-
Notifications
You must be signed in to change notification settings - Fork 2
Stop MdeMachineFileExecution
Jan-Henrik Damaschke edited this page Nov 24, 2022
·
1 revision
external help file: PSMDE-help.xml Module Name: PSMDE online version: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/stop-and-quarantine-file?view=o365-worldwide schema: 2.0.0
Stop execution of a file on a device and delete it.
Stop-MdeMachineFileExecution [-id] <String> [-comment] <String> [-sha1] <String> [<CommonParameters>]
Stop execution of a file on a device and delete it. Adds file to quarantine.
Remove-MdeMachine -id "MACHINE_ID" -comment "Your comment" -sha1 'F8DAE85E2EEE4AA846D655670947E5C98B83B791'
Specifies the id of the target MDE machine.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: FalseComment to associate with the action.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSha1 of the file to stop and quarantine on the device.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Author: Jan-Henrik Damaschke