You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/live-response.md
+10-8Lines changed: 10 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ ms.collection:
14
14
ms.topic: conceptual
15
15
ms.subservice: edr
16
16
search.appverid: met150
17
-
ms.date: 04/03/2024
17
+
ms.date: 12/30/2024
18
18
---
19
19
20
20
# Investigate entities on devices using live response
@@ -124,9 +124,9 @@ The dashboard also gives you access to:
124
124
> [!NOTE]
125
125
> Live response actions initiated from the Device page are not available in the machineactions API.
126
126
127
-
1. Sign in to Microsoft Defender portal.
127
+
1. Sign in to [Microsoft Defender portal](https://security.microsoft.com).
128
128
129
-
2. Navigate to **Endpoints > Device inventory** and select a device to investigate. The devices page opens.
129
+
2. Navigate to **Endpoints** > **Device inventory** and select a device to investigate. The devices page opens.
130
130
131
131
3. Launch the live response session by selecting **Initiate live response session**. A command console is displayed. Wait while the session connects to the device.
132
132
@@ -234,19 +234,21 @@ Live response allows PowerShell scripts to run, however you must first put the f
234
234
You can have a collection of PowerShell scripts that can run on devices that you initiate live response sessions with.
235
235
236
236
#### To upload a file in the library
237
-
Note: There are restrictions on the characters that can be uploaded to the library. Please use alphanumeric characters and some symbols(-, _, .).
238
237
239
-
1. Click **Upload file to library**.
238
+
> [!NOTE]
239
+
> There are restrictions on the characters that can be uploaded to the library. Use alphanumeric characters and some symbols(`-`, `_`, or `.`).
240
+
241
+
1. Select **Upload file to library**.
240
242
241
-
2.Click**Browse** and select the file.
243
+
2.Select**Browse** and select the file.
242
244
243
245
3. Provide a brief description.
244
246
245
247
4. Specify if you'd like to overwrite a file with the same name.
246
248
247
249
5. If you'd like to be, know what parameters are needed for the script, select the script parameters check box. In the text field, enter an example and a description.
248
250
249
-
6.Click**Confirm**.
251
+
6.Select**Confirm**.
250
252
251
253
7. (Optional) To verify that the file was uploaded to the library, run the `library` command.
252
254
@@ -255,7 +257,7 @@ Note: There are restrictions on the characters that can be uploaded to the libra
255
257
Anytime during a session, you can cancel a command by pressing CTRL + C.
256
258
257
259
> [!WARNING]
258
-
> Using this shortcut will not stop the command in the agent side. It will only cancel the command in the portal. So, changing operations such as "remediate" may continue, while the command is canceled.
260
+
> Using this shortcut will not stop the command in the agent side. It only cancels the command in the portal. So, changing operations such as "remediate" may continue, while the command is canceled.
0 commit comments