From e083cf68d8004659195e813523ca5d3f195b37d0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:58:20 -0700 Subject: [PATCH] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 85f5deb547..30b904712a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -39,9 +39,9 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| -|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and **is** in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | -|Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).