| title | Feedback-loop blocking | |||
|---|---|---|---|---|
| description | Feedback-loop blocking, also called rapid protection, is part of behavioral blocking and containment capabilities in Microsoft Defender for Endpoint | |||
| keywords | behavioral blocking, rapid protection, feedback blocking, Microsoft Defender for Endpoint | |||
| author | chrisda | |||
| ms.author | chrisda | |||
| ms.reviewer | shwetaj | |||
| ms.topic | concept-article | |||
| ms.service | defender-endpoint | |||
| ms.localizationpriority | medium | |||
| ms.custom |
|
|||
| ms.subservice | edr | |||
| ms.collection |
|
|||
| ms.date | 10/20/2025 | |||
| appliesto |
|
Feedback-loop blocking, also referred to as rapid protection, is a component of behavioral blocking and containment capabilities in Microsoft Defender for Endpoint. With feedback-loop blocking, devices across your organization are better protected from attacks.
- Windows
When a suspicious behavior or file is detected, such as by Microsoft Defender Antivirus in Windows, information about that artifact is sent to multiple classifiers. The rapid protection loop engine inspects and correlates the information with other signals to arrive at a decision as to whether to block a file. Checking and classifying artifacts happens quickly. It results in rapid blocking of confirmed malware, and drives protection across the entire ecosystem.
With rapid protection in place, an attack can be stopped on a device, other devices in the organization, and devices in other organizations, as an attack attempts to broaden its foothold.
If your organization is using Defender for Endpoint, feedback-loop blocking is enabled by default. However, rapid protection occurs through a combination of Defender for Endpoint capabilities, machine learning protection features, and signal-sharing across Microsoft security services. Make sure the following features and capabilities of Defender for Endpoint are enabled and configured:
-
Next-generation protection (antivirus)
Tip
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features