deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #1005 from MicrosoftDocs/response-action-perms

Browse Source 
add table
This commit is contained in:
jcaparas
2019-08-29 10:30:44 -07:00
committed by GitHub
parent 393cb60953 91ca711503
commit cd0292549f
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
View File

@ -40,6 +40,18 @@ Response actions run along the top of the file page, and include:
You can also submit files for deep analysis, to run the file in a secure cloud sandbox. When the analysis is complete, you'll get a detailed report that provides information about the behavior of the file. You can submit files for deep analysis and read past reports by selecting the **Deep analysis** tab. It's located below the file information cards. You can also submit files for deep analysis, to run the file in a secure cloud sandbox. When the analysis is complete, you'll get a detailed report that provides information about the behavior of the file. You can submit files for deep analysis and read past reports by selecting the **Deep analysis** tab. It's located below the file information cards.
Some actions require certain permissions. The following table describes what action certain permissions can take on portable executable (PE) and non-PE files:
Permission | PE files | Non-PE files
:---|:---|:---
View data | X | X
Alerts investigation | ☑ | X
Live response basic | X | X
Live response advanced | ☑ |☑
For more information on roles, see [Create and manage roles for role-based access control](user-roles.md).
## Stop and quarantine files in your network ## Stop and quarantine files in your network
You can contain an attack in your organization by stopping the malicious process and quarantining the file where it was observed. You can contain an attack in your organization by stopping the malicious process and quarantining the file where it was observed.