Privacy policy. We've renamed Microsoft Cloud App Security. It's now called Microsoft Defender for Cloud Apps. In the coming weeks, we'll update the screenshots and instructions here and in related pages.
For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog. File policies are a great tool for finding threats to your information protection policies.
For instance, create file policies that find places where users stored sensitive information, credit card numbers, and third-party ICAP files in your cloud. In this tutorial, you'll learn how to use Microsoft Defender for Cloud Apps to detect unwanted files stored in your cloud that leave you vulnerable, and take immediate action to stop them in their tracks and lock down the files that pose a threat by using Admin quarantine to protect your files in the cloud, remediate problems, and prevent future leaks from occurring.
When a file matches a policy, the Admin quarantine option will be available for the file. The user can only access the tombstone file. In the file, they can read the custom guidelines provided by IT and the correlation ID to give IT to release the file.
When you receive the alert that a file has been quarantined, investigate the file in the Defender for Cloud Apps Alerts page:. Validate that the policy runs smoothly. Then, you can use the automatic governance actions in the policy to prevent further leaks and automatically apply an Admin quarantine when the policy is matched. Unless the item is hidden, there are three actions: Clean up, Delete, and Move, described below. If you click one of the actions, the action is performed on the item, following confirmation.
Hidden files can only be cleaned up. Click these buttons to select or deselect all the items. This enables you to perform the same action on a group of items. To select or deselect a particular item, select the check box to the left of the item type.
Click this to remove selected items from the list, if you are sure that they do not contain a virus or spyware. This does not delete the items from disk, however. To configure what action you can perform, refer to Configure user rights for Quarantine manager. Apex One is unable to complete the configured action on the infected file without user intervention. Hover over the Action required column to see the following details. Restart the endpoint to finish cleaning the security threat".
Quarantined First action is "Quarantine" and the infected file was quarantined. Cleaned An infected file was cleaned. Renamed First action is "Rename" and the infected file was renamed.
Access denied First action is "Deny Access" and access to the infected file was denied when the user attempted to open the file. Passed First action is "Pass". Unable to clean or delete the file "Clean" is the first action. Unable to clean or rename the file "Clean" is the first action.
Solution For infected files on a CD, consider not using the CD as the virus may infect other endpoints on the network. Explanation 2 The infected file is in the Temporary Internet Files folder of the agent endpoint. Note: Enabling this setting may increase endpoint resource usage during scanning and scanning may take longer to complete. An infected file was cleaned. Access denied. Explanation 1 The infected file may be locked by another application, is executing, or is on a CD.
Solution: None. Explanation 2 The infected file may be locked by another application, is executing, or is on a CD. If the quarantine directory is on the Apex One server computer or is on another Apex One server computer: Check if the agent can connect to the server. If the quarantine directory is on another endpoint on the network You can only use UNC path for this scenario : Check if the Security Agent can connect to the endpoint.
Check if the UNC path is correct. Unable to clean the file. Explanation 3 The file may be uncleanable.
0コメント