diff --git a/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index fdb8d3eec8..56d7363427 100644 --- a/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -11,6 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- diff --git a/windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md index 66f292c972..9bdaa6d439 100644 --- a/windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Reference topics for management and configuration tools diff --git a/windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md index 28d95b5f7c..df53e7c2c6 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md @@ -10,6 +10,9 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 + --- # Configure scanning options in Windows Defender AV diff --git a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index 51e4da766a..998cf00ccd 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- diff --git a/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md index 9db9a1a011..ae8f654bdc 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Configure the cloud block timeout period diff --git a/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md index 6483bcb53a..0fd7744b0a 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Configure end-user interaction with Windows Defender Antivirus diff --git a/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md index 4b7b42f001..d7562ad0aa 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Prevent or allow users to locally modify Windows Defender AV policy settings diff --git a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index 1d44078c65..a941cc704d 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Configure and validate network connections for Windows Defender Antivirus diff --git a/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md index 8cce4e1f03..1febb53c4a 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Configure the notifications that appear on endpoints diff --git a/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md index c1996876ef..3d1bf4d2f9 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Configure behavioral, heuristic, and real-time protection diff --git a/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md index 34adf05d43..5793797a19 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- diff --git a/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md index 2ae2cc1683..7335ad8933 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- diff --git a/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md index 1e58b44fb0..82f3af575d 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Configure Windows Defender Antivirus features diff --git a/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md index 6eb5d98e2e..684ffc270c 100644 --- a/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Customize, initiate, and review the results of Windows Defender AV scans and remediation diff --git a/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md index 447437331e..1e152e58df 100644 --- a/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Deploy, manage, and report on Windows Defender Antivirus diff --git a/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md index 8424255df1..105e333311 100644 --- a/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Deploy and enable Windows Defender Antivirus diff --git a/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md index c1f14fe426..07ca000adb 100644 --- a/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment diff --git a/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md index 256b81f90d..a9c60a1771 100644 --- a/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Detect and block Potentially Unwanted Applications diff --git a/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md index 755d7bb810..4315e35a00 100644 --- a/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Enable cloud-delivered protection in Windows Defender AV diff --git a/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md index 15297f3b96..b697c47dbd 100644 --- a/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Evaluate Windows Defender Antivirus protection diff --git a/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md index 123057dc01..74c469f85b 100644 --- a/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Manage event-based forced updates diff --git a/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md index 8e92f2d2cd..0b035d279c 100644 --- a/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md @@ -11,6 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- # Manage updates and scans for endpoints that are out of date diff --git a/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md index d5838972b1..b8203d9b72 100644 --- a/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Manage the schedule for when protection updates should be downloaded and applied diff --git a/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md index 214f619f3f..10146b36f3 100644 --- a/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md @@ -11,6 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- # Manage the sources for Windows Defender Antivirus protection updates diff --git a/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md index 374162b001..214b0cd5fe 100644 --- a/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Manage Windows Defender Antivirus updates and apply baselines diff --git a/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md index efcdb994fa..5196756d0a 100644 --- a/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Manage updates for mobile devices and virtual machines (VMs) diff --git a/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md index 1da8e5b737..211834e046 100644 --- a/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Prevent users from seeing or interacting with the Windows Defender AV user interface diff --git a/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md index 2082f44329..21a7a1434c 100644 --- a/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Report on Windows Defender Antivirus protection diff --git a/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md index 3307e84851..d2f662212f 100644 --- a/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Review Windows Defender AV scan results diff --git a/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md index 0fb07edd90..17209b13f7 100644 --- a/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- diff --git a/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index f9ad88746b..f912cfc62c 100644 --- a/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- diff --git a/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md index 8e3ea5d3bf..d02395fbfa 100644 --- a/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Specify the cloud-delivered protection level diff --git a/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md index eb1d2a3b47..cabd223d87 100644 --- a/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Use Group Policy settings to configure and manage Windows Defender AV diff --git a/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md index 49226c4cf3..acc309af78 100644 --- a/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV diff --git a/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md index 91fc5c207e..1779e8be1f 100644 --- a/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Use PowerShell cmdlets to configure and manage Windows Defender AV diff --git a/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md index 306bf240d2..61697ca216 100644 --- a/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV diff --git a/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index 49d63c897a..4d998edfb6 100644 --- a/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index 8b27b216a4..e147150223 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Windows Defender Antivirus in Windows 10 and Windows Server 2016 diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md index f15f7b81a6..ee4a4c1dce 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md index 4672b5eff4..1e7a777ec8 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- # Run and review the results of a Windows Defender Offline scan diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index 107ae34521..cdbf2c6d60 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date:08/25/2017 --- diff --git a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index cea3a9d683..3419078fcb 100644 --- a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -7,8 +7,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: iawilt -author: iaanw +ms.author: macapara +author: mjcaparas ms.localizationpriority: high --- diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index 2232344229..897439c53a 100644 --- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -7,8 +7,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: iawilt -author: iaanw +ms.author: macapara +author: mjcaparas ms.localizationpriority: high --- diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 355be8b6d9..95e8e61c2d 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -20,8 +21,7 @@ ms.author: iawilt **Applies to:** -- Windows 10 Insider Preview [!include[Prerelease information](prerelease.md)] - +- Windows 10 Insider Preview [!include[Prerelease information](prerelease.md)] diff --git a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index 5e303de44e..c343bf570a 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -11,11 +11,22 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- # Use audit mode to evaluate Windows Defender Exploit Guard features +**Applies to:** + +- Windows 10 Insider Preview + +[!include[Prerelease information](prerelease.md)] + +**Audience** + +- Enterprise security administrators + You can enable each of the features of Windows Defender Explot Guard in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature. diff --git a/windows/threat-protection/windows-defender-exploit-guard/configure-app-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/configure-app-exploit-protection.md index 95abdbbd6f..241b079e7a 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/configure-app-exploit-protection.md +++ b/windows/threat-protection/windows-defender-exploit-guard/configure-app-exploit-protection.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- # Customize Attack Surface Reduction @@ -19,6 +20,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/configure-system-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/configure-system-exploit-protection.md index 6df66b8dab..7bf5faf709 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/configure-system-exploit-protection.md +++ b/windows/threat-protection/windows-defender-exploit-guard/configure-system-exploit-protection.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- # Customize Attack Surface Reduction @@ -19,6 +20,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index fdfb6d5819..6680bbefb5 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -22,6 +23,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index 57aa7dde33..334e784bae 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- # Customize Attack Surface Reduction @@ -19,6 +20,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index f8234bee99..3a12746ba3 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -22,6 +23,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index 657b44a471..2f98f559b6 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- # Customize Exploit Protection @@ -19,6 +20,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md index 4551fc78ab..5efa4ba899 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -22,6 +23,8 @@ ms.author: iawilt - Windows 10 Insider Preview, build 16232 and later +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index aaf591a3c7..2163c07a52 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -21,6 +22,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 5f86f0ea2b..23823e9f79 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -22,6 +23,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md index cc65750b6c..b21e79576d 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md +++ b/windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -22,6 +23,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index a2bad71bd9..5231233608 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -21,6 +22,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md index 388649f28f..5807922d50 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -20,6 +21,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators @@ -30,8 +33,6 @@ ms.author: iawilt - Windows Defender Security Center app - Group Policy - PowerShell -- Configuration service providers for mobile device management - diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md index 0c0e17b7ed..712a87f56e 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md @@ -11,11 +11,28 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- # Evaluate Controlled Folder Access +**Applies to:** + +- Windows 10 Insider Preview + +[!include[Prerelease information](prerelease.md)] + +**Audience** + +- Enterprise security administrators + + +**Manageability available with** + +- Windows Defender Security Center app +- Group Policy +- PowerShell Controlled Folder Access is a feature that is part of Windows Defender Exploit Guard [that helps protect your documents and files from modification by suspicious or malicious apps](controlled-folders-exploit-guard.md). diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md index a43d553c8c..af60d84ce4 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md @@ -11,12 +11,30 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date: 08/25/2017 --- # Evaluate Exploit Protection +**Applies to:** + +- Windows 10 Insider Preview + +[!include[Prerelease information](prerelease.md)] + +**Audience** + +- Enterprise security administrators + + +**Manageability available with** + +- Windows Defender Security Center app +- Group Policy +- PowerShell + Exploit Protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level. diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md index 49daeb39bf..c79c12968c 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date: 08/25/2017 --- # Evaluate Network Protection @@ -21,6 +22,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators @@ -30,7 +33,7 @@ ms.author: iawilt - Group Policy - PowerShell -- Configuration service providers for mobile device management + Network Protection is a feature that is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). It helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md index 485bb6bdb0..045c2ce4ad 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date: 08/25/2017 --- @@ -22,6 +23,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md index bb7e447546..9441be693b 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md @@ -8,9 +8,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security +ms.date: 08/25/2017 localizationpriority: medium author: iaanw ms.author: iawilt +ms.date: 08/25/2017 + --- @@ -21,138 +24,161 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators +Each of the four features in Windows Defender Exploit Guard allow you to review events in the Windos Event log. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow. -**Manageability available with** +Reviewing the events is also handy when you are evaluating the features, as you can enable audit mode for the features or settings, and then review what would have happened if they were fully enabled. -- Group Policy -- PowerShell -- Configuration service providers for mobile device management +This topic lists all the events, their associated feature or setting, and describes how to create custom views to filter to specific events. + +## Use custom views to review Windows Defender Exploit Guard features + +You can create custom views in the Windows Event Viewer to only see events for specific features and settings. + +The easiest way to do this is to import a custom view as an XML file. You can obtain XML files for each of the features in the [Exploit Guard Evaluation Package](#), or you can copy the XML directly from this page. + +### Import an existing XML custom view + +1. Download the [Exploit Guard Evaluation Package](#) and extract the appropraite file to an easily accessible location. The following filenames are each of the custom views: + - Controlled Folder Access events custom view: *cfa-events.xml* + - Exploit Protection events custom view: *ep-events.xml* + - Attack Surface Reduction events custom view: *asr-events.xml* + - Network Protection events custom view: *np-events.xml* + +1. Type **event viewer** in the Start menu and open the Windows **Event Viewer**. + +3. On the left panel, under **Actions**, click **Import Custom View...** + + ![](images/events-import.gif) + +4. Navigate to where you extracted XML file for the custom view you want and select it. + +4. Click **Open**. + +5. This will create a custom view that filters to only show the [events related to that feature](#list-of-all-windows-defender-exploit-guard-events). + + +### Copy the XML directly + + +1. Type **event viewer** in the Start menu and open the Windows **Event Viewer**. + +3. On the left panel, under **Actions**, click **Create Custom View...** + + ![](images/events-create.gif) + +4. Go to the XML tab and click **Edit query manually**. You'll see a warning that you won't be able to edit the query using the **Filter** tab if you use the XML option. Click **Yes**. + +5. Paste the XML code for the feature you want to filter events from into the XML section. + +4. Click **OK**. Specify a name for your filter. + +5. This will create a custom view that filters to only show the [events related to that feature](#list-of-all-windows-defender-exploit-guard-events). -## ASR + + +### XML for Attack Surface Reduction events ```xml - - - - - Microsoft-Windows-Windows Defender/Operational,Microsoft-Windows-Windows Defender/WHC - 1121,1122,5007 - 0 - False - - - - Attack Surface Reduction view - - - - - - - - - + + + + + + ``` -## CFA +### XML for Controlled Folder Access events ```xml -Microsoft-Windows-Windows Defender/Operational,Microsoft-Windows-Windows Defender/WHC1123,1124,50070FalseControlled Folder Access view + + + + + + ``` -## EP +### XML for Exploit Protection events ```xml - - - - - Microsoft-Windows-Security-Mitigations/KernelMode,Microsoft-Windows-Win32k/Concurrency,Microsoft-Windows-Win32k/Contention,Microsoft-Windows-Win32k/Messages,Microsoft-Windows-Win32k/Operational,Microsoft-Windows-Win32k/Power,Microsoft-Windows-Win32k/Render,Microsoft-Windows-Win32k/Tracing,Microsoft-Windows-Win32k/UIPI,System,Microsoft-Windows-Security-Mitigations/UserMode - 1-24, 5, 260 - Microsoft-Windows-Security-Mitigations,Microsoft-Windows-WER-Diag,Microsoft-Windows-Win32k,Win32k - 0 - True - - - - Exploit protection view - - - - - - - - - - - - - - - - - - - - 255 - 70 - 305 - 215 - 215 - 215 - 50 - 110 - 80 - 170 - 70 - 70 - 90 - 70 - 80 - 70 - 100 - 85 - 140 - 140 - - - + + + + + + + + + + + + + + + ``` -## NP +### XML for Network Protection events ```xml - - - - - Microsoft-Windows-Windows Defender/Operational,Microsoft-Windows-Windows Defender/WHC - 1125,1126,5007 - 0 - False - - - - Network Protection view - - - - - - - - - + + + + + + + ``` +## List of all Windows Defender Exploit Guard events +All Windows Defender Exploit Guard events are located under **Applications and Services Logs > Microsoft > Windows** and then the folder or provider as listed in the following table. + +Feature | Provider/source | Event ID | Description +-|-|:-:|- +Exploit Protection | Security-Mitigations | 1 | ACG audit +Exploit Protection | Security-Mitigations | 2 | ACG enforce +Exploit Protection | Security-Mitigations | 3 | Do not allow child processes audit +Exploit Protection | Security-Mitigations | 4 | Do not allow child processes block +Exploit Protection | Security-Mitigations | 5 | Block low integrity images audit +Exploit Protection | Security-Mitigations | 6 | Block low integrity images block +Exploit Protection | Security-Mitigations | 7 | Block remote images audit +Exploit Protection | Security-Mitigations | 8 | Block remote images block +Exploit Protection | Security-Mitigations | 9 | Disable win32k system calls audit +Exploit Protection | Security-Mitigations | 10 | Disable win32k system calls block +Exploit Protection | Security-Mitigations | 11 | Code integrity guard audit +Exploit Protection | Security-Mitigations | 12 | Code integrity guard block +Exploit Protection | Security-Mitigations | 13 | EAF audit +Exploit Protection | Security-Mitigations | 14 | EAF enforce +Exploit Protection | Security-Mitigations | 15 | EAF+ audit +Exploit Protection | Security-Mitigations | 16 | EAF+ enforce +Exploit Protection | Security-Mitigations | 17 | IAF audit +Exploit Protection | Security-Mitigations | 18 | IAF enforce +Exploit Protection | Security-Mitigations | 19 | ROP StackPivot audit +Exploit Protection | Security-Mitigations | 20 | ROP StackPivot enforce +Exploit Protection | Security-Mitigations | 21 | ROP CallerCheck audit +Exploit Protection | Security-Mitigations | 22 | ROP CallerCheck enforce +Exploit Protection | Security-Mitigations | 23 | ROP SimExec audit +Exploit Protection | Security-Mitigations | 24 | ROP SimExec enforce +Exploit Protection | WER-Diagnostics | 5 | CFG Block +Exploit Protection | Win32K | 260 | Untrusted Font +Network Protection | Windows Defender | 5007 | Event when settings are changed +Network Protection | Windows Defender | 1125 | Event when Network Protection fires in Audit-mode +Network Protection | Windows Defender | 1126 | Event when Network Protection fires in Block-mode +Controlled Folder Access | Windows Defender | 5007 | Event when settings are changed +Controlled Folder Access | Windows Defender | 1124 | Audited Controlled Folder Access event +Controlled Folder Access | Windows Defender | 1123 | Blocked Controlled Folder Access event +Attack Surface Reduction | Windows Defender | 5007 | Event when settings are changed +Attack Surface Reduction | Windows Defender | 1122 | Event when rule fires in Audit-mode +Attack Surface Reduction | Windows Defender | 1121 | Event when rule fires in Block-mode \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index 1b57659769..cfebfed9d2 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -10,6 +10,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date: 08/25/2017 --- @@ -21,6 +22,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/event-viewer-import.png b/windows/threat-protection/windows-defender-exploit-guard/images/event-viewer-import.png new file mode 100644 index 0000000000..96d12d3af1 Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/event-viewer-import.png differ diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/events-create.gif b/windows/threat-protection/windows-defender-exploit-guard/images/events-create.gif new file mode 100644 index 0000000000..68f057de3a Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/events-create.gif differ diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/events-import.gif b/windows/threat-protection/windows-defender-exploit-guard/images/events-import.gif new file mode 100644 index 0000000000..55e77c546f Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/events-import.gif differ diff --git a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md index 74a71809da..9a979c73d6 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md +++ b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date: 08/25/2017 --- @@ -22,6 +23,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index 57245724ab..f78d148a79 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date:08/25/2017 --- @@ -21,6 +22,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-exploit-guard/prerelease.md b/windows/threat-protection/windows-defender-exploit-guard/prerelease.md index 5c3161936b..1164534c8a 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/prerelease.md +++ b/windows/threat-protection/windows-defender-exploit-guard/prerelease.md @@ -1 +1,2 @@ -[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] \ No newline at end of file +> [!IMPORTANT] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index bb2db1b649..39348ef6ff 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -11,6 +11,7 @@ ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt +ms.date: 08/25/2017 --- @@ -22,6 +23,8 @@ ms.author: iawilt - Windows 10 Insider Preview +[!include[Prerelease information](prerelease.md)] + **Audience** - Enterprise security administrators diff --git a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md index bbf61ac092..30bd92949e 100644 --- a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -10,6 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: iaanw +ms.author: iawilt +ms.date: 08/25/2017 ---