Configure Stop and Quarantine File capability in Microsoft Defender for Endpoint
Stop and quarantine files from the Microsoft Defender platform.
시작하기 전에
Supported Observable Types: SHA1 hash.
| Input | Description |
|---|---|
| Comment | (Required: Comment to associate with the action) |
Role required: sn_si.admin or sn_si.analyst
이 태스크 정보
You can run the Stop and Quarantine File action on the particular observables of type SHA1 only. Store the details on the Additional Actions on Endpoint table. You can trigger the Stop and Quarantine File capability from the Microsoft Defender for Endpoint Related Machines details related list.
프로시저
- Navigate to .
- Select the security incident that you want to review with the Microsoft Defender for Endpoint information.
- In the related links section, click Show All Related Lists.
- Click the Microsoft Defender for Endpoint Related Machines Details related list.
- Select one or more records.
- From the Actions on selected rows, select the Stop and Quarantine File capability.
- Validate the automation activity and activities section.
- View the data, and validate the data on the related lists.
- View the automation activities of the execution, and validate them.