Deep analysis** tab. It's located below the file information cards. +Some actions require certain permissions. The following table describes what action certain permissions can take on portable executable (PE) and non-PE files: + +Permission | PE files | Non-PE files +:---|:---|:--- +View data | X | X +Alerts investigation | ☑ | X +Live response basic | X | X +Live response advanced | ☑ |☑ + +For more information on roles, see [Create and manage roles for role-based access control](user-roles.md). + + ## Stop and quarantine files in your network You can contain an attack in your organization by stopping the malicious process and quarantining the file where it was observed.