You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-vulnerability-management/tvm-block-vuln-apps.md
+6-8Lines changed: 6 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,7 +47,7 @@ For both actions, you can customize the message the users see. For example, you
47
47
48
48
## Version requirements
49
49
50
-
- The Antimalware client version must be `4.18.1901.x` or later.
50
+
- The anti-malware client version must be `4.18.1901.x` or later.
51
51
- The Engine version must be `1.1.16200.x` or later.
52
52
- Windows client devices must be running Windows 11 or Windows 10, version 1809 or later, with the latest windows updates installed.
53
53
- Servers must be running Windows Server 2022, 2019, 2016, 2012 R2, and 2008 R2 SP1. Support for Windows Server 2025 is rolling out, beginning in February 2025 and over the next several weeks.
@@ -77,7 +77,7 @@ For both actions, you can customize the message the users see. For example, you
77
77
>
78
78
> Based on the available data, the block actions take effect on endpoints that have Microsoft Defender Antivirus. Microsoft Defender for Endpoint makes a best-attempt effort of blocking applicable vulnerable applications or versions from running.
79
79
80
-
If additional vulnerabilities are found on a different version of an application, you get a new security recommendation, asking you to update the application, and you can choose to also block this different version.
80
+
If more vulnerabilities are found on a different version of an application, you get a new security recommendation, asking you to update the application, and you can choose to also block this different version.
81
81
82
82
## When blocking isn't supported
83
83
@@ -99,7 +99,7 @@ After you've submitted a request to block vulnerable applications, you can view
99
99
100
100
2. Filter the results by this mitigation type: `Block and/or Warn to view all activities pertaining to block or warn actions`.
101
101
102
-
3. An activity log displays. Keep in mond that this is an activity log, and not the current block status of the application. Select the relevant activity to see a flyout panel with details including the remediation description, mitigation description and the device remediation status:
102
+
3. An activity log displays. Keep in mind that it's an activity log, not the current block status of the application. Select the relevant activity to see a flyout panel with details including the remediation description, mitigation description, and the device remediation status:
103
103
104
104
:::image type="content" alt-text="Remediation and mitigation details" source="/defender/media/defender-vulnerability-management/remediation-mitigation-details.png" lightbox="/defender/media/defender-vulnerability-management/remediation-mitigation-details.png":::
105
105
@@ -115,14 +115,12 @@ To view a list of blocked applications, follow these steps:
115
115
116
116
3. Select **View details of blocked versions in the Indicator page**, which brings you to the **Indicators** page, where you can view the file hashes and response actions.
117
117
118
-
> [!NOTE]
119
-
> If you use the Indicators API with programmatic indicator queries as part of your workflows, be aware that the block action will give additional results.
120
-
>
121
-
> Currently some detections related to warn policies may show up as active malware in Microsoft Defender XDR and/or Microsoft Intune. This behavior will be fixed in an upcoming release.
118
+
> [!NOTE]
119
+
> If you use the Indicators API with programmatic indicator queries as part of your workflows, the block action yields more results.
122
120
123
121
4. To unblock an application, select **Unblock software** or **Open software page**:
0 commit comments