windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md

title, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic

title	description	keywords	search.product	search.appverid	ms.prod	ms.mktglfcycl	ms.sitesec	ms.pagetype	ms.author	author	ms.localizationpriority	manager	audience	ms.collection	ms.topic
Troubleshoot Microsoft Defender ATP live response issues	Troubleshoot issues that might arise when using live response in Microsoft Defender ATP	troubleshoot live response, live, response, locked, file	eADQiWindows 10XVcnh	met150	w10	deploy	library	security	macapara	mjcaparas	medium	dansimp	ITPro	M365-security-compliance	troubleshooting

Troubleshoot Microsoft Defender Advanced Threat Protection live response issues

Applies to:

• Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

This page provides detailed steps to troubleshoot live response issues.

File cannot be accessed during live response sessions

If while trying to take an action during a live response session, you encounter an error message stating that the file can't be accessed, you'll need to use the steps below to address the issue.

1. Copy the following script code snippet and save it as a PS1 file:

   $copied_file_path=$args[0] 
   $action=Copy-Item $copied_file_path -Destination $env:TEMP -PassThru -ErrorAction silentlyContinue
   
   if ($action){
        Write-Host "You copied the file specified in $copied_file_path to $env:TEMP Succesfully"
   }
   
   else{
       Write-Output "Error occoured while trying to copy a file, details:"
       Write-Output  $error[0].exception.message
   
   }
   

2. Add the script to the live response library.

3. Run the script with one parameter: the file path of the file to be copied.

4. Navigate to your TEMP folder.

5. Run the action you wanted to take on the copied file.