How to remediate active malware

%3CLINGO-SUB%20id%3D%22lingo-sub-2593906%22%20slang%3D%22en-US%22%3EHow%20to%20remediate%20active%20malware%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593906%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eon%20the%20dashboard%20within%20the%20Security%20Center%20I%20can%20see%20that%20one%20of%20my%20devices%20is%20listed%20with%20active%20malware.%3C%2FP%3E%3CP%3EIf%20I%20click%20on%20the%20dashboard%20icon%2C%20I%20get%20forwared%20to%20the%20reports%2C%20but%20how%20can%20I%20remediate%20this%3F%3C%2FP%3E%3CP%3EDo%20I%20have%20to%20isolate%20the%20device%20manually%3F%20What%20would%20be%20the%20normal%20procedure%20for%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3EJohn%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2620727%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20remediate%20active%20malware%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2620727%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F53657%22%20target%3D%22_blank%22%3E%40John%20Matrix%3C%2FA%3E%26nbsp%3BYou%20can%20quarantine%20the%20files%20and%20also%20add%20indicators%20to%20block%20it.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Frespond-file-alerts%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETake%20response%20actions%20on%20a%20file%20in%20Microsoft%20Defender%20for%20Endpoint%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello everyone,

 

on the dashboard within the Security Center I can see that one of my devices is listed with active malware.

If I click on the dashboard icon, I get forwared to the reports, but how can I remediate this?

Do I have to isolate the device manually? What would be the normal procedure for this?

 

Thanks.

 

Cheers,

John

2 Replies

@John Matrix You can quarantine the files and also add indicators to block it. Take response actions on a file in Microsoft Defender for Endpoint | Microsoft Docs 

Thank you! :folded_hands: