You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/respond-machine-alerts.md
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -103,19 +103,19 @@ Or, use this alternate procedure:
103
103
104
104
105
105
106
-
2. Add comments and then select **Confirm**.
106
+
1. Add comments and then select **Confirm**.
107
107
108
108
109
109
110
-
3. Select **Action center** from the response actions section of the device page.
110
+
1. Select **Action center** from the response actions section of the device page.
111
111
112
112
113
113
114
-
4. Select **Package collection package available** to download the collection package.
114
+
1. Select **Package collection package available** to download the collection package.
115
115
116
116
117
-
118
-
> [!NOTE]
117
+
118
+
> [!NOTE]
119
119
> The collection of the investigation package may fail if a device has a low battery level or is on a metered connection.
120
120
121
121
### Investigation package contents for Windows devices
@@ -216,7 +216,8 @@ Depending on the severity of the attack and the sensitivity of the device, you m
216
216
- You can use the device isolation capability on all supported Microsoft Defender for Endpoint on Linux listed in [System requirements](mde-linux-prerequisites.md). Ensure that the following prerequisites are enabled:
217
217
-`iptables`
218
218
-`ip6tables`
219
-
- Linux kernel with `CONFIG_NETFILTER`, `CONFID_IP_NF_IPTABLES`, and `CONFIG_IP_NF_MATCH_OWNER`
219
+
- Linux kernel with `CONFIG_NETFILTER`, `CONFIG_IP_NF_IPTABLES`, and `CONFIG_IP_NF_MATCH_OWNER` for kernel version lower than 5.x and `CONFIG_NETFILTER_XT_MATCH_OWNER` from 5.x kernel.
220
+
220
221
- Selective isolation is available for devices running on Windows 11, Windows 10 version 1703 or later, Windows Server 2012 R2 and later, Azure Stack HCI OS, version 23H2 and later, and macOS. For more information about selective isolation, see [Isolation exclusions](./isolation-exclusions.md).
221
222
- When isolating a device, only certain processes and destinations are allowed. Therefore, devices that are behind a full VPN tunnel won't be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated. We recommend using a split-tunneling VPN for Microsoft Defender for Endpoint and Microsoft Defender Antivirus cloud-based protection-related traffic.
0 commit comments