deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-20 09:17:25 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
Jeff Reeds (Aquent LLC) 41015ecb4b Changed windows- to microsoft-defender-antivirus 
Updated file path instances of windows-defender-antivirus to microsoft-defender-antivirus.
2020-05-27 14:27:55 -07:00

3.6 KiB
Raw Blame History

title, description, keywords, search.product, ms.pagetype, author, ms.author, manager, ms.reviewer, audience, ms.topic, ms.prod, ms.localizationpriority, ms.custom, ms.collection
title description keywords search.product ms.pagetype author ms.author manager ms.reviewer audience ms.topic ms.prod ms.localizationpriority ms.custom ms.collection
Feedback-loop blocking Feedback-loop blocking, also called rapid protection, is part of behavioral blocking and containment capabilities in Microsoft Defender ATP behavioral blocking, rapid protection, feedback blocking, Microsoft Defender ATP eADQiWindows 10XVcnh security denisebmsft deniseb dansimp shwetaj ITPro article w10 medium
next-gen
edr

Feedback-loop blocking

Applies to:

Overview

Feedback-loop blocking, also referred to as rapid protection, is a component of behavioral blocking and containment capabilities in Microsoft Defender ATP. With feedback-loop blocking, devices across your organization are better protected from attacks.

How feedback-loop blocking works

When a suspicious behavior or file is detected, such as by Microsoft Defender Antivirus, information about that artifact is sent to multiple classifiers. The rapid protection loop engine inspects and correlates the information with other signals to arrive at a decision as to whether to block a file. Checking and classifying artifacts happens quickly. It results in rapid blocking of confirmed malware, and drives protection across the entire ecosystem.

With rapid protection in place, an attack can be stopped on a device, other devices in the organization, and devices in other organizations, as an attack attempts to broaden its foothold.

Configuring feedback-loop blocking

If your organization is using Microsoft Defender ATP, feedback-loop blocking is enabled by default. However, rapid protection occurs through a combination of Microsoft Defender ATP capabilities, machine learning protection features, and signal-sharing across Microsoft security services. Make sure the following features and capabilities of Microsoft Defender ATP are enabled and configured:

Related articles