From f9f6147b1ca85fd0dc0ca6794fb9a3b35fba2486 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 13 Jan 2020 15:08:04 -0800 Subject: [PATCH] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...t-changes-to-security-settings-with-tamper-protection.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 2237e9088e..675d3b0c8e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -140,11 +140,13 @@ If you are using Windows OS [1709](https://docs.microsoft.com/windows/release-in ## View information about tampering attempts -Tampering attempts typically indicate bigger cyberattacks where bad actors change security settings as a way to persist and stay undetected. If you're part of your organization's security team, you can view information about any attempts to tamper with security settings. When a tampering attempt is detected, an alert is raised in the [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/portal-overview) ([https://securitycenter.windows.com](https://securitycenter.windows.com)). +Tampering attempts typically indicate bigger cyberattacks where bad actors change security settings as a way to persist and stay undetected. If you're part of your organization's security team, you can view information about any attempts to tamper with security settings, and then take appropriate actions to mitigate these threats. + +When a tampering attempt is detected, an alert is raised in the [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/portal-overview) ([https://securitycenter.windows.com](https://securitycenter.windows.com)). ![Microsoft Defender Security Center](images/tamperattemptalert.png) -Using the rich [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) in Microsoft Defender ATP, your security operations team can investigate and address such attempts. +Using [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) capabilities in Microsoft Defender ATP, your security operations team can investigate and address such attempts. ## Frequently asked questions