deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 08:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

undo removal of block and unblock from old docs

Browse Source
This commit is contained in:
Zvi Avidor 2018-08-16 11:23:32 +03:00
parent 09be5a18a1
commit eb0171a811
2 changed files with 180 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,91 @@
---
title: Block file API
description: Use this API to blocking files from being running in the organization.
keywords: apis, graph api, supported apis, block file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 12/08/2017
---
# Block file API
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Prevent a file from being executed in the organization using Windows Defender Antivirus.
## Permissions
Users need to have Security administrator or Global admin directory roles.
## HTTP request
```
POST /testwdatppreview/files/{sha1}/block
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization.
## Example
**Request**
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/block
Content-type: application/json
{
"Comment": "Block file due to alert 32123"
}
```
**Response**
Here is an example of the response.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673",
"fileIdentifierType": "Sha1",
"actionType": "Block",
"fileStatus": "Blocked",
"creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z",
"requestor": "Analyst@contoso.com ",
"requestorComment": "test",
"cancellationDateTimeUtc": null,
"cancellationRequestor": null,
"cancellationComment": null,
"lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z"
}
```

89
windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,89 @@
---
title: Unblock file API
description: Use this API to create calls related to allowing a file to be executed in the organization
keywords: apis, graph api, supported apis, unblock file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 12/08/2017
---
# Unblock file API
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Allow a file to be executed in the organization, using Windows Defender Antivirus.
## Permissions
Users need to have Security administrator or Global admin directory roles.
## HTTP request
```
POST /testwdatppreview/files/{sha1}/unblock
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization.
## Example
**Request**
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/unblock
Content-type: application/json
{
"Comment": "Unblock file since alert 1234 was investigated and discovered to be false alarm",
}
```
**Response**
Here is an example of the response.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673",
"fileIdentifierType": "Sha1",
"actionType": "UnBlock",
"fileStatus": "Blocked",
"creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z",
"requestor": "Analyst@contoso.com ",
"requestorComment": "test",
"cancellationDateTimeUtc": null,
"cancellationRequestor": null,
"cancellationComment": null,
"lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z"
}
```