From d2f2c7b515b72e1a1b1c31f293a8499c4a52db95 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 Nov 2017 16:42:44 -0700 Subject: [PATCH] minor updates --- windows/threat-protection/TOC.md | 1 + ...le-alerts-windows-defender-advanced-threat-protection.md | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md index ce3a47ceb7..3eb9dfc4fd 100644 --- a/windows/threat-protection/TOC.md +++ b/windows/threat-protection/TOC.md @@ -69,6 +69,7 @@ ###### [Stop and quarantine files in your network](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) ###### [Remove file from quarantine](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) ###### [Block files in your network](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) +###### [Remove file from blocked list](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list) ###### [Check activity details in Action center](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) ###### [Deep analysis](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) ####### [Submit files for analysis](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index 583a583988..a559e0f478 100644 --- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -40,8 +40,8 @@ You can contain an attack in your organization by stopping the malicious process >[!IMPORTANT] >You can only take this action if: > - The machine you're taking the action on is running Windows 10, version 1703 or later -> - The file does not belong to the system or not signed by Microsoft -> - Windows Defender Antivirus must at least be running on Passive mode +> - The file does not belong to trusted third-party publishers or not signed by Microsoft +> - Windows Defender Antivirus must at least be running on Passive mode The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys. @@ -79,7 +79,7 @@ When the file is being removed from an endpoint, the following notification is s In the machine timeline, a new event is added for each machine where a file was stopped and quarantined. ->[!NOTE] +>[!IMPORTANT] >The **Action** button is turned off for files signed by Microsoft as well as trusted third–party publishers to prevent the removal of critical system files and files used by important applications. ![Image of action button turned off](images/atp-file-action.png)