From ec2b54325dd16e0251c3bf3c32abd7408a9c6856 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Tue, 1 May 2018 08:31:59 -0700 Subject: [PATCH 1/2] Resolve conflicts --- ...igure-block-at-first-sight-windows-defender-antivirus.md | 4 +++- ...microsoft-cloud-protection-windows-defender-antivirus.md | 6 +++--- .../windows-defender-antivirus-in-windows-10.md | 6 +++++- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index 54a19e1f41..45adf2a6af 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -54,7 +54,9 @@ You can also [customize the message displayed on users' desktops](https://docs.m When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. -The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files (such as JS, VBS, or macros) that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file. +In Windows 10, version 1803, the Block at first sight feature can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. + +The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file. diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index c4fb7fbc8c..a3b17974a0 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -11,14 +11,14 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/17/2018 +ms.date: 04/30/2018 --- # Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection **Applies to:** -- Windows 10, version 1703 +- Windows 10, version 1703 and later **Audience** @@ -42,7 +42,7 @@ To understand how next-gen technologies shorten protection delivery time through -Read the following blogposts for detailed protection stories involving cloud-protection and Microsoft AI: +Read the following blog posts for detailed protection stories involving cloud-protection and Microsoft AI: - [Why Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/) - [Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index 541ca154a0..f4fd6c9ff9 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/17/2018 +ms.date: 04/30/2018 --- # Windows Defender Antivirus in Windows 10 and Windows Server 2016 @@ -49,6 +49,10 @@ Some of the highlights of Windows Defender AV include: >- Fast learning (including Block at first sight) >- Potentially unwanted application blocking +## What's new in Windows 10, version 1803 + +In Windows 10, version 1803, Windows Defender AV can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. + ## What's new in Windows 10, version 1703 New features for Windows Defender AV in Windows 10, version 1703 include: From c76f155e68bd2589b8773d6729dd02d6a488c771 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Tue, 1 May 2018 10:07:42 -0700 Subject: [PATCH 2/2] Resolved conflicts --- .../windows-defender-antivirus-in-windows-10.md | 7 +++---- .../windows-defender-security-center-antivirus.md | 13 +++++++++++-- .../customize-controlled-folders-exploit-guard.md | 2 +- .../wdsc-virus-threat-protection.md | 2 +- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index f4fd6c9ff9..6df6d94b98 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -51,7 +51,9 @@ Some of the highlights of Windows Defender AV include: ## What's new in Windows 10, version 1803 -In Windows 10, version 1803, Windows Defender AV can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. +- The [Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. +- The [Virus & threat protection area in the Windows Defender Security Center](windows-defender-security-center-antivirus.md) now includes a section for Ransomware protection. It includes Controlled folder access settings and ransomware recovery settings. + ## What's new in Windows 10, version 1703 @@ -64,9 +66,6 @@ We've expanded this documentation library to cover end-to-end deployment, manage - [Evaluation guide for Windows Defender AV](evaluate-windows-defender-antivirus.md) - [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](deployment-vdi-windows-defender-antivirus.md) -See the [In this library](#in-this-library) list at the end of this topic for links to each of the updated sections in this library. - - ## Minimum system requirements diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index fcf0420e4e..c26f399d5e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -76,7 +76,7 @@ Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | De ## Common tasks -This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Windows Defender Antivirus in the new Windows Defender Security Center app. +This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Windows Defender Antivirus in the Windows Defender Security Center app. > [!NOTE] > If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) topic describes how local policy override settings can be configured. @@ -142,8 +142,17 @@ This section describes how to perform some of the most common tasks when reviewi 4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**). - + +**Set ransomware protection and recovery options** +1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**. +2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). + +3. Click **Ransomware protection**. + +4. To change Controlled folder access settings, see [Protect important folders with Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard). + +5. To set up ransomware recovery options, click **Set up** under **Ransomware data recovery** and follow the instructions for linking or setting up your OneDrive account so you can easily recover from a ransomware attack. ## Related topics diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index 01123916cd..c42df2d787 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -46,7 +46,7 @@ This topic describes how to customize the following settings of the Controlled f - [Add apps that should be allowed to access protected folders](#allow-specifc-apps-to-make-changes-to-controlled-folders) >[!WARNING] ->Controlled folder access is a new technology that monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files. +>Controlled folder access monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files. > >This may impact your organization's productivity, so you may want to consider running the feature in [audit mode](audit-windows-defender-exploit-guard.md) to fully assess the feature's impact. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md index dc24bce106..58ee13233a 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/30/2018 - Windows 10, version 1703 and later -The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products. In Windows 10, version 1803 and later, this section also contains information and settings for ransomware protection and recovery, including Controlled folder access settings and sign in to Microsoft OneDrive. IT administrators and IT pros can get more information and documentation about configuration from the following: +The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products. In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in the event of a ransomware attack. IT administrators and IT pros can get more information and documentation about configuration from the following: - [Windows Defender Antivirus in the Windows Defender Security Center app](../windows-defender-antivirus/windows-defender-security-center-antivirus.md) - [Windows Defender Antivirus documentation library](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)