deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 08:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #749 from Microsoft/master

Browse Source 
Late publish for security update
This commit is contained in:
Liza Poggemeyer 2017-05-17 18:53:45 -07:00 committed by GitHub
commit 05386d2c22
11 changed files with 109 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/deployment/images/security-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.5 KiB

9
windows/deployment/index.md
View File

@ -9,6 +9,15 @@ localizationpriority: high
author: greg-lindsay
---
<font size=1>
<table border="0">
<tr>
<td><img src="images/security-update.png" alt="Icon showing a security alert"> </td>
<td>A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).</td>
</tr>
</table>
</font>
# Deploy, Upgrade and Update Windows 10
Learn about deployment in Windows 10 for IT professionals. This includes deploying the operating system, upgrading to it from previous version and updating Windows 10.

8
windows/deployment/update/index.md
View File

@ -7,6 +7,14 @@ ms.sitesec: library
author: DaniHalfin
localizationpriority: high
---
<font size=1>
<table border="0">
<tr>
<td><img src="../images/security-update.png" alt="Icon showing a security alert"> </td>
<td>A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).</td>
</tr>
</table>
</font>
# Update Windows 10 in the enterprise

8
windows/deployment/update/waas-manage-updates-configuration-manager.md
View File

@ -7,6 +7,14 @@ ms.sitesec: library
author: DaniHalfin
localizationpriority: high
---
<font size=1>
<table border="0">
<tr>
<td><img src="../images/security-update.png" alt="Icon showing a security alert"> </td>
<td>A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).</td>
</tr>
</table>
</font>
# Deploy Windows 10 updates using System Center Configuration Manager

8
windows/deployment/update/waas-manage-updates-wsus.md
View File

@ -7,6 +7,14 @@ ms.sitesec: library
author: DaniHalfin
localizationpriority: high
---
<font size=1>
<table border="0">
<tr>
<td><img src="../images/security-update.png" alt="Icon showing a security alert"> </td>
<td>A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).</td>
</tr>
</table>
</font>
# Deploy Windows 10 updates using Windows Server Update Services (WSUS)

8
windows/deployment/update/waas-manage-updates-wufb.md
View File

@ -7,6 +7,14 @@ ms.sitesec: library
author: DaniHalfin
localizationpriority: high
---
<font size=1>
<table border="0">
<tr>
<td><img src="../images/security-update.png" alt="Icon showing a security alert"> </td>
<td>A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).</td>
</tr>
</table>
</font>
# Deploy updates using Windows Update for Business

BIN
windows/threat-protection/images/security-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.5 KiB

9
windows/threat-protection/index.md
View File

@ -8,6 +8,15 @@ ms.pagetype: security
author: brianlic-msft
---
<font size=1>
<table border="0">
<tr>
<td><img src="images/security-update.png" alt="Icon showing a security alert"> </td>
<td>A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).</td>
</tr>
</table>
</font>
# Threat Protection
Learn more about how to help protect against threats in Windows 10 and Windows 10 Mobile.

BIN
windows/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc-defs.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

68
windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
View File

@ -1,6 +1,6 @@
---
title: Manage how and where Windows Defender AV receives updates
description: Manage how Windows Defender Antivirus receives protection updates.
description: Manage the fallback order for how Windows Defender Antivirus receives protection updates.
keywords: updates, security baselines, protection, fallback order, ADL, MMPC, UNC, file path, share, wsus
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@ -12,14 +12,14 @@ localizationpriority: medium
author: iaanw
---
# Manage Windows Defender Antivirus protection and definition updates
# Manage the sources for Windows Defender Antivirus protection updates
**Applies to**
- Windows 10
**Audience**
- Network administrators
- Enterprise security administrators
**Manageability available with**
@ -31,40 +31,60 @@ author: iaanw
<a id="protection-updates"></a>
<!-- this has been used as anchor in VDI content -->
Windows Defender AV uses both [cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloaded protection updates to provide protection. These protection updates are also known as "definitions" or "signature updates".
The cloud-delivered protection is “always-on” and requires an active connection to the Internet to function, while the protection updates generally occur once a day (although this can be configured).
There are two components to managing protection updates - where the updates are downloaded from, and when updates are downloaded and applied.
This topic describes the locations
This topic describes where you can specify the updates should be downloaded from, also known as the fallback order.
See the [Manage Windows Defender AV updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) topic for an overview on how updates work, and how to configure other aspects of updates (such as scheduling updates).
<a id="fallback-order"></a>
## Manage the fallback order for downloading protection updates
There are five locations where you can specify where an endpoint should obtain updates. Typically, you would configure each endpoint to individually download the updates from a primary source and specify fallback sources in case the primary source is unavailable.
There are five locations where you can specify where an endpoint should obtain updates. Typically, you would configure endpoints to individually download the updates from a primary source, followed by the other sources in order of priority based on your network configuration.
Updates will be obtained from the sources in the order you specify. If a source is not available, the next source in the list will be used.
You can use the following sources:
- Microsoft Update
- [Windows Server Update Service (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx)
- Microsoft Update.
- The [Microsoft Malware Protection Center definitions page (MMPC)](http://www.microsoft.com/security/portal/definitions/adl.aspx)
- System Center Configuration Manager
- A network file share
- Configuration manager
- The [Microsoft Malware Protection Center definitions page (MMPC)](http://www.microsoft.com/security/portal/definitions/adl.aspx)
Each location has typical scenarios (in addition to acting as fallback locations) for when you would use that source, as described in the following table:
When updates are published, some logic will be applied to minimize the size of the update. In most cases, only the "delta" (or the differences between the latest update and the update that is currently installed on the endpoint) will be downloaded and applied. However, the size of the delta depends on:
- How old the current update on the endpoint is
- Which source you use
The older the updates on an endpoint, the larger the download. However, you must also consider frequency versus size - a more frequent update schedule may result in more ad hoc network usage, while a less-frequent schedule may result in larger file sizes.
Microsoft Update allows for rapid releases, which means it will download small deltas on a frequent basis. This ensures the best protection, but may increase network bandwidth.
The WSUS, Configuration Manager and MMPC sources will deliver less frequent updates. The size of the updates may be slightly larger than the frequent release from Microsoft Update (as the delta, or differences between the latest version and what is on the endpoint will be larger). This ensures consistent protection without increasing ad hoc network usage (although the amount of data may be the same or increased as the updates will be fewer, but may be slightly larger).
Each source has typical scenarios that depend on how your network is configured, in addition to how often they publish updates, as described in the following table:
Location | Sample scenario
---|---
WSUS | You are using WSUS to manage updates for your network
Microsoft Update | You want your endpoints to connect directly to Microsoft Update. This can be useful for endpoints that irregularly connect to your enterprise network.
MMPC | You need to download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-windows-defender-antivirus.md).
File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-windows-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.
WSUS | You are using WSUS to manage updates for your network.
Microsoft Update | You want your endpoints to connect directly to Microsoft Update. This can be useful for endpoints that irregularly connect to your enterprise network, or if you do not use WSUS to manage your updates.
File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-windows-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.
Configuration Manager | You are using System Center Configuration Manager to update your endpoints.
MMPC | You need to download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-windows-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source.
You can manage the order in which update sources are used with Group Policy, System Center Configuration Manager, PowerShell cmdlets, and WMI.
> [!IMPORTANT]
> If you set WSUS as a download location, you must approve the updates - regardless of what management tool you use to specify the location. You can set up an automatic approval rule with WSUS, which may be useful as updates arrive at least once a day. See [To synchronize endpoint protection updates in standalone WSUS](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus) for more details.
The procedures in this article first describe how to set the order, and then how to set up the **File share** option if you have enabled it.
**Use Group Policy to manage the update location:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -77,7 +97,7 @@ You can manage the order in which update sources are used with Group Policy, Sys
1. Double-click the **Define the order of sources for downloading definition updates** setting and set the option to **Enabled**.
2. Enter the order of sources, separated by a single pipe, for example: `InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC`, shown in the following screenshot.
2. Enter the order of sources, separated by a single pipe, for example: `InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC`, as shown in the following screenshot.
![Screenshot of group policy setting listing the order of sources](images/defender/wdav-order-update-sources.png)
@ -131,11 +151,11 @@ See the following for more information:
## Related topics
- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
- [Deploy, manage updates, and report on Windows Defender AV](deploy-manage-report-windows-defender-antivirus.md)
- [Manage Windows Defender AV updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
- [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md)
- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md)
- [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md)
- [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
- [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
- [Windows Defender AV in Windows 10](windows-defender-antivirus-in-windows-10.md)

27
windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
View File

@ -89,13 +89,15 @@ This section describes how to perform some of the most common tasks when reviewi
4. Click **Advanced scan** to specify different types of scans, such as a full scan.
**Download protection updates in the Windows Defender Security Center app**
<a id="definition-version"></a>
**Review the definition update version and download the latest updates in the Windows Defender Security Center app**
1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
3. Click **Protection updates**.
3. Click **Protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version.
![Definition version number information](images/defender/wdav-wdsc-defs.png)
4. Click **Check for updates** to download new protection updates (if there are any).
@ -129,15 +131,16 @@ This section describes how to perform some of the most common tasks when reviewi
5. Click the plus icon to choose the type and set the options for each exclusion.
<a id="detection-history"></a>
**Review threat detection history in the Windows Defender Security Center app**
1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
3. Click **Scan history**.
4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**).
**Review threat detection history in the Windows Defender Security Center app**
1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
3. Click **Scan history**.
4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**).