From 0e4ad812681d2e3c56ea8a05923bf8d6f7661601 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 25 Mar 2020 16:45:18 +0500 Subject: [PATCH 01/99] Update hello-cert-trust-adfs.md --- .../hello-for-business/hello-cert-trust-adfs.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index f42095fd31..a51e3b166f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -75,8 +75,9 @@ Sign-in the federation server with domain administrator equivalent credentials. 6. On the **Request Certificates** page, Select the **Internal Web Server** check box. 7. Click the **More information is required to enroll for this certificate. Click here to configure settings** link ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link](images/hello-internal-web-server-cert.png) -8. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role. Click **Add**. Click **OK** when finished. -9. Click **Enroll**. +8. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**. +9. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role. Click **Add**. Repeat the same to add device registration service name (*enterpriseregistration.contoso.com*) as another alternative name. Click **OK** when finished. +10. Click **Enroll**. A server authentication certificate should appear in the computer’s Personal certificate store. From 7ee4dd349cd5a20d01bc5942b23dfe0009747c59 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Tue, 5 May 2020 13:08:44 -0700 Subject: [PATCH 02/99] Changed Windows to Microsoft where needed --- ...overview-of-the-tools-in-dart-70-new-ia.md | 2 +- mdop/dart-v8/TOC.md | 2 +- .../dart-80-privacy-statement-dart-8.md | 6 +-- mdop/dart-v8/index.md | 2 +- ...overview-of-the-tools-in-dart-80-dart-8.md | 2 +- .../technical-reference-for-dart-80-new-ia.md | 4 +- ...ine-wdo-for-malware-protection-not-dart.md | 16 +++---- windows/client-management/mdm/defender-csp.md | 2 +- .../intelligence/rootkits-malware.md | 2 +- ...fline.md => microsoft-defender-offline.md} | 44 +++++++++---------- .../windows-defender-antivirus/oldTOC.md | 2 +- ...dows-defender-security-center-antivirus.md | 2 +- .../ltsc/whats-new-windows-10-2016.md | 2 +- .../whats-new-windows-10-version-1607.md | 2 +- .../whats-new-windows-10-version-1903.md | 2 +- 15 files changed, 46 insertions(+), 46 deletions(-) rename windows/security/threat-protection/windows-defender-antivirus/{windows-defender-offline.md => microsoft-defender-offline.md} (54%) diff --git a/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md b/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md index 30c1b4a4a7..a021c0fd09 100644 --- a/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md +++ b/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md @@ -121,7 +121,7 @@ The **Search** tool opens a **File Search** window that you can use to find docu ### Standalone System Sweeper **Important**   -Environments with the Standalone System Sweeper deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. Because of how the Standalone System Sweeper tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. +Environments with the Standalone System Sweeper deployed should instead use the Microsoft Defender Offline (WDO) protection image for malware detection. Because of how the Standalone System Sweeper tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. diff --git a/mdop/dart-v8/TOC.md b/mdop/dart-v8/TOC.md index b2c907364b..1071a26cdd 100644 --- a/mdop/dart-v8/TOC.md +++ b/mdop/dart-v8/TOC.md @@ -39,5 +39,5 @@ #### [How to Use a PowerShell Script to Create the Recovery Image](how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md) ## [Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md) ## [Technical Reference for DaRT 8.0](technical-reference-for-dart-80-new-ia.md) -### [Use Windows Defender Offline (WDO) for malware protection, not DaRT ](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md) +### [Use Microsoft Defender Offline (WDO) for malware protection, not DaRT ](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md) diff --git a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md index 73939a6af0..f49f70867f 100644 --- a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md +++ b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md @@ -82,12 +82,12 @@ For details about what information is collected and how it is used, see the Upda For details about controlling this feature, see the Update Services Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=244000](https://go.microsoft.com/fwlink/?LinkId=244400). -## Windows Defender Offline +## Microsoft Defender Offline **What This Feature Does:** -Windows Defender Offline (WDO) is included in the DaRT download. WDO helps protect your PC from malicious software (malware) such as viruses, spyware, and other potentially harmful software. +Microsoft Defender Offline (WDO) is included in the DaRT download. WDO helps protect your PC from malicious software (malware) such as viruses, spyware, and other potentially harmful software. **Information Collected, Processed, or Transmitted:** @@ -99,7 +99,7 @@ For details about what information is collected and how it is used, see the WDO **Choice/Control:** -For details about controlling this feature, see the Windows Defender Offline Privacy Statement at . +For details about controlling this feature, see the Microsoft Defender Offline Privacy Statement at . ## Related topics diff --git a/mdop/dart-v8/index.md b/mdop/dart-v8/index.md index d51694005d..403a88d542 100644 --- a/mdop/dart-v8/index.md +++ b/mdop/dart-v8/index.md @@ -38,7 +38,7 @@ DaRT 8.0 is an important part of the Microsoft Desktop Optimization Pack (MDOP), [Technical Reference for DaRT 8.0](technical-reference-for-dart-80-new-ia.md) -[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md) +[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Microsoft Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md) [Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md) diff --git a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md b/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md index ec7b892511..46c8676819 100644 --- a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md +++ b/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md @@ -48,7 +48,7 @@ For more information about **Crash Analyzer**, see [Diagnosing System Failures w ### Defender **Important**   -Environments with the DaRT Defender deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. For more information, see [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md). +Environments with the DaRT Defender deployed should instead use the Microsoft Defender Offline (WDO) protection image for malware detection. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. For more information, see [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Microsoft Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md). diff --git a/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md b/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md index 6fefab5848..356e206ffd 100644 --- a/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md +++ b/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md @@ -22,9 +22,9 @@ This section includes technical reference information about Microsoft Diagnostic ## Technical reference -[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md) +[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Microsoft Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md) - Environments with the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. + Environments with the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Microsoft Defender Offline (WDO) protection image for malware detection. ## Other resources for DaRT 8.0 operations diff --git a/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md b/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md index 6265073d6b..02e1f3ee25 100644 --- a/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md +++ b/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md @@ -1,6 +1,6 @@ --- -title: Use Windows Defender Offline (WDO) for malware protection not DaRT -description: Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection +title: Use Microsoft Defender Offline (WDO) for malware protection not DaRT +description: Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Microsoft Defender Offline (WDO) for malware detection author: dansimp ms.assetid: 59678283-4b44-4d02-ba8f-0e7315efd5d1 ms.reviewer: @@ -14,19 +14,19 @@ ms.date: 09/25/2019 --- -# Use Windows Defender Offline (WDO) for malware protection, not DaRT. +# Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Microsoft Defender Offline (WDO) for malware detection--> +# Use Microsoft Defender Offline (WDO) for malware protection, not DaRT. -Environments that have the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. This applies to all currently supported versions of DaRT. These versions include DaRT 7, DaRT 8, and DaRT 8.1, together with their service packs. +Environments that have the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Microsoft Defender Offline (WDO) protection image for malware detection. This applies to all currently supported versions of DaRT. These versions include DaRT 7, DaRT 8, and DaRT 8.1, together with their service packs. ## About Windows Defender -The Windows Defender tool distributes anti-malware updates more frequently than the DaRT Defender tool. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. Without these updates, the DaRT Defender tool quickly becomes outdated. To make sure of up-to-date protection at scan time, you should download Windows Defender Offline to create a bootable image for scanning. +The Windows Defender tool distributes anti-malware updates more frequently than the DaRT Defender tool. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. Without these updates, the DaRT Defender tool quickly becomes outdated. To make sure of up-to-date protection at scan time, you should download Microsoft Defender Offline to create a bootable image for scanning. -Currently deployed DaRT images do not have to be removed or updated. We recommend that you deploy the bootable image that is provided by Windows Defender Offline for all future malware scans. Using an outdated version of the DaRT Defender tool could result in undetected malware. +Currently deployed DaRT images do not have to be removed or updated. We recommend that you deploy the bootable image that is provided by Microsoft Defender Offline for all future malware scans. Using an outdated version of the DaRT Defender tool could result in undetected malware. -For more information about Windows Defender Offline downloads and FAQs, go to the following website: [What is Windows Defender Offline?](https://go.microsoft.com/fwlink/p/?LinkId=394127). +For more information about Microsoft Defender Offline downloads and FAQs, go to the following website: [What is Microsoft Defender Offline?](https://go.microsoft.com/fwlink/p/?LinkId=394127).   diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 99080ed5f3..a9993b1e63 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -419,7 +419,7 @@ Node that can be used to perform signature updates for Windows Defender. Supported operations are Get and Execute. **OfflineScan** -Added in Windows 10, version 1803. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. After the next OS reboot, the device will start in Windows Defender offline mode to begin the scan. +Added in Windows 10, version 1803. OfflineScan action starts a Microsoft Defender Offline scan on the computer where you run the command. After the next OS reboot, the device will start in Microsoft Defender Offline mode to begin the scan. Supported operations are Get and Execute. diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md index ffe4254e2b..3b66e178f2 100644 --- a/windows/security/threat-protection/intelligence/rootkits-malware.md +++ b/windows/security/threat-protection/intelligence/rootkits-malware.md @@ -55,7 +55,7 @@ For more general tips, see [prevent malware infection](prevent-malware-infection Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your device and your antimalware software isn’t detecting it, you might need an extra tool that lets you boot to a known trusted environment. -[Windows Defender Offline](https://support.microsoft.com/help/17466/windows-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection. +[Microsoft Defender Offline](https://support.microsoft.com/help/17466/windows-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection. [System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity. diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-offline.md similarity index 54% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md rename to windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-offline.md index b8fbc245ce..5c6ddacbc5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-offline.md @@ -1,6 +1,6 @@ --- -title: Windows Defender Offline in Windows 10 -description: You can use Windows Defender Offline straight from the Windows Defender Antivirus app. You can also manage how it is deployed in your network. +title: Microsoft Defender Offline in Windows 10 +description: You can use Microsoft Defender Offline straight from the Windows Defender Antivirus app. You can also manage how it is deployed in your network. keywords: scan, defender, offline search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -16,21 +16,21 @@ ms.reviewer: manager: dansimp --- -# Run and review the results of a Windows Defender Offline scan +# Run and review the results of a Microsoft Defender Offline scan **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR). +Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR). -You can use Windows Defender Offline if you suspect a malware infection, or you want to confirm a thorough clean of the endpoint after a malware outbreak. +You can use Microsoft Defender Offline if you suspect a malware infection, or you want to confirm a thorough clean of the endpoint after a malware outbreak. -In Windows 10, Windows Defender Offline can be run with one click directly from the [Windows Security app](windows-defender-security-center-antivirus.md). In previous versions of Windows, a user had to install Windows Defender Offline to bootable media, restart the endpoint, and load the bootable media. +In Windows 10, Microsoft Defender Offline can be run with one click directly from the [Windows Security app](windows-defender-security-center-antivirus.md). In previous versions of Windows, a user had to install Microsoft Defender Offline to bootable media, restart the endpoint, and load the bootable media. ## prerequisites and requirements -Windows Defender Offline in Windows 10 has the same hardware requirements as Windows 10. +Microsoft Defender Offline in Windows 10 has the same hardware requirements as Windows 10. For more information about Windows 10 requirements, see the following topics: @@ -39,13 +39,13 @@ For more information about Windows 10 requirements, see the following topics: - [Hardware component guidelines](https://msdn.microsoft.com/library/windows/hardware/dn915049(v=vs.85).aspx) > [!NOTE] -> Windows Defender Offline is not supported on machines with ARM processors, or on Windows Server Stock Keeping Units. +> Microsoft Defender Offline is not supported on machines with ARM processors, or on Windows Server Stock Keeping Units. -To run Windows Defender Offline from the endpoint, the user must be logged in with administrator privileges. +To run Microsoft Defender Offline from the endpoint, the user must be logged in with administrator privileges. -## Windows Defender Offline updates +## Microsoft Defender Offline updates -Windows Defender Offline uses the most recent protection updates available on the endpoint; it's updated whenever Windows Defender Antivirus is updated. +Microsoft Defender Offline uses the most recent protection updates available on the endpoint; it's updated whenever Windows Defender Antivirus is updated. > [!NOTE] > Before running an offline scan, you should attempt to update Windows Defender AV protection. You can either force an update with Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest protection updates from the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx). @@ -54,37 +54,37 @@ See the [Manage Windows Defender Antivirus Security intelligence updates](manag ## Usage scenarios -In Windows 10, version 1607, you can manually force an offline scan. Alternatively, if Windows Defender determines that Windows Defender Offline needs to run, it will prompt the user on the endpoint. +In Windows 10, version 1607, you can manually force an offline scan. Alternatively, if Windows Defender determines that Microsoft Defender Offline needs to run, it will prompt the user on the endpoint. The need to perform an offline scan will also be revealed in Microsoft Endpoint Configuration Manager if you're using it to manage your endpoints. The prompt can occur via a notification, similar to the following: -![Windows notification showing the requirement to run Windows Defender Offline](images/defender/notification.png) +![Windows notification showing the requirement to run Microsoft Defender Offline](images/defender/notification.png) The user will also be notified within the Windows Defender client: -![Windows Defender showing the requirement to run Windows Defender Offline](images/defender/client.png) +![Windows Defender showing the requirement to run Microsoft Defender Offline](images/defender/client.png) In Configuration Manager, you can identify the status of endpoints by navigating to **Monitoring > Overview > Security > Endpoint Protection Status > System Center Endpoint Protection Status**. -Windows Defender Offline scans are indicated under **Malware remediation status** as **Offline scan required**. +Microsoft Defender Offline scans are indicated under **Malware remediation status** as **Offline scan required**. -![Microsoft Endpoint Configuration Manager indicating a Windows Defender Offline scan is required](images/defender/sccm-wdo.png) +![Microsoft Endpoint Configuration Manager indicating a Microsoft Defender Offline scan is required](images/defender/sccm-wdo.png) ## Configure notifications -Windows Defender Offline notifications are configured in the same policy setting as other Windows Defender AV notifications. +Microsoft Defender Offline notifications are configured in the same policy setting as other Windows Defender AV notifications. For more information about notifications in Windows Defender, see the [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) topic. ## Run a scan > [!IMPORTANT] -> Before you use Windows Defender Offline, make sure you save any files and shut down running programs. The Windows Defender Offline scan takes about 15 minutes to run. It will restart the endpoint when the scan is complete. The scan is performed outside of the usual Windows operating environment. The user interface will appear different to a normal scan performed by Windows Defender. After the scan is completed, the endpoint will be restarted and Windows will load normally. +> Before you use Microsoft Defender Offline, make sure you save any files and shut down running programs. The Microsoft Defender Offline scan takes about 15 minutes to run. It will restart the endpoint when the scan is complete. The scan is performed outside of the usual Windows operating environment. The user interface will appear different to a normal scan performed by Windows Defender. After the scan is completed, the endpoint will be restarted and Windows will load normally. -You can run a Windows Defender Offline scan with the following: +You can run a Microsoft Defender Offline scan with the following: - PowerShell - Windows Management Instrumentation (WMI) @@ -106,7 +106,7 @@ See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use Use the [**MSFT_MpWDOScan**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class to run an offline scan. -The following WMI script snippet will immediately run a Windows Defender Offline scan, which will cause the endpoint to restart, run the offline scan, and then restart and boot into Windows. +The following WMI script snippet will immediately run a Microsoft Defender Offline scan, which will cause the endpoint to restart, run the offline scan, and then restart and boot into Windows. ```WMI wmic /namespace:\\root\Microsoft\Windows\Defender path MSFT_MpWDOScan call Start @@ -123,7 +123,7 @@ See the following for more information: 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Advanced scan** label: -3. Select **Windows Defender Offline scan** and click **Scan now**. +3. Select **Microsoft Defender Offline scan** and click **Scan now**. > [!NOTE] @@ -132,7 +132,7 @@ See the following for more information: ## Review scan results -Windows Defender Offline scan results will be listed in the [Scan history section of the Windows Security app](windows-defender-security-center-antivirus.md#detection-history). +Microsoft Defender Offline scan results will be listed in the [Scan history section of the Windows Security app](windows-defender-security-center-antivirus.md#detection-history). ## Related articles diff --git a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md b/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md index f9457d3f21..301332c5d8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md +++ b/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md @@ -51,7 +51,7 @@ ### [Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md) ### [Configure and run scans](run-scan-windows-defender-antivirus.md) ### [Review scan results](review-scan-results-windows-defender-antivirus.md) -### [Run and review the results of a Windows Defender Offline scan](windows-defender-offline.md) +### [Run and review the results of a Microsoft Defender Offline scan](windows-defender-offline.md) ## [Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index 75d23d70dd..3efc7377c3 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -59,7 +59,7 @@ Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | De 1 | **Update** tab | **Protection updates** | Update the protection (Security intelligence) 2 | **History** tab | **Scan history** | Review threats that were quarantined, removed, or allowed 3 | **Settings** (links to **Windows Settings**) | **Virus & threat protection settings** | Enable various features, including Real-time protection, Cloud-delivered protection, Advanced notifications, and Automatic ample submission -4 | **Scan options** | **Advanced scan** | Run a full scan, custom scan, or a Windows Defender Offline scan +4 | **Scan options** | **Advanced scan** | Run a full scan, custom scan, or a Microsoft Defender Offline scan 5 | Run a scan (based on the option chosen under **Scan options** | **Quick scan** | In Windows 10, version 1703 and later, you can run custom and full scans under the **Advanced scan** option ## Common tasks diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 727cc608be..6abe9d8dfc 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -117,7 +117,7 @@ Windows Information Protection (WIP) helps to protect against this potential dat Several new features and management options have been added to Windows Defender in this version of Windows 10. -- [Windows Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. +- [Microsoft Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. - [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. - [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. - [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index f27cc65739..0107a9c65a 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -103,7 +103,7 @@ Windows Information Protection (WIP) helps to protect against this potential dat ### Windows Defender Several new features and management options have been added to Windows Defender in Windows 10, version 1607. -- [Windows Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. +- [Microsoft Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. - [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. - [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. - [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index ec640e3eea..922caa1d3b 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -137,7 +137,7 @@ This new feature is displayed under the Device Security page with the string “ ### Security management - [Windows Defender Firewall now supports Windows Subsystem for Linux (WSL)](https://blogs.windows.com/windowsexperience/2018/04/19/announcing-windows-10-insider-preview-build-17650-for-skip-ahead/#II14f7VlSBcZ0Gs4.97): Lets you add rules for WSL process, just like for Windows processes. -- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Windows Defender Offline Scanning tool actions, and any pending recommendations. +- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Microsoft Defender Offline Scanning tool actions, and any pending recommendations. - [Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) lets you prevent others from tampering with important security features. ## Microsoft Edge From d75105fc957f813d7e0465997d3459fb27783b41 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Wed, 6 May 2020 12:29:57 -0700 Subject: [PATCH 03/99] Changed Windows to Microsoft Also wd-app to md-app and windows-defender to microsoft-defender --- .../TOC.md | 7 ++ .../configure-md-app-guard.md | 66 ++++++++++++++++++ .../faq-md-app-guard.md} | 20 +++--- .../images/MDAG-EndpointMgr-newprofile.jpg | Bin .../appguard-gp-allow-camera-and-mic.png | Bin .../appguard-gp-allow-root-certificates.png | Bin ...s-to-trust-files-that-open-in-appguard.png | Bin .../images/appguard-gp-clipboard.png | Bin .../images/appguard-gp-download.png | Bin .../appguard-gp-network-isolation-neutral.png | Bin .../images/appguard-gp-network-isolation.png | Bin .../images/appguard-gp-persistence.png | Bin .../images/appguard-gp-print.png | Bin .../images/appguard-gp-turn-on.png | Bin .../images/appguard-gp-vgpu.png | Bin .../images/appguard-hardware-isolation.png | Bin .../images/appguard-new-window.png | Bin .../appguard-security-center-settings.png | Bin .../appguard-turned-on-with-trusted-site.png | Bin .../images/appguard-visual-cues.png | Bin .../application-guard-container-v-host.png | Bin .../host-screen-no-application-guard.png | Bin .../images/turn-windows-features-on.png | Bin .../install-md-app-guard.md} | 22 +++--- .../md-app-guard-overview.md} | 18 ++--- .../reqs-md-app-guard.md} | 14 ++-- .../test-scenarios-md-app-guard.md} | 28 ++++---- .../windows-defender-application-guard/TOC.md | 7 -- .../configure-wd-app-guard.md | 66 ------------------ 29 files changed, 124 insertions(+), 124 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-application-guard/TOC.md create mode 100644 windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md rename windows/security/threat-protection/{windows-defender-application-guard/faq-wd-app-guard.md => microsoft-defender-application-guard/faq-md-app-guard.md} (75%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/MDAG-EndpointMgr-newprofile.jpg (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-allow-camera-and-mic.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-allow-root-certificates.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-clipboard.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-download.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-network-isolation-neutral.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-network-isolation.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-persistence.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-print.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-turn-on.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-gp-vgpu.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-hardware-isolation.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-new-window.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-security-center-settings.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-turned-on-with-trusted-site.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/appguard-visual-cues.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/application-guard-container-v-host.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/host-screen-no-application-guard.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard => microsoft-defender-application-guard}/images/turn-windows-features-on.png (100%) rename windows/security/threat-protection/{windows-defender-application-guard/install-wd-app-guard.md => microsoft-defender-application-guard/install-md-app-guard.md} (74%) rename windows/security/threat-protection/{windows-defender-application-guard/wd-app-guard-overview.md => microsoft-defender-application-guard/md-app-guard-overview.md} (63%) rename windows/security/threat-protection/{windows-defender-application-guard/reqs-wd-app-guard.md => microsoft-defender-application-guard/reqs-md-app-guard.md} (78%) rename windows/security/threat-protection/{windows-defender-application-guard/test-scenarios-wd-app-guard.md => microsoft-defender-application-guard/test-scenarios-md-app-guard.md} (85%) delete mode 100644 windows/security/threat-protection/windows-defender-application-guard/TOC.md delete mode 100644 windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/TOC.md b/windows/security/threat-protection/microsoft-defender-application-guard/TOC.md new file mode 100644 index 0000000000..35f40da2a5 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-application-guard/TOC.md @@ -0,0 +1,7 @@ +# [Microsoft Defender Application Guard](md-app-guard-overview.md) + +## [System requirements](reqs-md-app-guard.md) +## [Install WDAG](install-md-app-guard.md) +## [Configure WDAG policies](configure-md-app-guard.md) +## [Test scenarios](test-scenarios-md-app-guard.md) +## [FAQ](faq-md-app-guard.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md new file mode 100644 index 0000000000..121ed70fbe --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md @@ -0,0 +1,66 @@ +--- +title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows 10) +description: Learn about the available Group Policy settings for Microsoft Defender Application Guard. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: denisebmsft +ms.author: deniseb +ms.date: 10/17/2017 +ms.reviewer: +manager: dansimp +ms.custom: asr +--- + +# Configure Microsoft Defender Application Guard policy settings + +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain. + +Application Guard uses both network isolation and application-specific settings. + +## Network isolation settings + +These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your company's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container. + +>[!NOTE] +>You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the "Domains categorized as both work and personal" policy. + + + +|Policy name|Supported versions|Description| +|-----------|------------------|-----------| +|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| +|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.| +|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.| + +## Network isolation settings wildcards + +|Value|Number of dots to the left|Meaning| +|-----|--------------------------|-------| +|`contoso.com`|0|Trust only the literal value of `contoso.com`.| +|`www.contoso.com`|0|Trust only the literal value of `www.contoso.com`.| +|`.contoso.com`|1|Trust any domain that ends with the text `contoso.com`. Matching sites include `spearphishingcontoso.com`, `contoso.com`, and `www.contoso.com`.| +|`..contoso.com`|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include `shop.contoso.com`, `us.shop.contoso.com`, `www.us.shop.contoso.com`, but NOT `contoso.com` itself.| + +## Application-specific settings +These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard**, can help you to manage your company's implementation of Application Guard. + +|Name|Supported versions|Description|Options| +|-----------|------------------|-----------|-------| +|Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:
-Disable the clipboard functionality completely when Virtualization Security is enabled.
- Enable copying of certain content from Application Guard into Microsoft Edge.
- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.

**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.| +|Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
- Enable Application Guard to print into the XPS format.
- Enable Application Guard to print into the PDF format.
- Enable Application Guard to print to locally attached printers.
- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.

**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.| +|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. **Note:** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.

**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. | +|Allow Persistence|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.

**Disabled or not configured.** All user data within Application Guard is reset between sessions.

**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**
1. Open a command-line program and navigate to `Windows/System32`.
2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.
3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.| +|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device. Available options:
- Enable Microsoft Defender Application Guard only for Microsoft Edge
- Enable Microsoft Defender Application Guard only for Microsoft Office
- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office

**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.| +|Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system.

**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.| +|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher

Windows 10 Pro, 1803 or higher|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.

**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.| +|Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher

Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.

**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.| +|Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher

Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.

**Disabled or not configured.** Certificates are not shared with Microsoft Defender Application Guard.| +|Allow users to trust files that open in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher|Determines whether users are able to manually trust untrusted files to open them on the host.|**Enabled.** Users are able to manually trust files or trust files after an antivirus check.

**Disabled or not configured.** Users are unable to manually trust files and files continue to open in Microsoft Defender Application Guard.| + + diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md similarity index 75% rename from windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md rename to windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 1e8839b354..cc79291b60 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -1,6 +1,6 @@ --- -title: FAQ - Windows Defender Application Guard (Windows 10) -description: Learn about the commonly asked questions and answers for Windows Defender Application Guard. +title: FAQ - Microsoft Defender Application Guard (Windows 10) +description: Learn about the commonly asked questions and answers for Microsoft Defender Application Guard. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,11 +14,11 @@ manager: dansimp ms.custom: asr --- -# Frequently asked questions - Windows Defender Application Guard +# Frequently asked questions - Microsoft Defender Application Guard **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Answering frequently asked questions about Windows Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. +Answering frequently asked questions about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. ## Frequently Asked Questions @@ -49,13 +49,13 @@ To help keep the Application Guard Edge session secure and isolated from the hos Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. -### How do I configure Windows Defender Application Guard to work with my network proxy (IP-Literal Addresses)? +### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? -Windows Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. +Microsoft Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. ### Which Input Method Editors (IME) in 19H1 are not supported? -The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Windows Defender Application Guard. +The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Microsoft Defender Application Guard. - Vietnam Telex keyboard - Vietnam number key-based keyboard - Hindi phonetic keyboard @@ -83,12 +83,12 @@ To trust a subdomain, you must precede your domain with two dots, for example: ` ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? -When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). +When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). ### Is there a size limit to the domain lists that I need to configure? Yes, both the Enterprise Resource domains hosted in the cloud and the Domains categorized as both work and personal have a 16383B limit. -### Why does my encryption driver break Windows Defender Application Guard? +### Why does my encryption driver break Microsoft Defender Application Guard? -Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT"). +Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT"). diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/MDAG-EndpointMgr-newprofile.jpg b/windows/security/threat-protection/microsoft-defender-application-guard/images/MDAG-EndpointMgr-newprofile.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/MDAG-EndpointMgr-newprofile.jpg rename to windows/security/threat-protection/microsoft-defender-application-guard/images/MDAG-EndpointMgr-newprofile.jpg diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-root-certificates.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-root-certificates.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-root-certificates.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-root-certificates.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-clipboard.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-clipboard.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-clipboard.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-clipboard.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-download.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-download.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-download.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-download.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-network-isolation-neutral.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-network-isolation-neutral.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-network-isolation-neutral.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-network-isolation-neutral.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-network-isolation.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-network-isolation.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-network-isolation.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-network-isolation.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-persistence.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-persistence.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-persistence.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-persistence.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-print.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-print.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-print.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-print.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-turn-on.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-turn-on.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-turn-on.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-turn-on.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-vgpu.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-vgpu.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-vgpu.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-vgpu.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-hardware-isolation.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-hardware-isolation.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-hardware-isolation.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-hardware-isolation.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-new-window.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-new-window.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-new-window.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-new-window.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-security-center-settings.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-security-center-settings.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-security-center-settings.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-security-center-settings.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-turned-on-with-trusted-site.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-turned-on-with-trusted-site.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-turned-on-with-trusted-site.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-turned-on-with-trusted-site.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-visual-cues.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-visual-cues.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/appguard-visual-cues.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-visual-cues.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/application-guard-container-v-host.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/application-guard-container-v-host.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/application-guard-container-v-host.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/application-guard-container-v-host.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/host-screen-no-application-guard.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/host-screen-no-application-guard.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/host-screen-no-application-guard.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/host-screen-no-application-guard.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/turn-windows-features-on.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/turn-windows-features-on.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-guard/images/turn-windows-features-on.png rename to windows/security/threat-protection/microsoft-defender-application-guard/images/turn-windows-features-on.png diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md similarity index 74% rename from windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md rename to windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index cdf47d7a4a..88c45443eb 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -1,6 +1,6 @@ --- title: Enable hardware-based isolation for Microsoft Edge (Windows 10) -description: Learn about the Windows Defender Application Guard modes (Standalone or Enterprise-managed) and how to install Application Guard in your enterprise. +description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed) and how to install Application Guard in your enterprise. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,19 +14,19 @@ manager: dansimp ms.custom: asr --- -# Prepare to install Windows Defender Application Guard +# Prepare to install Microsoft Defender Application Guard **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ## Review system requirements -See [System requirements for Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard) to review the hardware and software installation requirements for Windows Defender Application Guard. +See [System requirements for Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard) to review the hardware and software installation requirements for Microsoft Defender Application Guard. >[!NOTE] ->Windows Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. +>Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. -## Prepare for Windows Defender Application Guard -Before you can install and use Windows Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode. +## Prepare for Microsoft Defender Application Guard +Before you can install and use Microsoft Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode. ### Standalone mode @@ -34,7 +34,7 @@ Applies to: - Windows 10 Enterprise edition, version 1709 or higher - Windows 10 Pro edition, version 1803 -Employees can use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, you must install Application Guard and then the employee must manually start Microsoft Edge in Application Guard while browsing untrusted sites. For an example of how this works, see the [Application Guard in standalone mode](test-scenarios-wd-app-guard.md) testing scenario. +Employees can use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, you must install Application Guard and then the employee must manually start Microsoft Edge in Application Guard while browsing untrusted sites. For an example of how this works, see the [Application Guard in standalone mode](test-scenarios-md-app-guard.md) testing scenario. ## Enterprise-managed mode @@ -54,9 +54,9 @@ Application Guard functionality is turned off by default. However, you can quick 1. Open the **Control Panel**, click **Programs,** and then click **Turn Windows features on or off**. - ![Windows Features, turning on Windows Defender Application Guard](images/turn-windows-features-on.png) + ![Windows Features, turning on Microsoft Defender Application Guard](images/turn-windows-features-on.png) -2. Select the check box next to **Windows Defender Application Guard** and then click **OK**. +2. Select the check box next to **Microsoft Defender Application Guard** and then click **OK**. Application Guard and its underlying dependencies are all installed. @@ -83,7 +83,7 @@ Application Guard functionality is turned off by default. However, you can quick ### To install by using Intune > [!IMPORTANT] -> Make sure your organization's devices meet [requirements](reqs-wd-app-guard.md) and are [enrolled in Intune](https://docs.microsoft.com/mem/intune/enrollment/device-enrollment). +> Make sure your organization's devices meet [requirements](reqs-md-app-guard.md) and are [enrolled in Intune](https://docs.microsoft.com/mem/intune/enrollment/device-enrollment). :::image type="complex" source="images/MDAG-EndpointMgr-newprofile.jpg" alt-text="Endpoint protection profile"::: @@ -121,5 +121,5 @@ Application Guard functionality is turned off by default. However, you can quick c. Click **Save**. -After the profile is created, any devices to which the policy should apply will have Windows Defender Application Guard enabled. Users might have to restart their devices in order for protection to be in place. +After the profile is created, any devices to which the policy should apply will have Microsoft Defender Application Guard enabled. Users might have to restart their devices in order for protection to be in place. diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md similarity index 63% rename from windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md rename to windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 390bee5992..652cc3b40b 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -1,6 +1,6 @@ --- -title: Windows Defender Application Guard (Windows 10) -description: Learn about Windows Defender Application Guard and how it helps to combat malicious content and malware out on the Internet. +title: Microsoft Defender Application Guard (Windows 10) +description: Learn about Microsoft Defender Application Guard and how it helps to combat malicious content and malware out on the Internet. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,11 +14,11 @@ manager: dansimp ms.custom: asr --- -# Windows Defender Application Guard overview +# Microsoft Defender Application Guard overview **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. +Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. ## What is Application Guard and how does it work? @@ -44,8 +44,8 @@ Application Guard has been created to target several types of systems: |Article |Description | |------|------------| -|[System requirements for Windows Defender Application Guard](reqs-wd-app-guard.md) |Specifies the prerequisites necessary to install and use Application Guard.| -|[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.| -|[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.| -|[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.| -|[Frequently asked questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| \ No newline at end of file +|[System requirements for Microsoft Defender Application Guard](reqs-md-app-guard.md) |Specifies the prerequisites necessary to install and use Application Guard.| +|[Prepare and install Microsoft Defender Application Guard](install-md-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.| +|[Configure the Group Policy settings for Microsoft Defender Application Guard](configure-md-app-guard.md) |Provides info about the available Group Policy and MDM settings.| +|[Testing scenarios using Microsoft Defender Application Guard in your business or organization](test-scenarios-md-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.| +|[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md similarity index 78% rename from windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md rename to windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md index ca449ea92c..5757f18c10 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md @@ -1,6 +1,6 @@ --- -title: System requirements for Windows Defender Application Guard (Windows 10) -description: Learn about the system requirements for installing and running Windows Defender Application Guard. +title: System requirements for Microsoft Defender Application Guard (Windows 10) +description: Learn about the system requirements for installing and running Microsoft Defender Application Guard. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,17 +14,17 @@ manager: dansimp ms.custom: asr --- -# System requirements for Windows Defender Application Guard +# System requirements for Microsoft Defender Application Guard **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. +The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. >[!NOTE] ->Windows Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. +>Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. ## Hardware requirements -Your environment needs the following hardware to run Windows Defender Application Guard. +Your environment needs the following hardware to run Microsoft Defender Application Guard. |Hardware|Description| |--------|-----------| @@ -35,7 +35,7 @@ Your environment needs the following hardware to run Windows Defender Applicatio |Input/Output Memory Management Unit (IOMMU) support|Not required, but strongly recommended| ## Software requirements -Your environment needs the following software to run Windows Defender Application Guard. +Your environment needs the following software to run Microsoft Defender Application Guard. |Software|Description| |--------|-----------| diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md similarity index 85% rename from windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md rename to windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index a5eebdf2a2..e2a6d3e0ec 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -1,6 +1,6 @@ --- -title: Testing scenarios with Windows Defender Application Guard (Windows 10) -description: Suggested testing scenarios for Windows Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode. +title: Testing scenarios with Microsoft Defender Application Guard (Windows 10) +description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -29,7 +29,7 @@ You can see how an employee would use standalone mode with Application Guard. ### To test Application Guard in Standalone mode -1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). +1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). 2. Restart the device, start Microsoft Edge, and then click **New Application Guard window** from the menu. @@ -52,7 +52,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise- Before you can use Application Guard in enterprise mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings. -1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard#install-application-guard). +1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard#install-application-guard). 2. Restart the device and then start Microsoft Edge. @@ -72,7 +72,7 @@ Before you can use Application Guard in enterprise mode, you must install Window ![Group Policy editor with Neutral resources setting](images/appguard-gp-network-isolation-neutral.png) -4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Turn on Windows Defender Application Guard in Enterprise Mode** setting. +4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Turn on Microsoft Defender Application Guard in Enterprise Mode** setting. 5. Click **Enabled**, choose Option **1**, and click **OK**. @@ -113,7 +113,7 @@ You have the option to change each of these settings to work with your enterpris #### Copy and paste options -1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard clipboard settings**. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Configure Microsoft Defender Application Guard clipboard settings**. 2. Click **Enabled** and click **OK**. @@ -139,7 +139,7 @@ You have the option to change each of these settings to work with your enterpris #### Print options -1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard print** settings. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Configure Microsoft Defender Application Guard print** settings. 2. Click **Enabled** and click **OK**. @@ -151,7 +151,7 @@ You have the option to change each of these settings to work with your enterpris #### Data persistence options -1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow data persistence for Windows Defender Application Guard** setting. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow data persistence for Microsoft Defender Application Guard** setting. 2. Click **Enabled** and click **OK**. @@ -176,7 +176,7 @@ You have the option to change each of these settings to work with your enterpris #### Download options -1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow files to download and save to the host operating system from Windows Defender Application Guard** setting. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow files to download and save to the host operating system from Microsoft Defender Application Guard** setting. 2. Click **Enabled** and click **OK**. @@ -184,13 +184,13 @@ You have the option to change each of these settings to work with your enterpris 3. Log out and back on to your device, opening Microsoft Edge in Application Guard again. -4. Download a file from Windows Defender Application Guard. +4. Download a file from Microsoft Defender Application Guard. 5. Check to see the file has been downloaded into This PC > Downloads > Untrusted files. #### Hardware acceleration options -1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow hardware-accelerated rendering for Windows Defender Application Guard** setting. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow hardware-accelerated rendering for Microsoft Defender Application Guard** setting. 2. Click **Enabled** and click **OK**. @@ -206,7 +206,7 @@ You have the option to change each of these settings to work with your enterpris #### File trust options -1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow users to trust files that open in Windows Defender Application Guard** setting. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow users to trust files that open in Microsoft Defender Application Guard** setting. 2. Click **Enabled**, set **Options** to 2, and click **OK**. @@ -220,7 +220,7 @@ You have the option to change each of these settings to work with your enterpris #### Camera and microphone options -1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow camera and microphone access in Windows Defender Application Guard** setting. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow camera and microphone access in Microsoft Defender Application Guard** setting. 2. Click **Enabled** and click **OK**. @@ -234,7 +234,7 @@ You have the option to change each of these settings to work with your enterpris #### Root certificate sharing options -1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow Windows Defender Application Guard to use Root Certificate Authorities from the user's device** setting. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device** setting. 2. Click **Enabled**, copy the thumbprint of each certificate to share, separated by a comma, and click **OK**. diff --git a/windows/security/threat-protection/windows-defender-application-guard/TOC.md b/windows/security/threat-protection/windows-defender-application-guard/TOC.md deleted file mode 100644 index 9e42b2b691..0000000000 --- a/windows/security/threat-protection/windows-defender-application-guard/TOC.md +++ /dev/null @@ -1,7 +0,0 @@ -# [Windows Defender Application Guard](wd-app-guard-overview.md) - -## [System requirements](reqs-wd-app-guard.md) -## [Install WDAG](install-wd-app-guard.md) -## [Configure WDAG policies](configure-wd-app-guard.md) -## [Test scenarios](test-scenarios-wd-app-guard.md) -## [FAQ](faq-wd-app-guard.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md deleted file mode 100644 index 7826641e1f..0000000000 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Configure the Group Policy settings for Windows Defender Application Guard (Windows 10) -description: Learn about the available Group Policy settings for Windows Defender Application Guard. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.date: 10/17/2017 -ms.reviewer: -manager: dansimp -ms.custom: asr ---- - -# Configure Windows Defender Application Guard policy settings - -**Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Windows Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain. - -Application Guard uses both network isolation and application-specific settings. - -## Network isolation settings - -These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your company's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container. - ->[!NOTE] ->You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the "Domains categorized as both work and personal" policy. - - - -|Policy name|Supported versions|Description| -|-----------|------------------|-----------| -|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| -|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.| -|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.| - -## Network isolation settings wildcards - -|Value|Number of dots to the left|Meaning| -|-----|--------------------------|-------| -|`contoso.com`|0|Trust only the literal value of `contoso.com`.| -|`www.contoso.com`|0|Trust only the literal value of `www.contoso.com`.| -|`.contoso.com`|1|Trust any domain that ends with the text `contoso.com`. Matching sites include `spearphishingcontoso.com`, `contoso.com`, and `www.contoso.com`.| -|`..contoso.com`|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include `shop.contoso.com`, `us.shop.contoso.com`, `www.us.shop.contoso.com`, but NOT `contoso.com` itself.| - -## Application-specific settings -These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard. - -|Name|Supported versions|Description|Options| -|-----------|------------------|-----------|-------| -|Configure Windows Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:
-Disable the clipboard functionality completely when Virtualization Security is enabled.
- Enable copying of certain content from Application Guard into Microsoft Edge.
- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.

**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.| -|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
- Enable Application Guard to print into the XPS format.
- Enable Application Guard to print into the PDF format.
- Enable Application Guard to print to locally attached printers.
- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.

**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.| -|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. **Note:** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.

**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. | -|Allow Persistence|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.

**Disabled or not configured.** All user data within Application Guard is reset between sessions.

**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**
1. Open a command-line program and navigate to `Windows/System32`.
2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.
3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.| -|Turn on Windows Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device. Available options:
- Enable Windows Defender Application Guard only for Microsoft Edge
- Enable Windows Defender Application Guard only for Microsoft Office
- Enable Windows Defender Application Guard for both Microsoft Edge and Microsoft Office

**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.| -|Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher|Determines whether to save downloaded files to the host operating system from the Windows Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Windows Defender Application Guard container to the host operating system.

**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.| -|Allow hardware-accelerated rendering for Windows Defender Application Guard|Windows 10 Enterprise, 1803 or higher

Windows 10 Pro, 1803 or higher|Determines whether Windows Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Windows Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Windows Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Windows Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.

**Disabled or not configured.** Windows Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.| -|Allow camera and microphone access in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher

Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Windows Defender Application Guard.|**Enabled.** Applications inside Windows Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.

**Disabled or not configured.** Applications inside Windows Defender Application Guard are unable to access the camera and microphone on the user's device.| -|Allow Windows Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher

Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Windows Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.

**Disabled or not configured.** Certificates are not shared with Windows Defender Application Guard.| -|Allow users to trust files that open in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher|Determines whether users are able to manually trust untrusted files to open them on the host.|**Enabled.** Users are able to manually trust files or trust files after an antivirus check.

**Disabled or not configured.** Users are unable to manually trust files and files continue to open in Windows Defender Application Guard.| - - From 622be6d6f36018fbc8b307b1bb28af0ec78635d4 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 12 May 2020 08:18:03 +0500 Subject: [PATCH 04/99] Update hello-cert-trust-validate-pki.md --- .../hello-for-business/hello-cert-trust-validate-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index 067d2d3504..3fc4c88711 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -150,7 +150,7 @@ Domain controllers automatically request a certificate from the domain controlle 7. Expand **Windows Settings**, **Security Settings**, and click **Public Key Policies**. 8. In the details pane, right-click **Certificate Services Client – Auto-Enrollment** and select **Properties**. 9. Select **Enabled** from the **Configuration Model** list. -10. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box. +10. Select the **Renew expired certificates, update pending certificates, and remove revoked certificates** check box. 11. Select the **Update certificates that use certificate templates** check box. 12. Click **OK**. Close the **Group Policy Management Editor**. From bb189ac1efcf8b5f016383f7e1139584d1c28989 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 17 May 2020 11:51:36 +0500 Subject: [PATCH 05/99] Update troubleshoot-inaccessible-boot-device.md --- .../client-management/troubleshoot-inaccessible-boot-device.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md index 5556b97262..e2b6c3237a 100644 --- a/windows/client-management/troubleshoot-inaccessible-boot-device.md +++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md @@ -113,7 +113,7 @@ To verify the BCD entries: 2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device** , **path** , **osdevice,** and **systemroot** point to the correct device or partition, winload file, OS partition or device, and OS folder. > [!NOTE] - > If the computer is UEFI-based, the **bootmgr** and **winload** entries under **{default}** will contain an **.efi** extension. + > If the computer is UEFI-based, the filepath value specified in **path** parameter of **{bootmgr}** and **{default}** will contain an **.efi** extension. ![bcdedit](images/screenshot1.png) From 2337ec145edbbea78466ab156781f1de5fe42f11 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 18 May 2020 11:14:02 +0500 Subject: [PATCH 06/99] Update windows/client-management/troubleshoot-inaccessible-boot-device.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../client-management/troubleshoot-inaccessible-boot-device.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md index e2b6c3237a..9f98c2a73c 100644 --- a/windows/client-management/troubleshoot-inaccessible-boot-device.md +++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md @@ -110,7 +110,7 @@ To verify the BCD entries: >[!NOTE] >This output may not contain a path. -2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device** , **path** , **osdevice,** and **systemroot** point to the correct device or partition, winload file, OS partition or device, and OS folder. +2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device**, **path**, **osdevice**, and **systemroot** point to the correct device or partition, winload file, OS partition or device, and OS folder. > [!NOTE] > If the computer is UEFI-based, the filepath value specified in **path** parameter of **{bootmgr}** and **{default}** will contain an **.efi** extension. From f623eec27f374e087d8318385adda65213d669e9 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 18 May 2020 11:14:28 +0500 Subject: [PATCH 07/99] Update windows/client-management/troubleshoot-inaccessible-boot-device.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../client-management/troubleshoot-inaccessible-boot-device.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md index 9f98c2a73c..667776a7f8 100644 --- a/windows/client-management/troubleshoot-inaccessible-boot-device.md +++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md @@ -113,7 +113,7 @@ To verify the BCD entries: 2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device**, **path**, **osdevice**, and **systemroot** point to the correct device or partition, winload file, OS partition or device, and OS folder. > [!NOTE] - > If the computer is UEFI-based, the filepath value specified in **path** parameter of **{bootmgr}** and **{default}** will contain an **.efi** extension. + > If the computer is UEFI-based, the filepath value specified in the **path** parameter of **{bootmgr}** and **{default}** will contain an **.efi** extension. ![bcdedit](images/screenshot1.png) From 6b855cf38df89a4a9691a84f2459877a0d5e69b5 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Wed, 20 May 2020 15:46:27 -0700 Subject: [PATCH 08/99] changed windows to microsoft As part of rebrand, changed Windows Defender Offline to Microsoft Defender Offline and windows-defender-offline to microsoft-defender-offline --- windows/security/threat-protection/TOC.md | 4 ++-- .../threat-protection/intelligence/rootkits-malware.md | 2 +- .../troubleshoot-windows-defender-antivirus.md | 2 +- windows/whats-new/ltsc/whats-new-windows-10-2016.md | 2 +- windows/whats-new/whats-new-windows-10-version-1607.md | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 06efa1c47e..6dfcebce9c 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -155,7 +155,7 @@ ###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) ###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) ###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) +###### [Run and review the results of an offline scan](windows-defender-antivirus/microsoft-defender-offline.md) ##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) @@ -183,7 +183,7 @@ ###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) ###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) ###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) +###### [Run and review the results of an offline scan](windows-defender-antivirus/microsoft-defender-offline.md) ###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) ##### [Manage next-generation protection in your business]() diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md index 3b66e178f2..ad80fad7fe 100644 --- a/windows/security/threat-protection/intelligence/rootkits-malware.md +++ b/windows/security/threat-protection/intelligence/rootkits-malware.md @@ -55,7 +55,7 @@ For more general tips, see [prevent malware infection](prevent-malware-infection Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your device and your antimalware software isn’t detecting it, you might need an extra tool that lets you boot to a known trusted environment. -[Microsoft Defender Offline](https://support.microsoft.com/help/17466/windows-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection. +[Microsoft Defender Offline](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection. [System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity. diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 8b02e56f61..0655ccb826 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -2891,7 +2891,7 @@ Run a full system scan. This error indicates that an offline scan is required. Resolution -Run offline Windows Defender Antivirus. You can read about how to do this in the offline Windows Defender Antivirus article. +Run offline Windows Defender Antivirus. You can read about how to do this in the offline Windows Defender Antivirus article. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 6abe9d8dfc..60d3674825 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -117,7 +117,7 @@ Windows Information Protection (WIP) helps to protect against this potential dat Several new features and management options have been added to Windows Defender in this version of Windows 10. -- [Microsoft Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. +- [Microsoft Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/microsoft-defender-offline) can be run directly from within Windows, without having to create bootable media. - [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. - [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. - [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 0107a9c65a..272b5ec918 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -103,7 +103,7 @@ Windows Information Protection (WIP) helps to protect against this potential dat ### Windows Defender Several new features and management options have been added to Windows Defender in Windows 10, version 1607. -- [Microsoft Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. +- [Microsoft Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/microsoft-defender-offline) can be run directly from within Windows, without having to create bootable media. - [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. - [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. - [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. From fd2fc009bede7d527aeb5f9d841e03c9938e14a6 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Thu, 21 May 2020 14:21:37 -0700 Subject: [PATCH 09/99] Changed Windows to Microsoft Changed only UX content; will change links later. --- .../update/how-windows-update-works.md | 2 +- .../update/update-compliance-monitor.md | 4 ++-- .../update/update-compliance-using.md | 4 ++-- windows/privacy/gdpr-win10-whitepaper.md | 18 +++++++++--------- ...-system-components-to-microsoft-services.md | 10 +++++----- .../privacy/manage-windows-1809-endpoints.md | 2 +- .../privacy/windows-diagnostic-data-1703.md | 2 +- windows/privacy/windows-diagnostic-data.md | 2 +- windows/security/threat-protection/TOC.md | 8 ++++---- .../control-usb-devices-using-intune.md | 14 +++++++------- .../threat-protection/intelligence/criteria.md | 4 ++-- .../intelligence/developer-faq.md | 4 ++-- .../intelligence/developer-resources.md | 2 +- .../intelligence/malware-naming.md | 2 +- .../intelligence/safety-scanner-download.md | 4 ++-- .../intelligence/support-scams.md | 4 ++-- .../intelligence/trojans-malware.md | 2 +- .../intelligence/unwanted-software.md | 2 +- .../intelligence/worms-malware.md | 2 +- .../advanced-features.md | 2 +- .../advanced-hunting-deviceevents-table.md | 2 +- .../advanced-hunting-schema-reference.md | 2 +- .../microsoft-defender-atp/alerts-queue.md | 4 ++-- .../auto-investigation-action-center.md | 2 +- .../behavioral-blocking-containment.md | 2 +- .../configure-machines-security-baseline.md | 2 +- .../configure-proxy-internet.md | 2 +- .../configure-server-endpoints.md | 2 +- ...view-of-threat-mitigations-in-windows-10.md | 14 +++++++------- ...re-worm-targets-out-of-date-systems-wdsi.md | 4 ++-- 30 files changed, 65 insertions(+), 65 deletions(-) diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index 7284fecba7..e427a2f861 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -80,7 +80,7 @@ Windows Update takes the following sets of actions when it runs a scan. #### Starts the scan for updates When users start scanning in Windows Update through the Settings panel, the following occurs: -- The scan first generates a “ComApi” message. The caller (Windows Defender Antivirus) tells the WU engine to scan for updates. +- The scan first generates a “ComApi” message. The caller (Microsoft Defender Antivirus) tells the WU engine to scan for updates. - "Agent" messages: queueing the scan, then actually starting the work: - Updates are identified by the different IDs ("Id = 10", "Id = 11") and from the different thread ID numbers. - Windows Update uses the thread ID filtering to concentrate on one particular task. diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 55e6f693d9..8e4da6a05c 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -18,8 +18,8 @@ ms.topic: article # Monitor Windows Updates with Update Compliance > [!IMPORTANT] -> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal. Two planned feature removals for Update Compliance – Windows Defender Antivirus reporting and Perspectives – are now scheduled to be removed beginning Monday, May 11, 2020. -> * The retirement of Windows Defender Antivirus reporting will begin Monday, May 11, 2020. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). +> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal. Two planned feature removals for Update Compliance – Microsoft Defender Antivirus reporting and Perspectives – are now scheduled to be removed beginning Monday, May 11, 2020. +> * The retirement of Microsoft Defender Antivirus reporting will begin Monday, May 11, 2020. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). > * The Perspectives feature of Update Compliance will be retired Monday, May 11, 2020. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance. ## Introduction diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index 47ea2040ed..b61cef1778 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -17,7 +17,7 @@ ms.topic: article # Use Update Compliance -In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Windows Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md). +In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Microsoft Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md). Update Compliance: @@ -50,7 +50,7 @@ When you select this tile, you will be redirected to the Update Compliance works Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items: * Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10. * Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability. -* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus. +* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Microsoft Defender Antivirus. The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency). diff --git a/windows/privacy/gdpr-win10-whitepaper.md b/windows/privacy/gdpr-win10-whitepaper.md index 302909fefa..ce2c263dfe 100644 --- a/windows/privacy/gdpr-win10-whitepaper.md +++ b/windows/privacy/gdpr-win10-whitepaper.md @@ -132,24 +132,24 @@ As seen with recent ransomware attacks, once called the "black plague" of the In In response to these threats and as a part of your mechanisms to resist these types of breaches so that you remain in compliance with the GDPR, Windows 10 provides built in technology, detailed below including the following: -- Windows Defender Antivirus to respond to emerging threats on data. +- Microsoft Defender Antivirus to respond to emerging threats on data. - Microsoft Edge to systemically disrupt phishing, malware, and hacking attacks. - Windows Defender Device Guard to block all unwanted applications on client machines. #### Responding to emerging data threats -Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. In Windows 10, it uses a multi-pronged approach to improve antimalware: +Microsoft Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. In Windows 10, it uses a multi-pronged approach to improve antimalware: - **Cloud-delivered protection.** Helps to detect and block new malware within seconds, even if the malware has never been seen before. -- **Rich local context.** Improves how malware is identified. Windows 10 informs Windows Defender Antivirus not only about content like files and processes, but also where the content came from, where it's been stored, and more. +- **Rich local context.** Improves how malware is identified. Windows 10 informs Microsoft Defender Antivirus not only about content like files and processes, but also where the content came from, where it's been stored, and more. -- **Extensive global sensors.** Help to keep Windows Defender Antivirus current and aware of even the newest malware. This is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data. +- **Extensive global sensors.** Help to keep Microsoft Defender Antivirus current and aware of even the newest malware. This is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data. -- **Tamper proofing.** Helps to guard Windows Defender Antivirus itself against malware attacks. For example, Windows Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Windows Defender Antivirus components, its registry keys, and so on. +- **Tamper proofing.** Helps to guard Microsoft Defender Antivirus itself against malware attacks. For example, Microsoft Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Microsoft Defender Antivirus components, its registry keys, and so on. -- **Enterprise-level features.** Give IT pros the tools and configuration options necessary to make Windows Defender Antivirus an enterprise-class antimalware solution. +- **Enterprise-level features.** Give IT pros the tools and configuration options necessary to make Microsoft Defender Antivirus an enterprise-class antimalware solution. #### Systemically disrupting phishing, malware, and hacking attacks In today’s threat landscape, your ability to provide those mechanisms should be tied to the specific data-focused attacks you face through phishing, malware and hacking due to the browser-related attacks. @@ -204,7 +204,7 @@ Among the key benefits of ATP are the following: - Built in, not bolted on - agentless with high performance and low impact, cloud-powered; easy management with no deployment. -- Single pane of glass for Windows security - explore 6 months of rich machine timeline that unifies security events from Windows Defender ATP, Windows Defender Antivirus. +- Single pane of glass for Windows security - explore 6 months of rich machine timeline that unifies security events from Windows Defender ATP, Microsoft Defender Antivirus. - Power of the Microsoft graph - leverages the Microsoft Intelligence Security Graph to integrate detection and exploration with Office 365 ATP subscription, to track back and respond to attacks. @@ -216,7 +216,7 @@ To provide Detection capabilities, Windows 10 improves our OS memory and kernel We continue to upgrade our detections of ransomware and other advanced attacks, applying our behavioral and machine-learning detection library to counter changing attacks trends. Our historical detection capability ensures new detection rules apply to up to six months of stored data to detect attacks that previously went unnoticed. Customers can also add customized detection rules or IOCs to augment the detection dictionary. -Customers asked us for a single pane of glass across the entire Windows security stack. Windows Defender Antivirus detections and Windows Defender Device Guard blocks are the first to surface in the Windows Defender ATP portal interleaved with Windows Defender ATP detections. The new user entity adds identity as a pivot, providing insight into actions, relationships, and alerts that span machines and allow us to track attackers moving laterally across the network. +Customers asked us for a single pane of glass across the entire Windows security stack. Microsoft Defender Antivirus detections and Windows Defender Device Guard blocks are the first to surface in the Windows Defender ATP portal interleaved with Windows Defender ATP detections. The new user entity adds identity as a pivot, providing insight into actions, relationships, and alerts that span machines and allow us to track attackers moving laterally across the network. Our alert page now includes a new process tree visualization that aggregates multiple detections and related events into a single view that helps security teams reduce the time to resolve cases by providing the information required to understand and resolve incidents without leaving the alert page. @@ -314,7 +314,7 @@ Azure Information Protection also helps your users share sensitive data in a sec - **Windows Hello for Business:** https://www.youtube.com/watch?v=WOvoXQdj-9E and https://docs.microsoft.com/windows/access-protection/hello-for-business/hello-identity-verification -- **Windows Defender Antivirus:** https://www.youtube.com/watch?v=P1aNEy09NaI and https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10 +- **Microsoft Defender Antivirus:** https://www.youtube.com/watch?v=P1aNEy09NaI and https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10 - **Windows Defender Advanced Threat Protection:** https://www.youtube.com/watch?v=qxeGa3pxIwg and https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 4bbec23cef..6085890428 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1595,7 +1595,7 @@ You can disconnect from the Microsoft Antimalware Protection Service. >1. Ensure Windows and Windows Defender are fully up to date. >2. Search the Start menu for "Tamper Protection" by clicking on the search icon next to the Windows Start button. Then scroll down to the Tamper Protection toggle and turn it **Off**. This will allow you to modify the Registry key and allow the Group Policy to make the setting. Alternatively, you can go to **Windows Security Settings -> Virus & threat protection, click on Manage Settings** link and then scroll down to the Tamper Protection toggle to set it to **Off**. -- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **MAPS** > **Join Microsoft MAPS** and then select **Disabled** from the drop-down box named **Join Microsoft MAPS** +- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **MAPS** > **Join Microsoft MAPS** and then select **Disabled** from the drop-down box named **Join Microsoft MAPS** -OR- @@ -1608,7 +1608,7 @@ You can disconnect from the Microsoft Antimalware Protection Service. You can stop sending file samples back to Microsoft. -- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **MAPS** > **Send file samples when further analysis is required** to **Never Send**. +- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **MAPS** > **Send file samples when further analysis is required** to **Never Send**. -or- @@ -1617,11 +1617,11 @@ You can stop sending file samples back to Microsoft. You can stop downloading **Definition Updates**: -- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **Signature Updates** > **Define the order of sources for downloading definition updates** and set it to **FileShares**. +- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Signature Updates** > **Define the order of sources for downloading definition updates** and set it to **FileShares**. -and- -- **Disable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **Signature Updates** > **Define file shares for downloading definition updates** and set it to **Nothing**. +- **Disable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Signature Updates** > **Define file shares for downloading definition updates** and set it to **Nothing**. -or- @@ -1645,7 +1645,7 @@ You can turn off **Enhanced Notifications** as follows: -or- -- **Enable** the Group Policy **Turn off enhanced notifications** under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **Reporting**. +- **Enable** the Group Policy **Turn off enhanced notifications** under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Reporting**. -or- diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index 6367bb1968..789a9029a6 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -398,7 +398,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o ## Windows Defender The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Windows Defender Antivirus cloud service connections, see [Allow connections to the Windows Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service). +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Microsoft Defender Antivirus cloud service connections, see [Allow connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service). | Source process | Protocol | Destination | |----------------|----------|------------| diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md index 73ccd75c12..ef7ec52739 100644 --- a/windows/privacy/windows-diagnostic-data-1703.md +++ b/windows/privacy/windows-diagnostic-data-1703.md @@ -74,7 +74,7 @@ This type of data includes details about the health of the device, operating sys | Category Name | Description and Examples | | - | - | |Device health and crash data | Information about the device and software health such as:
  • Error codes and error messages, name and ID of the app, and process reporting the error
  • DLL library predicted to be the source of the error -- xyz.dll
  • System generated files -- app or product logs and trace files to help diagnose a crash or hang
  • System settings such as registry keys
  • User generated files – .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang
  • Details and counts of abnormal shutdowns, hangs, and crashes
  • Crash failure data – OS, OS component, driver, device, 1st and 3rd party app data
  • Crash and Hang dumps
    • The recorded state of the working memory at the point of the crash.
    • Memory in use by the kernel at the point of the crash.
    • Memory in use by the application at the point of the crash.
    • All the physical memory used by Windows at the point of the crash.
    • Class and function name within the module that failed.
    | -|Device performance and reliability data | Information about the device and software performance such as:
    • User Interface interaction durations -- Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.
    • Device on/off performance -- Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).
    • In-app responsiveness -- time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.
    • User input responsiveness – onscreen keyboard invocation times for different languages, time to show auto-complete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.
    • UI and media performance and glitches/smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance
    • Disk footprint -- Free disk space, out of memory conditions, and disk score.
    • Excessive resource utilization – components impacting performance or battery life through high CPU usage during different screen and power states
    • Background task performance -- download times, Windows Update scan duration, Windows Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results
    • Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness environmental response times
    • Device setup -- first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.
    • Power and Battery life – power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, auto-brightness details, time device is plugged into AC vs. battery, battery state transitions
    • Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.
    • Diagnostic heartbeat – regular signal to validate the health of the diagnostics system
    | +|Device performance and reliability data | Information about the device and software performance such as:
    • User Interface interaction durations -- Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.
    • Device on/off performance -- Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).
    • In-app responsiveness -- time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.
    • User input responsiveness – onscreen keyboard invocation times for different languages, time to show auto-complete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.
    • UI and media performance and glitches/smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance
    • Disk footprint -- Free disk space, out of memory conditions, and disk score.
    • Excessive resource utilization – components impacting performance or battery life through high CPU usage during different screen and power states
    • Background task performance -- download times, Windows Update scan duration, Microsoft Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results
    • Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness environmental response times
    • Device setup -- first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.
    • Power and Battery life – power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, auto-brightness details, time device is plugged into AC vs. battery, battery state transitions
    • Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.
    • Diagnostic heartbeat – regular signal to validate the health of the diagnostics system
    | |Movies|Information about movie consumption functionality on the device. This isn't intended to capture user viewing, listening or habits.
    • Video Width, height, color pallet, encoding (compression) type, and encryption type
    • Instructions for how to stream content for the user -- the smooth streaming manifest of chunks of content files that must be pieced together to stream the content based on screen resolution and bandwidth
    • URL for a specific two second chunk of content if there is an error
    • Full screen viewing mode details| |Music & TV|Information about music and TV consumption on the device. This isn't intended to capture user viewing, listening or habits.
      • Service URL for song being downloaded from the music service – collected when an error occurs to facilitate restoration of service
      • Content type (video, audio, surround audio)
      • Local media library collection statistics -- number of purchased tracks, number of playlists
      • Region mismatch -- User OS Region, and Xbox Live region
      | |Reading|Information about reading consumption functionality on the device. This isn't intended to capture user viewing, listening or habits.
      • App accessing content and status and options used to open a Microsoft Store book
      • Language of the book
      • Time spent reading content
      • Content type and size details
      | diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md index 85c77ad883..5165ffd9c7 100644 --- a/windows/privacy/windows-diagnostic-data.md +++ b/windows/privacy/windows-diagnostic-data.md @@ -289,7 +289,7 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud - UI and media performance and glitches versus smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance - Disk footprint -- Free disk space, out of memory conditions, and disk score - Excessive resource utilization -- components impacting performance or battery life through high CPU usage during different screen and power states -- Background task performance -- download times, Windows Update scan duration, Windows Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results +- Background task performance -- download times, Windows Update scan duration, Microsoft Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results - Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness, and environmental response times - Device setup -- first setup experience times (time to install updates, install apps, connect to network, and so on), time to recognize connected devices (printer and monitor), and time to set up a Microsoft Account - Power and Battery life -- power draw by component (Process/CPU/GPU/Display), hours of time the screen is off, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use while the screen is off, auto-brightness details, time device is plugged into AC versus battery, and battery state transitions diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index d65cca5636..2e5c680802 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -100,7 +100,7 @@ #### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md) #### [Configure next-generation protection]() -##### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) +##### [Configure Microsoft Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) ##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) ###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) @@ -184,7 +184,7 @@ ###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) ##### [Manage next-generation protection in your business]() -###### [Handle false positives/negatives in Windows Defender Antivirus](windows-defender-antivirus/antivirus-false-positives-negatives.md) +###### [Handle false positives/negatives in Microsoft Defender Antivirus](windows-defender-antivirus/antivirus-false-positives-negatives.md) ###### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) ###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) ###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) @@ -193,8 +193,8 @@ ###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) -#### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md) -#### [Better together: Windows Defender Antivirus and Office 365](windows-defender-antivirus/office-365-windows-defender-antivirus.md) +#### [Better together: Microsoft Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md) +#### [Better together: Microsoft Defender Antivirus and Office 365](windows-defender-antivirus/office-365-windows-defender-antivirus.md) ### [Microsoft Defender Advanced Threat Protection for Mac]() diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 74a43afb5e..0a3d417425 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -26,7 +26,7 @@ Microsoft recommends [a layered approach to securing removable media](https://ak 1. [Allow or block removable devices](#allow-or-block-removable-devices) based on granular configuration to deny write access to removable disks and approve or deny devices by USB vendor IDs, product IDs, device IDs, or a combination. Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. 2. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling: - - Windows Defender Antivirus real-time protection (RTP) to scan removable storage for malware. + - Microsoft Defender Antivirus real-time protection (RTP) to scan removable storage for malware. - The Attack Surface Reduction (ASR) USB rule to block untrusted and unsigned processes that run from USB. - Direct Memory Access (DMA) protection settings to mitigate DMA attacks, including Kernel DMA Protection for Thunderbolt and blocking DMA until a user signs in. 3. [Create customized alerts and response actions](#create-customized-alerts-and-response-actions) to monitor usage of removable devices based on these plug and play events or any other Microsoft Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules). @@ -226,22 +226,22 @@ For more information about controlling USB devices, see the [Microsoft Defender | Control | Description | |----------|-------------| -| [Enable Windows Defender Antivirus Scanning](#enable-windows-defender-antivirus-scanning) | Enable Windows Defender Antivirus scanning for real-time protection or scheduled scans.| +| [Enable Microsoft Defender Antivirus Scanning](#enable-windows-defender-antivirus-scanning) | Enable Microsoft Defender Antivirus scanning for real-time protection or scheduled scans.| | [Block untrusted and unsigned processes on USB peripherals](#block-untrusted-and-unsigned-processes-on-usb-peripherals) | Block USB files that are unsigned or untrusted. | | [Protect against Direct Memory Access (DMA) attacks](#protect-against-direct-memory-access-dma-attacks) | Configure settings to protect against DMA attacks. | >[!NOTE] >Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them. -### Enable Windows Defender Antivirus Scanning +### Enable Microsoft Defender Antivirus Scanning -Protecting authorized removable storage with Windows Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) or scheduling scans and configuring removable drives for scans. +Protecting authorized removable storage with Microsoft Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) or scheduling scans and configuring removable drives for scans. -- If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted, so that Windows Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. +- If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted, so that Microsoft Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. - If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning setting (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. >[!NOTE] ->We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Windows Defender Antivirus** > **Real-time monitoring**. +>We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Microsoft Defender Antivirus** > **Real-time monitoring**. @@ -324,7 +324,7 @@ For example, using either approach, you can automatically have the Microsoft Def ## Related topics -- [Configure real-time protection for Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) +- [Configure real-time protection for Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) - [Defender/AllowFullScanRemovableDriveScanning](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning) - [Policy/DeviceInstallation CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) - [Perform a custom scan of a removable device](https://aka.ms/scanusb) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 572d4cf705..cd87c58db6 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -159,11 +159,11 @@ Advertisements shown to you must: #### Consumer opinion -Microsoft maintains a worldwide network of analysts and intelligence systems where you can [submit software for analysis](https://www.microsoft.com/wdsi/filesubmission). Your participation helps Microsoft identify new malware quickly. After analysis, Microsoft creates Security intelligence for software that meets the described criteria. This Security intelligence identifies the software as malware and are available to all users through Windows Defender Antivirus and other Microsoft antimalware solutions. +Microsoft maintains a worldwide network of analysts and intelligence systems where you can [submit software for analysis](https://www.microsoft.com/wdsi/filesubmission). Your participation helps Microsoft identify new malware quickly. After analysis, Microsoft creates Security intelligence for software that meets the described criteria. This Security intelligence identifies the software as malware and are available to all users through Microsoft Defender Antivirus and other Microsoft antimalware solutions. ## Potentially unwanted application (PUA) -Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This protection helps deliver more productive, performant, and delightful Windows experiences. For instruction on how to enable PUA protection in Chromium-based Microsoft Edge and Windows Defender Antivirus, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md). +Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This protection helps deliver more productive, performant, and delightful Windows experiences. For instruction on how to enable PUA protection in Chromium-based Microsoft Edge and Microsoft Defender Antivirus, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md). *PUAs are not considered malware.* diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md index 3e680879b5..c6973ab9e1 100644 --- a/windows/security/threat-protection/intelligence/developer-faq.md +++ b/windows/security/threat-protection/intelligence/developer-faq.md @@ -43,8 +43,8 @@ It contains instructions to offer a program classified as unwanted software. You ## Why is the Windows Firewall blocking my program? -This is not related to Windows Defender Antivirus and other Microsoft antimalware. You can find out more about Windows Firewall from the Microsoft Developer Network. +This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. You can find out more about Windows Firewall from the Microsoft Developer Network. ## Why does the Windows Defender SmartScreen say my program is not commonly downloaded? -This is not related to Windows Defender Antivirus and other Microsoft antimalware. You can find out more from the SmartScreen website. +This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. You can find out more from the SmartScreen website. diff --git a/windows/security/threat-protection/intelligence/developer-resources.md b/windows/security/threat-protection/intelligence/developer-resources.md index 35aec2bd9c..5ba0f2ca57 100644 --- a/windows/security/threat-protection/intelligence/developer-resources.md +++ b/windows/security/threat-protection/intelligence/developer-resources.md @@ -40,4 +40,4 @@ Find more guidance about the file submission and detection dispute process in ou ### Scan your software -Use [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) to check your software against the latest Security intelligence and cloud protection from Microsoft. +Use [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) to check your software against the latest Security intelligence and cloud protection from Microsoft. diff --git a/windows/security/threat-protection/intelligence/malware-naming.md b/windows/security/threat-protection/intelligence/malware-naming.md index 2a52b19798..001d356c59 100644 --- a/windows/security/threat-protection/intelligence/malware-naming.md +++ b/windows/security/threat-protection/intelligence/malware-naming.md @@ -1,7 +1,7 @@ --- title: Malware names ms.reviewer: -description: Understand the malware naming convention used by Windows Defender Antivirus and other Microsoft antimalware. +description: Understand the malware naming convention used by Microsoft Defender Antivirus and other Microsoft antimalware. keywords: security, malware, names, Microsoft, MMPC, Microsoft Malware Protection Center, WDSI, malware name, malware prefix, malware type, virus name ms.prod: w10 ms.mktglfcycl: secure diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index f6b12d45e0..96e45bc39b 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -34,7 +34,7 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from - Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download. -- This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection). +- This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Microsoft Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection). ## System requirements @@ -53,7 +53,7 @@ For more information about the Safety Scanner, see the support article on [how t ## Related resources - [Troubleshooting Safety Scanner](https://support.microsoft.com/help/2520970/how-to-troubleshoot-an-error-when-you-run-the-microsoft-safety-scanner) -- [Windows Defender Antivirus](https://www.microsoft.com/windows/comprehensive-security) +- [Microsoft Defender Antivirus](https://www.microsoft.com/windows/comprehensive-security) - [Microsoft Security Essentials](https://support.microsoft.com/help/14210/security-essentials-download) - [Removing difficult threats](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware) - [Submit file for malware analysis](https://www.microsoft.com/wdsi/filesubmission) diff --git a/windows/security/threat-protection/intelligence/support-scams.md b/windows/security/threat-protection/intelligence/support-scams.md index 35942059ca..c0e7cb2b6d 100644 --- a/windows/security/threat-protection/intelligence/support-scams.md +++ b/windows/security/threat-protection/intelligence/support-scams.md @@ -45,13 +45,13 @@ It is also important to keep the following in mind: * Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites. -* Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware. +* Enable [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware. ## What to do if information has been given to a tech support person * Uninstall applications that scammers asked to be install. If access has been granted, consider resetting the device -* Run a full scan with Windows Defender Antivirus to remove any malware. Apply all security updates as soon as they are available. +* Run a full scan with Microsoft Defender Antivirus to remove any malware. Apply all security updates as soon as they are available. * Change passwords. diff --git a/windows/security/threat-protection/intelligence/trojans-malware.md b/windows/security/threat-protection/intelligence/trojans-malware.md index c9f64fecd6..1540b6ce82 100644 --- a/windows/security/threat-protection/intelligence/trojans-malware.md +++ b/windows/security/threat-protection/intelligence/trojans-malware.md @@ -40,7 +40,7 @@ Trojans can come in many different varieties, but generally they do the followin Use the following free Microsoft software to detect and remove it: -- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) for Windows 10 and Windows 8.1, or [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for previous versions of Windows. +- [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) for Windows 10 and Windows 8.1, or [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for previous versions of Windows. - [Microsoft Safety Scanner](safety-scanner-download.md) diff --git a/windows/security/threat-protection/intelligence/unwanted-software.md b/windows/security/threat-protection/intelligence/unwanted-software.md index fdf1e1e4bf..5f32b3d9f4 100644 --- a/windows/security/threat-protection/intelligence/unwanted-software.md +++ b/windows/security/threat-protection/intelligence/unwanted-software.md @@ -43,7 +43,7 @@ To prevent unwanted software infection, download software only from official web Use [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) when browsing the internet. Microsoft Edge includes additional protections that effectively block browser modifiers that can change your browser settings. Microsoft Edge also blocks known websites hosting unwanted software using [Windows Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/index) (also used by Internet Explorer). -Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. +Enable [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista. diff --git a/windows/security/threat-protection/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md index 6b392dcc81..6627acc90b 100644 --- a/windows/security/threat-protection/intelligence/worms-malware.md +++ b/windows/security/threat-protection/intelligence/worms-malware.md @@ -44,7 +44,7 @@ This image shows how a worm can quickly spread through a shared USB drive. ## How to protect against worms -Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. +Enable [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index c372c8f63a..1261d7fa01 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -59,7 +59,7 @@ For tenants created on or after Windows 10, version 1809 the automated investiga Blocking is only available if your organization fulfills these requirements: -- Uses Windows Defender Antivirus as the active antimalware solution and, +- Uses Microsoft Defender Antivirus as the active antimalware solution and, - The cloud-based protection feature is enabled This feature enables you to block potentially malicious files in your network. Blocking a file will prevent it from being read, written, or executed on machines in your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md index 8956d5c3a9..b5b530d85f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md @@ -25,7 +25,7 @@ ms.topic: article >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The miscellaneous device events or `DeviceEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. +The miscellaneous device events or `DeviceEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Microsoft Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index 99bd62562e..8aa65eadc9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -46,7 +46,7 @@ Table and column names are also listed within the Microsoft Defender Security Ce | **[DeviceRegistryEvents](advanced-hunting-deviceregistryevents-table.md)** | Creation and modification of registry entries | | **[DeviceLogonEvents](advanced-hunting-devicelogonevents-table.md)** | Sign-ins and other authentication events | | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events | -| **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection | +| **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Microsoft Defender Antivirus and exploit protection | | **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints | | **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products | | **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available | diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index a039772386..7f13a487ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -58,7 +58,7 @@ Informational
      (Grey) | Alerts that might not be considered harmful to the n #### Understanding alert severity -Windows Defender Antivirus (Windows Defender AV) and Microsoft Defender ATP alert severities are different because they represent different scopes. +Microsoft Defender Antivirus (Windows Defender AV) and Microsoft Defender ATP alert severities are different because they represent different scopes. The Windows Defender AV threat severity represents the absolute severity of the detected threat (malware), and is assigned based on the potential risk to the individual machine, if infected. @@ -118,7 +118,7 @@ You can choose between showing alerts that are assigned to you or automation. Select the source that triggered the alert detection. Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts-managed hunting service. >[!NOTE] ->The Windows Defender Antivirus filter will only appear if machines are using Windows Defender Antivirus as the default real-time protection antimalware product. +>The Microsoft Defender Antivirus filter will only appear if machines are using Microsoft Defender Antivirus as the default real-time protection antimalware product. ### OS platform diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index 8441d9b8c8..a04fe5d589 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -35,7 +35,7 @@ The action center consists of two main tabs: **Pending actions** and **History** - Remediation actions that were taken as a result of an automated investigation - Remediation actions that were approved by your security operations team (some actions, such as sending a file to quarantine, can be undone) - Commands that were run and remediation actions that were applied in Live Response sessions (some actions can be undone) - - Remediation actions that were applied by Windows Defender Antivirus (some actions can be undone) + - Remediation actions that were applied by Microsoft Defender Antivirus (some actions can be undone) Use the **Customize columns** menu to select columns that you'd like to show or hide. diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index c7c5359ec2..505ae0ac16 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -54,7 +54,7 @@ The following image shows an example of an alert that was triggered by behaviora - **Feedback-loop blocking** (also referred to as rapid protection) Threat detections that are assumed to be false negatives are observed through behavioral intelligence. Threats are stopped and prevented from running on other endpoints. (Feedback-loop blocking is enabled by default.) -- **[Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md)** Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Windows Defender Antivirus is not the primary antivirus solution. (EDR in block mode, currently in preview, is not enabled by default; you turn it on in the Microsoft Defender Security Center.) +- **[Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md)** Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Microsoft Defender Antivirus is not the primary antivirus solution. (EDR in block mode, currently in preview, is not enabled by default; you turn it on in the Microsoft Defender Security Center.) Expect more to come in the area of behavioral blocking and containment, as Microsoft continues to improve threat protection features and capabilities. To see what's planned and rolling out now, visit the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap). diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md index a91141c30b..00d7f60d42 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md @@ -33,7 +33,7 @@ Before you can deploy and track compliance to security baselines: - [Ensure you have the necessary permissions](configure-machines.md#obtain-required-permissions) ## Compare the Microsoft Defender ATP and the Windows Intune security baselines -The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure machines running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Windows Defender Antivirus. In contrast, the Microsoft Defender ATP baseline provides settings that optimize all the security controls in the Microsoft Defender ATP stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see: +The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure machines running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Microsoft Defender Antivirus. In contrast, the Microsoft Defender ATP baseline provides settings that optimize all the security controls in the Microsoft Defender ATP stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see: - [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows) - [Microsoft Defender ATP baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 90ad7896eb..67be1117db 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -117,7 +117,7 @@ United Kingdom | ```uk.vortex-win.data.microsoft.com```
      ```uk-v20.events.dat United States | ```us.vortex-win.data.microsoft.com```
      ```ussus1eastprod.blob.core.windows.net```
      ```ussus1westprod.blob.core.windows.net```
      ```ussus2eastprod.blob.core.windows.net```
      ```ussus2westprod.blob.core.windows.net```
      ```ussus3eastprod.blob.core.windows.net```
      ```ussus3westprod.blob.core.windows.net```
      ```ussus4eastprod.blob.core.windows.net```
      ```ussus4westprod.blob.core.windows.net```
      ```us-v20.events.data.microsoft.com```
      ```winatp-gw-cus.microsoft.com```
      ```winatp-gw-eus.microsoft.com```
      ```wsus1eastprod.blob.core.windows.net```
      ```wsus1westprod.blob.core.windows.net```
      ```wsus2eastprod.blob.core.windows.net```
      ```wsus2westprod.blob.core.windows.net```
      ```automatedirstrprdcus.blob.core.windows.net```
      ```automatedirstrprdeus.blob.core.windows.net``` > [!NOTE] -> If you are using Windows Defender Antivirus in your environment, please refer to the following article for details on allowing connections to the Windows Defender Antivirus cloud service: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus +> If you are using Microsoft Defender Antivirus in your environment, please refer to the following article for details on allowing connections to the Microsoft Defender Antivirus cloud service: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index cc9b6af753..8b9cc201f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -172,7 +172,7 @@ Support for Windows Server, provide deeper insight into activities happening on ```sc.exe query Windefend``` - If the result is 'The specified service does not exist as an installed service', then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). + If the result is 'The specified service does not exist as an installed service', then you'll need to install Windows Defender AV. For more information, see [Microsoft Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). ## Integration with Azure Security Center diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index e5fa9cb4bc..ef8db41cf1 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -61,7 +61,7 @@ Windows 10 mitigations that you can configure are listed in the following two ta | **Credential Guard**
      helps keep attackers
      from gaining access through
      Pass-the-Hash or
      Pass-the-Ticket attacks | Credential Guard uses virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.
      Credential Guard is included in Windows 10 Enterprise and Windows Server 2016.

      **More information**: [Protect derived domain credentials with Credential Guard](/windows/access-protection/credential-guard/credential-guard) | | **Enterprise certificate pinning**
      helps prevent
      man-in-the-middle attacks
      that leverage PKI | Enterprise certificate pinning enables you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates. With enterprise certificate pinning, you can "pin" (associate) an X.509 certificate and its public key to its Certification Authority, either root or leaf.

      **More information**: [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning) | | **Device Guard**
      helps keep a device
      from running malware or
      other untrusted apps | Device Guard includes a Code Integrity policy that you create; a whitelist of trusted apps—the only apps allowed to run in your organization. Device Guard also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI), which leverages virtualization-based security (VBS) to protect Windows' kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain access to the kernel.
      Device Guard is included in Windows 10 Enterprise and Windows Server 2016.

      **More information**: [Introduction to Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) | -| **Windows Defender Antivirus**,
      which helps keep devices
      free of viruses and other
      malware | Windows 10 includes Windows Defender Antivirus, a robust inbox antimalware solution. Windows Defender Antivirus has been significantly improved since it was introduced in Windows 8.

      **More information**: [Windows Defender Antivirus](#windows-defender-antivirus), later in this topic | +| **Microsoft Defender Antivirus**,
      which helps keep devices
      free of viruses and other
      malware | Windows 10 includes Microsoft Defender Antivirus, a robust inbox antimalware solution. Microsoft Defender Antivirus has been significantly improved since it was introduced in Windows 8.

      **More information**: [Microsoft Defender Antivirus](#windows-defender-antivirus), later in this topic | | **Blocking of untrusted fonts**
      helps prevent fonts
      from being used in
      elevation-of-privilege attacks | Block Untrusted Fonts is a setting that allows you to prevent users from loading fonts that are "untrusted" onto your network, which can mitigate elevation-of-privilege attacks associated with the parsing of font files. However, as of Windows 10, version 1703, this mitigation is less important, because font parsing is isolated in an [AppContainer sandbox](https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation) (for a list describing this and other kernel pool protections, see [Kernel pool protections](#kernel-pool-protections), later in this topic).

      **More information**: [Block untrusted fonts in an enterprise](/windows/threat-protection/block-untrusted-fonts-in-enterprise) | | **Memory protections**
      help prevent malware
      from using memory manipulation
      techniques such as buffer
      overruns | These mitigations, listed in [Table 2](#table-2), help to protect against memory-based attacks, where malware or other code manipulates memory to gain control of a system (for example, malware that attempts to use buffer overruns to inject malicious executable code into memory. Note:
      A subset of apps will not be able to run if some of these mitigations are set to their most restrictive settings. Testing can help you maximize protection while still allowing these apps to run.

      **More information**: [Table 2](#table-2), later in this topic | | **UEFI Secure Boot**
      helps protect
      the platform from
      boot kits and rootkits | Unified Extensible Firmware Interface (UEFI) Secure Boot is a security standard for firmware built in to PCs by manufacturers beginning with Windows 8. It helps to protect the boot process and firmware against tampering, such as from a physically present attacker or from forms of malware that run early in the boot process or in kernel after startup.

      **More information**: [UEFI and Secure Boot](/windows/device-security/bitlocker/bitlocker-countermeasures#uefi-and-secure-boot) | @@ -88,19 +88,19 @@ For Windows 10, Microsoft improved SmartScreen (now called Windows Defender Sma For more information, see [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md). -### Windows Defender Antivirus +### Microsoft Defender Antivirus -Windows Defender Antivirus in Windows 10 uses a multi-pronged approach to improve antimalware: +Microsoft Defender Antivirus in Windows 10 uses a multi-pronged approach to improve antimalware: - **Cloud-delivered protection** helps detect and block new malware within seconds, even if the malware has never been seen before. The service, available as of Windows 10, version 1703, uses distributed resources and machine learning to deliver protection to endpoints at a rate that is far faster than traditional signature updates. -- **Rich local context** improves how malware is identified. Windows 10 informs Windows Defender Antivirus not only about content like files and processes but also where the content came from, where it has been stored, and more. The information about source and history enables Windows Defender Antivirus to apply different levels of scrutiny to different content. +- **Rich local context** improves how malware is identified. Windows 10 informs Microsoft Defender Antivirus not only about content like files and processes but also where the content came from, where it has been stored, and more. The information about source and history enables Microsoft Defender Antivirus to apply different levels of scrutiny to different content. -- **Extensive global sensors** help keep Windows Defender Antivirus current and aware of even the newest malware. This is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data. +- **Extensive global sensors** help keep Microsoft Defender Antivirus current and aware of even the newest malware. This is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data. -- **Tamper proofing** helps guard Windows Defender Antivirus itself against malware attacks. For example, Windows Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Windows Defender Antivirus components, its registry keys, and so on. ([Protected Processes](#protected-processes) is described later in this topic.) +- **Tamper proofing** helps guard Microsoft Defender Antivirus itself against malware attacks. For example, Microsoft Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Microsoft Defender Antivirus components, its registry keys, and so on. ([Protected Processes](#protected-processes) is described later in this topic.) -- **Enterprise-level features** give IT pros the tools and configuration options necessary to make Windows Defender Antivirus an enterprise-class antimalware solution. +- **Enterprise-level features** give IT pros the tools and configuration options necessary to make Microsoft Defender Antivirus an enterprise-class antimalware solution. diff --git a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md b/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md index 017b3050a2..387aca9327 100644 --- a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md +++ b/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md @@ -20,7 +20,7 @@ ms.author: dansimp On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as [WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt), appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install [MS17-010](https://technet.microsoft.com/library/security/ms17-010.aspx) if they have not already done so. -Microsoft antimalware diagnostic data immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Windows Defender Antivirus](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware. +Microsoft antimalware diagnostic data immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Microsoft Defender Antivirus](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware. In this blog, we provide an early analysis of the end-to-end ransomware attack. Please note this threat is still under investigation. The attack is still active, and there is a possibility that the attacker will attempt to react to our detection response. @@ -189,7 +189,7 @@ We recommend customers that have not yet installed the security update [MS17-010 - Disable SMBv1 with the steps documented at [Microsoft Knowledge Base Article 2696547](https://support.microsoft.com/kb/2696547) and as [recommended previously](https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/) - Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445 -[Windows Defender Antivirus](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-in-windows-10) detects this threat as [Ransom:Win32/WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt) as of the *1.243.297.0* update. Windows Defender Antivirus uses cloud-based protection, helping to protect you from the latest threats. +[Microsoft Defender Antivirus](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-in-windows-10) detects this threat as [Ransom:Win32/WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt) as of the *1.243.297.0* update. Microsoft Defender Antivirus uses cloud-based protection, helping to protect you from the latest threats. For enterprises, use [Device Guard](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide) to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running. From dd11d5503112f1c07e8f0161e977bcd509fe7f52 Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 26 May 2020 16:29:15 -0700 Subject: [PATCH 10/99] Update wd-app-guard-overview.md --- .../wd-app-guard-overview.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index 390bee5992..0ab4ff9f5c 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -1,6 +1,6 @@ --- -title: Windows Defender Application Guard (Windows 10) -description: Learn about Windows Defender Application Guard and how it helps to combat malicious content and malware out on the Internet. +title: Microsoft Defender Application Guard (Windows 10) +description: Learn about Microsoft Defender Application Guard and how it helps to combat malicious content and malware out on the Internet. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,11 +14,11 @@ manager: dansimp ms.custom: asr --- -# Windows Defender Application Guard overview +# Microsoft Defender Application Guard overview **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. +Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. ## What is Application Guard and how does it work? @@ -44,8 +44,8 @@ Application Guard has been created to target several types of systems: |Article |Description | |------|------------| -|[System requirements for Windows Defender Application Guard](reqs-wd-app-guard.md) |Specifies the prerequisites necessary to install and use Application Guard.| -|[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.| -|[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.| -|[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.| -|[Frequently asked questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| \ No newline at end of file +|[System requirements for Microsoft Defender Application Guard](reqs-wd-app-guard.md) |Specifies the prerequisites necessary to install and use Application Guard.| +|[Prepare and install Microsoft Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.| +|[Configure the Group Policy settings for Microsoft Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.| +|[Testing scenarios using Microsoft Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.| +|[Frequently asked questions - Microsoft Defender Application Guard](faq-wd-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| From 41015ecb4bb721a9549647dd664d4975c6770bb1 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Wed, 27 May 2020 14:27:55 -0700 Subject: [PATCH 11/99] Changed windows- to microsoft-defender-antivirus Updated file path instances of windows-defender-antivirus to microsoft-defender-antivirus. --- windows/privacy/gdpr-win10-whitepaper.md | 2 +- .../privacy/manage-windows-1809-endpoints.md | 2 +- windows/security/threat-protection/TOC.md | 138 +++++++++--------- .../control-usb-devices-using-intune.md | 8 +- windows/security/threat-protection/index.md | 12 +- .../intelligence/criteria.md | 2 +- .../intelligence/developer-resources.md | 2 +- .../intelligence/support-scams.md | 2 +- .../intelligence/trojans-malware.md | 2 +- .../intelligence/unwanted-software.md | 2 +- .../intelligence/worms-malware.md | 2 +- .../attack-surface-reduction-faq.md | 4 +- .../attack-surface-reduction.md | 6 +- .../behavioral-blocking-containment.md | 2 +- .../client-behavioral-blocking.md | 4 +- .../configure-endpoints-non-windows.md | 2 +- .../configure-proxy-internet.md | 2 +- .../configure-server-endpoints.md | 2 +- .../controlled-folders.md | 2 +- .../customize-attack-surface-reduction.md | 2 +- .../customize-controlled-folders.md | 2 +- .../defender-compatibility.md | 4 +- .../edr-in-block-mode.md | 6 +- .../enable-attack-surface-reduction.md | 4 +- .../enable-controlled-folders.md | 2 +- .../microsoft-defender-atp/evaluate-atp.md | 2 +- .../microsoft-defender-atp/evaluation-lab.md | 8 +- .../event-error-codes.md | 6 +- .../feedback-loop-blocking.md | 4 +- ...iew-of-threat-mitigations-in-windows-10.md | 4 +- 30 files changed, 121 insertions(+), 121 deletions(-) diff --git a/windows/privacy/gdpr-win10-whitepaper.md b/windows/privacy/gdpr-win10-whitepaper.md index ce2c263dfe..71f256d128 100644 --- a/windows/privacy/gdpr-win10-whitepaper.md +++ b/windows/privacy/gdpr-win10-whitepaper.md @@ -314,7 +314,7 @@ Azure Information Protection also helps your users share sensitive data in a sec - **Windows Hello for Business:** https://www.youtube.com/watch?v=WOvoXQdj-9E and https://docs.microsoft.com/windows/access-protection/hello-for-business/hello-identity-verification -- **Microsoft Defender Antivirus:** https://www.youtube.com/watch?v=P1aNEy09NaI and https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10 +- **Microsoft Defender Antivirus:** https://www.youtube.com/watch?v=P1aNEy09NaI and https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10 - **Windows Defender Advanced Threat Protection:** https://www.youtube.com/watch?v=qxeGa3pxIwg and https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index 789a9029a6..e29d853c05 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -398,7 +398,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o ## Windows Defender The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Microsoft Defender Antivirus cloud service connections, see [Allow connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service). +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Microsoft Defender Antivirus cloud service connections, see [Allow connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud-service). | Source process | Protocol | Destination | |----------------|----------|------------| diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index a826a942a7..1174911e42 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -96,105 +96,105 @@ ### [Next-generation protection]() -#### [Next-generation protection overview](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -#### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md) +#### [Next-generation protection overview](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) +#### [Evaluate next-generation protection](microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md) #### [Configure next-generation protection]() -##### [Configure Microsoft Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) +##### [Configure Microsoft Defender Antivirus features](microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) -##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) -###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) -###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) -###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) -###### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md) -###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) -###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md) +##### [Utilize Microsoft cloud-delivered protection](microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) +###### [Enable cloud-delivered protection](microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) +###### [Specify the cloud-delivered protection level](microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md) +###### [Configure and validate network connections](microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md) +###### [Prevent security settings changes with tamper protection](microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md) +###### [Enable Block at first sight](microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md) +###### [Configure the cloud block timeout period](microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) ##### [Configure behavioral, heuristic, and real-time protection]() -###### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) -###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) -###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) +###### [Configuration overview](microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md) +###### [Detect and block Potentially Unwanted Applications](microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) +###### [Enable and configure always-on protection and monitoring](microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) -##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md) +##### [Antivirus on Windows Server 2016](microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md) ##### [Antivirus compatibility]() -###### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md) -###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md) +###### [Compatibility charts](microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md) +###### [Use limited periodic antivirus scanning](microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md) ##### [Deploy, manage updates, and report on antivirus]() -###### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) -###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md) -####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md) +###### [Preparing to deploy](microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md) +###### [Deploy and enable antivirus](microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md) +####### [Deployment guide for VDI environments](microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md) ###### [Report on antivirus protection]() -####### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) -####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md) +####### [Review protection status and alerts](microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md) +####### [Troubleshoot antivirus reporting in Update Compliance](microsoft-defender-antivirus/troubleshoot-reporting.md) ###### [Manage updates and apply baselines]() -####### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) -####### [Manage protection and security intelligence updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) -####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) -####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) -####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) -####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md) +####### [Learn about the different kinds of updates](microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md) +####### [Manage protection and security intelligence updates](microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md) +####### [Manage when protection updates should be downloaded and applied](microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md) +####### [Manage updates for endpoints that are out of date](microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md) +####### [Manage event-based forced updates](microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md) +####### [Manage updates for mobile devices and VMs](microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) ##### [Customize, initiate, and review the results of scans and remediation]() -###### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) +###### [Configuration overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md) ###### [Configure and validate exclusions in antivirus scans]() -####### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) -####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) +####### [Exclusions overview](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) +####### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) +####### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) +####### [Configure antivirus exclusions Windows Server 2016](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) -###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) -###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) -###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) -###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) -###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) +###### [Configure scanning antivirus options](microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md) +###### [Configure remediation for scans](microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md) +###### [Configure scheduled scans](microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md) +###### [Configure and run scans](microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md) +###### [Review scan results](microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md) +###### [Run and review the results of an offline scan](microsoft-defender-antivirus/windows-defender-offline.md) -##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) +##### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) ##### [Manage antivirus in your business]() -###### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) -###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) -###### [Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) -###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) -###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) -###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) +###### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md) +###### [Use Group Policy settings to configure and manage antivirus](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) +###### [Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage antivirus](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) +###### [Use PowerShell cmdlets to configure and manage antivirus](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) +###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) +###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) ##### [Manage scans and remediation]() -###### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) +###### [Management overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md) ###### [Configure and validate exclusions in antivirus scans]() -####### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) -####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) +####### [Exclusions overview](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) +####### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) +####### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) +####### [Configure antivirus exclusions on Windows Server 2016](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) -###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) +###### [Configure scanning options](microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md) -##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) -###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) -###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) -###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) -###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) -###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) +##### [Configure remediation for scans](microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md) +###### [Configure remediation for scans](microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md) +###### [Configure scheduled scans](microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md) +###### [Configure and run scans](microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md) +###### [Review scan results](microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md) +###### [Run and review the results of an offline scan](microsoft-defender-antivirus/windows-defender-offline.md) +###### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) ##### [Manage next-generation protection in your business]() -###### [Handle false positives/negatives in Microsoft Defender Antivirus](windows-defender-antivirus/antivirus-false-positives-negatives.md) -###### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) -###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) -###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) -###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) -###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) -###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) +###### [Handle false positives/negatives in Microsoft Defender Antivirus](microsoft-defender-antivirus/antivirus-false-positives-negatives.md) +###### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md) +###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) +###### [Use Group Policy settings to manage next generation protection](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) +###### [Use PowerShell cmdlets to manage next generation protection](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) +###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) +###### [Use the mpcmdrun.exe command line tool to manage next generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) -#### [Better together: Microsoft Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md) -#### [Better together: Microsoft Defender Antivirus and Office 365](windows-defender-antivirus/office-365-windows-defender-antivirus.md) +#### [Better together: Microsoft Defender Antivirus and Microsoft Defender ATP](microsoft-defender-antivirus/why-use-microsoft-antivirus.md) +#### [Better together: Microsoft Defender Antivirus and Office 365](microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md) ### [Microsoft Defender Advanced Threat Protection for Mac]() @@ -284,7 +284,7 @@ ###### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation) ###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session) ###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines) -###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) +###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-microsoft-defender-antivirus-scan-on-machines) ###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution) ###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network) ###### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert) @@ -632,7 +632,7 @@ ##### [Network protection](microsoft-defender-atp/troubleshoot-np.md) ##### [Attack surface reduction rules](microsoft-defender-atp/troubleshoot-asr.md) -#### [Troubleshoot next-generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) +#### [Troubleshoot next-generation protection](microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 0a3d417425..70ee1607f8 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -226,7 +226,7 @@ For more information about controlling USB devices, see the [Microsoft Defender | Control | Description | |----------|-------------| -| [Enable Microsoft Defender Antivirus Scanning](#enable-windows-defender-antivirus-scanning) | Enable Microsoft Defender Antivirus scanning for real-time protection or scheduled scans.| +| [Enable Microsoft Defender Antivirus Scanning](#enable-microsoft-defender-antivirus-scanning) | Enable Microsoft Defender Antivirus scanning for real-time protection or scheduled scans.| | [Block untrusted and unsigned processes on USB peripherals](#block-untrusted-and-unsigned-processes-on-usb-peripherals) | Block USB files that are unsigned or untrusted. | | [Protect against Direct Memory Access (DMA) attacks](#protect-against-direct-memory-access-dma-attacks) | Configure settings to protect against DMA attacks. | @@ -235,7 +235,7 @@ For more information about controlling USB devices, see the [Microsoft Defender ### Enable Microsoft Defender Antivirus Scanning -Protecting authorized removable storage with Microsoft Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) or scheduling scans and configuring removable drives for scans. +Protecting authorized removable storage with Microsoft Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) or scheduling scans and configuring removable drives for scans. - If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted, so that Microsoft Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. - If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning setting (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. @@ -255,7 +255,7 @@ This can be done by setting **Untrusted and unsigned processes that run from USB With this rule, admins can prevent or audit unsigned or untrusted executable files from running from USB removable drives, including SD cards. Affected file types include executable files (such as .exe, .dll, or .scr) and script files such as a PowerShell (.ps), VisualBasic (.vbs), or JavaScript (.js) files. -These settings require [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). +These settings require [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). 1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). 2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. @@ -324,7 +324,7 @@ For example, using either approach, you can automatically have the Microsoft Def ## Related topics -- [Configure real-time protection for Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) +- [Configure real-time protection for Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) - [Defender/AllowFullScanRemovableDriveScanning](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning) - [Policy/DeviceInstallation CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) - [Perform a custom scan of a removable device](https://aka.ms/scanusb) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 71fca8b044..7a0b4059d1 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -77,14 +77,14 @@ The attack surface reduction set of capabilities provide the first line of defen -**[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**
      +**[Next generation protection](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)**
      To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats. -- [Behavior monitoring](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) -- [Cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus) -- [Machine learning](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) -- [URL Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus) -- [Automated sandbox service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) +- [Behavior monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) +- [Cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus) +- [Machine learning](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus) +- [URL Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus) +- [Automated sandbox service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index cd87c58db6..311c43f82b 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -163,7 +163,7 @@ Microsoft maintains a worldwide network of analysts and intelligence systems whe ## Potentially unwanted application (PUA) -Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This protection helps deliver more productive, performant, and delightful Windows experiences. For instruction on how to enable PUA protection in Chromium-based Microsoft Edge and Microsoft Defender Antivirus, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md). +Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This protection helps deliver more productive, performant, and delightful Windows experiences. For instruction on how to enable PUA protection in Chromium-based Microsoft Edge and Microsoft Defender Antivirus, see [Detect and block potentially unwanted applications](../microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md). *PUAs are not considered malware.* diff --git a/windows/security/threat-protection/intelligence/developer-resources.md b/windows/security/threat-protection/intelligence/developer-resources.md index 5ba0f2ca57..b413cea906 100644 --- a/windows/security/threat-protection/intelligence/developer-resources.md +++ b/windows/security/threat-protection/intelligence/developer-resources.md @@ -40,4 +40,4 @@ Find more guidance about the file submission and detection dispute process in ou ### Scan your software -Use [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) to check your software against the latest Security intelligence and cloud protection from Microsoft. +Use [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) to check your software against the latest Security intelligence and cloud protection from Microsoft. diff --git a/windows/security/threat-protection/intelligence/support-scams.md b/windows/security/threat-protection/intelligence/support-scams.md index c0e7cb2b6d..8544b43d61 100644 --- a/windows/security/threat-protection/intelligence/support-scams.md +++ b/windows/security/threat-protection/intelligence/support-scams.md @@ -45,7 +45,7 @@ It is also important to keep the following in mind: * Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites. -* Enable [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware. +* Enable [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware. ## What to do if information has been given to a tech support person diff --git a/windows/security/threat-protection/intelligence/trojans-malware.md b/windows/security/threat-protection/intelligence/trojans-malware.md index 1540b6ce82..2ed753b049 100644 --- a/windows/security/threat-protection/intelligence/trojans-malware.md +++ b/windows/security/threat-protection/intelligence/trojans-malware.md @@ -40,7 +40,7 @@ Trojans can come in many different varieties, but generally they do the followin Use the following free Microsoft software to detect and remove it: -- [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) for Windows 10 and Windows 8.1, or [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for previous versions of Windows. +- [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) for Windows 10 and Windows 8.1, or [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for previous versions of Windows. - [Microsoft Safety Scanner](safety-scanner-download.md) diff --git a/windows/security/threat-protection/intelligence/unwanted-software.md b/windows/security/threat-protection/intelligence/unwanted-software.md index 5f32b3d9f4..ab2471f894 100644 --- a/windows/security/threat-protection/intelligence/unwanted-software.md +++ b/windows/security/threat-protection/intelligence/unwanted-software.md @@ -43,7 +43,7 @@ To prevent unwanted software infection, download software only from official web Use [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) when browsing the internet. Microsoft Edge includes additional protections that effectively block browser modifiers that can change your browser settings. Microsoft Edge also blocks known websites hosting unwanted software using [Windows Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/index) (also used by Internet Explorer). -Enable [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. +Enable [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista. diff --git a/windows/security/threat-protection/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md index 6627acc90b..04c8f8280f 100644 --- a/windows/security/threat-protection/intelligence/worms-malware.md +++ b/windows/security/threat-protection/intelligence/worms-malware.md @@ -44,7 +44,7 @@ This image shows how a worm can quickly spread through a shared USB drive. ## How to protect against worms -Enable [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. +Enable [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista. diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md index 03366d39ad..ffa10fbfc2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md @@ -83,7 +83,7 @@ From within Microsoft Defender ATP, you can update your defenses with custom ind ## Does ASR support file or folder exclusions that include system variables and wildcards in the path? -Yes. See [Excluding files and folders from ASR rules](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for more details on excluding files or folders from ASR rules, and [Configure and validate exclusions based on file extension and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) for more on using system variables and wildcards in excluded file paths. +Yes. See [Excluding files and folders from ASR rules](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for more details on excluding files or folders from ASR rules, and [Configure and validate exclusions based on file extension and folder location](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) for more on using system variables and wildcards in excluded file paths. ## Do ASR rules cover all applications by default? @@ -131,4 +131,4 @@ Enabling this rule will not provide additional protection if you have [LSA prote * [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) * [Customize attack surface reduction rules](customize-attack-surface-reduction.md) * [Enable attack surface reduction rules](enable-attack-surface-reduction.md) -* [Compatibility of Microsoft Defender with other antivirus/antimalware](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md) +* [Compatibility of Microsoft Defender with other antivirus/antimalware](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 0ca49f4b35..89b074632e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -251,7 +251,7 @@ This rule blocks the following file types from launching unless they meet preval Launching untrusted or unknown executable files can be risky, as it may not be initially clear if the files are malicious. > [!IMPORTANT] -> You must [enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) to use this rule.

      The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. +> You must [enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) to use this rule.

      The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. > >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. @@ -272,7 +272,7 @@ GUID: `01443614-cd74-433a-b99e-2ecdc07bfc25` This rule provides an extra layer of protection against ransomware. It scans executable files entering the system to determine whether they're trustworthy. If the files closely resemble ransomware, this rule blocks them from running, unless they're in a trusted list or an exclusion list. > [!NOTE] -> You must [enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) to use this rule. +> You must [enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) to use this rule. This rule was introduced in: - [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) @@ -405,4 +405,4 @@ GUID: `e6db77e5-3df2-4cf1-b95a-636979351e5b` - [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) -- [Compatibility of Microsoft Defender with other antivirus/antimalware](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md) +- [Compatibility of Microsoft Defender with other antivirus/antimalware](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index ab28c95485..3d719200bc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -34,7 +34,7 @@ Behavioral blocking and containment capabilities can help identify and stop thre Behavioral blocking and containment capabilities work with multiple components and features of Microsoft Defender ATP to stop attacks immediately and prevent attacks from progressing. -- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) (which includes Microsoft Defender Antivirus) can detect threats by analyzing behaviors, and stop threats that have started running. +- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) (which includes Microsoft Defender Antivirus) can detect threats by analyzing behaviors, and stop threats that have started running. - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) receives security signals across your network, devices, and kernel behavior. As threats are detected, alerts are created. Multiple alerts of the same type are aggregated into incidents, which makes it easier for your security operations team to investigate and respond. diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md index 317b858f36..19fabebbdf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md @@ -34,7 +34,7 @@ Antivirus protection works best when paired with cloud protection. ## How client behavioral blocking works -[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device. +[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device. Whenever a suspicious behavior is detected, an [alert](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/alerts-queue) is generated, and is visible in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). @@ -77,7 +77,7 @@ If your organization is using Microsoft Defender ATP, client behavioral blocking - [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction) -- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) (antivirus) +- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features) (antivirus) ## Related articles diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md index dec845f1d0..c0fa094c89 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md @@ -35,7 +35,7 @@ You'll need to know the exact Linux distros and macOS versions that are compatib You'll need to take the following steps to onboard non-Windows machines: 1. Select your preferred method of onboarding: - - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac). + - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-atp-mac). - For other non-Windows devices choose **Onboard non-Windows machines through third-party integration**. 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 67be1117db..c910870e7e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -117,7 +117,7 @@ United Kingdom | ```uk.vortex-win.data.microsoft.com```
      ```uk-v20.events.dat United States | ```us.vortex-win.data.microsoft.com```
      ```ussus1eastprod.blob.core.windows.net```
      ```ussus1westprod.blob.core.windows.net```
      ```ussus2eastprod.blob.core.windows.net```
      ```ussus2westprod.blob.core.windows.net```
      ```ussus3eastprod.blob.core.windows.net```
      ```ussus3westprod.blob.core.windows.net```
      ```ussus4eastprod.blob.core.windows.net```
      ```ussus4westprod.blob.core.windows.net```
      ```us-v20.events.data.microsoft.com```
      ```winatp-gw-cus.microsoft.com```
      ```winatp-gw-eus.microsoft.com```
      ```wsus1eastprod.blob.core.windows.net```
      ```wsus1westprod.blob.core.windows.net```
      ```wsus2eastprod.blob.core.windows.net```
      ```wsus2westprod.blob.core.windows.net```
      ```automatedirstrprdcus.blob.core.windows.net```
      ```automatedirstrprdeus.blob.core.windows.net``` > [!NOTE] -> If you are using Microsoft Defender Antivirus in your environment, please refer to the following article for details on allowing connections to the Microsoft Defender Antivirus cloud service: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus +> If you are using Microsoft Defender Antivirus in your environment, please refer to the following article for details on allowing connections to the Microsoft Defender Antivirus cloud service: https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 8b9cc201f2..6893fc8c8d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -172,7 +172,7 @@ Support for Windows Server, provide deeper insight into activities happening on ```sc.exe query Windefend``` - If the result is 'The specified service does not exist as an installed service', then you'll need to install Windows Defender AV. For more information, see [Microsoft Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). + If the result is 'The specified service does not exist as an installed service', then you'll need to install Windows Defender AV. For more information, see [Microsoft Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). ## Integration with Azure Security Center diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 9cb8182798..ea4effb1e0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -45,7 +45,7 @@ Controlled folder access is supported on Windows 10, version 1709 and later and ## Requirements -Controlled folder access requires enabling [Windows Defender Antivirus real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md). +Controlled folder access requires enabling [Windows Defender Antivirus real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md). ## Review controlled folder access events in the Microsoft Defender ATP Security Center diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md index 9540fd0ce6..e8f5b64506 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md @@ -48,7 +48,7 @@ An exclusion applies to all rules that allow exclusions. You can specify an indi An exclusion is applied only when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. -Attack surface reduction supports environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). +Attack surface reduction supports environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode to test the rule](evaluate-attack-surface-reduction.md). Rule description | GUID diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 3216d16b87..7e0514fe13 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -43,7 +43,7 @@ You can add additional folders to be protected, but you cannot remove the defaul Adding other folders to controlled folder access can be useful, for example, if you don't store files in the default Windows libraries or you've changed the location of the libraries away from the defaults. -You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). +You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). You can use the Windows Security app or Group Policy to add and remove additional protected folders. diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md index a8b1269d9c..0b0cb9c6e9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md @@ -35,7 +35,7 @@ The Microsoft Defender Advanced Threat Protection agent depends on Windows Defen >[!IMPORTANT] >Microsoft Defender ATP does not adhere to the Windows Defender Antivirus Exclusions settings. -You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). +You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). If an onboarded machine is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode. @@ -43,4 +43,4 @@ Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe The Windows Defender Antivirus interface will be disabled, and users on the machine will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options. -For more information, see the [Windows Defender Antivirus and Microsoft Defender ATP compatibility topic](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). +For more information, see the [Windows Defender Antivirus and Microsoft Defender ATP compatibility topic](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index 942f37ced7..9e7e21cbc4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -61,7 +61,7 @@ The following image shows an instance of unwanted software that was detected and |Permissions |Global Administrator or Security Administrator role assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions). | |Operating system |One of the following versions:
      - Windows 10 (all releases)
      - Windows Server 2016 or later | |Windows E5 enrollment |Windows E5 is included in the following subscriptions:
      - Microsoft 365 E5
      - Microsoft 365 E3 together with the Identity & Threat Protection offering

      See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). | -|Cloud-delivered protection |Make sure Windows Defender Antivirus is configured such that cloud-delivered protection is enabled.

      See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus). | +|Cloud-delivered protection |Make sure Windows Defender Antivirus is configured such that cloud-delivered protection is enabled.

      See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus). | |Windows Defender Antivirus antimalware client |Make sure your client is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator.
      In the **AMProductVersion** line, you should see **4.18.2001.10** or above. | |Windows Defender Antivirus engine |Make sure your engine is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator.
      In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. | @@ -73,7 +73,7 @@ The following image shows an instance of unwanted software that was detected and ### Will EDR in block mode have any impact on a user's antivirus protection? -No. EDR in block mode does not affect third-party antivirus protection running on users' machines. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Windows Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected. +No. EDR in block mode does not affect third-party antivirus protection running on users' machines. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Windows Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected. ### Why do I need to keep Windows Defender Antivirus up to date? @@ -87,5 +87,5 @@ Cloud protection is needed to turn on the feature on the device. Cloud protectio [Behavioral blocking and containment](behavioral-blocking-containment.md) -[Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus) +[Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index e31b0b4fc7..f84a754dc2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -57,7 +57,7 @@ You can exclude files and folders from being evaluated by most attack surface re You can specify individual files or folders (using folder paths or fully qualified resource names), but you can't specify which rules the exclusions apply to. An exclusion is applied only when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. -ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). +ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). The following procedures for enabling ASR rules include instructions for how to exclude files and folders. @@ -191,4 +191,4 @@ Value: c:\path|e:\path|c:\Whitelisted.exe * [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction.md) * [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md) * [Attack surface reduction FAQ](attack-surface-reduction.md) -* [Enable cloud-delivered protection](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) +* [Enable cloud-delivered protection](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md index f78270d508..6de4052539 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md @@ -41,7 +41,7 @@ Group Policy settings that disable local administrator list merging will overrid * Windows Defender Antivirus **Configure local administrator merge behavior for lists** * System Center Endpoint Protection **Allow users to add exclusions and overrides** -For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged). +For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged). ## Windows Security app diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md index d548e9bede..e43a347c09 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md @@ -41,7 +41,7 @@ These capabilities help prevent attacks and exploitations from infecting your or Next gen protections help detect and block the latest threats. -- [Evaluate antivirus](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md) +- [Evaluate antivirus](../microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md) ## See Also diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md index 83b638059c..cc246ab066 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md @@ -107,16 +107,16 @@ The machine will automatically be onboarded to your tenant with the recommended The following security components are pre-configured in the test machines: - [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) -- [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) +- [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) - [Controlled Folder Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard) - [Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection) - [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard) -- [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus) -- [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) +- [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) +- [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus) - [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview) >[!NOTE] -> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). +> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). Automated investigation settings will be dependent on tenant settings. It will be configured to be semi-automated by default. For more information, see [Overview of Automated investigations](automated-investigations.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md index 2fe02c746b..9b0abb7d1d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md +++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md @@ -157,7 +157,7 @@ The service could not contact the external processing servers at that URL. 17 Microsoft Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable. An error occurred with the Windows telemetry service. -Ensure the diagnostic data service is enabled.
      +Ensure the diagnostic data service is enabled.
      Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      See Onboard Windows 10 machines. @@ -208,7 +208,7 @@ Ensure real-time antimalware protection is running properly. 28 Microsoft Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: variable. An error occurred with the Windows telemetry service. -Ensure the diagnostic data service is enabled.
      +Ensure the diagnostic data service is enabled.
      Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      See Onboard Windows 10 machines. @@ -249,7 +249,7 @@ If the identifier does not persist, the same machine might appear twice in the p 34 Microsoft Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: variable. An error occurred with the Windows telemetry service. -Ensure the diagnostic data service is enabled.
      +Ensure the diagnostic data service is enabled.
      Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      See Onboard Windows 10 machines. diff --git a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md index d4be39d220..7f62a2a426 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md @@ -30,7 +30,7 @@ Feedback-loop blocking, also referred to as rapid protection, is a component of ## How feedback-loop blocking works -When a suspicious behavior or file is detected, such as by [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10), information about that artifact is sent to multiple classifiers. The rapid protection loop engine inspects and correlates the information with other signals to arrive at a decision as to whether to block a file. Checking and classifying artifacts happens quickly. It results in rapid blocking of confirmed malware, and drives protection across the entire ecosystem. +When a suspicious behavior or file is detected, such as by [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10), information about that artifact is sent to multiple classifiers. The rapid protection loop engine inspects and correlates the information with other signals to arrive at a decision as to whether to block a file. Checking and classifying artifacts happens quickly. It results in rapid blocking of confirmed malware, and drives protection across the entire ecosystem. With rapid protection in place, an attack can be stopped on a device, other devices in the organization, and devices in other organizations, as an attack attempts to broaden its foothold. @@ -47,7 +47,7 @@ If your organization is using Microsoft Defender ATP, feedback-loop blocking is - [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction) -- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) (antivirus) +- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features) (antivirus) ## Related articles diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index ef8db41cf1..6356278506 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -61,7 +61,7 @@ Windows 10 mitigations that you can configure are listed in the following two ta | **Credential Guard**
      helps keep attackers
      from gaining access through
      Pass-the-Hash or
      Pass-the-Ticket attacks | Credential Guard uses virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.
      Credential Guard is included in Windows 10 Enterprise and Windows Server 2016.

      **More information**: [Protect derived domain credentials with Credential Guard](/windows/access-protection/credential-guard/credential-guard) | | **Enterprise certificate pinning**
      helps prevent
      man-in-the-middle attacks
      that leverage PKI | Enterprise certificate pinning enables you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates. With enterprise certificate pinning, you can "pin" (associate) an X.509 certificate and its public key to its Certification Authority, either root or leaf.

      **More information**: [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning) | | **Device Guard**
      helps keep a device
      from running malware or
      other untrusted apps | Device Guard includes a Code Integrity policy that you create; a whitelist of trusted apps—the only apps allowed to run in your organization. Device Guard also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI), which leverages virtualization-based security (VBS) to protect Windows' kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain access to the kernel.
      Device Guard is included in Windows 10 Enterprise and Windows Server 2016.

      **More information**: [Introduction to Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) | -| **Microsoft Defender Antivirus**,
      which helps keep devices
      free of viruses and other
      malware | Windows 10 includes Microsoft Defender Antivirus, a robust inbox antimalware solution. Microsoft Defender Antivirus has been significantly improved since it was introduced in Windows 8.

      **More information**: [Microsoft Defender Antivirus](#windows-defender-antivirus), later in this topic | +| **Microsoft Defender Antivirus**,
      which helps keep devices
      free of viruses and other
      malware | Windows 10 includes Microsoft Defender Antivirus, a robust inbox antimalware solution. Microsoft Defender Antivirus has been significantly improved since it was introduced in Windows 8.

      **More information**: [Microsoft Defender Antivirus](#microsoft-defender-antivirus), later in this topic | | **Blocking of untrusted fonts**
      helps prevent fonts
      from being used in
      elevation-of-privilege attacks | Block Untrusted Fonts is a setting that allows you to prevent users from loading fonts that are "untrusted" onto your network, which can mitigate elevation-of-privilege attacks associated with the parsing of font files. However, as of Windows 10, version 1703, this mitigation is less important, because font parsing is isolated in an [AppContainer sandbox](https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation) (for a list describing this and other kernel pool protections, see [Kernel pool protections](#kernel-pool-protections), later in this topic).

      **More information**: [Block untrusted fonts in an enterprise](/windows/threat-protection/block-untrusted-fonts-in-enterprise) | | **Memory protections**
      help prevent malware
      from using memory manipulation
      techniques such as buffer
      overruns | These mitigations, listed in [Table 2](#table-2), help to protect against memory-based attacks, where malware or other code manipulates memory to gain control of a system (for example, malware that attempts to use buffer overruns to inject malicious executable code into memory. Note:
      A subset of apps will not be able to run if some of these mitigations are set to their most restrictive settings. Testing can help you maximize protection while still allowing these apps to run.

      **More information**: [Table 2](#table-2), later in this topic | | **UEFI Secure Boot**
      helps protect
      the platform from
      boot kits and rootkits | Unified Extensible Firmware Interface (UEFI) Secure Boot is a security standard for firmware built in to PCs by manufacturers beginning with Windows 8. It helps to protect the boot process and firmware against tampering, such as from a physically present attacker or from forms of malware that run early in the boot process or in kernel after startup.

      **More information**: [UEFI and Secure Boot](/windows/device-security/bitlocker/bitlocker-countermeasures#uefi-and-secure-boot) | @@ -104,7 +104,7 @@ Microsoft Defender Antivirus in Windows 10 uses a multi-pronged approach to impr -For more information, see [Windows Defender in Windows 10](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) and [Windows Defender Overview for Windows Server](https://docs.microsoft.com/windows-server/security/windows-defender/windows-defender-overview-windows-server). +For more information, see [Windows Defender in Windows 10](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) and [Windows Defender Overview for Windows Server](https://docs.microsoft.com/windows-server/security/windows-defender/windows-defender-overview-windows-server). For information about Microsoft Defender Advanced Threat Protection, a service that helps enterprises to detect, investigate, and respond to advanced and targeted attacks on their networks, see [Microsoft Defender Advanced Threat Protection (ATP)](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (resources) and [Microsoft Defender Advanced Threat Protection (ATP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) (documentation). From aafc43ece6c10ff75bb8e1d5bf60bcad85626d5a Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Wed, 27 May 2020 14:44:54 -0700 Subject: [PATCH 12/99] Changed windows- to microsoft-defender-antivirus Updated file path instances of windows-defender-antivirus to microsoft-defender-antivirus. --- .../fix-unhealthy-sensors.md | 2 +- .../microsoft-defender-atp/mac-exclusions.md | 2 +- .../mac-install-manually.md | 10 +- .../mac-install-with-intune.md | 30 ++-- .../mac-install-with-jamf.md | 28 ++-- .../mac-support-kext.md | 4 +- .../mac-support-perf.md | 2 +- .../microsoft-defender-atp/mac-updates.md | 2 +- .../manage-indicators.md | 4 +- ...oft-defender-advanced-threat-protection.md | 2 +- .../minimum-requirements.md | 6 +- .../network-protection.md | 2 +- .../microsoft-defender-atp/oldTOC.txt | 128 +++++++++--------- .../onboard-downlevel.md | 2 +- .../microsoft-defender-atp/onboard.md | 2 +- .../microsoft-defender-atp/onboarding.md | 2 +- .../prepare-deployment.md | 2 +- .../production-deployment.md | 2 +- .../respond-file-alerts.md | 4 +- .../respond-machine-alerts.md | 2 +- .../troubleshoot-asr.md | 4 +- .../troubleshoot-mdatp.md | 2 +- .../microsoft-defender-atp/troubleshoot-np.md | 6 +- .../troubleshoot-onboarding.md | 4 +- .../whats-new-in-microsoft-defender-atp.md | 14 +- ...microsoft-defender-smartscreen-overview.md | 2 +- .../antivirus-false-positives-negatives.md | 4 +- ...ne-arguments-windows-defender-antivirus.md | 4 +- ...nt-reference-windows-defender-antivirus.md | 10 +- ...d-scan-types-windows-defender-antivirus.md | 14 +- 30 files changed, 151 insertions(+), 151 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md index d34f5a6332..3eec586760 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md +++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md @@ -82,7 +82,7 @@ Follow theses actions to correct known issues related to a misconfigured machine - [Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostics-service-is-enabled)
      If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint. -- [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
      +- [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy)
      If your machines are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled. If you took corrective actions and the machine status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409). diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 7e0983fb5f..c5927c9a88 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -56,7 +56,7 @@ For more information on how to configure exclusions from JAMF, Intune, or anothe Open the Microsoft Defender ATP application and navigate to **Manage settings** > **Add or Remove Exclusion...**, as shown in the following screenshot: -![Manage exclusions screenshot](../windows-defender-antivirus/images/mdatp-37-exclusions.png) +![Manage exclusions screenshot](../microsoft-defender-antivirus/images/mdatp-37-exclusions.png) Select the type of exclusion that you wish to add and follow the prompts. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md index f1928bc4d1..ebaa93dac7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md @@ -51,20 +51,20 @@ To complete this process, you must have admin privileges on the machine. 1. Navigate to the downloaded wdav.pkg in Finder and open it. - ![App install screenshot](../windows-defender-antivirus/images/MDATP-28-AppInstall.png) + ![App install screenshot](../microsoft-defender-antivirus/images/MDATP-28-AppInstall.png) 2. Select **Continue**, agree with the License terms, and enter the password when prompted. - ![App install screenshot](../windows-defender-antivirus/images/MDATP-29-AppInstallLogin.png) + ![App install screenshot](../microsoft-defender-antivirus/images/MDATP-29-AppInstallLogin.png) > [!IMPORTANT] > You will be prompted to allow a driver from Microsoft to be installed (either "System Extension Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. - ![App install screenshot](../windows-defender-antivirus/images/MDATP-30-SystemExtension.png) + ![App install screenshot](../microsoft-defender-antivirus/images/MDATP-30-SystemExtension.png) 3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: - ![Security and privacy window screenshot](../windows-defender-antivirus/images/MDATP-31-SecurityPrivacySettings.png) + ![Security and privacy window screenshot](../microsoft-defender-antivirus/images/MDATP-31-SecurityPrivacySettings.png) The installation proceeds. @@ -100,7 +100,7 @@ The installation proceeds. After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. - ![Microsoft Defender icon in status bar screenshot](../windows-defender-antivirus/images/MDATP-Icon-Bar.png) + ![Microsoft Defender icon in status bar screenshot](../microsoft-defender-antivirus/images/MDATP-Icon-Bar.png) ## How to Allow Full Disk Access diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index 08235662b7..cf50d3ac04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -63,7 +63,7 @@ Download the installation and onboarding packages from Microsoft Defender Securi 4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory. 5. Download **IntuneAppUtil** from [https://docs.microsoft.com/intune/lob-apps-macos](https://docs.microsoft.com/intune/lob-apps-macos). - ![Microsoft Defender Security Center screenshot](../windows-defender-antivirus/images/MDATP-2-DownloadPackages.png) + ![Microsoft Defender Security Center screenshot](../microsoft-defender-antivirus/images/MDATP-2-DownloadPackages.png) 6. From a command prompt, verify that you have the three files. Extract the contents of the .zip files: @@ -110,11 +110,11 @@ You do not need any special provisioning for a Mac device beyond a standard [Com 1. Confirm device management. -![Confirm device management screenshot](../windows-defender-antivirus/images/MDATP-3-ConfirmDeviceMgmt.png) +![Confirm device management screenshot](../microsoft-defender-antivirus/images/MDATP-3-ConfirmDeviceMgmt.png) Select **Open System Preferences**, locate **Management Profile** on the list, and select **Approve...**. Your Management Profile would be displayed as **Verified**: -![Management profile screenshot](../windows-defender-antivirus/images/MDATP-4-ManagementProfile.png) +![Management profile screenshot](../microsoft-defender-antivirus/images/MDATP-4-ManagementProfile.png) 2. Select **Continue** and complete the enrollment. @@ -122,7 +122,7 @@ You may now enroll more devices. You can also enroll them later, after you have 3. In Intune, open **Manage** > **Devices** > **All devices**. Here you can see your device among those listed: -![Add Devices screenshot](../windows-defender-antivirus/images/MDATP-5-allDevices.png) +![Add Devices screenshot](../microsoft-defender-antivirus/images/MDATP-5-allDevices.png) ## Create System Configuration profiles @@ -131,7 +131,7 @@ You may now enroll more devices. You can also enroll them later, after you have 3. Open the configuration profile and upload intune/kext.xml. This file was created in one of the preceding sections. 4. Select **OK**. - ![System configuration profiles screenshot](../windows-defender-antivirus/images/MDATP-6-SystemConfigurationProfiles.png) + ![System configuration profiles screenshot](../microsoft-defender-antivirus/images/MDATP-6-SystemConfigurationProfiles.png) 5. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. 6. Repeat steps 1 through 5 for more profiles. @@ -306,7 +306,7 @@ You may now enroll more devices. You can also enroll them later, after you have Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**: -![System configuration profiles screenshot](../windows-defender-antivirus/images/MDATP-7-DeviceStatusBlade.png) +![System configuration profiles screenshot](../microsoft-defender-antivirus/images/MDATP-7-DeviceStatusBlade.png) ## Publish application @@ -322,38 +322,38 @@ Once the Intune changes are propagated to the enrolled devices, you can see them > > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Defender. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Defender with *Ignore app version* set to **No**, please change it to **Yes**. If Defender still cannot be installed on a client machine, then uninstall Defender and push the updated policy. - ![Device status blade screenshot](../windows-defender-antivirus/images/MDATP-8-IntuneAppInfo.png) + ![Device status blade screenshot](../microsoft-defender-antivirus/images/MDATP-8-IntuneAppInfo.png) 7. Select **OK** and **Add**. - ![Device status blade screenshot](../windows-defender-antivirus/images/MDATP-9-IntunePkgInfo.png) + ![Device status blade screenshot](../microsoft-defender-antivirus/images/MDATP-9-IntunePkgInfo.png) 8. It may take a few moments to upload the package. After it's done, select the package from the list and go to **Assignments** and **Add group**. - ![Client apps screenshot](../windows-defender-antivirus/images/MDATP-10-ClientApps.png) + ![Client apps screenshot](../microsoft-defender-antivirus/images/MDATP-10-ClientApps.png) 9. Change **Assignment type** to **Required**. 10. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. - ![Intune assignments info screenshot](../windows-defender-antivirus/images/MDATP-11-Assignments.png) + ![Intune assignments info screenshot](../microsoft-defender-antivirus/images/MDATP-11-Assignments.png) 11. After some time the application will be published to all enrolled devices. You can see it listed in **Monitor** > **Device**, under **Device install status**: - ![Intune device status screenshot](../windows-defender-antivirus/images/MDATP-12-DeviceInstall.png) + ![Intune device status screenshot](../microsoft-defender-antivirus/images/MDATP-12-DeviceInstall.png) ## Verify client device state 1. After the configuration profiles are deployed to your devices, open **System Preferences** > **Profiles** on your Mac device. - ![System Preferences screenshot](../windows-defender-antivirus/images/MDATP-13-SystemPreferences.png)
      - ![System Preferences Profiles screenshot](../windows-defender-antivirus/images/MDATP-14-SystemPreferencesProfiles.png) + ![System Preferences screenshot](../microsoft-defender-antivirus/images/MDATP-13-SystemPreferences.png)
      + ![System Preferences Profiles screenshot](../microsoft-defender-antivirus/images/MDATP-14-SystemPreferencesProfiles.png) 2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that were added in Intune: - ![Profiles screenshot](../windows-defender-antivirus/images/MDATP-15-ManagementProfileConfig.png) + ![Profiles screenshot](../microsoft-defender-antivirus/images/MDATP-15-ManagementProfileConfig.png) 3. You should also see the Microsoft Defender icon in the top-right corner: - ![Microsoft Defender icon in status bar screenshot](../windows-defender-antivirus/images/MDATP-Icon-Bar.png) + ![Microsoft Defender icon in status bar screenshot](../microsoft-defender-antivirus/images/MDATP-Icon-Bar.png) ## Troubleshooting diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index da29d3b4a2..32d0727488 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -65,7 +65,7 @@ Download the installation and onboarding packages from Microsoft Defender Securi 4. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory. 5. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory. - ![Microsoft Defender Security Center screenshot](../windows-defender-antivirus/images/jamf-onboarding.png) + ![Microsoft Defender Security Center screenshot](../microsoft-defender-antivirus/images/jamf-onboarding.png) 6. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so: @@ -108,7 +108,7 @@ To approve the kernel extension: 1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. 2. Use **UBF8T346G9** for Team Id. - ![Approved kernel extensions screenshot](../windows-defender-antivirus/images/MDATP-17-approvedKernelExtensions.png) + ![Approved kernel extensions screenshot](../microsoft-defender-antivirus/images/MDATP-17-approvedKernelExtensions.png) ### Privacy Preferences Policy Control @@ -124,7 +124,7 @@ Add the following JAMF policy to grant Full Disk Access to Microsoft Defender AT 3. Set Code Requirement to `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`. 4. Set app or service to SystemPolicyAllFiles and access to Allow. - ![Privacy Preferences Policy Control](../windows-defender-antivirus/images/MDATP-35-JAMF-PrivacyPreferences.png) + ![Privacy Preferences Policy Control](../microsoft-defender-antivirus/images/MDATP-35-JAMF-PrivacyPreferences.png) #### Configuration Profile's Scope @@ -132,7 +132,7 @@ Configure the appropriate scope to specify the devices that will receive the con Open **Computers** > **Configuration Profiles**, and select **Scope > Targets**. From there, select the devices you want to target. -![Configuration profile scope screenshot](../windows-defender-antivirus/images/MDATP-18-ConfigurationProfilesScope.png) +![Configuration profile scope screenshot](../microsoft-defender-antivirus/images/MDATP-18-ConfigurationProfilesScope.png) Save the **Configuration Profile**. @@ -152,7 +152,7 @@ Starting in macOS 10.15 (Catalina) a user must manually allow to display notific 1. Create a package in **Settings > Computer Management > Packages**. - ![Computer management packages screenshot](../windows-defender-antivirus/images/MDATP-19-MicrosoftDefenderWDAVPKG.png) + ![Computer management packages screenshot](../microsoft-defender-antivirus/images/MDATP-19-MicrosoftDefenderWDAVPKG.png) 2. Upload the package to the Distribution Point. 3. In the **filename** field, enter the name of the package. For example, _wdav.pkg_. @@ -161,7 +161,7 @@ Starting in macOS 10.15 (Catalina) a user must manually allow to display notific Your policy should contain a single package for Microsoft Defender. -![Microsoft Defender packages screenshot](../windows-defender-antivirus/images/MDATP-20-MicrosoftDefenderPackages.png) +![Microsoft Defender packages screenshot](../microsoft-defender-antivirus/images/MDATP-20-MicrosoftDefenderPackages.png) Configure the appropriate scope to specify the computers that will receive this policy. @@ -176,12 +176,12 @@ You'll need no special provisioning for a macOS computer, beyond the standard JA - Open **Device Profiles**, from the **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's currently set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. - ![MDM approve button screenshot](../windows-defender-antivirus/images/MDATP-21-MDMProfile1.png)
      - ![MDM screenshot](../windows-defender-antivirus/images/MDATP-22-MDMProfileApproved.png) + ![MDM approve button screenshot](../microsoft-defender-antivirus/images/MDATP-21-MDMProfile1.png)
      + ![MDM screenshot](../microsoft-defender-antivirus/images/MDATP-22-MDMProfileApproved.png) After a moment, the device's User Approved MDM status will change to **Yes**. - ![MDM status screenshot](../windows-defender-antivirus/images/MDATP-23-MDMStatus.png) + ![MDM status screenshot](../microsoft-defender-antivirus/images/MDATP-23-MDMStatus.png) You may now enroll additional devices. You may also enroll them later, after you have finished provisioning system configuration and application packages. @@ -196,17 +196,17 @@ You can monitor deployment status in the **Logs** tab: - **Pending** means that the deployment is scheduled but has not yet happened - **Completed** means that the deployment succeeded and is no longer scheduled -![Status on server screenshot](../windows-defender-antivirus/images/MDATP-24-StatusOnServer.png) +![Status on server screenshot](../microsoft-defender-antivirus/images/MDATP-24-StatusOnServer.png) ### Status on client device After the Configuration Profile is deployed, you'll see the profile for the device in **System Preferences** > **Profiles >**. -![Status on client screenshot](../windows-defender-antivirus/images/MDATP-25-StatusOnClient.png) +![Status on client screenshot](../microsoft-defender-antivirus/images/MDATP-25-StatusOnClient.png) Once the policy is applied, you'll see the Microsoft Defender ATP icon in the macOS status bar in the top-right corner. -![Microsoft Defender icon in status bar screenshot](../windows-defender-antivirus/images/MDATP-Icon-Bar.png) +![Microsoft Defender icon in status bar screenshot](../microsoft-defender-antivirus/images/MDATP-Icon-Bar.png) You can monitor policy installation on a device by following the JAMF log file: @@ -279,12 +279,12 @@ This script removes Microsoft Defender ATP from the /Applications directory: echo "Done!" ``` -![Microsoft Defender uninstall screenshot](../windows-defender-antivirus/images/MDATP-26-Uninstall.png) +![Microsoft Defender uninstall screenshot](../microsoft-defender-antivirus/images/MDATP-26-Uninstall.png) ### Policy Your policy should contain a single script: -![Microsoft Defender uninstall script screenshot](../windows-defender-antivirus/images/MDATP-27-UninstallScript.png) +![Microsoft Defender uninstall script screenshot](../microsoft-defender-antivirus/images/MDATP-27-UninstallScript.png) Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index bbf4825f45..04021812ac 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -29,7 +29,7 @@ Starting with macOS High Sierra (10.13), macOS requires all kernel extensions to If you did not approve the kernel extension during the deployment / installation of Microsoft Defender ATP for Mac, then the application displays a banner prompting you to enable it: - ![RTP disabled screenshot](../windows-defender-antivirus/images/MDATP-32-Main-App-Fix.png) + ![RTP disabled screenshot](../microsoft-defender-antivirus/images/MDATP-32-Main-App-Fix.png) You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This is an indication that the kernel extension is not approved to run on your device. @@ -56,7 +56,7 @@ If less than 30 minutes have passed since the product was installed, navigate to If you don't see this prompt, it means that 30 or more minutes have passed, and the kernel extension still not been approved to run on your device: -![Security and privacy window after prompt expired screenshot](../windows-defender-antivirus/images/MDATP-33-SecurityPrivacySettings-NoPrompt.png) +![Security and privacy window after prompt expired screenshot](../microsoft-defender-antivirus/images/MDATP-33-SecurityPrivacySettings-NoPrompt.png) In this case, you need to perform the following steps to trigger the approval flow again. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md index 3d1a203e82..fccc1b4442 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md @@ -37,7 +37,7 @@ The following steps can be used to troubleshoot and mitigate these issues: - From the user interface. Open Microsoft Defender ATP for Mac and navigate to **Manage settings**. - ![Manage real-time protection screenshot](../windows-defender-antivirus/images/mdatp-36-rtp.png) + ![Manage real-time protection screenshot](../microsoft-defender-antivirus/images/mdatp-36-rtp.png) - From the Terminal. For security purposes, this operation requires elevation. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md index 33e4268575..782c6a98e7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md @@ -27,7 +27,7 @@ Microsoft regularly publishes software updates to improve performance, security, To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually. -![MAU screenshot](../windows-defender-antivirus/images/MDATP-34-MAU.png) +![MAU screenshot](../microsoft-defender-antivirus/images/MDATP-34-MAU.png) If you decide to deploy updates by using your software distribution tools, you should configure MAU to manually check for software updates. You can deploy preferences to configure how and when MAU checks for updates for the Macs in your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md index 6c323a4a7a..09feceaf02 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md @@ -70,7 +70,7 @@ There are two ways you can create indicators for files: ### Before you begin It's important to understand the following prerequisites prior to creating indicators for files: -- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). +- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). - The Antimalware client version must be 4.18.1901.x or later. - Supported on machines on Windows 10, version 1703 or later. - To start blocking files, you first need to [turn the **Block or allow** feature on](advanced-features.md) in Settings. @@ -160,7 +160,7 @@ You can create indicators for certificates. Some common use cases include: It's important to understand the following requirements prior to creating indicators for certificates: -- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). +- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). - The Antimalware client version must be 4.18.1901.x or later. - Supported on machines on Windows 10, version 1703 or later. - The virus and threat protection definitions must be up-to-date. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md index 8f19799fd0..eb5b02f1ac 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md @@ -87,7 +87,7 @@ The attack surface reduction set of capabilities provide the first line of defen -**[Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)**
      +**[Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)**
      To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats. diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index baef5fe6ab..7f650aa265 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -168,7 +168,7 @@ Before you onboard machines, the diagnostic data service must be enabled. The se ## Windows Defender Antivirus configuration requirement The Microsoft Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. -You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). +You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). When Windows Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Microsoft Defender ATP must be excluded from this group policy. @@ -178,12 +178,12 @@ If you are onboarding servers and Windows Defender Antivirus is not the active a > Your regular group policy doesn't apply to Tamper Protection, and changes to Windows Defender Antivirus settings will be ignored when Tamper Protection is on. -For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). +For more information, see [Windows Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). ## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Microsoft Defender ATP agent will successfully onboard. -If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy). +If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy). ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 26080c90cd..961e519e70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -48,7 +48,7 @@ Network protection requires Windows 10 Pro, Enterprise E3, E5 and Windows Defend Windows 10 version | Windows Defender Antivirus -|- -Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled +Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled ## Review network protection events in the Microsoft Defender ATP Security Center diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt index 51d5efdc49..ff04ebfe3c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt +++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt @@ -34,7 +34,7 @@ #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md) -### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) +### [Next generation protection](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) ### [Endpoint detection and response]() @@ -72,7 +72,7 @@ ###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation) ###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session) ###### [Collect investigation package from machines](respond-machine-alerts.md#collect-investigation-package-from-machines) -###### [Run Windows Defender Antivirus scan on machines](respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) +###### [Run Windows Defender Antivirus scan on machines](respond-machine-alerts.md#run-microsoft-defender-antivirus-scan-on-machines) ###### [Restrict app execution](respond-machine-alerts.md#restrict-app-execution) ###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) ###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center) @@ -158,7 +158,7 @@ ###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md) ###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) ###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) -##### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md) +##### [Evaluate next generation protection](../microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md) ### [Access the Microsoft Defender Security Center Community Center](community.md) @@ -204,95 +204,95 @@ ### [Configure next generation protection]() -#### [Configure Windows Defender Antivirus features](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) +#### [Configure Windows Defender Antivirus features](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) #### [Utilize Microsoft cloud-delivered protection]() -##### [Understand cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) -##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) -##### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) -##### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) -##### [Enable Block at first sight](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) -##### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md) +##### [Understand cloud-delivered protection](../microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) +##### [Enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) +##### [Specify the cloud-delivered protection level](../microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md) +##### [Configure and validate network connections](../microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md) +##### [Enable Block at first sight](../microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md) +##### [Configure the cloud block timeout period](../microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) #### [Configure behavioral, heuristic, and real-time protection]() -##### [Configuration overview](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) -##### [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) -##### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) +##### [Configuration overview](../microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md) +##### [Detect and block potentially unwanted applications](../microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) +##### [Enable and configure always-on protection and monitoring](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) -#### [Antivirus on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md) +#### [Antivirus on Windows Server 2016](../microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md) #### [Antivirus compatibility]() -##### [Compatibility charts](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md) -##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md) +##### [Compatibility charts](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md) +##### [Use limited periodic antivirus scanning](../microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md) #### [Deploy, manage updates, and report on antivirus]() -##### [Using Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) +##### [Using Windows Defender Antivirus](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md) ##### [Deploy and enable antivirus]() -###### [Preparing to deploy](../windows-defender-antivirus/deploy-windows-defender-antivirus.md) -###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md) +###### [Preparing to deploy](../microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md) +###### [Deployment guide for VDI environments](../microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md) ##### [Report on antivirus protection]() -###### [Review protection status and aqlerts](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) -###### [Troubleshoot antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md) +###### [Review protection status and aqlerts](../microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md) +###### [Troubleshoot antivirus reporting in Update Compliance](../microsoft-defender-antivirus/troubleshoot-reporting.md) ##### [Manage updates and apply baselines]() -###### [Learn about the different kinds of updates](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) -###### [Manage protection and Security intelligence updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) -###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) -###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) -###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) -###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md) +###### [Learn about the different kinds of updates](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md) +###### [Manage protection and Security intelligence updates](../microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md) +###### [Manage when protection updates should be downloaded and applied](../microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md) +###### [Manage updates for endpoints that are out of date](../microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md) +###### [Manage event-based forced updates](../microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md) +###### [Manage updates for mobile devices and VMs](../microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) #### [Customize, initiate, and review the results of scans and remediation]() -##### [Configuration overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) +##### [Configuration overview](../microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md) ##### [Configure and validate exclusions in antivirus scans]() -###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) -###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) -###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) -###### [Configure antivirus exclusions Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) +###### [Exclusions overview](../microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) +###### [Configure and validate exclusions based on file name, extension, and folder location](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) +###### [Configure and validate exclusions for files opened by processes](../microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) +###### [Configure antivirus exclusions Windows Server 2016](../microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) -##### [Configure antivirus scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) -##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) -##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) -##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md) -##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md) +##### [Configure antivirus scanning options](../microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md) +##### [Configure remediation for scans](../microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md) +##### [Configure scheduled scans](../microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md) +##### [Configure and run scans](../microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md) +##### [Review scan results](../microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md) +##### [Run and review the results of an offline scan](../microsoft-defender-antivirus/windows-defender-offline.md) -#### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) +#### [Restore quarantined files](../microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) #### [Manage antivirus in your business]() -##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) -##### [Use Group Policy settings to configure and manage antivirus](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) -##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) -##### [Use PowerShell cmdlets to configure and manage antivirus](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) -##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) -##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) +##### [Management overview](../microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md) +##### [Use Group Policy settings to configure and manage antivirus](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) +##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) +##### [Use PowerShell cmdlets to configure and manage antivirus](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) +##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) +##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) #### [Manage scans and remediation]() -##### [Management overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) +##### [Management overview](../microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md) ##### [Configure and validate exclusions in antivirus scans]() -###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) -###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) -###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) -###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) +###### [Exclusions overview](../microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) +###### [Configure and validate exclusions based on file name, extension, and folder location](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) +###### [Configure and validate exclusions for files opened by processes](../microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) +###### [Configure antivirus exclusions on Windows Server 2016](../microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) -##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) -##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) -##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) -##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md) -##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md) -##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) +##### [Configure scanning options](../microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md) +##### [Configure remediation for scans](../microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md) +##### [Configure scheduled scans](../microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md) +##### [Configure and run scans](../microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md) +##### [Review scan results](../microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md) +##### [Run and review the results of an offline scan](../microsoft-defender-antivirus/windows-defender-offline.md) +##### [Restore quarantined files](../microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) #### [Manage next generation protection in your business]() -##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) -##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) -##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) -##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) -##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) -##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) +##### [Management overview](../microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md) +##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) +##### [Use Group Policy settings to manage next generation protection](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) +##### [Use PowerShell cmdlets to manage next generation protection](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) +##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) +##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) @@ -525,4 +525,4 @@ #### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md) -### [Troubleshoot next generation protection issues](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) +### [Troubleshoot next generation protection issues](../microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md index 5ac688bcec..0ebda42a3c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md @@ -51,7 +51,7 @@ Microsoft Defender ATP integrates with System Center Endpoint Protection to prov The following steps are required to enable this integration: - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting -- Configure your network to allow connections to the Windows Defender Antivirus cloud. For more information, see [Allow connections to the Windows Defender Antivirus cloud](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud) +- Configure your network to allow connections to the Windows Defender Antivirus cloud. For more information, see [Allow connections to the Windows Defender Antivirus cloud](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud) ## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md index c304bcfd54..37c447d3fc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md @@ -30,7 +30,7 @@ Configure and manage all the Microsoft Defender ATP capabilities to get the best Topic | Description :---|:--- [Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. -[Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats. +[Configure next generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats. [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts. [Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP. [Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index 5d98e6652f..2fb1181ee0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -234,7 +234,7 @@ Microsoft Defender Antivirus is a built-in antimalware solution that provides ne needs on how Antivirus is configured. - [Quick scan versus full scan and custom scan](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus#quick-scan-versus-full-scan-and-custom-scan) + [Quick scan versus full scan and custom scan](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus#quick-scan-versus-full-scan-and-custom-scan) For more details, see [Windows Security configuration framework](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework) diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 83b69c2140..1fbbf9a1f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -172,7 +172,7 @@ how the endpoint security suite should be enabled. |-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------| | Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
      [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 | |Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
      - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
      - Invaluable machine vulnerability context during incident investigations
      - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager
      [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 | -| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Windows Defender Antivirus includes:
      -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus.
      - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
      - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
      [Learn more](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). |3 | +| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Windows Defender Antivirus includes:
      -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus.
      - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
      - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
      [Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 | | Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats.
      [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 4 | | Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives.
      [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable | | Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed.
      [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable | diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 3e320c90a9..fc6cb7176a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -145,7 +145,7 @@ Appendix section in this document for the URLs Whitelisting or on Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). > [!NOTE] -> For a detailed list of URLs that need to be whitelisted, please see [this article](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus). +> For a detailed list of URLs that need to be whitelisted, please see [this article](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus). **Manual static proxy configuration:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 5989682e15..450ed8f449 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -62,7 +62,7 @@ You can contain an attack in your organization by stopping the malicious process > > - The machine you're taking the action on is running Windows 10, version 1703 or later > - The file does not belong to trusted third-party publishers or not signed by Microsoft -> - Windows Defender Antivirus must at least be running on Passive mode. For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). +> - Windows Defender Antivirus must at least be running on Passive mode. For more information, see [Windows Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistent data, such as any registry keys. @@ -136,7 +136,7 @@ You can prevent further propagation of an attack in your organization by banning >[!IMPORTANT] > ->- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). +>- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). > >- The Antimalware client version must be 4.18.1901.x or later. >- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md index a6b23d0ed7..35f54e8b8d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md @@ -116,7 +116,7 @@ As part of the investigation or response process, you can remotely initiate an a >[!IMPORTANT] >- This action is available for machines on Windows 10, version 1709 or later. ->- A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. Windows Defender AV can be in Passive mode. For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). +>- A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. Windows Defender AV can be in Passive mode. For more information, see [Windows Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). One you have selected **Run antivirus scan**, select the scan type that you'd like to run (quick or full) and add a comment before confirming the scan. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md index ed130a1720..b1194f4e5e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md @@ -46,9 +46,9 @@ Attack surface reduction rules will only work on devices with the following cond - Endpoints are running Windows 10 Enterprise, version 1709 (also known as the Fall Creators Update). -- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). +- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). -- [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled. +- [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled. - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md index 31804e546b..b530361305 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md @@ -42,7 +42,7 @@ See the topic [Review events and errors using Event Viewer](event-error-codes.md If onboarding machines successfully completes but Microsoft Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy. -For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy). +For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy). ## Known issues with regional formats diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index 9c2e5cfdff..9cc579f9c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -43,9 +43,9 @@ Network protection will only work on devices with the following conditions: >[!div class="checklist"] > * Endpoints are running Windows 10 Enterprise edition, version 1709 or higher (also known as the Fall Creators Update). -> * Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). -> * [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled. -> * [Cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) is enabled. +> * Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +> * [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled. +> * [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled. > * Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**). ## Use audit mode diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index 7d6e7647cc..53a20ab583 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -71,7 +71,7 @@ Event ID | Error Type | Resolution steps 5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. 10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically
      ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
      Verify that the script has been run as an administrator. 15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).

      If the machine is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again. -15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) for instructions. +15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy) for instructions. 30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location
      ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.
      The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). @@ -131,7 +131,7 @@ If the deployment tools used does not indicate an error in the onboarding proces - [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled) - [Ensure the service is set to start](#ensure-the-service-is-set-to-start) - [Ensure the machine has an Internet connection](#ensure-the-machine-has-an-internet-connection) -- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) +- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy) ### View agent onboarding errors in the machine event log diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index caa1caf419..d7ce1152c2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -63,7 +63,7 @@ For more information preview features, see [Preview features](https://docs.micro ## September 2019 -- [Tamper Protection settings using Intune](../windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#turn-tamper-protection-on-or-off-for-your-organization-using-intune)
      You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management Portal (Intune). +- [Tamper Protection settings using Intune](../microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#turn-tamper-protection-on-or-off-for-your-organization-using-intune)
      You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management Portal (Intune). - [Live response](live-response.md)
      Get instantaneous access to a machine using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats - real-time. @@ -127,10 +127,10 @@ Threat Analytics is a set of interactive reports published by the Microsoft Defe - Block Adobe Reader from creating child processes - Block Office communication application from creating child processes. -- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) +- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/). - - Windows Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security. - - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans. + - Windows Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/microsoft-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security. + - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus) for Windows Defender Antivirus scans. @@ -166,9 +166,9 @@ You can now block untrusted processes from writing to disk sectors using Control Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal. -- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
      -Windows Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). +- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
      +Windows Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). - Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus). + Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus). diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index 973fe53199..f13b6bff37 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -51,7 +51,7 @@ Microsoft Defender SmartScreen provide an early warning system against websites - **Management through Group Policy and Microsoft Intune.** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md). -- **Blocking URLs associated with potentially unwanted applications.** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md). +- **Blocking URLs associated with potentially unwanted applications.** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](../microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md). > [!IMPORTANT] > SmartScreen protects against malicious files from the internet. It does not protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares. diff --git a/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md index 9b7b2cffbf..01595e6230 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md +++ b/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md @@ -65,8 +65,8 @@ The following table summarizes exclusion types, how they're defined, and what ha |**Process** |Executable file path
      Example: `c:\test\process.exe` |The specified process and any files that are opened by that process are skipped by Windows Defender Antivirus. | To learn more, see: -- [Configure and validate exclusions based on file extension and folder location](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus) -- [Configure exclusions for files opened by processes](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus) +- [Configure and validate exclusions based on file extension and folder location](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus) +- [Configure exclusions for files opened by processes](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus) ## Related articles diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index 0483497ae8..1feb9db788 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -58,5 +58,5 @@ MpCmdRun.exe -scan -2 ## Related topics -- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md index c69288aada..8ea3ed528e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md @@ -38,8 +38,8 @@ The articles in this section provide further information, links, and resources f Article | Description ---|--- -[Manage Windows Defender Antivirus with Microsoft Intune and Microsoft Endpoint Configuration Manager](use-intune-config-manager-windows-defender-antivirus.md)|Information about using Intune and Configuration Manager to deploy, manage, report, and configure Windows Defender Antivirus -[Manage Windows Defender Antivirus with Group Policy settings](use-group-policy-windows-defender-antivirus.md)|List of all Group Policy settings located in ADMX templates -[Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-antivirus.md)|Instructions for using PowerShell cmdlets to manage Windows Defender Antivirus, plus links to documentation for all cmdlets and allowed parameters -[Manage Windows Defender Antivirus with Windows Management Instrumentation (WMI)](use-wmi-windows-defender-antivirus.md)| Instructions for using WMI to manage Windows Defender Antivirus, plus links to documentation for the WMIv2 APIs (including all classes, methods, and properties) -[Manage Windows Defender Antivirus with the mpcmdrun.exe command-line tool](command-line-arguments-windows-defender-antivirus.md)|Instructions on using the dedicated command-line tool to manage and use Windows Defender Antivirus +[Manage Windows Defender Antivirus with Microsoft Intune and Microsoft Endpoint Configuration Manager](use-intune-config-manager-microsoft-defender-antivirus.md)|Information about using Intune and Configuration Manager to deploy, manage, report, and configure Windows Defender Antivirus +[Manage Windows Defender Antivirus with Group Policy settings](use-group-policy-microsoft-defender-antivirus.md)|List of all Group Policy settings located in ADMX templates +[Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md)|Instructions for using PowerShell cmdlets to manage Windows Defender Antivirus, plus links to documentation for all cmdlets and allowed parameters +[Manage Windows Defender Antivirus with Windows Management Instrumentation (WMI)](use-wmi-microsoft-defender-antivirus.md)| Instructions for using WMI to manage Windows Defender Antivirus, plus links to documentation for the WMIv2 APIs (including all classes, methods, and properties) +[Manage Windows Defender Antivirus with the mpcmdrun.exe command-line tool](command-line-arguments-microsoft-defender-antivirus.md)|Instructions on using the dedicated command-line tool to manage and use Windows Defender Antivirus diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md index 14125ae30d..b4742f97c9 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md @@ -25,7 +25,7 @@ manager: dansimp **Use Microsoft Intune to configure scanning options** -See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details. +See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. @@ -50,7 +50,7 @@ Description | Location and setting | Default setting (if not configured) | Power Email scanning See [Email scanning limitations](#ref1)| Scan > Turn on e-mail scanning | Disabled | `-DisableEmailScanning` Scan [reparse points](https://msdn.microsoft.com/library/windows/desktop/aa365503.aspx) | Scan > Turn on reparse point scanning | Disabled | Not available Scan mapped network drives | Scan > Run full scan on mapped network drives | Disabled | `-DisableScanningMappedNetworkDrivesForFullScan` - Scan archive files (such as .zip or .rar files). The [extensions exclusion list](configure-extension-file-exclusions-windows-defender-antivirus.md) will take precedence over this setting. | Scan > Scan archive files | Enabled | `-DisableArchiveScanning` + Scan archive files (such as .zip or .rar files). The [extensions exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md) will take precedence over this setting. | Scan > Scan archive files | Enabled | `-DisableArchiveScanning` Scan files on the network | Scan > Scan network files | Disabled | `-DisableScanningNetworkFiles` Scan packed executables | Scan > Scan packed executables | Enabled | Not available Scan removable drives during full scans only | Scan > Scan removable drives | Disabled | `-DisableRemovableDriveScanning` @@ -64,7 +64,7 @@ Specify the level of subfolders within an archive folder to scan | Scan > Specif ## Use PowerShell to configure scanning options -See [Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. ## Use WMI to configure scanning options @@ -87,7 +87,7 @@ If Windows Defender Antivirus detects a threat inside an email, it will show you ## Related topics -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-windows-defender-antivirus.md) -- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) +- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) From b8ceccdee288cef7e92ab286f578b2cffc7bdf2d Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Wed, 27 May 2020 15:01:01 -0700 Subject: [PATCH 13/99] Changed windows- to microsoft-defender-antivirus Updated file path instances of windows-defender-antivirus to microsoft-defender-antivirus. --- ...-first-sight-windows-defender-antivirus.md | 12 +-- ...meout-period-windows-defender-antivirus.md | 14 +-- ...-interaction-windows-defender-antivirus.md | 6 +- ...e-exclusions-windows-defender-antivirus.md | 8 +- ...e-exclusions-windows-defender-antivirus.md | 22 ++--- ...cy-overrides-windows-defender-antivirus.md | 32 +++---- ...-connections-windows-defender-antivirus.md | 12 +-- ...otifications-windows-defender-antivirus.md | 6 +- ...e-exclusions-windows-defender-antivirus.md | 24 ++--- ...ion-features-windows-defender-antivirus.md | 6 +- ...e-protection-windows-defender-antivirus.md | 8 +- ...-remediation-windows-defender-antivirus.md | 20 ++-- ...r-exclusions-windows-defender-antivirus.md | 20 ++-- ...ure-windows-defender-antivirus-features.md | 8 +- ...ediate-scans-windows-defender-antivirus.md | 12 +-- ...anage-report-windows-defender-antivirus.md | 18 ++-- .../deploy-windows-defender-antivirus.md | 10 +- ...ployment-vdi-windows-defender-antivirus.md | 6 +- ...nwanted-apps-windows-defender-antivirus.md | 12 +-- ...d-protection-windows-defender-antivirus.md | 22 ++--- .../evaluate-windows-defender-antivirus.md | 6 +- ...dic-scanning-windows-defender-antivirus.md | 6 +- ...ased-updates-windows-defender-antivirus.md | 16 ++-- ...ed-endpoints-windows-defender-antivirus.md | 26 +++--- ...ate-schedule-windows-defender-antivirus.md | 16 ++-- ...tion-updates-windows-defender-antivirus.md | 24 ++--- ...es-baselines-windows-defender-antivirus.md | 20 ++-- ...-devices-vms-windows-defender-antivirus.md | 10 +- .../office-365-windows-defender-antivirus.md | 4 +- .../windows-defender-antivirus/oldTOC.md | 92 +++++++++---------- 30 files changed, 249 insertions(+), 249 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index d74cf4da9a..acc9c3d662 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -24,7 +24,7 @@ ms.custom: nextgen Block at first sight provides a way to detect and block new malware within seconds. This protection is enabled by default when certain prerequisite settings are also enabled. In most cases, these prerequisite settings are also enabled by default, so the feature is running without any intervention. -You can [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file. And, you can [customize the message displayed on users' desktops](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL. +You can [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) while the cloud-based protection service analyzes the file. And, you can [customize the message displayed on users' desktops](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL. >[!TIP] >Visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work. @@ -65,11 +65,11 @@ Block at first sight requires a number of settings to be configured correctly or ![Intune config](images/defender/intune-block-at-first-sight.png) > [!WARNING] - > Setting the file blocking level to **High** will apply a strong level of detection. In the unlikely event that it causes a false positive detection of legitimate files, use the option to [restore the quarantined files](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus). + > Setting the file blocking level to **High** will apply a strong level of detection. In the unlikely event that it causes a false positive detection of legitimate files, use the option to [restore the quarantined files](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus). For more information about configuring Windows Defender Antivirus device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). -For a list of Windows Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus). +For a list of Windows Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus). ### Enable block at first sight with Microsoft Endpoint Configuration Manager @@ -152,7 +152,7 @@ Block at first sight is automatically enabled as long as **Cloud-delivered prote ### Validate block at first sight is working -You can validate that the feature is working by following the steps outlined in [Validate connections between your network and the cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud). +You can validate that the feature is working by following the steps outlined in [Validate connections between your network and the cloud](configure-network-connections-microsoft-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud). ## Disable block at first sight @@ -176,5 +176,5 @@ You may choose to disable block at first sight if you want to retain the prerequ ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md index 1b9c177447..116cffdaa7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md @@ -24,13 +24,13 @@ ms.custom: nextgen - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -When Windows Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud service](utilize-microsoft-cloud-protection-windows-defender-antivirus.md). +When Windows Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud service](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). -The default period that the file will be [blocked](configure-block-at-first-sight-windows-defender-antivirus.md) is 10 seconds. You can specify an additional period of time to wait before the file is allowed to run. This can help ensure there is enough time to receive a proper determination from the Windows Defender Antivirus cloud service. +The default period that the file will be [blocked](configure-block-at-first-sight-microsoft-defender-antivirus.md) is 10 seconds. You can specify an additional period of time to wait before the file is allowed to run. This can help ensure there is enough time to receive a proper determination from the Windows Defender Antivirus cloud service. ## Prerequisites to use the extended cloud block timeout -[Block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md) and its prerequisites must be enabled before you can specify an extended timeout period. +[Block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) and its prerequisites must be enabled before you can specify an extended timeout period. ## Specify the extended timeout period @@ -48,7 +48,7 @@ You can use Group Policy to specify an extended timeout for cloud checks. ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Use next-generation antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) -- [Configure block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md) -- [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Use next-generation antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) +- [Configure block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) +- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md index 47161748b2..f748db5175 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md @@ -31,6 +31,6 @@ This includes whether they see the Windows Defender Antivirus interface, what no Topic | Description ---|--- -[Configure notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) | Configure and customize additional notifications, customized text for notifications, and notifications about reboots for remediation -[Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-windows-defender-antivirus.md) | Hide the user interface from users -[Prevent users from locally modifying policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) | Prevent (or allow) users from overriding policy settings on their individual endpoints +[Configure notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) | Configure and customize additional notifications, customized text for notifications, and notifications about reboots for remediation +[Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) | Hide the user interface from users +[Prevent users from locally modifying policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) | Prevent (or allow) users from overriding policy settings on their individual endpoints diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md index e0805ca3fb..635d677a14 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md @@ -23,15 +23,15 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can exclude certain files, folders, processes, and process-opened files from Windows Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection. +You can exclude certain files, folders, processes, and process-opened files from Windows Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection. >[!WARNING] >Defining exclusions lowers the protection offered by Windows Defender Antivirus. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious. -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md). This enables you to exclude files from Windows Defender Antivirus scans based on their file extension, file name, or location. +- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from Windows Defender Antivirus scans based on their file extension, file name, or location. -- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md). This enables you to exclude files from scans that have been opened by a specific process. +- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from scans that have been opened by a specific process. ## Related articles -[Windows Defender Antivirus exclusions on Windows Server 2016](configure-server-exclusions-windows-defender-antivirus.md) \ No newline at end of file +[Windows Defender Antivirus exclusions on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index bc096eac9e..e41c0fe9e7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -53,9 +53,9 @@ Exclusion lists have the following characteristics: > >Folders that are reparse points that are created after the Windows Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target. -To exclude files opened by a specific process, see [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md). +To exclude files opened by a specific process, see [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). -The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [real-time protection](configure-real-time-protection-windows-defender-antivirus.md). +The exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md). >[!IMPORTANT] >Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). @@ -64,7 +64,7 @@ The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defen By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence when there are conflicts. -You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-windows-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings. +You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-microsoft-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings. ## Configure the list of exclusions based on folder name or file extension @@ -72,7 +72,7 @@ You can [configure how locally and globally defined exclusions lists are merged] See the following articles: - [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) -- [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) +- [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) ### Use Configuration Manager to configure file name, folder, or file extension exclusions @@ -146,7 +146,7 @@ For example, the following code snippet would cause Windows Defender AV scans to Add-MpPreference -ExclusionExtension ".test" ``` -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). +For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). ### Use Windows Management Instruction (WMI) to configure file name, folder, or file extension exclusions @@ -220,7 +220,7 @@ If you use PowerShell, you can retrieve the list in two ways: ### Validate the exclusion list by using MpCmdRun -To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command: +To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command: ```DOS MpCmdRun.exe -CheckExclusion -path @@ -241,7 +241,7 @@ In the following example, the items contained in the `ExclusionExtension` list a ![PowerShell output for Get-MpPreference showing the exclusion list alongside other preferences](images/defender/wdav-powershell-get-exclusions-all.png) -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). +For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). ### Retrieve a specific exclusions list by using PowerShell @@ -257,7 +257,7 @@ In the following example, the list is split into new lines for each use of the ` ![PowerShell output showing only the entries in the exclusion list](images/defender/wdav-powershell-get-exclusions-variable.png) -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). +For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). @@ -290,6 +290,6 @@ You can also copy the string into a blank text file and attempt to save it with ## Related topics -- [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md) -- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) -- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) +- [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) +- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md index 59f19f11c9..ea4872fa0d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md @@ -49,25 +49,25 @@ To configure these settings: Location | Setting | Article ---|---|---|--- -MAPS | Configure local setting override for reporting to Microsoft MAPS | [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) -Quarantine | Configure local setting override for the removal of items from Quarantine folder | [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md) -Real-time protection | Configure local setting override for monitoring file and program activity on your computer | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Configure local setting override for monitoring for incoming and outgoing file activity | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Configure local setting override for scanning all downloaded files and attachments | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Configure local setting override for turn on behavior monitoring | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Configure local setting override to turn on real-time protection | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Remediation | Configure local setting override for the time of day to run a scheduled full scan to complete remediation | [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md) -Scan | Configure local setting override for maximum percentage of CPU utilization | [Configure and run scans](run-scan-windows-defender-antivirus.md) -Scan | Configure local setting override for schedule scan day | [Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -Scan | Configure local setting override for scheduled quick scan time | [Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -Scan | Configure local setting override for scheduled scan time | [Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -Scan | Configure local setting override for the scan type to use for a scheduled scan | [Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md) +MAPS | Configure local setting override for reporting to Microsoft MAPS | [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) +Quarantine | Configure local setting override for the removal of items from Quarantine folder | [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for monitoring file and program activity on your computer | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for monitoring for incoming and outgoing file activity | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for scanning all downloaded files and attachments | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for turn on behavior monitoring | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override to turn on real-time protection | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Remediation | Configure local setting override for the time of day to run a scheduled full scan to complete remediation | [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) +Scan | Configure local setting override for maximum percentage of CPU utilization | [Configure and run scans](run-scan-microsoft-defender-antivirus.md) +Scan | Configure local setting override for schedule scan day | [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Configure local setting override for scheduled quick scan time | [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Configure local setting override for scheduled scan time | [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Configure local setting override for the scan type to use for a scheduled scan | [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) ## Configure how locally and globally defined threat remediation and exclusions lists are merged -You can also configure how locally defined lists are combined or merged with globally defined lists. This setting applies to [exclusion lists](configure-exclusions-windows-defender-antivirus.md), [specified remediation lists](configure-remediation-windows-defender-antivirus.md), and [attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction). +You can also configure how locally defined lists are combined or merged with globally defined lists. This setting applies to [exclusion lists](configure-exclusions-microsoft-defender-antivirus.md), [specified remediation lists](configure-remediation-microsoft-defender-antivirus.md), and [attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction). By default, lists that have been configured in local group policy and the Windows Security app are merged with lists that are defined by the appropriate Group Policy Object that you have deployed on your network. Where there are conflicts, the globally-defined list takes precedence. @@ -88,5 +88,5 @@ You can disable this setting to ensure that only globally-defined lists (such as ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index 69f56da605..0feb021b20 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -43,7 +43,7 @@ The Windows Defender Antivirus cloud service provides fast, strong protection fo >[!NOTE] >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. -See [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) for details on enabling the service with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. +See [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) for details on enabling the service with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints. @@ -75,7 +75,7 @@ Use the following argument with the Windows Defender Antivirus command-line util > [!NOTE] > You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703 or higher. -For more information, see [Manage Windows Defender Antivirus with the mpcmdrun.exe commandline tool](command-line-arguments-windows-defender-antivirus.md). +For more information, see [Manage Windows Defender Antivirus with the mpcmdrun.exe commandline tool](command-line-arguments-microsoft-defender-antivirus.md). **Attempt to download a fake malware file from Microsoft:** @@ -114,17 +114,17 @@ You will also see a detection under **Quarantined threats** in the **Scan histor >[!NOTE] >Versions of Windows 10 before version 1703 have a different user interface. See [Windows Defender Antivirus in the Windows Security app](windows-defender-security-center-antivirus.md). -The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-windows-defender-antivirus.md). +The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-microsoft-defender-antivirus.md). >[!IMPORTANT] >You will not be able to use a proxy auto-config (.pac) file to test network connections to these URLs. You will need to verify your proxy servers and any network filtering tools manually to ensure connectivity. ## Related articles -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) +- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) -- [Run an Windows Defender Antivirus scan from the command line](command-line-arguments-windows-defender-antivirus.md) and [Command line arguments](command-line-arguments-windows-defender-antivirus.md) +- [Run an Windows Defender Antivirus scan from the command line](command-line-arguments-microsoft-defender-antivirus.md) and [Command line arguments](command-line-arguments-microsoft-defender-antivirus.md) - [Important changes to Microsoft Active Protection Services endpoint](https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Important-changes-to-Microsoft-Active-Protection-Service-MAPS/ba-p/274006) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md index ef9bf3607a..2ac2d79b53 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md @@ -71,7 +71,7 @@ You can use Group Policy to: - Hide all notifications on endpoints - Hide reboot notifications on endpoints -Hiding notifications can be useful in situations where you can't hide the entire Windows Defender Antivirus interface. See [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-windows-defender-antivirus.md) for more information. +Hiding notifications can be useful in situations where you can't hide the entire Windows Defender Antivirus interface. See [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) for more information. > [!NOTE] > Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [Microsoft Endpoint Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). @@ -102,5 +102,5 @@ See [Customize the Windows Security app for your organization](../windows-defend ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md index 1b19f98ccd..5b95e815bb 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md @@ -34,9 +34,9 @@ Any file on the machine that is opened by any process with a specific file name Any file on the machine that is opened by any process under a specific folder | Specifying "c:\test\sample\\*" would exclude files opened by:
      • c:\test\sample\test.exe
      • c:\test\sample\test2.exe
      • c:\test\sample\utility.exe
      Any file on the machine that is opened by a specific process in a specific folder | Specifying "c:\test\process.exe" would exclude files only opened by c:\test\process.exe -When you add a process to the process exclusion list, Windows Defender Antivirus won't scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-windows-defender-antivirus.md). +When you add a process to the process exclusion list, Windows Defender Antivirus won't scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md). -The exclusions only apply to [always-on real-time protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md). They don't apply to scheduled or on-demand scans. +The exclusions only apply to [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). They don't apply to scheduled or on-demand scans. Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). However, changes made in the Windows Security app **will not show** in the Group Policy lists. @@ -46,7 +46,7 @@ You can also [use PowerShell cmdlets and WMI to configure the exclusion lists](# By default, local changes made to the lists (by users with administrator privileges; this includes changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in the case of conflicts. -You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-windows-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings. +You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-microsoft-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings. ## Configure the list of exclusions for files opened by specified processes @@ -54,7 +54,7 @@ You can [configure how locally and globally defined exclusions lists are merged] ### Use Microsoft Intune to exclude files that have been opened by specified processes from scans -See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details. +See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. ### Use Microsoft Endpoint Configuration Manager to exclude files that have been opened by specified processes from scans @@ -158,7 +158,7 @@ If you use PowerShell, you can retrieve the list in two ways: ### Validate the exclusion list by using MpCmdRun -To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command: +To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command: ```DOS MpCmdRun.exe -CheckExclusion -path @@ -176,7 +176,7 @@ Use the following cmdlet: Get-MpPreference ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. ### Retrieve a specific exclusions list by using PowerShell @@ -187,12 +187,12 @@ $WDAVprefs = Get-MpPreference $WDAVprefs.ExclusionProcess ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. ## Related articles -- [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md) -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md) -- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) +- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) +- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md index 8e6f966e08..61e774a5fc 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md @@ -33,11 +33,11 @@ You can configure how Windows Defender Antivirus uses these methods with Group P This section covers configuration for always-on scanning, including how to detect and block apps that are deemed unsafe, but may not be detected as malware. -See [Use next-gen Windows Defender Antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for how to enable and configure Windows Defender Antivirus cloud-delivered protection. +See [Use next-gen Windows Defender Antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for how to enable and configure Windows Defender Antivirus cloud-delivered protection. ## In this section Topic | Description ---|--- -[Detect and block potentially unwanted applications](detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) | Detect and block apps that may be unwanted in your network, such as adware, browser modifiers and toolbars, and rogue or fake antivirus apps -[Enable and configure Windows Defender Antivirus protection capabilities](configure-real-time-protection-windows-defender-antivirus.md) | Enable and configure real-time protection, heuristics, and other always-on Windows Defender Antivirus monitoring features +[Detect and block potentially unwanted applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) | Detect and block apps that may be unwanted in your network, such as adware, browser modifiers and toolbars, and rogue or fake antivirus apps +[Enable and configure Windows Defender Antivirus protection capabilities](configure-real-time-protection-microsoft-defender-antivirus.md) | Enable and configure real-time protection, heuristics, and other always-on Windows Defender Antivirus monitoring features diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md index 5d08760627..41f1eefe60 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md @@ -38,7 +38,7 @@ To enable and configure always-on protection: 2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. ![GPEdit taskbar search result](images/gpedit-search.png) 2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus**. -![Windows Defender Antivirus](images/gpedit-windows-defender-antivirus.png) +![Windows Defender Antivirus](images/gpedit-microsoft-defender-antivirus.png) 3. Configure the Windows Defender Antivirus antimalware service policy settings. To do this: 1. In the **Windows Defender Antivirus** details pane on right, double-click the policy setting as specified in the following table: @@ -75,7 +75,7 @@ To enable and configure always-on protection: 5. Configure the Windows Defender Antivirus scanning policy setting. To do this: 1. From the **Windows Defender Antivirus** tree on left pane, click **Scan**. - ![Windows Defender Antivirus Scan options](images/gpedit-windows-defender-antivirus-scan.png) + ![Windows Defender Antivirus Scan options](images/gpedit-microsoft-defender-antivirus-scan.png) 2. In the **Scan** details pane on right, double-click the policy setting as specified in the following table: @@ -110,5 +110,5 @@ To disable real-time protection in Group policy: ## Related articles -- [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md index 5f0b5efdbe..23c2e484d3 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md @@ -55,18 +55,18 @@ Threats | Specify threats upon which default action should not be taken when det > [!IMPORTANT] > Windows Defender Antivirus detects and remediates files based on many factors. Sometimes, completing a remediation requires a reboot. Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additional remediation steps have been completed. >

      -> If you are certain Windows Defender Antivirus quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. See [Restore quarantined files in Windows Defender Antivirus](restore-quarantined-files-windows-defender-antivirus.md). +> If you are certain Windows Defender Antivirus quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. See [Restore quarantined files in Windows Defender Antivirus](restore-quarantined-files-microsoft-defender-antivirus.md). >

      -> To avoid this problem in the future, you can exclude files from the scans. See [Configure and validate exclusions for Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md). +> To avoid this problem in the future, you can exclude files from the scans. See [Configure and validate exclusions for Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md). -Also see [Configure remediation-required scheduled full Windows Defender Antivirus scans](scheduled-catch-up-scans-windows-defender-antivirus.md#remed) for more remediation-related settings. +Also see [Configure remediation-required scheduled full Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md#remed) for more remediation-related settings. ## Related topics -- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-windows-defender-antivirus.md) -- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-windows-defender-antivirus.md) -- [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) -- [Configure end-user Windows Defender Antivirus interaction](configure-end-user-interaction-windows-defender-antivirus.md) -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) +- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) +- [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) +- [Configure end-user Windows Defender Antivirus interaction](configure-end-user-interaction-microsoft-defender-antivirus.md) +- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md index 78f6412fd9..55f6eeec2a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md @@ -28,8 +28,8 @@ Windows Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls > Automatic exclusions only apply to Real-time protection (RTP) scanning. Automatic exclusions are not honored during a Full/Quick or On-demand scan. In addition to server role-defined automatic exclusions, you can add or remove custom exclusions. To do that, refer to these articles: -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md) -- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) +- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) +- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) ## A few points to keep in mind @@ -48,7 +48,7 @@ In Windows Server 2016 and 2019, the predefined exclusions delivered by Security > [!WARNING] > Opting out of automatic exclusions may adversely impact performance, or result in data corruption. The exclusions that are delivered automatically are optimized for Windows Server 2016 and 2019 roles. -Because predefined exclusions only exclude **default paths**, if you move NTDS and SYSVOL to another drive or path that is *different from the original path*, you must add exclusions manually using the information [here](configure-extension-file-exclusions-windows-defender-antivirus.md#configure-the-list-of-exclusions-based-on-folder-name-or-file-extension) . +Because predefined exclusions only exclude **default paths**, if you move NTDS and SYSVOL to another drive or path that is *different from the original path*, you must add exclusions manually using the information [here](configure-extension-file-exclusions-microsoft-defender-antivirus.md#configure-the-list-of-exclusions-based-on-folder-name-or-file-extension) . You can disable the automatic exclusion lists with Group Policy, PowerShell cmdlets, and WMI. @@ -70,7 +70,7 @@ Use the following cmdlets: Set-MpPreference -DisableAutoExclusions $true ``` -[Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md). +[Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md). [Use PowerShell with Windows Defender Antivirus](https://technet.microsoft.com/itpro/powershell/windows/defender/index). @@ -168,7 +168,7 @@ This section lists the default exclusions for all Windows Server 2016 and 2019 r - The Distributed File System Replication (DFSR) database and working folders. These folders are specified by the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File` > [!NOTE] - > For custom locations, see [Opt out of automatic exclusions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus#opt-out-of-automatic-exclusions). + > For custom locations, see [Opt out of automatic exclusions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus#opt-out-of-automatic-exclusions). - *%systemdrive%*\System Volume Information\DFSR\\$db_normal$ @@ -400,12 +400,12 @@ This section lists the folder exclusions that are delivered automatically when y ## Related articles -- [Configure and validate exclusions for Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md) +- [Configure and validate exclusions for Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md) +- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) -- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) +- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) +- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md index 86857fc378..1bbdf69dbd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md @@ -39,11 +39,11 @@ The following broad categories of features can be configured: The topics in this section describe how to perform key tasks when configuring Windows Defender Antivirus. Each topic includes instructions for the applicable configuration tool (or tools). -You can also review the [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) topic for an overview of each tool and links to further help. +You can also review the [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) topic for an overview of each tool and links to further help. ## In this section Topic | Description :---|:--- -[Utilize Microsoft cloud-provided Windows Defender Antivirus protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) | Cloud-delivered protection provides an advanced level of fast, robust antivirus detection -[Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md)|Enable behavior-based, heuristic, and real-time antivirus protection -[Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md)|Configure how end-users interact with Windows Defender Antivirus, what notifications they see, and whether they can override settings +[Utilize Microsoft cloud-provided Windows Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) | Cloud-delivered protection provides an advanced level of fast, robust antivirus detection +[Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)|Enable behavior-based, heuristic, and real-time antivirus protection +[Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md)|Configure how end-users interact with Windows Defender Antivirus, what notifications they see, and whether they can override settings diff --git a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md index 3162bb5114..667079e3a2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md @@ -29,9 +29,9 @@ You can use Group Policy, PowerShell, and Windows Management Instrumentation (WM Topic | Description ---|--- -[Configure and validate file, folder, and process-opened file exclusions in Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md) | You can exclude files (including files modified by specified processes) and folders from on-demand scans, scheduled scans, and always-on real-time protection monitoring and scanning -[Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-windows-defender-antivirus.md) | You can configure Windows Defender Antivirus to include certain types of email storage files, back-up or reparse points, and archived files (such as .zip files) in scans. You can also enable network file scanning -[Configure remediation for scans](configure-remediation-windows-defender-antivirus.md) | Configure what Windows Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder -[Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md) | Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans -[Configure and run scans](run-scan-windows-defender-antivirus.md) | Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app -[Review scan results](review-scan-results-windows-defender-antivirus.md) | Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app +[Configure and validate file, folder, and process-opened file exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) | You can exclude files (including files modified by specified processes) and folders from on-demand scans, scheduled scans, and always-on real-time protection monitoring and scanning +[Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) | You can configure Windows Defender Antivirus to include certain types of email storage files, back-up or reparse points, and archived files (such as .zip files) in scans. You can also enable network file scanning +[Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) | Configure what Windows Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder +[Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) | Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans +[Configure and run scans](run-scan-microsoft-defender-antivirus.md) | Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app +[Review scan results](review-scan-results-microsoft-defender-antivirus.md) | Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md index faaa2c10dd..8ac767f14a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md @@ -46,11 +46,11 @@ PowerShell|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, o Windows Management Instrumentation|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class][] and the [Update method of the MSFT_MpSignature class][]|Use the [MSFT_MpComputerStatus][] class and the get method of associated classes in the [Windows Defender WMIv2 Provider][] Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Windows Defender Antivirus events][] and add that tool as an app in AAD. -1. The availability of some functions and features, especially related to cloud-delivered protection, differ between Microsoft Endpoint Configuration Manager (Current Branch) and System Center 2012 Configuration Manager. In this library, we've focused on Windows 10, Windows Server 2016, and Microsoft Endpoint Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2) +1. The availability of some functions and features, especially related to cloud-delivered protection, differ between Microsoft Endpoint Configuration Manager (Current Branch) and System Center 2012 Configuration Manager. In this library, we've focused on Windows 10, Windows Server 2016, and Microsoft Endpoint Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2) -2. In Windows 10, Windows Defender Antivirus is a component available without installation or deployment of an additional client or service. It will automatically be enabled when third-party antivirus products are either uninstalled or out of date ([except on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)). Traditional deployment therefore is not required. Deployment here refers to ensuring the Windows Defender Antivirus component is available and enabled on endpoints or servers. [(Return to table)](#ref2) +2. In Windows 10, Windows Defender Antivirus is a component available without installation or deployment of an additional client or service. It will automatically be enabled when third-party antivirus products are either uninstalled or out of date ([except on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md)). Traditional deployment therefore is not required. Deployment here refers to ensuring the Windows Defender Antivirus component is available and enabled on endpoints or servers. [(Return to table)](#ref2) -3. Configuration of features and protection, including configuring product and protection updates, are further described in the [Configure Windows Defender Antivirus features](configure-notifications-windows-defender-antivirus.md) section in this library. [(Return to table)](#ref2) +3. Configuration of features and protection, including configuring product and protection updates, are further described in the [Configure Windows Defender Antivirus features](configure-notifications-microsoft-defender-antivirus.md) section in this library. [(Return to table)](#ref2) [Endpoint Protection point site system role]: https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-protection-site-role [default and customized antimalware policies]: https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies @@ -70,16 +70,16 @@ Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by [Set-MpPreference]: https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference.md [Update-MpSignature]: https://technet.microsoft.com/itpro/powershell/windows/defender/update-mpsignature [Get- cmdlets available in the Defender module]: https://technet.microsoft.com/itpro/powershell/windows/defender/index -[Configure update options for Windows Defender Antivirus]: manage-updates-baselines-windows-defender-antivirus.md -[Configure Windows Defender features]: configure-windows-defender-antivirus-features.md +[Configure update options for Windows Defender Antivirus]: manage-updates-baselines-microsoft-defender-antivirus.md +[Configure Windows Defender features]: configure-microsoft-defender-antivirus-features.md [Group Policies to determine if any settings or policies are not applied]: https://technet.microsoft.com/library/cc771389.aspx [Possibly infected devices]: https://docs.microsoft.com/azure/active-directory/active-directory-reporting-sign-ins-from-possibly-infected-devices -[Windows Defender Antivirus events]: troubleshoot-windows-defender-antivirus.md +[Windows Defender Antivirus events]: troubleshoot-microsoft-defender-antivirus.md ## In this section Topic | Description ---|--- -[Deploy and enable Windows Defender Antivirus protection](deploy-windows-defender-antivirus.md) | While the client is installed as a core part of Windows 10, and traditional deployment does not apply, you will still need to enable the client on your endpoints with Microsoft Endpoint Configuration Manager, Microsoft Intune, or Group Policy Objects. -[Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) | There are two parts to updating Windows Defender Antivirus: updating the client on endpoints (product updates), and updating Security intelligence (protection updates). You can update Security intelligence in a number of ways, using Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, and WMI. -[Monitor and report on Windows Defender Antivirus protection](report-monitor-windows-defender-antivirus.md) | You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, the Update Compliance add-in for Microsoft Operations Management Suite, or a third-party SIEM product (by consuming Windows event logs) to monitor protection status and create reports about endpoint protection. +[Deploy and enable Windows Defender Antivirus protection](deploy-microsoft-defender-antivirus.md) | While the client is installed as a core part of Windows 10, and traditional deployment does not apply, you will still need to enable the client on your endpoints with Microsoft Endpoint Configuration Manager, Microsoft Intune, or Group Policy Objects. +[Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) | There are two parts to updating Windows Defender Antivirus: updating the client on endpoints (product updates), and updating Security intelligence (protection updates). You can update Security intelligence in a number of ways, using Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, and WMI. +[Monitor and report on Windows Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) | You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, the Update Compliance add-in for Microsoft Operations Management Suite, or a third-party SIEM product (by consuming Windows event logs) to monitor protection status and create reports about endpoint protection. diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md index bf74b6893b..40376869e2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md @@ -25,14 +25,14 @@ manager: dansimp Depending on the management tool you are using, you may need to specifically enable or configure Windows Defender Antivirus protection. -See the table in [Deploy, manage, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md#ref2) for instructions on how to enable protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, Active Directory, Microsoft Azure, PowerShell cmdlets, and Windows Management Instruction (WMI). +See the table in [Deploy, manage, and report on Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md#ref2) for instructions on how to enable protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, Active Directory, Microsoft Azure, PowerShell cmdlets, and Windows Management Instruction (WMI). Some scenarios require additional guidance on how to successfully deploy or configure Windows Defender Antivirus protection, such as Virtual Desktop Infrastructure (VDI) environments. -The remaining topic in this section provides end-to-end advice and best practices for [setting up Windows Defender Antivirus on virtual machines (VMs) in a VDI or Remote Desktop Services (RDS) environment](deployment-vdi-windows-defender-antivirus.md). +The remaining topic in this section provides end-to-end advice and best practices for [setting up Windows Defender Antivirus on virtual machines (VMs) in a VDI or Remote Desktop Services (RDS) environment](deployment-vdi-microsoft-defender-antivirus.md). ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) -- [Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md index ad266974fa..feff8fbcae 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md @@ -192,11 +192,11 @@ If you would prefer to do everything manually, this what you would need to do to ### Randomize scheduled scans -Scheduled scans run in addition to [real-time protection and scanning](configure-real-time-protection-windows-defender-antivirus.md). +Scheduled scans run in addition to [real-time protection and scanning](configure-real-time-protection-microsoft-defender-antivirus.md). The start time of the scan itself is still based on the scheduled scan policy – ScheduleDay, ScheduleTime, ScheduleQuickScanTime. Randomization will cause Windows Defender AV to start a scan on each machine within a 4 hour window from the time set for the scheduled scan. -See [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) for other configuration options available for scheduled scans. +See [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) for other configuration options available for scheduled scans. ### Use quick scans @@ -257,7 +257,7 @@ This hides the entire Windows Defender AV user interface from users. ### Exclusions -On Windows Server 2016, Windows Defender Antivirus will automatically deliver the right exclusions for servers running a VDI environment. However, if you are running an older Windows server version, see [Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus). +On Windows Server 2016, Windows Defender Antivirus will automatically deliver the right exclusions for servers running a VDI environment. However, if you are running an older Windows server version, see [Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus). ## Additional resources diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md index 7c0db7f78f..7d26faad20 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md @@ -73,7 +73,7 @@ The potentially unwanted application (PUA) protection feature in Windows Defende Windows Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. -When a PUA file is detected on an endpoint, Windows Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as other threat detections. The notification will be prefaced with _PUA:_ to indicate its content. +When a PUA file is detected on an endpoint, Windows Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification will be prefaced with _PUA:_ to indicate its content. The notification appears in the usual [quarantine list within the Windows Security app](windows-defender-security-center-antivirus.md#detection-history). @@ -90,7 +90,7 @@ PUA audit mode is useful if your company is conducting an internal software secu ##### Use Intune to configure PUA protection -See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details. +See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. ##### Use Configuration Manager to configure PUA protection @@ -142,7 +142,7 @@ Set-MpPreference -PUAProtection disable ``` Setting the value for this cmdlet to `Disabled` will turn the feature off if it has been enabled. -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. #### View PUA events @@ -150,7 +150,7 @@ PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoi You can turn on email notifications to receive mail about PUA detections. -See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID **1160**. +See [Troubleshoot event IDs](troubleshoot-microsoft-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID **1160**. #### Allow-listing apps @@ -158,5 +158,5 @@ Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA ## Related articles -- [Next-generation protection](windows-defender-antivirus-in-windows-10.md) -- [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md) +- [Next-generation protection](microsoft-defender-antivirus-in-windows-10.md) +- [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md index 8c14c01d58..3a601da908 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md @@ -30,9 +30,9 @@ Windows Defender Antivirus uses multiple detection and prevention technologies t You can enable or disable Windows Defender Antivirus cloud-delivered protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. -See [Use Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for an overview of Windows Defender Antivirus cloud-delivered protection. +See [Use Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for an overview of Windows Defender Antivirus cloud-delivered protection. -There are specific network-connectivity requirements to ensure your endpoints can connect to the cloud-delivered protection service. See [Configure and validate network connections](configure-network-connections-windows-defender-antivirus.md) for more details. +There are specific network-connectivity requirements to ensure your endpoints can connect to the cloud-delivered protection service. See [Configure and validate network connections](configure-network-connections-microsoft-defender-antivirus.md) for more details. > [!NOTE] > In Windows 10, there is no difference between the **Basic** and **Advanced** reporting options described in this topic. This is a legacy distinction and choosing either setting will result in the same level of cloud-delivered protection. There is no difference in the type or amount of information that is shared. See the [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=521839) for more information on what we collect. @@ -54,7 +54,7 @@ There are specific network-connectivity requirements to ensure your endpoints ca > The **Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation. > [!WARNING] - > Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature of Microsoft Defender ATP won't work. + > Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work. 8. Click **OK** to exit the **Windows Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile. @@ -85,7 +85,7 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht > The **Send safe samples** (1) option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation. > [!WARNING] - > Setting the option to **Always Prompt** (0) will lower the protection state of the device. Setting it to **Never send** (2) means that the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature of Microsoft Defender ATP won't work. + > Setting the option to **Always Prompt** (0) will lower the protection state of the device. Setting it to **Never send** (2) means that the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work. 7. Click **OK**. @@ -98,13 +98,13 @@ Set-MpPreference -MAPSReporting Advanced Set-MpPreference -SubmitSamplesConsent SendAllSamples ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. [Policy CSP - Defender](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) also has more information specifically on [-SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. [Policy CSP - Defender](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) also has more information specifically on [-SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). >[!NOTE] > You can also set **-SubmitSamplesConsent** to `SendSafeSamples` (the default setting), `NeverSend`, or `AlwaysPrompt`. The `SendSafeSamples` setting means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation. >[!WARNING] -> Setting **-SubmitSamplesConsent** to `NeverSend` or `AlwaysPrompt` will lower the protection level of the device. In addition, setting it to `NeverSend` means that the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature of Microsoft Defender ATP won't work. +> Setting **-SubmitSamplesConsent** to `NeverSend` or `AlwaysPrompt` will lower the protection level of the device. In addition, setting it to `NeverSend` means that the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work. ## Use Windows Management Instruction (WMI) to enable cloud-delivered protection @@ -137,11 +137,11 @@ See the following for more information and allowed parameters: ## Related topics -- [Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) -- [Configure block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md) -- [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) +- [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) +- [Configure block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) +- [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) - [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)] - [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) -- [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) +- [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) - [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md index 6173192baf..17c7fe34c1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md @@ -46,9 +46,9 @@ You can also download a PowerShell that will enable all the settings described i > [!IMPORTANT] > The guide is currently intended for single-machine evaluation of Windows Defender Antivirus. Enabling all of the settings in this guide may not be suitable for real-world deployment. > -> For the latest recommendations for real-world deployment and monitoring of Windows Defender Antivirus across a network, see [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md). +> For the latest recommendations for real-world deployment and monitoring of Windows Defender Antivirus across a network, see [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md). ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md index 8285dbdc5e..e3574b62a7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md @@ -27,7 +27,7 @@ manager: dansimp Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device. -It can only be enabled in certain situations. For more information about limited periodic scanning and how Microsoft Defender Antivirus works with other antivirus products, see [Windows Defender Antivirus compatibility](windows-defender-antivirus-compatibility.md). +It can only be enabled in certain situations. For more information about limited periodic scanning and how Microsoft Defender Antivirus works with other antivirus products, see [Windows Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md). **Microsoft does not recommend using this feature in enterprise environments. This is a feature primarily intended for consumers.** This feature only uses a limited subset of the Windows Defender Antivirus capabilities to detect malware, and will not be able to detect most malware and potentially unwanted software. Also, management and reporting capabilities will be limited. Microsoft recommends enterprises choose their primary antivirus solution and use it exclusively. @@ -53,5 +53,5 @@ Sliding the switch to **On** will show the standard Windows Defender AV options ## Related articles -- [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md index 20d523d368..b09fc546f2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md @@ -61,7 +61,7 @@ Use the following cmdlets: Set-MpPreference -CheckForSignaturesBeforeRunningScan ``` -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index). +For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index). ### Use Windows Management Instruction (WMI) to check for protection updates before running a scan @@ -113,7 +113,7 @@ Use the following cmdlets: Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine ``` -For more information, see [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +For more information, see [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. ### Use Windows Management Instruction (WMI) to download updates when Windows Defender Antivirus is not present @@ -152,9 +152,9 @@ If you have enabled cloud-delivered protection, Windows Defender AV will send fi ## Related articles -- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) -- [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -- [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) +- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +- [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md index 9a6e186de0..28b6b7c54d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md @@ -31,7 +31,7 @@ When the user returns to work and logs on to their PC, Windows Defender Antiviru ## Set up catch-up protection updates for endpoints that haven't updated for a while -If Windows Defender Antivirus did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. This is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-windows-defender-antivirus.md). +If Windows Defender Antivirus did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. This is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-microsoft-defender-antivirus.md). ### Use Configuration Manager to configure catch-up protection updates @@ -40,7 +40,7 @@ If Windows Defender Antivirus did not download protection updates for a specifie 2. Go to the **Security intelligence updates** section and configure the following settings: 1. Set **Force a security intelligence update if the client computer is offline for more than two consecutive scheduled updates** to **Yes**. - 2. For the **If Configuration Manager is used as a source for security intelligence updates...**, specify the hours before which the protection updates delivered by Configuration Manager should be considered out-of-date. This will cause the next update location to be used, based on the defined [fallback source order](manage-protection-updates-windows-defender-antivirus.md#fallback-order). + 2. For the **If Configuration Manager is used as a source for security intelligence updates...**, specify the hours before which the protection updates delivered by Configuration Manager should be considered out-of-date. This will cause the next update location to be used, based on the defined [fallback source order](manage-protection-updates-microsoft-defender-antivirus.md#fallback-order). 3. Click **OK**. @@ -68,7 +68,7 @@ Use the following cmdlets: Set-MpPreference -SignatureUpdateCatchupInterval ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. ### Use Windows Management Instruction (WMI) to configure catch-up protection updates @@ -84,7 +84,7 @@ See the following for more information and allowed parameters: ## Set the number of days before protection is reported as out-of-date -You can also specify the number of days after which Windows Defender Antivirus protection is considered old or out-of-date. After the specified number of days, the client will report itself as out-of-date, and show an error to the user of the PC. It may also cause Windows Defender Antivirus to attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-windows-defender-antivirus.md#fallback-order)), such as when using MMPC as a secondary source after setting WSUS or Microsoft Update as the first source. +You can also specify the number of days after which Windows Defender Antivirus protection is considered old or out-of-date. After the specified number of days, the client will report itself as out-of-date, and show an error to the user of the PC. It may also cause Windows Defender Antivirus to attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-microsoft-defender-antivirus.md#fallback-order)), such as when using MMPC as a secondary source after setting WSUS or Microsoft Update as the first source. ### Use Group Policy to specify the number of days before protection is considered out-of-date @@ -111,7 +111,7 @@ You can set the number of consecutive scheduled scans that can be missed before The process for enabling this feature is: -1. Set up at least one scheduled scan (see the [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) topic). +1. Set up at least one scheduled scan (see the [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) topic). 2. Enable the catch-up scan feature. 3. Define the number of scans that can be skipped before a catch-up scan occurs. @@ -132,7 +132,7 @@ This feature can be enabled for both full and quick scans. 1. If you have set up scheduled quick scans, double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**. 2. If you have set up scheduled full scans, double-click the **Turn on catch-up full scan** setting and set the option to **Enabled**. Click **OK**. 3. Double-click the **Define the number of days after which a catch-up scan is forced** setting and set the option to **Enabled**. - 4. Enter the number of scans that can be missed before a scan will be automatically run when the user next logs on to the PC. The type of scan that is run is determined by the **Specify the scan type to use for a scheduled scan** (see the [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) topic). Click **OK**. + 4. Enter the number of scans that can be missed before a scan will be automatically run when the user next logs on to the PC. The type of scan that is run is determined by the **Specify the scan type to use for a scheduled scan** (see the [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) topic). Click **OK**. > [!NOTE] > The Group Policy setting title refers to the number of days. The setting, however, is applied to the number of scans (not days) before the catch-up scan will be run. @@ -147,7 +147,7 @@ Set-MpPreference -DisableCatchupQuickScan ``` -See [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. ### Use Windows Management Instruction (WMI) to configure catch-up scans @@ -174,9 +174,9 @@ See the following for more information and allowed parameters: ## Related articles -- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) -- [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -- [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -- [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) +- [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) +- [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md index c67fd41aa8..b5acbf81a1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md @@ -32,7 +32,7 @@ You can schedule updates for your endpoints by: - Specifying the interval to check for protection updates - Specifying the time to check for protection updates -You can also randomize the times when each endpoint checks and downloads protection updates. See the [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) topic for more information. +You can also randomize the times when each endpoint checks and downloads protection updates. See the [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) topic for more information. ## Use Configuration Manager to schedule protection updates @@ -76,7 +76,7 @@ Set-MpPreference -SignatureScheduleTime Set-MpPreference -SignatureUpdateInterval ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. ## Use Windows Management Instruction (WMI) to schedule protection updates @@ -94,12 +94,12 @@ See the following for more information and allowed parameters: ## Related articles -- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) -- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -- [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -- [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +- [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) +- [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md index a487d96a32..9ae6e8d7e1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md @@ -29,7 +29,7 @@ Keeping your antivirus protection up to date is critical. There are two componen - *Where* the updates are downloaded from; and - *When* updates are downloaded and applied. -This article describes how to specify from where updates should be downloaded (this is also known as the fallback order). See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) topic for an overview on how updates work, and how to configure other aspects of updates (such as scheduling updates). +This article describes how to specify from where updates should be downloaded (this is also known as the fallback order). See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) topic for an overview on how updates work, and how to configure other aspects of updates (such as scheduling updates). > [!IMPORTANT] > Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update and starting Monday, October 21, 2019, all security intelligence updates will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to update your security intelligence. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). @@ -59,7 +59,7 @@ To ensure the best level of protection, Microsoft Update allows for rapid releas > [!IMPORTANT] > If you have set [Microsoft Malware Protection Center Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) (MMPC) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is 14 consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services). -> You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).

      +> You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).

      > Starting Monday, October 21, 2019, security intelligence updates will be SHA-2 signed exclusively. Devices must be updated to support SHA-2 in order to get the latest security intelligence updates. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Each source has typical scenarios that depend on how your network is configured, in addition to how often they publish updates, as described in the following table: @@ -68,9 +68,9 @@ Each source has typical scenarios that depend on how your network is configured, |---|---| |Windows Server Update Service | You are using Windows Server Update Service to manage updates for your network.| |Microsoft Update | You want your endpoints to connect directly to Microsoft Update. This can be useful for endpoints that irregularly connect to your enterprise network, or if you do not use Windows Server Update Service to manage your updates.| -|File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-windows-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.| +|File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-microsoft-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.| |Microsoft Endpoint Configuration Manager | You are using Microsoft Endpoint Configuration Manager to update your endpoints.| -|Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware (formerly referred to as MMPC) |[Make sure your devices are updated to support SHA-2](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update, and starting Monday October 21, 2019 security intelligence updates will be SHA-2 signed exclusively.
      Download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-windows-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from Windows Server Update Service or Microsoft Update for [a specified number of days](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).| +|Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware (formerly referred to as MMPC) |[Make sure your devices are updated to support SHA-2](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update, and starting Monday October 21, 2019 security intelligence updates will be SHA-2 signed exclusively.
      Download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-microsoft-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from Windows Server Update Service or Microsoft Update for [a specified number of days](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).| You can manage the order in which update sources are used with Group Policy, Microsoft Endpoint Configuration Manager, PowerShell cmdlets, and WMI. @@ -123,7 +123,7 @@ Set-MpPreference -SignatureDefinitionUpdateFileSharesSource {\\UNC SHARE PATH|\\ See the following articles for more information: - [Set-MpPreference -SignatureFallbackOrder](https://docs.microsoft.com/powershell/module/defender/set-mppreference) - [Set-MpPreference -SignatureDefinitionUpdateFileSharesSource](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference#-signaturedefinitionupdatefilesharessources) -- [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) +- [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) - [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) ## Use Windows Management Instruction (WMI) to manage the update location @@ -146,17 +146,17 @@ See [Policy CSP - Defender/SignatureUpdateFallbackOrder](https://docs.microsoft. This article describes how to configure and manage updates for Windows Defender Antivirus. However, third-party vendors can be used to perform these tasks. -For example, suppose that Contoso has hired Fabrikam to manage their security solution, which includes Windows Defender Antivirus. Fabrikam typically uses [Windows Management Instrumentation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus), [PowerShell cmdlets](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus), or [Windows command-line](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus) to deploy patches and updates. +For example, suppose that Contoso has hired Fabrikam to manage their security solution, which includes Windows Defender Antivirus. Fabrikam typically uses [Windows Management Instrumentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus), [PowerShell cmdlets](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus), or [Windows command-line](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) to deploy patches and updates. > [!NOTE] > Microsoft does not test third-party solutions for managing Windows Defender Antivirus. ## Related articles -- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) -- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -- [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -- [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +- [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) +- [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md index 5fdfa55aa4..512f37cf0e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md @@ -29,13 +29,13 @@ There are two types of updates related to keeping Windows Defender Antivirus up > [!IMPORTANT] > Keeping Windows Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. -> This also applies to devices where Windows Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility). +> This also applies to devices where Windows Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). ## Security intelligence updates -Windows Defender Antivirus uses [cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection. +Windows Defender Antivirus uses [cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection. -The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See the [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection. +The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See the [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection. Engine updates are included with the security intelligence updates and are released on a monthly cadence. @@ -93,7 +93,7 @@ No known issues ### What's new -* CPU Throttling option added to [MpCmdRun](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus) +* CPU Throttling option added to [MpCmdRun](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) * Improve diagnostic capability * reduce Security intelligence timeout (5min) * Extend AMSI engine internal log capability @@ -139,7 +139,7 @@ Support phase: **Technical upgrade Support (Only)** * Fixed BSOD on WS2016 with Exchange * Support platform updates when TMP is redirected to network path * Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates) -* extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility) +* extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility) * Fix 4.18.1911.10 hang ### Known Issues @@ -205,8 +205,8 @@ Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsof Article | Description ---|--- -[Manage how protection updates are downloaded and applied](manage-protection-updates-windows-defender-antivirus.md) | Protection updates can be delivered through a number of sources. -[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) | You can schedule when protection updates should be downloaded. -[Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next log on. -[Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. -[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. +[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. +[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. +[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next log on. +[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. +[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md index 94b9e04752..3af5e8f3ae 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md @@ -31,9 +31,9 @@ There are two settings that are particularly useful for these devices: - Prevent Security intelligence updates when running on battery power The following topics may also be useful in these situations: -- [Configuring scheduled and catch-up scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -- [Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-windows-defender-antivirus.md) +- [Configuring scheduled and catch-up scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +- [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +- [Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md) ## Opt-in to Microsoft Update on mobile computers without a WSUS connection @@ -91,5 +91,5 @@ You can configure Windows Defender Antivirus to only download protection updates ## Related articles -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) -- [Update and manage Windows Defender Antivirus in Windows 10](deploy-manage-report-windows-defender-antivirus.md) +- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Update and manage Windows Defender Antivirus in Windows 10](deploy-manage-report-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md index 77a5c15cf1..ccec33e576 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md @@ -28,7 +28,7 @@ manager: dansimp You might already know that: -- **Windows Defender Antivirus protects your Windows 10 device from software threats, such as viruses, malware, and spyware**. Windows Defender Antivirus is your complete, ongoing protection, built into Windows 10 and ready to go. [Windows Defender Antivirus is your next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). +- **Windows Defender Antivirus protects your Windows 10 device from software threats, such as viruses, malware, and spyware**. Windows Defender Antivirus is your complete, ongoing protection, built into Windows 10 and ready to go. [Windows Defender Antivirus is your next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). - **Office 365 includes antiphishing, antispam, and antimalware protection**. With your Office 365 subscription, you get premium email and calendars, Office apps, 1 TB of cloud storage (via OneDrive), and advanced security across all your devices. This is true for home and business users. And if you're a business user, and your organization is using Office 365 E5, you get even more protection through Office 365 Advanced Threat Protection. [Protect against threats with Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/protect-against-threats). @@ -44,7 +44,7 @@ Read the following sections to learn more. ## Ransomware protection and recovery -When you save your files to [OneDrive](https://docs.microsoft.com/onedrive), and [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) detects a ransomware threat on your device, the following things occur: +When you save your files to [OneDrive](https://docs.microsoft.com/onedrive), and [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) detects a ransomware threat on your device, the following things occur: 1. **You are told about the threat**. (If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (ATP), your security operations team is notified, too.) diff --git a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md b/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md index f9457d3f21..2d5af5954d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md +++ b/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md @@ -1,68 +1,68 @@ -# [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +# [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) ## [Windows Defender AV in the Microsoft Defender Security Center app](windows-defender-security-center-antivirus.md) -## [Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) +## [Windows Defender AV on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md) -## [Windows Defender Antivirus compatibility](windows-defender-antivirus-compatibility.md) -### [Use limited periodic scanning in Windows Defender AV](limited-periodic-scanning-windows-defender-antivirus.md) +## [Windows Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md) +### [Use limited periodic scanning in Windows Defender AV](limited-periodic-scanning-microsoft-defender-antivirus.md) -## [Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md) +## [Evaluate Windows Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md) -## [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) -### [Deploy and enable Windows Defender Antivirus](deploy-windows-defender-antivirus.md) -#### [Deployment guide for VDI environments](deployment-vdi-windows-defender-antivirus.md) -### [Report on Windows Defender Antivirus protection](report-monitor-windows-defender-antivirus.md) +## [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +### [Deploy and enable Windows Defender Antivirus](deploy-microsoft-defender-antivirus.md) +#### [Deployment guide for VDI environments](deployment-vdi-microsoft-defender-antivirus.md) +### [Report on Windows Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) #### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](troubleshoot-reporting.md) -### [Manage updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) -#### [Manage protection and Security intelligence updates](manage-protection-updates-windows-defender-antivirus.md) -#### [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -#### [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -#### [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -#### [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) +### [Manage updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +#### [Manage protection and Security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) +#### [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) +#### [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +#### [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) +#### [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) -## [Configure Windows Defender Antivirus features](configure-windows-defender-antivirus-features.md) -### [Utilize Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) -#### [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) -#### [Specify the cloud-delivered protection level](specify-cloud-protection-level-windows-defender-antivirus.md) -#### [Configure and validate network connections](configure-network-connections-windows-defender-antivirus.md) -#### [Enable the Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) -#### [Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) -### [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md) -#### [Detect and block Potentially Unwanted Applications](detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) -#### [Enable and configure always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -### [Configure end-user interaction with Windows Defender AV](configure-end-user-interaction-windows-defender-antivirus.md) -#### [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) -#### [Prevent users from seeing or interacting with the user interface](prevent-end-user-interaction-windows-defender-antivirus.md) -#### [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) +## [Configure Windows Defender Antivirus features](configure-microsoft-defender-antivirus-features.md) +### [Utilize Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) +#### [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) +#### [Specify the cloud-delivered protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md) +#### [Configure and validate network connections](configure-network-connections-microsoft-defender-antivirus.md) +#### [Enable the Block at First Sight feature](configure-block-at-first-sight-microsoft-defender-antivirus.md) +#### [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) +### [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) +#### [Detect and block Potentially Unwanted Applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) +#### [Enable and configure always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +### [Configure end-user interaction with Windows Defender AV](configure-end-user-interaction-microsoft-defender-antivirus.md) +#### [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) +#### [Prevent users from seeing or interacting with the user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) +#### [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) -## [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -### [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md) -#### [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md) -#### [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) -#### [Configure exclusions in Windows Defender AV on Windows Server 2016](configure-server-exclusions-windows-defender-antivirus.md) -### [Configure scanning options in Windows Defender AV](configure-advanced-scan-types-windows-defender-antivirus.md) -### [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md) -### [Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -### [Configure and run scans](run-scan-windows-defender-antivirus.md) -### [Review scan results](review-scan-results-windows-defender-antivirus.md) +## [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +### [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-microsoft-defender-antivirus.md) +#### [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) +#### [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) +#### [Configure exclusions in Windows Defender AV on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md) +### [Configure scanning options in Windows Defender AV](configure-advanced-scan-types-microsoft-defender-antivirus.md) +### [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) +### [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +### [Configure and run scans](run-scan-microsoft-defender-antivirus.md) +### [Review scan results](review-scan-results-microsoft-defender-antivirus.md) ### [Run and review the results of a Windows Defender Offline scan](windows-defender-offline.md) -## [Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md) +## [Review event logs and error codes to troubleshoot issues](troubleshoot-microsoft-defender-antivirus.md) -## [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -### [Use Group Policy settings to configure and manage Windows Defender AV](use-group-policy-windows-defender-antivirus.md) -### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](use-intune-config-manager-windows-defender-antivirus.md) -### [Use PowerShell cmdlets to configure and manage Windows Defender AV](use-powershell-cmdlets-windows-defender-antivirus.md) -### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](use-wmi-windows-defender-antivirus.md) -### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](command-line-arguments-windows-defender-antivirus.md) +## [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) +### [Use Group Policy settings to configure and manage Windows Defender AV](use-group-policy-microsoft-defender-antivirus.md) +### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](use-intune-config-manager-microsoft-defender-antivirus.md) +### [Use PowerShell cmdlets to configure and manage Windows Defender AV](use-powershell-cmdlets-microsoft-defender-antivirus.md) +### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](use-wmi-microsoft-defender-antivirus.md) +### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](command-line-arguments-microsoft-defender-antivirus.md) From 409296338d0d3ac4da190ee081696e0b18b09475 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Wed, 27 May 2020 15:19:31 -0700 Subject: [PATCH 14/99] Changed windows- to microsoft-defender-antivirus Updated file path instances of windows-defender-antivirus to microsoft-defender-antivirus. --- ...ecurity-settings-with-tamper-protection.md | 2 +- ...-interaction-windows-defender-antivirus.md | 10 +- ...port-monitor-windows-defender-antivirus.md | 8 +- ...ntined-files-windows-defender-antivirus.md | 10 +- ...scan-results-windows-defender-antivirus.md | 8 +- .../run-scan-windows-defender-antivirus.md | 12 +- ...tch-up-scans-windows-defender-antivirus.md | 34 ++-- ...ection-level-windows-defender-antivirus.md | 4 +- .../troubleshoot-reporting.md | 12 +- ...troubleshoot-windows-defender-antivirus.md | 12 +- ...group-policy-windows-defender-antivirus.md | 172 +++++++++--------- ...nfig-manager-windows-defender-antivirus.md | 4 +- ...hell-cmdlets-windows-defender-antivirus.md | 6 +- .../use-wmi-windows-defender-antivirus.md | 8 +- ...d-protection-windows-defender-antivirus.md | 18 +- .../why-use-microsoft-antivirus.md | 4 +- ...indows-defender-antivirus-compatibility.md | 16 +- ...indows-defender-antivirus-in-windows-10.md | 14 +- ...fender-antivirus-on-windows-server-2016.md | 18 +- .../windows-defender-offline.md | 10 +- ...dows-defender-security-center-antivirus.md | 10 +- .../wdsc-customize-contact-information.md | 2 +- .../wdsc-virus-threat-protection.md | 4 +- .../windows-defender-security-center.md | 8 +- .../ltsc/whats-new-windows-10-2016.md | 12 +- .../ltsc/whats-new-windows-10-2019.md | 24 +-- .../whats-new-windows-10-version-1607.md | 12 +- .../whats-new-windows-10-version-1703.md | 24 +-- .../whats-new-windows-10-version-1803.md | 2 +- .../whats-new-windows-10-version-1903.md | 4 +- 30 files changed, 242 insertions(+), 242 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 52966241d0..87b51317d3 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -93,7 +93,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- - Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; this is included in Microsoft 365 E5.) - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) for more details about releases.) - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above). - - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md).) + - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) 2. Go to the Microsoft 365 Device Management portal ([https://devicemanagement.microsoft.com](https://devicemanagement.microsoft.com)) and sign in with your work or school account. diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md index 8f6ebb3c64..bf93d24969 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md @@ -38,7 +38,7 @@ With the setting set to **Disabled** or not configured: ![Screenshot of Windows Security showing the shield icon and virus and threat protection section](images/defender/wdav-headless-mode-off-1703.png) >[!NOTE] ->Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually [configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) +>Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually [configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) In earlier versions of Windows 10, the setting will hide the Windows Defender client interface. If the user attempts to open it, they will receive a warning that says, "Your system administrator has restricted access to this app." @@ -56,7 +56,7 @@ In earlier versions of Windows 10, the setting will hide the Windows Defender cl 5. Double-click the **Enable headless UI mode** setting and set the option to **Enabled**. Click **OK**. -See [Prevent users from locally modifying policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) for more options on preventing users form modifying protection on their PCs. +See [Prevent users from locally modifying policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) for more options on preventing users form modifying protection on their PCs. ## Prevent users from pausing a scan @@ -76,8 +76,8 @@ You can prevent users from pausing scans, which can be helpful to ensure schedul ## Related articles -- [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) +- [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) -- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) +- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md index caea14600c..30282438d8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md @@ -29,16 +29,16 @@ Microsoft Operations Management Suite has an [Update Compliance add-in](/windows If you have a third-party security information and event management (SIEM) server, you can also consume [Windows Defender client events](https://msdn.microsoft.com/library/windows/desktop/aa964766(v=vs.85).aspx). -Windows events comprise several security event sources, including Security Account Manager (SAM) events ([enhanced for Windows 10](https://technet.microsoft.com/library/mt431757.aspx), also see the [Security auditing](/windows/device-security/auditing/security-auditing-overview) topic) and [Windows Defender events](troubleshoot-windows-defender-antivirus.md). +Windows events comprise several security event sources, including Security Account Manager (SAM) events ([enhanced for Windows 10](https://technet.microsoft.com/library/mt431757.aspx), also see the [Security auditing](/windows/device-security/auditing/security-auditing-overview) topic) and [Windows Defender events](troubleshoot-microsoft-defender-antivirus.md). These events can be centrally aggregated using the [Windows event collector](https://msdn.microsoft.com/library/windows/desktop/bb427443(v=vs.85).aspx). Often, SIEM servers have connectors for Windows events, allowing you to correlate all security events in your SIEM server. You can also [monitor malware events using the Malware Assessment solution in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-malware). -For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, see the [(Deployment, management, and reporting options table)](deploy-manage-report-windows-defender-antivirus.md#ref2). +For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, see the [(Deployment, management, and reporting options table)](deploy-manage-report-microsoft-defender-antivirus.md#ref2). ## Related articles -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) +- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md index 625c85ac9a..35be37a69f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md @@ -35,9 +35,9 @@ If Microsoft Defender Antivirus is configured to detect and remediate threats on ## Related articles -- [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md) -- [Review scan results](review-scan-results-windows-defender-antivirus.md) -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md) -- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) -- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) +- [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) +- [Review scan results](review-scan-results-microsoft-defender-antivirus.md) +- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) +- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) +- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md index d0f31c4c8d..767bde8aa6 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md @@ -23,7 +23,7 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -After an Windows Defender Antivirus scan completes, whether it is an [on-demand](run-scan-windows-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-windows-defender-antivirus.md), the results are recorded and you can view the results. +After an Windows Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. ## Use Microsoft Intune to review scan results @@ -56,7 +56,7 @@ Get-MpThreat ![IMAGEALT](images/defender/wdav-get-mpthreat.png) -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. ## Use Windows Management Instruction (WMI) to review scan results @@ -65,5 +65,5 @@ Use the [**Get** method of the **MSFT_MpThreat** and **MSFT_MpThreatDetection**] ## Related articles -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md index f36197fe0f..876c7c6685 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md @@ -30,7 +30,7 @@ You can run an on-demand scan on individual endpoints. These scans will start im Quick scan looks at all the locations where there could be malware registered to start with the system, such as registry keys and known Windows startup folders. -Combined with [always-on real-time protection capability](configure-real-time-protection-windows-defender-antivirus.md)--which reviews files when they are opened and closed, and whenever a user navigates to a folder--a quick scan helps provide strong coverage both for malware that starts with the system and kernel-level malware. +Combined with [always-on real-time protection capability](configure-real-time-protection-microsoft-defender-antivirus.md)--which reviews files when they are opened and closed, and whenever a user navigates to a folder--a quick scan helps provide strong coverage both for malware that starts with the system and kernel-level malware. In most instances, this means a quick scan is adequate to find malware that wasn't picked up by real-time protection. @@ -50,7 +50,7 @@ Use the following `-scan` parameter: ```DOS mpcmdrun.exe -scan -scantype 1 ``` -See [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender Antivirus](command-line-arguments-windows-defender-antivirus.md) for more information on how to use the tool and additional parameters, including starting a full scan or defining paths. +See [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender Antivirus](command-line-arguments-microsoft-defender-antivirus.md) for more information on how to use the tool and additional parameters, including starting a full scan or defining paths. ## Use Microsoft Intune to run a scan @@ -70,7 +70,7 @@ Use the following cmdlet: ```PowerShell Start-MpScan ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. ## Use Windows Management Instruction (WMI) to run a scan @@ -82,6 +82,6 @@ See the following for more information and allowed parameters: ## Related articles -- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-windows-defender-antivirus.md) -- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) +- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index b2b391a114..ac688d7602 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -24,12 +24,12 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!NOTE] -> By default, Windows Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) to override this default. +> By default, Windows Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) to override this default. -In addition to always-on real-time protection and [on-demand](run-scan-windows-defender-antivirus.md) scans, you can set up regular, scheduled scans. +In addition to always-on real-time protection and [on-demand](run-scan-microsoft-defender-antivirus.md) scans, you can set up regular, scheduled scans. -You can configure the type of scan, when the scan should occur, and if the scan should occur after a [protection update](manage-protection-updates-windows-defender-antivirus.md) or if the endpoint is being used. You can also specify when special scans to complete remediation should occur. +You can configure the type of scan, when the scan should occur, and if the scan should occur after a [protection update](manage-protection-updates-microsoft-defender-antivirus.md) or if the endpoint is being used. You can also specify when special scans to complete remediation should occur. This topic describes how to configure scheduled scans with Group Policy, PowerShell cmdlets, and WMI. You can also configure schedules scans with [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#scheduled-scans-settings) or [Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). @@ -45,7 +45,7 @@ To configure the Group Policy settings described in this topic: 6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. -Also see the [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) and [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) topics. +Also see the [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) and [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) topics. ## Quick scan versus full scan and custom scan @@ -53,11 +53,11 @@ When you set up scheduled scans, you can set up whether the scan should be a ful Quick scans look at all the locations where there could be malware registered to start with the system, such as registry keys and known Windows startup folders. -Combined with [always-on real-time protection capability](configure-real-time-protection-windows-defender-antivirus.md) - which reviews files when they are opened and closed, and whenever a user navigates to a folder - a quick scan helps provide strong coverage both for malware that starts with the system and kernel-level malware. +Combined with [always-on real-time protection capability](configure-real-time-protection-microsoft-defender-antivirus.md) - which reviews files when they are opened and closed, and whenever a user navigates to a folder - a quick scan helps provide strong coverage both for malware that starts with the system and kernel-level malware. In most instances, this means a quick scan is adequate to find malware that wasn't picked up by real-time protection. -A full scan can be useful on endpoints that have encountered a malware threat to identify if there are any inactive components that require a more thorough clean-up. In this instance, you may want to use a full scan when running an [on-demand scan](run-scan-windows-defender-antivirus.md). +A full scan can be useful on endpoints that have encountered a malware threat to identify if there are any inactive components that require a more thorough clean-up. In this instance, you may want to use a full scan when running an [on-demand scan](run-scan-microsoft-defender-antivirus.md). A custom scan allows you to specify the files and folders to scan, such as a USB drive. @@ -92,7 +92,7 @@ Set-MpPreference -RandomizeScheduleTaskTimes ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. **Use Windows Management Instruction (WMI) to schedule scans:** @@ -127,7 +127,7 @@ Use the following cmdlets: Set-MpPreference -ScanOnlyIfIdleEnabled ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. **Use Windows Management Instruction (WMI):** @@ -163,7 +163,7 @@ Set-MpPreference -RemediationScheduleDay Set-MpPreference -RemediationScheduleTime ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. **Use Windows Management Instruction (WMI):** @@ -200,7 +200,7 @@ Use the following cmdlets: Set-MpPreference -ScanScheduleQuickTime ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. **Use Windows Management Instruction (WMI) to schedule daily scans:** @@ -217,7 +217,7 @@ See the following for more information and allowed parameters: ## Enable scans after protection updates -You can force a scan to occur after every [protection update](manage-protection-updates-windows-defender-antivirus.md) with Group Policy. +You can force a scan to occur after every [protection update](manage-protection-updates-microsoft-defender-antivirus.md) with Group Policy. **Use Group Policy to schedule scans after protection updates** @@ -232,9 +232,9 @@ Signature updates | Turn on scan after Security intelligence update | A scan wil ## Related topics -- [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-windows-defender-antivirus.md) -- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-windows-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) -- [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) +- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) +- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md index d04a0c0bd5..52bbe5da00 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md @@ -75,8 +75,8 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht ## Related articles -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) - [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index 2efa65178d..1c880042ba 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -34,7 +34,7 @@ Typically, the most common indicators of a problem are: - You do not see any devices at all - The reports and information you do see is outdated (older than a few days) -For common error codes and event IDs related to the Windows Defender Antivirus service that are not related to Update Compliance, see [Windows Defender Antivirus events](troubleshoot-windows-defender-antivirus.md). +For common error codes and event IDs related to the Windows Defender Antivirus service that are not related to Update Compliance, see [Windows Defender Antivirus events](troubleshoot-microsoft-defender-antivirus.md). There are three steps to troubleshooting these problems: @@ -51,9 +51,9 @@ There are three steps to troubleshooting these problems: In order for devices to properly show up in Update Compliance, you have to meet certain prerequisites for both the Update Compliance service and for Windows Defender Antivirus: >[!div class="checklist"] ->- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. -> - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md). -> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) +>- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](microsoft-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. +> - [Cloud-delivered protection is enabled](enable-cloud-protection-microsoft-defender-antivirus.md). +> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-microsoft-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) > - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level). > - It has been 3 days since all requirements have been met @@ -71,5 +71,5 @@ If the above prerequisites have all been met, you might need to proceed to the n ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 8b02e56f61..1297928141 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -43,7 +43,7 @@ The tables list: Windows Defender Antivirus records event IDs in the Windows event log. -You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender Antivirus client event IDs](troubleshoot-windows-defender-antivirus.md#windows-defender-av-ids) to review specific events and errors from your endpoints. +You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender Antivirus client event IDs](troubleshoot-microsoft-defender-antivirus.md#windows-defender-av-ids) to review specific events and errors from your endpoints. The table in this section lists the main Windows Defender Antivirus event IDs and, where possible, provides suggested solutions to fix or resolve the error. @@ -1541,7 +1541,7 @@ User action: This error occurs when there is a problem updating definitions. To troubleshoot this event:

        -
      1. Update definitions and force a rescan directly on the endpoint.
        2. +
      2. Update definitions and force a rescan directly on the endpoint.
      3. Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.
      4. Contact Microsoft Technical Support.
        5. @@ -1634,7 +1634,7 @@ User action: The Windows Defender Antivirus client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update. To troubleshoot this event:
          -
        1. Update definitions and force a rescan directly on the endpoint.
          2. +
        2. Update definitions and force a rescan directly on the endpoint.
        3. Contact Microsoft Technical Support.
        @@ -2910,7 +2910,7 @@ You can only use Windows Defender Antivirus in Windows 10. For Windows 8, Window The following error codes are used during internal testing of Windows Defender Antivirus. -If you see these errors, you can try to [update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint. +If you see these errors, you can try to [update definitions](manage-updates-baselines-microsoft-defender-antivirus.md) and force a rescan directly on the endpoint. @@ -3240,5 +3240,5 @@ This is an internal error. It might have triggered when a scan fails to complete ## Related topics -- [Report on Windows Defender Antivirus protection](report-monitor-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Report on Windows Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md index 84d8ca6968..7c989eb15a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md @@ -43,41 +43,41 @@ The following table in this topic lists the Group Policy settings available in W Location | Setting | Article ---|---|--- -Client interface | Enable headless UI mode | [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-windows-defender-antivirus.md) -Client interface | Display additional text to clients when they need to perform an action | [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) -Client interface | Suppress all notifications | [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) -Client interface | Suppresses reboot notifications | [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) -Exclusions | Extension Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md) -Exclusions | Path Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md) -Exclusions | Process Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md) -Exclusions | Turn off Auto Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md) -MAPS | Configure the 'Block at First Sight' feature | [Enable block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md) -MAPS | Join Microsoft MAPS | [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) -MAPS | Send file samples when further analysis is required | [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) -MAPS | Configure local setting override for reporting to Microsoft MAPS | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -MpEngine | Configure extended cloud check | [Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) -MpEngine | Select cloud protection level | [Specify the cloud-delivered protection level](specify-cloud-protection-level-windows-defender-antivirus.md) +Client interface | Enable headless UI mode | [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) +Client interface | Display additional text to clients when they need to perform an action | [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) +Client interface | Suppress all notifications | [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) +Client interface | Suppresses reboot notifications | [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) +Exclusions | Extension Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +Exclusions | Path Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +Exclusions | Process Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +Exclusions | Turn off Auto Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +MAPS | Configure the 'Block at First Sight' feature | [Enable block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) +MAPS | Join Microsoft MAPS | [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) +MAPS | Send file samples when further analysis is required | [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) +MAPS | Configure local setting override for reporting to Microsoft MAPS | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +MpEngine | Configure extended cloud check | [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) +MpEngine | Select cloud protection level | [Specify the cloud-delivered protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md) Network inspection system | Specify additional definition sets for network traffic inspection | Not used Network inspection system | Turn on definition retirement | Not used Network inspection system | Turn on protocol recognition | Not used -Quarantine | Configure local setting override for the removal of items from Quarantine folder | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Quarantine | Configure removal of items from Quarantine folder | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) -Real-time protection | Configure local setting override for monitoring file and program activity on your computer | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Real-time protection | Configure local setting override for monitoring for incoming and outgoing file activity | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Real-time protection | Configure local setting override for scanning all downloaded files and attachments | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Real-time protection | Configure local setting override for turn on behavior monitoring | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Real-time protection | Configure local setting override to turn on real-time protection | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Real-time protection | Define the maximum size of downloaded files and attachments to be scanned | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Monitor file and program activity on your computer | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Scan all downloaded files and attachments | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Turn off real-time protection | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Turn on behavior monitoring | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Turn on process scanning whenever real-time protection is enabled | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Turn on raw volume write notifications | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Real-time protection | Configure monitoring for incoming and outgoing file and program activity | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Remediation | Configure local setting override for the time of day to run a scheduled full scan to complete remediation | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Remediation | Specify the day of the week to run a scheduled full scan to complete remediation | [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -Remediation | Specify the time of day to run a scheduled full scan to complete remediation | [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-windows-defender-antivirus.md) +Quarantine | Configure local setting override for the removal of items from Quarantine folder | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Quarantine | Configure removal of items from Quarantine folder | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for monitoring file and program activity on your computer | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for monitoring for incoming and outgoing file activity | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for scanning all downloaded files and attachments | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for turn on behavior monitoring | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override to turn on real-time protection | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Real-time protection | Define the maximum size of downloaded files and attachments to be scanned | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Monitor file and program activity on your computer | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Scan all downloaded files and attachments | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Turn off real-time protection | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Turn on behavior monitoring | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Turn on process scanning whenever real-time protection is enabled | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Turn on raw volume write notifications | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure monitoring for incoming and outgoing file and program activity | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Remediation | Configure local setting override for the time of day to run a scheduled full scan to complete remediation | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Remediation | Specify the day of the week to run a scheduled full scan to complete remediation | [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Remediation | Specify the time of day to run a scheduled full scan to complete remediation | [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) Reporting | Configure Watson events | Not used Reporting | Configure Windows software trace preprocessor components | Not used Reporting | Configure WPP tracing level | Not used @@ -85,66 +85,66 @@ Reporting | Configure time out for detections in critically failed state | Not u Reporting | Configure time out for detections in non-critical failed state | Not used Reporting | Configure time out for detections in recently remediated state | Not used Reporting | Configure time out for detections requiring additional action | Not used -Reporting | Turn off enhanced notifications | [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) +Reporting | Turn off enhanced notifications | [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) Root | Turn off Windows Defender Antivirus | Not used (This setting must be set to **Not configured** to ensure any installed third-party antivirus apps work correctly) Root | Define addresses to bypass proxy server | Not used Root | Define proxy autoconfig (.pac) for connecting to the network | Not used Root | Define proxy server for connecting to the network | Not used -Root | Configure local administrator merge behavior for lists | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Root | Allow antimalware service to start up with normal priority | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) -Root | Allow antimalware service to remain running always | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) -Root | Turn off routine remediation | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) -Root | Randomize scheduled task times | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) -Scan | Allow users to pause scan | [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-windows-defender-antivirus.md) -Scan | Check for the latest virus and spyware definitions before running a scheduled scan | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -Scan | Define the number of days after which a catch-up scan is forced | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -Scan | Turn on catch up full scan | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -Scan | Turn on catch up quick scan | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -Scan | Configure local setting override for maximum percentage of CPU utilization | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Scan | Configure local setting override for schedule scan day | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Scan | Configure local setting override for scheduled quick scan time | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Scan | Configure local setting override for scheduled scan time | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Scan | Configure local setting override for the scan type to use for a scheduled scan | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) -Scan | Create a system restore point | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) -Scan | Turn on removal of items from scan history folder | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) -Scan | Turn on heuristics | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -Scan | Turn on e-mail scanning | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Turn on reparse point scanning | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Run full scan on mapped network drives | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Scan archive files | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Scan network files | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Scan packed executables | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Scan removable drives | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Specify the maximum depth to scan archive files | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Specify the maximum percentage of CPU utilization during a scan | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Specify the maximum size of archive files to be scanned | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-windows-defender-antivirus.md) -Scan | Specify the day of the week to run a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) -Scan | Specify the interval to run quick scans per day | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) -Scan | Specify the scan type to use for a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) -Scan | Specify the time for a daily quick scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) -Scan | Specify the time of day to run a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) -Scan | Start the scheduled scan only when computer is on but not in use | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) -Security intelligence updates | Allow security intelligence updates from Microsoft Update | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -Security intelligence updates | Allow security intelligence updates when running on battery power | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -Security intelligence updates | Allow notifications to disable definitions-based reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -Security intelligence updates | Allow real-time security intelligence updates based on reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -Security intelligence updates | Check for the latest virus and spyware definitions on startup | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -Security intelligence updates | Define file shares for downloading security intelligence updates | [Manage Windows Defender Antivirus protection and security intelligence updates](manage-protection-updates-windows-defender-antivirus.md) -Security intelligence updates | Define the number of days after which a catch up security intelligence update is required | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -Security intelligence updates | Define the number of days before spyware definitions are considered out of date | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -Security intelligence updates | Define the number of days before virus definitions are considered out of date | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -Security intelligence updates | Define the order of sources for downloading security intelligence updates | [Manage Windows Defender Antivirus protection and security intelligence updates](manage-protection-updates-windows-defender-antivirus.md) -Security intelligence updates | Initiate security intelligence update on startup | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -Security intelligence updates | Specify the day of the week to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -Security intelligence updates | Specify the interval to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -Security intelligence updates | Specify the time to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -Security intelligence updates | Turn on scan after Security intelligence update | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) -Threats | Specify threat alert levels at which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) -Threats | Specify threats upon which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) +Root | Configure local administrator merge behavior for lists | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Root | Allow antimalware service to start up with normal priority | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Root | Allow antimalware service to remain running always | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Root | Turn off routine remediation | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Root | Randomize scheduled task times | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Allow users to pause scan | [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) +Scan | Check for the latest virus and spyware definitions before running a scheduled scan | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) +Scan | Define the number of days after which a catch-up scan is forced | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +Scan | Turn on catch up full scan | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +Scan | Turn on catch up quick scan | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +Scan | Configure local setting override for maximum percentage of CPU utilization | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Scan | Configure local setting override for schedule scan day | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Scan | Configure local setting override for scheduled quick scan time | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Scan | Configure local setting override for scheduled scan time | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Scan | Configure local setting override for the scan type to use for a scheduled scan | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) +Scan | Create a system restore point | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Scan | Turn on removal of items from scan history folder | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Scan | Turn on heuristics | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Scan | Turn on e-mail scanning | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Turn on reparse point scanning | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Run full scan on mapped network drives | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Scan archive files | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Scan network files | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Scan packed executables | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Scan removable drives | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Specify the maximum depth to scan archive files | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Specify the maximum percentage of CPU utilization during a scan | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Specify the maximum size of archive files to be scanned | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Specify the day of the week to run a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Specify the interval to run quick scans per day | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Specify the scan type to use for a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Specify the time for a daily quick scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Specify the time of day to run a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Start the scheduled scan only when computer is on but not in use | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Security intelligence updates | Allow security intelligence updates from Microsoft Update | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) +Security intelligence updates | Allow security intelligence updates when running on battery power | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) +Security intelligence updates | Allow notifications to disable definitions-based reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) +Security intelligence updates | Allow real-time security intelligence updates based on reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) +Security intelligence updates | Check for the latest virus and spyware definitions on startup | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) +Security intelligence updates | Define file shares for downloading security intelligence updates | [Manage Windows Defender Antivirus protection and security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) +Security intelligence updates | Define the number of days after which a catch up security intelligence update is required | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +Security intelligence updates | Define the number of days before spyware definitions are considered out of date | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +Security intelligence updates | Define the number of days before virus definitions are considered out of date | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) +Security intelligence updates | Define the order of sources for downloading security intelligence updates | [Manage Windows Defender Antivirus protection and security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) +Security intelligence updates | Initiate security intelligence update on startup | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) +Security intelligence updates | Specify the day of the week to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) +Security intelligence updates | Specify the interval to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) +Security intelligence updates | Specify the time to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) +Security intelligence updates | Turn on scan after Security intelligence update | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Threats | Specify threat alert levels at which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Threats | Specify threats upon which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) ## Related articles -- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md index df5a122dda..880a57432f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md @@ -34,5 +34,5 @@ For Microsoft Intune, consult the [Microsoft Intune library](https://docs.micros ## Related articles -- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md index 76de6faff6..88bb40bc67 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md @@ -34,7 +34,7 @@ PowerShell cmdlets are most useful in Windows Server environments that don't rel Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell. -You can [configure which settings can be overridden locally with local policy overrides](configure-local-policy-overrides-windows-defender-antivirus.md). +You can [configure which settings can be overridden locally with local policy overrides](configure-local-policy-overrides-microsoft-defender-antivirus.md). PowerShell is typically installed under the folder `%SystemRoot%\system32\WindowsPowerShell`. @@ -57,5 +57,5 @@ Omit the `-online` parameter to get locally cached help. ## Related topics -- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md index bac24170b6..dbf54ea3dc 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md @@ -27,15 +27,15 @@ Windows Management Instrumentation (WMI) is a scripting interface that allows yo Read more about WMI at the [Microsoft Developer Network System Administration library](https://msdn.microsoft.com/library/aa394582(v=vs.85).aspx). -Windows Defender Antivirus has a number of specific WMI classes that can be used to perform most of the same functions as Group Policy and other management tools. Many of the classes are analogous to [Defender PowerShell cmdlets](use-powershell-cmdlets-windows-defender-antivirus.md). +Windows Defender Antivirus has a number of specific WMI classes that can be used to perform most of the same functions as Group Policy and other management tools. Many of the classes are analogous to [Defender PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md). The [MSDN Windows Defender WMIv2 Provider reference library](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) lists the available WMI classes for Windows Defender Antivirus, and includes example scripts. Changes made with WMI will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with WMI. -You can [configure which settings can be overridden locally with local policy overrides](configure-local-policy-overrides-windows-defender-antivirus.md). +You can [configure which settings can be overridden locally with local policy overrides](configure-local-policy-overrides-microsoft-defender-antivirus.md). ## Related topics -- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index 4bf7025062..0d7199bee4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -44,11 +44,11 @@ src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc Read the following blog posts for detailed protection stories involving cloud-protection and Microsoft AI: -- [Why Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/) +- [Why Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-microsoft-defender-antivirus-is-the-most-deployed-in-the-enterprise/) - [Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/) - [How artificial intelligence stopped an Emotet outbreak](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/) -- [Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/) -- [Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware](https://cloudblogs.microsoft.com/microsoftsecure/2017/07/18/windows-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware/) +- [Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-microsoft-defender-antivirus-and-layered-machine-learning-defenses/) +- [Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware](https://cloudblogs.microsoft.com/microsoftsecure/2017/07/18/microsoft-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware/) ## Get cloud-delivered protection @@ -70,17 +70,17 @@ The following table describes the differences in cloud-delivered protection betw |Microsoft Endpoint Configuration Manager (Current Branch) |Cloud protection service |Dependent on Windows version |Configurable | |Microsoft Intune |Microsoft Advanced Protection Service |Dependent on Windows version |Configurable | -You can also [configure Windows Defender Antivirus to automatically receive new protection updates based on reports from our cloud service](manage-event-based-updates-windows-defender-antivirus.md#cloud-report-updates). +You can also [configure Windows Defender Antivirus to automatically receive new protection updates based on reports from our cloud service](manage-event-based-updates-microsoft-defender-antivirus.md#cloud-report-updates). ## Tasks -- [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md). You can enable cloud-delivered protection with Microsoft Endpoint Configuration Manager, Group Policy, Microsoft Intune, and PowerShell cmdlets. +- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md). You can enable cloud-delivered protection with Microsoft Endpoint Configuration Manager, Group Policy, Microsoft Intune, and PowerShell cmdlets. -- [Specify the cloud-delivered protection level](specify-cloud-protection-level-windows-defender-antivirus.md). You can specify the level of protection offered by the cloud with Group Policy and Microsoft Endpoint Configuration Manager. The protection level will affect the amount of information shared with the cloud and how aggressively new files are blocked. +- [Specify the cloud-delivered protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md). You can specify the level of protection offered by the cloud with Group Policy and Microsoft Endpoint Configuration Manager. The protection level will affect the amount of information shared with the cloud and how aggressively new files are blocked. -- [Configure and validate network connections for Windows Defender Antivirus](configure-network-connections-windows-defender-antivirus.md). There are certain Microsoft URLs that your network and endpoints must be able to connect to for cloud-delivered protection to work effectively. This article lists the URLs that should be allowed via firewall or network filtering rules, and instructions for confirming your network is properly enrolled in cloud-delivered protection. +- [Configure and validate network connections for Windows Defender Antivirus](configure-network-connections-microsoft-defender-antivirus.md). There are certain Microsoft URLs that your network and endpoints must be able to connect to for cloud-delivered protection to work effectively. This article lists the URLs that should be allowed via firewall or network filtering rules, and instructions for confirming your network is properly enrolled in cloud-delivered protection. -- [Configure the block at first sight feature](configure-block-at-first-sight-windows-defender-antivirus.md). The "block at first sight" feature can block new malware within seconds, without having to wait hours for traditional Security intelligence. You can enable and configure it with Microsoft Endpoint Configuration Manager and Group Policy. +- [Configure the block at first sight feature](configure-block-at-first-sight-microsoft-defender-antivirus.md). The "block at first sight" feature can block new malware within seconds, without having to wait hours for traditional Security intelligence. You can enable and configure it with Microsoft Endpoint Configuration Manager and Group Policy. -- [Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md). Windows Defender Antivirus can block suspicious files from running while it queries our cloud-delivered protection service. You can configure the amount of time the file will be prevented from running with Microsoft Endpoint Configuration Manager and Group Policy. +- [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md). Windows Defender Antivirus can block suspicious files from running while it queries our cloud-delivered protection service. You can configure the amount of time the file will be prevented from running with Microsoft Endpoint Configuration Manager and Group Policy. diff --git a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md index bfca4b0430..aae7ad22c5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md @@ -34,7 +34,7 @@ Although you can use a non-Microsoft antivirus solution with Microsoft Defender |--|--|--| |1|Antivirus signal sharing |Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See [Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). | |2|Threat analytics and your configuration score |Windows Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [configuration score](../microsoft-defender-atp/configuration-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. | -|3|Performance |Microsoft Defender ATP is designed to work with Windows Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Windows Defender Antivirus](evaluate-windows-defender-antivirus.md) and [Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).| +|3|Performance |Microsoft Defender ATP is designed to work with Windows Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Windows Defender Antivirus](evaluate-microsoft-defender-antivirus.md) and [Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).| |4|Details about blocked malware |More details and actions for blocked malware are available with Windows Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).| |5|Network protection |Your organization's security team can protect your network by blocking specific URLs and IP addresses. [Protect your network](../microsoft-defender-atp/network-protection.md).| |6|File blocking |Your organization's security team can block specific files. [Stop and quarantine files in your network](../microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network).| @@ -42,7 +42,7 @@ Although you can use a non-Microsoft antivirus solution with Microsoft Defender |8|Auditing events |Auditing event signals are available in [endpoint detection and response capabilities](../microsoft-defender-atp/overview-endpoint-detection-response.md). (These signals are not available with non-Microsoft antivirus solutions.) | |9|Geographic data |Compliant with ISO 270001 and data retention, geographic data is provided according to your organization's selected geographic sovereignty. See [Compliance offerings: ISO/IEC 27001:2013 Information Security Management Standards](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-27001). | |10|File recovery via OneDrive |If you are using Windows Defender Antivirus together with [Office 365](https://docs.microsoft.com/Office365/Enterprise), and your device is attacked by ransomware, your files are protected and recoverable. [OneDrive Files Restore and Windows Defender take ransomware protection one step further](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/OneDrive-Files-Restore-and-Windows-Defender-takes-ransomware/ba-p/188001).| -|11|Technical support |By using Microsoft Defender ATP together with Windows Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](../microsoft-defender-atp/troubleshoot-mdatp.md) and [review event logs and error codes with Windows Defender Antivirus](troubleshoot-windows-defender-antivirus.md). | +|11|Technical support |By using Microsoft Defender ATP together with Windows Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](../microsoft-defender-atp/troubleshoot-mdatp.md) and [review event logs and error codes with Windows Defender Antivirus](troubleshoot-microsoft-defender-antivirus.md). | ## Learn more diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index c758cea607..92be74d830 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -27,7 +27,7 @@ manager: dansimp Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection. - If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Windows Defender Antivirus automatically goes into disabled mode. - If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Windows Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Windows Defender Antivirus.) -- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/shadow-protection) (currently in private preview) enabled, then Windows Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack. +- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/shadow-protection) (currently in private preview) enabled, then Windows Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack. ## Antivirus and Microsoft Defender ATP @@ -45,14 +45,14 @@ The following table summarizes what happens with Windows Defender Antivirus when | Windows Server 2016 or 2019 | Windows Defender Antivirus | Yes | Active mode | | Windows Server 2016 or 2019 | Windows Defender Antivirus | No | Active mode | -(1) On Windows Server 2016 or 2019, Windows Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should [consider uninstalling Windows Defender Antivirus on Windows Server 2016 or 2019](windows-defender-antivirus-on-windows-server-2016.md#need-to-uninstall-windows-defender-antivirus) to prevent problems caused by having multiple antivirus products installed on a machine. +(1) On Windows Server 2016 or 2019, Windows Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should [consider uninstalling Windows Defender Antivirus on Windows Server 2016 or 2019](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-uninstall-microsoft-defender-antivirus) to prevent problems caused by having multiple antivirus products installed on a machine. If you are Using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key: - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection` - Name: ForceDefenderPassiveMode - Value: 1 -See [Windows Defender Antivirus on Windows Server 2016 and 2019](windows-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations. +See [Windows Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations. > [!IMPORTANT] > Windows Defender Antivirus is only available on endpoints running Windows 10, Windows Server 2016, and Windows Server 2019. @@ -65,7 +65,7 @@ See [Windows Defender Antivirus on Windows Server 2016 and 2019](windows-defende The following table summarizes the functionality and features that are available in each state: -|State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus) | +|State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | |--|--|--|--|--|--| |Active mode

        |Yes |No |Yes |Yes |Yes | |Passive mode |No |No |Yes |No |Yes | @@ -81,9 +81,9 @@ The following table summarizes the functionality and features that are available If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks. -When Windows Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender Antivirus engine to periodically check for threats in addition to your main antivirus app. +When Windows Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Windows Defender Antivirus engine to periodically check for threats in addition to your main antivirus app. -In passive and automatic disabled mode, you can still [manage updates for Windows Defender Antivirus](manage-updates-baselines-windows-defender-antivirus.md); however, you can't move Windows Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. +In passive and automatic disabled mode, you can still [manage updates for Windows Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Windows Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. If you uninstall the other product, and choose to use Windows Defender Antivirus to provide protection to your endpoints, Windows Defender Antivirus will automatically return to its normal active mode. @@ -93,6 +93,6 @@ If you uninstall the other product, and choose to use Windows Defender Antivirus ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Windows Defender Antivirus on Windows Server 2016 and 2019](windows-defender-antivirus-on-windows-server-2016.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) - [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index 79ba16ef12..522fee0543 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -27,9 +27,9 @@ ms.custom: nextgen Windows Defender Antivirus is the next-generation protection component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Next-generation protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your enterprise organization. Next-generation protection services include the following: -- [Behavior-based, heuristic, and real-time antivirus protection](configure-protection-features-windows-defender-antivirus.md). This includes always-on scanning using file and process behavior monitoring and other heuristics (also known as "real-time protection"). It also includes detecting and blocking apps that are deemed unsafe, but may not be detected as malware. -- [Cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md). This includes near-instant detection and blocking of new and emerging threats. -- [Dedicated protection and product updates](manage-updates-baselines-windows-defender-antivirus.md). This includes updates related to keeping Windows Defender Antivirus up to date. +- [Behavior-based, heuristic, and real-time antivirus protection](configure-protection-features-microsoft-defender-antivirus.md). This includes always-on scanning using file and process behavior monitoring and other heuristics (also known as "real-time protection"). It also includes detecting and blocking apps that are deemed unsafe, but may not be detected as malware. +- [Cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). This includes near-instant detection and blocking of new and emerging threats. +- [Dedicated protection and product updates](manage-updates-baselines-microsoft-defender-antivirus.md). This includes updates related to keeping Windows Defender Antivirus up to date. ## Try a demo! @@ -47,13 +47,13 @@ Windows Defender Antivirus has the same hardware requirements as of Windows 10. ## Configure next-generation protection services -For information on how to configure next-generation protection services, see [Configure Windows Defender Antivirus features](configure-windows-defender-antivirus-features.md). +For information on how to configure next-generation protection services, see [Configure Windows Defender Antivirus features](configure-microsoft-defender-antivirus-features.md). > [!Note] -> Configuration and management is largely the same in Windows Server 2016 and Windows Server 2019, while running Windows Defender Antivirus; however, there are some differences. To learn more, see [Windows Defender Antivirus on Windows Server 2016 and 2019](windows-defender-antivirus-on-windows-server-2016.md). +> Configuration and management is largely the same in Windows Server 2016 and Windows Server 2019, while running Windows Defender Antivirus; however, there are some differences. To learn more, see [Windows Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md). ## Related articles -- [Windows Defender Antivirus management and configuration](configuration-management-reference-windows-defender-antivirus.md) +- [Windows Defender Antivirus management and configuration](configuration-management-reference-microsoft-defender-antivirus.md) -- [Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md) +- [Evaluate Windows Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md index 6ff0b08f83..e95d90109a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md @@ -26,7 +26,7 @@ Windows Defender Antivirus is available on Windows Server 2016 and Windows Serve While the functionality, configuration, and management are largely the same for Windows Defender Antivirus on Windows 10, there are a few key differences on Windows Server 2016 or Windows Server 2019: -- In Windows Server, [automatic exclusions](configure-server-exclusions-windows-defender-antivirus.md) are applied based on your defined Server Role. +- In Windows Server, [automatic exclusions](configure-server-exclusions-microsoft-defender-antivirus.md) are applied based on your defined Server Role. - In Windows Server, Windows Defender Antivirus does not automatically disable itself if you are running another antivirus product. ## The process at a glance @@ -35,9 +35,9 @@ The process of setting up and running Windows Defender Antivirus on a server pla 1. [Enable the interface](#enable-the-user-interface-on-windows-server-2016-or-2019) -2. [Install Windows Defender Antivirus](#install-windows-defender-antivirus-on-windows-server-2016-or-2019) +2. [Install Windows Defender Antivirus](#install-microsoft-defender-antivirus-on-windows-server-2016-or-2019) -2. [Verify Windows Defender Antivirus is running](#verify-windows-defender-antivirus-is-running) +2. [Verify Windows Defender Antivirus is running](#verify-microsoft-defender-antivirus-is-running) 3. [Update your antimalware Security intelligence](#update-antimalware-security-intelligence) @@ -45,7 +45,7 @@ The process of setting up and running Windows Defender Antivirus on a server pla 5. (As needed) [Configure automatic exclusions](#configure-automatic-exclusions) -6. (Only if necessary) [Uninstall Windows Defender Antivirus](#need-to-uninstall-windows-defender-antivirus) +6. (Only if necessary) [Uninstall Windows Defender Antivirus](#need-to-uninstall-microsoft-defender-antivirus) ## Enable the user interface on Windows Server 2016 or 2019 @@ -91,7 +91,7 @@ To use PowerShell to install Windows Defender Antivirus, run the following cmdle Install-WindowsFeature -Name Windows-Defender ``` -Event messages for the antimalware engine included with Windows Defender Antivirus can be found in [Windows Defender AV Events](troubleshoot-windows-defender-antivirus.md). +Event messages for the antimalware engine included with Windows Defender Antivirus can be found in [Windows Defender AV Events](troubleshoot-microsoft-defender-antivirus.md). ## Verify Windows Defender Antivirus is running @@ -170,7 +170,7 @@ To enable automatic sample submission, start a Windows PowerShell console as an To help ensure security and performance, certain exclusions are automatically added based on the roles and features you install when using Windows Defender Antivirus on Windows Server 2016 or 2019. -See [Configure exclusions in Windows Defender Antivirus on Windows Server](configure-server-exclusions-windows-defender-antivirus.md). +See [Configure exclusions in Windows Defender Antivirus on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md). ## Need to uninstall Windows Defender Antivirus? @@ -178,7 +178,7 @@ If you are using a third-party antivirus solution and you're running into issues - See the question "Should I run Microsoft security software at the same time as other security products?" on the [Windows Defender Security Intelligence Antivirus and antimalware software FAQ](https://www.microsoft.com/wdsi/help/antimalware-faq#multiple-products). -- See [Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus). This article describes 10 advantages to using Windows Defender Antivirus together with Microsoft Defender Advanced Threat Protection. +- See [Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus). This article describes 10 advantages to using Windows Defender Antivirus together with Microsoft Defender Advanced Threat Protection. If you determine you do want to uninstall Windows Defender Antivirus, follow the steps in the following sections. @@ -214,8 +214,8 @@ Uninstall-WindowsFeature -Name Windows-Defender-GUI ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) +- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md index b8fbc245ce..d4a0f79848 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md @@ -50,7 +50,7 @@ Windows Defender Offline uses the most recent protection updates available on th > [!NOTE] > Before running an offline scan, you should attempt to update Windows Defender AV protection. You can either force an update with Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest protection updates from the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx). -See the [Manage Windows Defender Antivirus Security intelligence updates](manage-protection-updates-windows-defender-antivirus.md) topic for more information. +See the [Manage Windows Defender Antivirus Security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) topic for more information. ## Usage scenarios @@ -77,7 +77,7 @@ Windows Defender Offline scans are indicated under **Malware remediation status* Windows Defender Offline notifications are configured in the same policy setting as other Windows Defender AV notifications. -For more information about notifications in Windows Defender, see the [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) topic. +For more information about notifications in Windows Defender, see the [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) topic. ## Run a scan @@ -100,7 +100,7 @@ Use the following cmdlets: Start-MpWDOScan ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. ### Use Windows Management Instruction (WMI) to run an offline scan @@ -137,5 +137,5 @@ Windows Defender Offline scan results will be listed in the [Scan history sectio ## Related articles -- [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index 77eca7df65..d15ce423b2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -67,7 +67,7 @@ Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | De This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Windows Defender Antivirus in the Windows Security app. > [!NOTE] -> If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) topic describes how local policy override settings can be configured. +> If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) topic describes how local policy override settings can be configured. @@ -108,7 +108,7 @@ This section describes how to perform some of the most common tasks when reviewi >[!NOTE] >If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats. - >If you install another antivirus product, Windows Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md). + >If you install another antivirus product, Windows Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md). @@ -136,8 +136,8 @@ The following table summarizes exclusion types and what happens: |**Process** |Executable file path
        Example: `c:\test\process.exe` |The specific process and any files that are opened by that process are skipped by Windows Defender Antivirus. | To learn more, see: -- [Configure and validate exclusions based on file extension and folder location](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus) -- [Configure exclusions for files opened by processes](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus) +- [Configure and validate exclusions based on file extension and folder location](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus) +- [Configure exclusions for files opened by processes](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus) ### Review threat detection history in the Windows Defender Security Center app @@ -167,6 +167,6 @@ To learn more, see: ## Related articles -- [Windows Defender Antivirus](windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md index d84d263388..cb2c999276 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md @@ -34,7 +34,7 @@ You can add information about your organization in a contact card to the Windows ![The security center custom fly-out](images/security-center-custom-flyout.png) -This information will also be shown in some enterprise-specific notifications (including those for the [Block at first sight feature](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus), and [potentially unwanted applications](/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus). +This information will also be shown in some enterprise-specific notifications (including those for the [Block at first sight feature](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus). ![A security center notification](images/security-center-custom-notif.png) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md index 4c160a092a..afc4696bb8 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md @@ -30,8 +30,8 @@ In Windows 10, version 1803, this section also contains information and settings IT administrators and IT pros can get more information and documentation about configuration from the following: -- [Windows Defender Antivirus in the Windows Security app](../windows-defender-antivirus/windows-defender-security-center-antivirus.md) -- [Windows Defender Antivirus documentation library](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus in the Windows Security app](../microsoft-defender-antivirus/windows-defender-security-center-antivirus.md) +- [Windows Defender Antivirus documentation library](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) - [Protect important folders with Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard) - [Defend yourself from cybercrime with new Office 365 capabilities](https://blogs.office.com/en-us/2018/04/05/defend-yourself-from-cybercrime-with-new-office-365-capabilities/) - [Office 365 advanced protection](https://support.office.com/en-us/article/office-365-advanced-protection-82e72640-39be-4dc7-8efd-740fb289123a) diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 56b6759416..eeece88781 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -40,9 +40,9 @@ In Windows 10, version 1803, the app has two new areas, **Account protection** a You can't uninstall the Windows Security app, but you can do one of the following: -- Disable the interface on Windows Server 2016. See [Windows Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016). +- Disable the interface on Windows Server 2016. See [Windows Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016). - Hide all of the sections on client computers (see below). -- Disable Windows Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). +- Disable Windows Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). You can find more information about each section, including options for configuring the sections - such as hiding each of the sections - at the following topics: @@ -83,7 +83,7 @@ You can find more information about each section, including options for configur > >These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product. > ->Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). +>Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). > > Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). @@ -103,4 +103,4 @@ Disabling any of the individual features (through Group Policy or other manageme > [!IMPORTANT] > Individually disabling any of the services will not disable the other services or the Windows Security app. -For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility). However, the Windows Security app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall. +For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). However, the Windows Security app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 727cc608be..37619d2d6f 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -117,12 +117,12 @@ Windows Information Protection (WIP) helps to protect against this potential dat Several new features and management options have been added to Windows Defender in this version of Windows 10. -- [Windows Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. -- [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. -- [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. -- [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. -- [Run a Windows Defender scan from the command line](/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus). -- [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus) during download and install times. +- [Windows Defender Offline in Windows 10](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. +- [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus) to configure options and run scans. +- [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. +- [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus) to see more information about threat detections and removal. +- [Run a Windows Defender scan from the command line](/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus). +- [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) during download and install times. ### Windows Defender Advanced Threat Protection (ATP) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index d409feafd2..ef900522be 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -74,23 +74,23 @@ But these protections can also be configured separately. And, unlike HVCI, code Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Windows Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Windows Defender ATP portal. - Windows Defender is now called Windows Defender Antivirus and now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). + Windows Defender is now called Windows Defender Antivirus and now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). - We've also [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). The new library includes information on: -- [Deploying and enabling AV protection](/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus) -- [Managing updates](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus) -- [Reporting](/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus) -- [Configuring features](/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) -- [Troubleshooting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus) + We've also [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). The new library includes information on: +- [Deploying and enabling AV protection](/windows/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus) +- [Managing updates](/windows/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) +- [Reporting](/windows/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus) +- [Configuring features](/windows/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features) +- [Troubleshooting](/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus) - Some of the highlights of the new library include [Evaluation guide for Windows Defender AV](/windows/threat-protection/windows-defender-antivirus//evaluate-windows-defender-antivirus) and [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus). + Some of the highlights of the new library include [Evaluation guide for Windows Defender AV](/windows/threat-protection/microsoft-defender-antivirus//evaluate-microsoft-defender-antivirus) and [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus). New features for Windows Defender AV in Windows 10 Enterprise 2019 LTSC include: -- [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) -- [The ability to specify the level of cloud-protection](/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus) -- [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) +- [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) +- [The ability to specify the level of cloud-protection](/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus) +- [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus) - We've [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). + We've [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). **Endpoint detection and response** is also enhanced. New **detection** capabilities include: - [Use the threat intelligence API to create custom alerts](/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization. diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 2b6f691d44..f3e4867a56 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -103,12 +103,12 @@ Windows Information Protection (WIP) helps to protect against this potential dat ### Windows Defender Several new features and management options have been added to Windows Defender in Windows 10, version 1607. -- [Windows Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. -- [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. -- [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. -- [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. -- [Run a Windows Defender scan from the command line](/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus). -- [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus) during download and install times. +- [Windows Defender Offline in Windows 10](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. +- [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus) to configure options and run scans. +- [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. +- [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus) to see more information about threat detections and removal. +- [Run a Windows Defender scan from the command line](/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus). +- [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) during download and install times. ### Windows Defender Advanced Threat Protection (ATP) With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks. diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index bcec94de57..7a8ef2bb5f 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -128,27 +128,27 @@ You can read more about ransomware mitigations and detection capability in Windo Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/windows/mt782787). ### Windows Defender Antivirus -Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). +Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). The new library includes information on: -- [Deploying and enabling AV protection](/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus) -- [Managing updates](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus) -- [Reporting](/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus) -- [Configuring features](/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) -- [Troubleshooting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus) +- [Deploying and enabling AV protection](/windows/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus) +- [Managing updates](/windows/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) +- [Reporting](/windows/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus) +- [Configuring features](/windows/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features) +- [Troubleshooting](/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus) Some of the highlights of the new library include: -- [Evaluation guide for Windows Defender AV](/windows/threat-protection/windows-defender-antivirus//evaluate-windows-defender-antivirus) -- [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus) +- [Evaluation guide for Windows Defender AV](/windows/threat-protection/microsoft-defender-antivirus//evaluate-microsoft-defender-antivirus) +- [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus) New features for Windows Defender AV in Windows 10, version 1703 include: -- [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) -- [The ability to specify the level of cloud-protection](/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus) -- [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) +- [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) +- [The ability to specify the level of cloud-protection](/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus) +- [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus) -In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). +In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). You can read more about ransomware mitigations and detection capability in Windows Defender AV in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index acd7f43bb2..86d2c42f10 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -173,7 +173,7 @@ The new [security baseline for Windows 10 version 1803](https://docs.microsoft.c ### Windows Defender Antivirus -Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). +Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). ### Windows Defender Exploit Guard diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 795fbe2644..aed8001e95 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -83,7 +83,7 @@ The draft release of the [security configuration baseline settings](https://blog ### Microsoft Defender Advanced Threat Protection (ATP): - [Attack surface area reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) – IT admins can configure devices with advanced web protection that enables them to define allow and deny lists for specific URL’s and IP addresses. -- [Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) – Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage. +- [Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) – Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage. - Integrity enforcement capabilities – Enable remote runtime attestation of Windows 10 platform. - Tamper-proofing capabilities – Uses virtualization-based security to isolate critical ATP security capabilities away from the OS and attackers. - [Platform support](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114) – In addition to Windows 10, Windows Defender ATP’s functionality has been extended to support Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server with both its Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities. @@ -138,7 +138,7 @@ This new feature is displayed under the Device Security page with the string “ - [Windows Defender Firewall now supports Windows Subsystem for Linux (WSL)](https://blogs.windows.com/windowsexperience/2018/04/19/announcing-windows-10-insider-preview-build-17650-for-skip-ahead/#II14f7VlSBcZ0Gs4.97): Lets you add rules for WSL process, just like for Windows processes. - [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Windows Defender Offline Scanning tool actions, and any pending recommendations. -- [Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) lets you prevent others from tampering with important security features. +- [Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) lets you prevent others from tampering with important security features. ## Microsoft Edge From 19ba5aac2d905fbbe284e5ba9e2102992cd20a3e Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Wed, 27 May 2020 16:16:49 -0700 Subject: [PATCH 15/99] changed folder windows defender antivirus to microsoft defender antivirus --- .../antivirus-false-positives-negatives.md | 0 .../collect-diagnostic-data-update-compliance.md | 0 ...and-line-arguments-windows-defender-antivirus.md | 0 ...nagement-reference-windows-defender-antivirus.md | 0 ...dvanced-scan-types-windows-defender-antivirus.md | 0 ...ock-at-first-sight-windows-defender-antivirus.md | 0 ...ock-timeout-period-windows-defender-antivirus.md | 0 ...d-user-interaction-windows-defender-antivirus.md | 0 ...nfigure-exclusions-windows-defender-antivirus.md | 0 ...on-file-exclusions-windows-defender-antivirus.md | 0 ...l-policy-overrides-windows-defender-antivirus.md | 0 ...etwork-connections-windows-defender-antivirus.md | 0 ...gure-notifications-windows-defender-antivirus.md | 0 ...ed-file-exclusions-windows-defender-antivirus.md | 0 ...rotection-features-windows-defender-antivirus.md | 0 ...al-time-protection-windows-defender-antivirus.md | 0 ...figure-remediation-windows-defender-antivirus.md | 0 ...-server-exclusions-windows-defender-antivirus.md | 0 ...configure-windows-defender-antivirus-features.md | 0 ...ew-remediate-scans-windows-defender-antivirus.md | 0 ...ploy-manage-report-windows-defender-antivirus.md | 0 .../deploy-windows-defender-antivirus.md | 0 .../deployment-vdi-windows-defender-antivirus.md | 0 ...ally-unwanted-apps-windows-defender-antivirus.md | 0 ...e-cloud-protection-windows-defender-antivirus.md | 0 .../evaluate-windows-defender-antivirus.md | 0 .../images/WDAV-WinSvr2019-turnfeatureson.jpg | Bin .../images/atp-portal-onboarding-page.png | Bin .../images/defender-updatedefs2.png | Bin .../images/defender/client.png | Bin .../images/defender/intune-block-at-first-sight.png | Bin .../images/defender/notification.png | Bin .../images/defender/sccm-advanced-settings.png | Bin .../defender/sccm-cloud-protection-service.png | Bin .../images/defender/sccm-real-time-protection.png | Bin .../images/defender/sccm-wdo.png | Bin .../images/defender/wdav-bafs-edge.png | Bin .../images/defender/wdav-bafs-ie.png | Bin .../images/defender/wdav-extension-exclusions.png | Bin .../images/defender/wdav-get-mpthreat.png | Bin .../images/defender/wdav-get-mpthreatdetection.png | Bin .../images/defender/wdav-headless-mode-1607.png | Bin .../images/defender/wdav-headless-mode-1703.png | Bin .../images/defender/wdav-headless-mode-off-1703.png | Bin .../images/defender/wdav-history-wdsc.png | Bin .../images/defender/wdav-malware-detected.png | Bin .../images/defender/wdav-order-update-sources.png | Bin .../images/defender/wdav-path-exclusions.png | Bin .../defender/wdav-powershell-get-exclusions-all.png | Bin .../wdav-powershell-get-exclusions-variable.png | Bin .../images/defender/wdav-process-exclusions.png | Bin .../defender/wdav-protection-settings-wdsc.png | Bin .../defender/wdav-quarantined-history-wdsc.png | Bin .../images/defender/wdav-settings-old.png | Bin .../images/defender/wdav-wdsc-defs.png | Bin .../images/defender/wdav-wdsc.png | Bin .../defender/wdav-windows-defender-app-old.png | Bin .../images/gpedit-administrative-templates.PNG | Bin .../images/gpedit-real-time-protection.PNG | Bin .../images/gpedit-search.png | Bin ...gpedit-turn-off-real-time-protection-enabled.PNG | Bin .../images/gpedit-turn-off-real-time-protection.PNG | Bin .../gpedit-windows-defender-antivirus-scan.PNG | Bin .../images/gpedit-windows-defender-antivirus.PNG | Bin .../images/jamf-onboarding.png | Bin .../images/mdatp-1-registerapp.png | Bin .../images/mdatp-10-clientapps.png | Bin .../images/mdatp-11-assignments.png | Bin .../images/mdatp-12-deviceinstall.png | Bin .../images/mdatp-13-systempreferences.png | Bin .../images/mdatp-14-systempreferencesprofiles.png | Bin .../images/mdatp-15-managementprofileconfig.png | Bin .../images/mdatp-16-preferencedomain.png | Bin .../images/mdatp-17-approvedkernelextensions.png | Bin .../images/mdatp-18-configurationprofilesscope.png | Bin .../images/mdatp-19-microsoftdefenderwdavpkg.png | Bin .../images/mdatp-2-downloadpackages.png | Bin .../images/mdatp-20-microsoftdefenderpackages.png | Bin .../images/mdatp-21-mdmprofile1.png | Bin .../images/mdatp-22-mdmprofileapproved.png | Bin .../images/mdatp-23-mdmstatus.png | Bin .../images/mdatp-24-statusonserver.png | Bin .../images/mdatp-25-statusonclient.png | Bin .../images/mdatp-26-uninstall.png | Bin .../images/mdatp-27-uninstallscript.png | Bin .../images/mdatp-28-appinstall.png | Bin .../images/mdatp-29-appinstalllogin.png | Bin .../images/mdatp-3-confirmdevicemgmt.png | Bin .../images/mdatp-30-systemextension.png | Bin .../images/mdatp-31-securityprivacysettings.png | Bin .../images/mdatp-32-main-app-fix.png | Bin .../mdatp-33-securityprivacysettings-noprompt.png | Bin .../images/mdatp-34-mau.png | Bin .../images/mdatp-35-jamf-privacypreferences.png | Bin .../images/mdatp-36-rtp.png | Bin .../images/mdatp-37-exclusions.png | Bin .../images/mdatp-4-managementprofile.png | Bin .../images/mdatp-5-alldevices.png | Bin .../images/mdatp-6-systemconfigurationprofiles.png | Bin .../images/mdatp-7-devicestatusblade.png | Bin .../images/mdatp-8-intuneappinfo.png | Bin .../images/mdatp-9-intunepkginfo.png | Bin .../images/mdatp-icon-bar.png | Bin .../images/mdatp-icon.png | Bin ...ender-atp-next-generation-protection-engines.png | Bin ...ecution-and-post-execution-detection-engines.png | Bin .../images/server-add-gui.png | Bin .../images/svg/check-no.svg | 0 .../images/svg/check-yes.svg | 0 .../images/tamperattemptalert.png | Bin .../images/tamperprotectionturnedon.png | Bin .../images/tamperprotectsecurityrecos.png | Bin .../images/tampprotintune-alert.jpg | Bin .../images/tampprotintune-huntingquery.png | Bin .../images/tampprotintune-windowssecurityapp.png | Bin .../images/turnontamperprotect-consumer.png | Bin .../images/turnontamperprotect-enterprise.png | Bin .../images/turnontamperprotect-intune.png | Bin .../images/turnontamperprotection.png | Bin .../images/vtp-3ps-lps-on.png | Bin .../images/vtp-3ps-lps.png | Bin .../images/vtp-3ps.png | Bin .../images/vtp-wdav.png | Bin ...-periodic-scanning-windows-defender-antivirus.md | 0 ...vent-based-updates-windows-defender-antivirus.md | 0 ...outdated-endpoints-windows-defender-antivirus.md | 0 ...on-update-schedule-windows-defender-antivirus.md | 0 ...protection-updates-windows-defender-antivirus.md | 0 ...-updates-baselines-windows-defender-antivirus.md | 0 ...mobile-devices-vms-windows-defender-antivirus.md | 0 .../office-365-windows-defender-antivirus.md | 0 .../oldTOC.md | 0 ...s-to-security-settings-with-tamper-protection.md | 0 ...d-user-interaction-windows-defender-antivirus.md | 0 .../report-monitor-windows-defender-antivirus.md | 0 ...-quarantined-files-windows-defender-antivirus.md | 0 ...eview-scan-results-windows-defender-antivirus.md | 0 .../run-scan-windows-defender-antivirus.md | 0 ...led-catch-up-scans-windows-defender-antivirus.md | 0 ...d-protection-level-windows-defender-antivirus.md | 0 .../troubleshoot-reporting.md | 0 .../troubleshoot-windows-defender-antivirus.md | 0 .../use-group-policy-windows-defender-antivirus.md | 0 ...une-config-manager-windows-defender-antivirus.md | 0 ...powershell-cmdlets-windows-defender-antivirus.md | 0 .../use-wmi-windows-defender-antivirus.md | 0 ...t-cloud-protection-windows-defender-antivirus.md | 0 .../why-use-microsoft-antivirus.md | 0 .../windows-defender-antivirus-compatibility.md | 0 .../windows-defender-antivirus-in-windows-10.md | 0 ...ows-defender-antivirus-on-windows-server-2016.md | 0 .../windows-defender-offline.md | 0 .../windows-defender-security-center-antivirus.md | 0 153 files changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/antivirus-false-positives-negatives.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/collect-diagnostic-data-update-compliance.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/command-line-arguments-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configuration-management-reference-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-advanced-scan-types-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-block-at-first-sight-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-cloud-block-timeout-period-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-end-user-interaction-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-exclusions-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-extension-file-exclusions-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-local-policy-overrides-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-network-connections-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-notifications-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-process-opened-file-exclusions-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-protection-features-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-real-time-protection-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-remediation-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-server-exclusions-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-windows-defender-antivirus-features.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/customize-run-review-remediate-scans-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/deploy-manage-report-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/deploy-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/deployment-vdi-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/enable-cloud-protection-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/evaluate-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/WDAV-WinSvr2019-turnfeatureson.jpg (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/atp-portal-onboarding-page.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender-updatedefs2.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/client.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/intune-block-at-first-sight.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/notification.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/sccm-advanced-settings.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/sccm-cloud-protection-service.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/sccm-real-time-protection.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/sccm-wdo.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-bafs-edge.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-bafs-ie.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-extension-exclusions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-get-mpthreat.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-get-mpthreatdetection.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-headless-mode-1607.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-headless-mode-1703.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-headless-mode-off-1703.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-history-wdsc.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-malware-detected.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-order-update-sources.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-path-exclusions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-powershell-get-exclusions-all.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-powershell-get-exclusions-variable.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-process-exclusions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-protection-settings-wdsc.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-quarantined-history-wdsc.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-settings-old.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-wdsc-defs.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-wdsc.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-windows-defender-app-old.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-administrative-templates.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-real-time-protection.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-search.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-turn-off-real-time-protection-enabled.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-turn-off-real-time-protection.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-windows-defender-antivirus-scan.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-windows-defender-antivirus.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/jamf-onboarding.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-1-registerapp.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-10-clientapps.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-11-assignments.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-12-deviceinstall.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-13-systempreferences.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-14-systempreferencesprofiles.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-15-managementprofileconfig.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-16-preferencedomain.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-17-approvedkernelextensions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-18-configurationprofilesscope.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-19-microsoftdefenderwdavpkg.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-2-downloadpackages.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-20-microsoftdefenderpackages.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-21-mdmprofile1.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-22-mdmprofileapproved.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-23-mdmstatus.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-24-statusonserver.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-25-statusonclient.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-26-uninstall.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-27-uninstallscript.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-28-appinstall.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-29-appinstalllogin.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-3-confirmdevicemgmt.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-30-systemextension.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-31-securityprivacysettings.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-32-main-app-fix.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-33-securityprivacysettings-noprompt.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-34-mau.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-35-jamf-privacypreferences.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-36-rtp.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-37-exclusions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-4-managementprofile.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-5-alldevices.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-6-systemconfigurationprofiles.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-7-devicestatusblade.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-8-intuneappinfo.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-9-intunepkginfo.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-icon-bar.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-icon.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/microsoft-defender-atp-next-generation-protection-engines.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/pre-execution-and-post-execution-detection-engines.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/server-add-gui.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/svg/check-no.svg (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/svg/check-yes.svg (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tamperattemptalert.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tamperprotectionturnedon.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tamperprotectsecurityrecos.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tampprotintune-alert.jpg (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tampprotintune-huntingquery.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tampprotintune-windowssecurityapp.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/turnontamperprotect-consumer.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/turnontamperprotect-enterprise.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/turnontamperprotect-intune.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/turnontamperprotection.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/vtp-3ps-lps-on.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/vtp-3ps-lps.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/vtp-3ps.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/vtp-wdav.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/limited-periodic-scanning-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-event-based-updates-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-outdated-endpoints-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-protection-update-schedule-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-protection-updates-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-updates-baselines-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-updates-mobile-devices-vms-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/office-365-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/oldTOC.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/prevent-changes-to-security-settings-with-tamper-protection.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/prevent-end-user-interaction-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/report-monitor-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/restore-quarantined-files-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/review-scan-results-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/run-scan-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/scheduled-catch-up-scans-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/specify-cloud-protection-level-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/troubleshoot-reporting.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/troubleshoot-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/use-group-policy-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/use-intune-config-manager-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/use-powershell-cmdlets-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/use-wmi-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/utilize-microsoft-cloud-protection-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/why-use-microsoft-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-antivirus-compatibility.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-antivirus-in-windows-10.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-antivirus-on-windows-server-2016.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-offline.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-security-center-antivirus.md (100%) diff --git a/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md rename to windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md rename to windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/deploy-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/evaluate-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/WDAV-WinSvr2019-turnfeatureson.jpg b/windows/security/threat-protection/microsoft-defender-antivirus/images/WDAV-WinSvr2019-turnfeatureson.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/WDAV-WinSvr2019-turnfeatureson.jpg rename to windows/security/threat-protection/microsoft-defender-antivirus/images/WDAV-WinSvr2019-turnfeatureson.jpg diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/atp-portal-onboarding-page.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/atp-portal-onboarding-page.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/atp-portal-onboarding-page.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/atp-portal-onboarding-page.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender-updatedefs2.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender-updatedefs2.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender-updatedefs2.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender-updatedefs2.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/client.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/client.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/client.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/client.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/intune-block-at-first-sight.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/intune-block-at-first-sight.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/intune-block-at-first-sight.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/intune-block-at-first-sight.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/notification.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/notification.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/notification.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/notification.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-advanced-settings.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-advanced-settings.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-cloud-protection-service.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-cloud-protection-service.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-real-time-protection.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-real-time-protection.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-wdo.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-wdo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-wdo.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-wdo.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-bafs-edge.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-bafs-edge.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-bafs-edge.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-bafs-edge.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-bafs-ie.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-bafs-ie.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-bafs-ie.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-bafs-ie.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-extension-exclusions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-extension-exclusions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-extension-exclusions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-extension-exclusions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-get-mpthreat.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-get-mpthreat.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-get-mpthreat.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-get-mpthreat.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-get-mpthreatdetection.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-get-mpthreatdetection.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-get-mpthreatdetection.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-get-mpthreatdetection.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-1607.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-1607.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-1607.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-1607.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-1703.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-1703.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-1703.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-1703.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-off-1703.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-off-1703.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-off-1703.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-off-1703.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-history-wdsc.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-history-wdsc.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-history-wdsc.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-history-wdsc.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-malware-detected.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-malware-detected.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-malware-detected.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-malware-detected.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-order-update-sources.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-order-update-sources.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-order-update-sources.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-order-update-sources.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-path-exclusions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-path-exclusions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-path-exclusions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-path-exclusions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-powershell-get-exclusions-all.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-powershell-get-exclusions-all.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-powershell-get-exclusions-all.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-powershell-get-exclusions-all.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-powershell-get-exclusions-variable.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-powershell-get-exclusions-variable.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-powershell-get-exclusions-variable.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-powershell-get-exclusions-variable.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-process-exclusions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-process-exclusions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-process-exclusions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-process-exclusions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-quarantined-history-wdsc.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-quarantined-history-wdsc.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-quarantined-history-wdsc.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-quarantined-history-wdsc.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-settings-old.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-settings-old.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-settings-old.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-settings-old.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc-defs.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-wdsc-defs.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc-defs.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-wdsc-defs.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-wdsc.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-wdsc.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-windows-defender-app-old.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-windows-defender-app-old.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-windows-defender-app-old.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-windows-defender-app-old.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-administrative-templates.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-administrative-templates.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-administrative-templates.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-administrative-templates.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-real-time-protection.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-real-time-protection.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-real-time-protection.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-real-time-protection.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-search.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-search.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-search.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-search.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-turn-off-real-time-protection-enabled.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-turn-off-real-time-protection-enabled.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-turn-off-real-time-protection-enabled.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-turn-off-real-time-protection-enabled.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-turn-off-real-time-protection.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-turn-off-real-time-protection.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-turn-off-real-time-protection.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-turn-off-real-time-protection.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-windows-defender-antivirus-scan.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-windows-defender-antivirus-scan.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-windows-defender-antivirus-scan.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-windows-defender-antivirus-scan.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-windows-defender-antivirus.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-windows-defender-antivirus.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-windows-defender-antivirus.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-windows-defender-antivirus.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/jamf-onboarding.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/jamf-onboarding.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/jamf-onboarding.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/jamf-onboarding.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-1-registerapp.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-1-registerapp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-1-registerapp.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-1-registerapp.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-10-clientapps.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-10-clientapps.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-10-clientapps.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-10-clientapps.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-11-assignments.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-11-assignments.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-11-assignments.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-11-assignments.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-12-deviceinstall.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-12-deviceinstall.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-12-deviceinstall.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-12-deviceinstall.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-13-systempreferences.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-13-systempreferences.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-13-systempreferences.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-13-systempreferences.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-14-systempreferencesprofiles.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-14-systempreferencesprofiles.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-14-systempreferencesprofiles.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-14-systempreferencesprofiles.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-15-managementprofileconfig.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-15-managementprofileconfig.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-15-managementprofileconfig.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-15-managementprofileconfig.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-16-preferencedomain.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-16-preferencedomain.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-16-preferencedomain.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-16-preferencedomain.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-17-approvedkernelextensions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-17-approvedkernelextensions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-17-approvedkernelextensions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-17-approvedkernelextensions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-18-configurationprofilesscope.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-18-configurationprofilesscope.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-18-configurationprofilesscope.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-18-configurationprofilesscope.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-19-microsoftdefenderwdavpkg.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-19-microsoftdefenderwdavpkg.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-19-microsoftdefenderwdavpkg.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-19-microsoftdefenderwdavpkg.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-2-downloadpackages.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-2-downloadpackages.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-2-downloadpackages.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-2-downloadpackages.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-20-microsoftdefenderpackages.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-20-microsoftdefenderpackages.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-20-microsoftdefenderpackages.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-20-microsoftdefenderpackages.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-21-mdmprofile1.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-21-mdmprofile1.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-21-mdmprofile1.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-21-mdmprofile1.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-22-mdmprofileapproved.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-22-mdmprofileapproved.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-22-mdmprofileapproved.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-22-mdmprofileapproved.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-23-mdmstatus.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-23-mdmstatus.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-23-mdmstatus.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-23-mdmstatus.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-24-statusonserver.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-24-statusonserver.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-24-statusonserver.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-24-statusonserver.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-25-statusonclient.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-25-statusonclient.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-25-statusonclient.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-25-statusonclient.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-26-uninstall.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-26-uninstall.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-26-uninstall.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-26-uninstall.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-27-uninstallscript.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-27-uninstallscript.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-27-uninstallscript.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-27-uninstallscript.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-28-appinstall.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-28-appinstall.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-28-appinstall.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-28-appinstall.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-29-appinstalllogin.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-29-appinstalllogin.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-29-appinstalllogin.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-29-appinstalllogin.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-3-confirmdevicemgmt.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-3-confirmdevicemgmt.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-3-confirmdevicemgmt.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-3-confirmdevicemgmt.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-30-systemextension.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-30-systemextension.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-30-systemextension.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-30-systemextension.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-31-securityprivacysettings.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-31-securityprivacysettings.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-31-securityprivacysettings.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-31-securityprivacysettings.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-32-main-app-fix.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-32-main-app-fix.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-32-main-app-fix.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-32-main-app-fix.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-33-securityprivacysettings-noprompt.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-33-securityprivacysettings-noprompt.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-33-securityprivacysettings-noprompt.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-33-securityprivacysettings-noprompt.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-34-mau.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-34-mau.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-34-mau.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-34-mau.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-35-jamf-privacypreferences.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-35-jamf-privacypreferences.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-35-jamf-privacypreferences.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-35-jamf-privacypreferences.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-36-rtp.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-36-rtp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-36-rtp.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-36-rtp.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-37-exclusions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-37-exclusions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-37-exclusions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-37-exclusions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-4-managementprofile.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-4-managementprofile.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-4-managementprofile.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-4-managementprofile.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-5-alldevices.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-5-alldevices.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-5-alldevices.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-5-alldevices.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-6-systemconfigurationprofiles.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-6-systemconfigurationprofiles.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-6-systemconfigurationprofiles.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-6-systemconfigurationprofiles.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-7-devicestatusblade.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-7-devicestatusblade.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-7-devicestatusblade.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-7-devicestatusblade.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-8-intuneappinfo.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-8-intuneappinfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-8-intuneappinfo.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-8-intuneappinfo.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-9-intunepkginfo.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-9-intunepkginfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-9-intunepkginfo.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-9-intunepkginfo.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-icon-bar.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-icon-bar.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-icon-bar.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-icon-bar.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-icon.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-icon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-icon.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-icon.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/microsoft-defender-atp-next-generation-protection-engines.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/microsoft-defender-atp-next-generation-protection-engines.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/microsoft-defender-atp-next-generation-protection-engines.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/microsoft-defender-atp-next-generation-protection-engines.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/pre-execution-and-post-execution-detection-engines.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/pre-execution-and-post-execution-detection-engines.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/pre-execution-and-post-execution-detection-engines.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/pre-execution-and-post-execution-detection-engines.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/server-add-gui.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/server-add-gui.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/server-add-gui.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/server-add-gui.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/svg/check-no.svg b/windows/security/threat-protection/microsoft-defender-antivirus/images/svg/check-no.svg similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/svg/check-no.svg rename to windows/security/threat-protection/microsoft-defender-antivirus/images/svg/check-no.svg diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/svg/check-yes.svg b/windows/security/threat-protection/microsoft-defender-antivirus/images/svg/check-yes.svg similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/svg/check-yes.svg rename to windows/security/threat-protection/microsoft-defender-antivirus/images/svg/check-yes.svg diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tamperattemptalert.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tamperattemptalert.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tamperattemptalert.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tamperattemptalert.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tamperprotectionturnedon.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tamperprotectionturnedon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tamperprotectionturnedon.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tamperprotectionturnedon.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tamperprotectsecurityrecos.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tamperprotectsecurityrecos.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tamperprotectsecurityrecos.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tamperprotectsecurityrecos.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-alert.jpg b/windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-alert.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-alert.jpg rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-alert.jpg diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-huntingquery.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-huntingquery.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-huntingquery.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-huntingquery.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-windowssecurityapp.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-windowssecurityapp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-windowssecurityapp.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-windowssecurityapp.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-consumer.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-consumer.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-consumer.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-consumer.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-enterprise.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-enterprise.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-enterprise.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-enterprise.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-intune.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-intune.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-intune.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-intune.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotection.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotection.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotection.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotection.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps-lps-on.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps-lps-on.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps-lps-on.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps-lps-on.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps-lps.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps-lps.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps-lps.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps-lps.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/vtp-wdav.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-wdav.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/vtp-wdav.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-wdav.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/office-365-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md b/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/oldTOC.md rename to windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md rename to windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/run-scan-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md rename to windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-compatibility.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-compatibility.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-in-windows-10.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-in-windows-10.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-offline.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-offline.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus.md From 94280f2f01863fdb74ceb2820f42df21d103dd57 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Wed, 27 May 2020 18:17:10 -0700 Subject: [PATCH 16/99] changed file name to microsoft defender antivirus This covers all of the files that started with "C". --- ....md => command-line-arguments-microsoft-defender-antivirus.md} | 0 ...guration-management-reference-microsoft-defender-antivirus.md} | 0 ...configure-advanced-scan-types-microsoft-defender-antivirus.md} | 0 ...onfigure-block-at-first-sight-microsoft-defender-antivirus.md} | 0 ...re-cloud-block-timeout-period-microsoft-defender-antivirus.md} | 0 ...onfigure-end-user-interaction-microsoft-defender-antivirus.md} | 0 ...us.md => configure-exclusions-microsoft-defender-antivirus.md} | 0 ...ure-extension-file-exclusions-microsoft-defender-antivirus.md} | 0 ...figure-local-policy-overrides-microsoft-defender-antivirus.md} | 0 ...ures.md => configure-microsoft-defender-antivirus-features.md} | 0 ...configure-network-connections-microsoft-defender-antivirus.md} | 0 ...md => configure-notifications-microsoft-defender-antivirus.md} | 0 ...rocess-opened-file-exclusions-microsoft-defender-antivirus.md} | 0 ...configure-protection-features-microsoft-defender-antivirus.md} | 0 ...onfigure-real-time-protection-microsoft-defender-antivirus.md} | 0 ...s.md => configure-remediation-microsoft-defender-antivirus.md} | 0 ...> configure-server-exclusions-microsoft-defender-antivirus.md} | 0 ...ze-run-review-remediate-scans-microsoft-defender-antivirus.md} | 0 18 files changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/microsoft-defender-antivirus/{command-line-arguments-windows-defender-antivirus.md => command-line-arguments-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configuration-management-reference-windows-defender-antivirus.md => configuration-management-reference-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-advanced-scan-types-windows-defender-antivirus.md => configure-advanced-scan-types-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-block-at-first-sight-windows-defender-antivirus.md => configure-block-at-first-sight-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-cloud-block-timeout-period-windows-defender-antivirus.md => configure-cloud-block-timeout-period-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-end-user-interaction-windows-defender-antivirus.md => configure-end-user-interaction-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-exclusions-windows-defender-antivirus.md => configure-exclusions-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-extension-file-exclusions-windows-defender-antivirus.md => configure-extension-file-exclusions-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-local-policy-overrides-windows-defender-antivirus.md => configure-local-policy-overrides-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-windows-defender-antivirus-features.md => configure-microsoft-defender-antivirus-features.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-network-connections-windows-defender-antivirus.md => configure-network-connections-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-notifications-windows-defender-antivirus.md => configure-notifications-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-process-opened-file-exclusions-windows-defender-antivirus.md => configure-process-opened-file-exclusions-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-protection-features-windows-defender-antivirus.md => configure-protection-features-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-real-time-protection-windows-defender-antivirus.md => configure-real-time-protection-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-remediation-windows-defender-antivirus.md => configure-remediation-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{configure-server-exclusions-windows-defender-antivirus.md => configure-server-exclusions-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{customize-run-review-remediate-scans-windows-defender-antivirus.md => customize-run-review-remediate-scans-microsoft-defender-antivirus.md} (100%) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md From d25675b2c9c9b81c7c7b74a1c7372f3a873ae34d Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 28 May 2020 09:41:18 +0500 Subject: [PATCH 17/99] Update advanced-hunting-overview.md --- .../microsoft-defender-atp/advanced-hunting-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md index 0a28ea14cd..977cd7c2dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md @@ -23,7 +23,7 @@ ms.topic: article >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) -Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate interesting indicators and entities. The flexible access to data facilitates unconstrained hunting for both known and potential threats. +Advanced hunting is a query-based threat-hunting tool that lets you explore raw data for the last 30 days. You can proactively inspect events in your network to locate interesting indicators and entities. The flexible access to data facilitates unconstrained hunting for both known and potential threats. You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and respond to various events and system states, including suspected breach activity and misconfigured machines. @@ -54,4 +54,4 @@ Take advantage of the following functionality to write queries faster: - [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-schema-reference.md) - [Apply query best practices](advanced-hunting-best-practices.md) -- [Custom detections overview](overview-custom-detections.md) \ No newline at end of file +- [Custom detections overview](overview-custom-detections.md) From bc14eea95a825c5b5d99f87ec6d6cdb85df1679d Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 28 May 2020 11:45:45 -0700 Subject: [PATCH 18/99] Link fixes --- .../windows-autopilot/windows-autopilot-requirements.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 7da78c244e..1680ccbc04 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -68,10 +68,10 @@ If the Delivery Optimization Service is inaccessible, the AutoPilot process will @@ -949,7 +949,7 @@ Message: Description: @@ -1076,7 +1076,7 @@ Message: Description: @@ -1171,7 +1171,7 @@ Message: Description: @@ -220,8 +220,8 @@ See Onboard Windows 10 machines
        Ensure real-time antimalware protection is running properly. diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md index 3eec586760..5c7423def3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md +++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md @@ -82,8 +82,8 @@ Follow theses actions to correct known issues related to a misconfigured machine - [Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostics-service-is-enabled)
        If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint. -- [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy)
        -If your machines are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled. +- [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy)
        +If your machines are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled. If you took corrective actions and the machine status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409). diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md index adc8b53f70..e2f2b119a3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md @@ -61,7 +61,7 @@ The report is made up of cards that display the following machine attributes: - **Health state**: shows information about the sensor state on devices, providing an aggregated view of devices that are active, experiencing impaired communications, inactive, or where no sensor data is seen. -- **Antivirus status for active Windows 10 machines**: shows the number of machines and status of Windows Defender Antivirus. +- **Antivirus status for active Windows 10 machines**: shows the number of machines and status of Microsoft Defender Antivirus. - **OS platforms**: shows the distribution of OS platforms that exists within your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md index 09feceaf02..e3e6a5d05e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md @@ -70,7 +70,7 @@ There are two ways you can create indicators for files: ### Before you begin It's important to understand the following prerequisites prior to creating indicators for files: -- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). +- This feature is available if your organization uses Microsoft Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). - The Antimalware client version must be 4.18.1901.x or later. - Supported on machines on Windows 10, version 1703 or later. - To start blocking files, you first need to [turn the **Block or allow** feature on](advanced-features.md) in Settings. @@ -160,7 +160,7 @@ You can create indicators for certificates. Some common use cases include: It's important to understand the following requirements prior to creating indicators for certificates: -- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). +- This feature is available if your organization uses Microsoft Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). - The Antimalware client version must be 4.18.1901.x or later. - Supported on machines on Windows 10, version 1703 or later. - The virus and threat protection definitions must be up-to-date. diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 7f650aa265..736722c00e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -165,25 +165,25 @@ For more information on additional proxy configuration settings, see [Configure Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10. -## Windows Defender Antivirus configuration requirement -The Microsoft Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. +## Microsoft Defender Antivirus configuration requirement +The Microsoft Defender ATP agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them. -You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). +You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). -When Windows Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Microsoft Defender ATP must be excluded from this group policy. +When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Microsoft Defender Antivirus goes on passive mode. If your organization has disabled Microsoft Defender Antivirus through group policy or other methods, machines that are onboarded to Microsoft Defender ATP must be excluded from this group policy. -If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints.md). +If you are onboarding servers and Microsoft Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Microsoft Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints.md). > [!NOTE] -> Your regular group policy doesn't apply to Tamper Protection, and changes to Windows Defender Antivirus settings will be ignored when Tamper Protection is on. +> Your regular group policy doesn't apply to Tamper Protection, and changes to Microsoft Defender Antivirus settings will be ignored when Tamper Protection is on. -For more information, see [Windows Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). -## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled -If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Microsoft Defender ATP agent will successfully onboard. +## Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled +If you're running Microsoft Defender Antivirus as the primary antimalware product on your machines, the Microsoft Defender ATP agent will successfully onboard. -If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy). +If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Microsoft Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy). ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 961e519e70..874368fd85 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -46,7 +46,7 @@ You can also use [audit mode](audit-windows-defender.md) to evaluate how Network Network protection requires Windows 10 Pro, Enterprise E3, E5 and Windows Defender AV real-time protection. -Windows 10 version | Windows Defender Antivirus +Windows 10 version | Microsoft Defender Antivirus -|- Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt index ff04ebfe3c..b1e6285e7e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt +++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt @@ -72,7 +72,7 @@ ###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation) ###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session) ###### [Collect investigation package from machines](respond-machine-alerts.md#collect-investigation-package-from-machines) -###### [Run Windows Defender Antivirus scan on machines](respond-machine-alerts.md#run-microsoft-defender-antivirus-scan-on-machines) +###### [Run Microsoft Defender Antivirus scan on machines](respond-machine-alerts.md#run-microsoft-defender-antivirus-scan-on-machines) ###### [Restrict app execution](respond-machine-alerts.md#restrict-app-execution) ###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) ###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center) @@ -204,7 +204,7 @@ ### [Configure next generation protection]() -#### [Configure Windows Defender Antivirus features](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) +#### [Configure Microsoft Defender Antivirus features](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) #### [Utilize Microsoft cloud-delivered protection]() ##### [Understand cloud-delivered protection](../microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) ##### [Enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) @@ -225,7 +225,7 @@ ##### [Use limited periodic antivirus scanning](../microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md) #### [Deploy, manage updates, and report on antivirus]() -##### [Using Windows Defender Antivirus](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md) +##### [Using Microsoft Defender Antivirus](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md) ##### [Deploy and enable antivirus]() ###### [Preparing to deploy](../microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md index 0ebda42a3c..8e7680a3be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md @@ -51,7 +51,7 @@ Microsoft Defender ATP integrates with System Center Endpoint Protection to prov The following steps are required to enable this integration: - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting -- Configure your network to allow connections to the Windows Defender Antivirus cloud. For more information, see [Allow connections to the Windows Defender Antivirus cloud](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud) +- Configure your network to allow connections to the Microsoft Defender Antivirus cloud. For more information, see [Allow connections to the Microsoft Defender Antivirus cloud](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud) ## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md index 2b029e2725..033d8eeb8a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md @@ -33,12 +33,12 @@ Help reduce your attack surfaces, by minimizing the places where your organizati Article | Description -|- -[Attack surface reduction](./attack-surface-reduction.md) | Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Windows Defender Antivirus). +[Attack surface reduction](./attack-surface-reduction.md) | Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Microsoft Defender Antivirus). [Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md) | Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. And, use container isolation for Microsoft Edge to help guard against malicious websites. [Application control](../windows-defender-application-control/windows-defender-application-control.md) | Use application control so that your applications must earn trust in order to run. [Exploit protection](./exploit-protection.md) | Help protect operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions. -[Network protection](./network-protection.md) | Extend protection to your network traffic and connectivity on your organization's devices. (Requires Windows Defender Antivirus) +[Network protection](./network-protection.md) | Extend protection to your network traffic and connectivity on your organization's devices. (Requires Microsoft Defender Antivirus) [Web protection](./web-protection-overview.md) | Secure your machines against web threats and help you regulate unwanted content. -[Controlled folder access](./controlled-folders.md) | Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Windows Defender Antivirus) +[Controlled folder access](./controlled-folders.md) | Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Microsoft Defender Antivirus) [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md) | Prevent unauthorized traffic from flowing to or from your organization's devices with two-way network traffic filtering. [Attack surface reduction FAQ](./attack-surface-reduction-faq.md) | Frequently asked questions about Attack surface reduction rules, licensing, and more. diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index db2e81192e..d14ef73895 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -42,7 +42,7 @@ When you open the portal, you'll see: ![Microsoft Defender Advanced Threat Protection portal](images/mdatp-portal-overview.png) > [!NOTE] -> Malware related detections will only appear if your machines are using Windows Defender Antivirus as the default real-time protection antimalware product. +> Malware related detections will only appear if your machines are using Microsoft Defender Antivirus as the default real-time protection antimalware product. You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section. @@ -81,7 +81,7 @@ Icon | Description ![Not remediated icon](images/not-remediated-icon.png)| Not remediated – Threat not removed from the machine. ![Thunderbolt icon](images/atp-thunderbolt-icon.png)| Indicates events that triggered an alert in the **Alert process tree**. ![Machine icon](images/atp-machine-icon.png)| Machine icon -![Windows Defender AV events icon](images/atp-windows-defender-av-events-icon.png)| Windows Defender Antivirus events +![Windows Defender AV events icon](images/atp-windows-defender-av-events-icon.png)| Microsoft Defender Antivirus events ![Application Guard events icon](images/atp-Application-Guard-events-icon.png)| Windows Defender Application Guard events ![Device Guard events icon](images/atp-Device-Guard-events-icon.png)| Windows Defender Device Guard events ![Exploit Guard events icon](images/atp-Exploit-Guard-events-icon.png)| Windows Defender Exploit Guard events diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 1fbbf9a1f9..343d68bc0f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -172,7 +172,7 @@ how the endpoint security suite should be enabled. |-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------| | Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
        [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 | |Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
        - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
        - Invaluable machine vulnerability context during incident investigations
        - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager
        [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 | -| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Windows Defender Antivirus includes:
        -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus.
        - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
        - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
        [Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 | +| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes:
        -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.
        - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
        - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
        [Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 | | Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats.
        [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 4 | | Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives.
        [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable | | Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed.
        [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable | diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 450ed8f449..408df1d9a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -62,7 +62,7 @@ You can contain an attack in your organization by stopping the malicious process > > - The machine you're taking the action on is running Windows 10, version 1703 or later > - The file does not belong to trusted third-party publishers or not signed by Microsoft -> - Windows Defender Antivirus must at least be running on Passive mode. For more information, see [Windows Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +> - Microsoft Defender Antivirus must at least be running on Passive mode. For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistent data, such as any registry keys. @@ -136,7 +136,7 @@ You can prevent further propagation of an attack in your organization by banning >[!IMPORTANT] > ->- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). +>- This feature is available if your organization uses Microsoft Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md). > >- The Antimalware client version must be 4.18.1901.x or later. >- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md index 35f54e8b8d..8fbea48837 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md @@ -110,13 +110,13 @@ The package contains the following folders: |WdSupportLogs| Provides the MpCmdRunLog.txt and MPSupportFiles.cab | | CollectionSummaryReport.xls| This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors. | -## Run Windows Defender Antivirus scan on machines +## Run Microsoft Defender Antivirus scan on machines As part of the investigation or response process, you can remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine. >[!IMPORTANT] >- This action is available for machines on Windows 10, version 1709 or later. ->- A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. Windows Defender AV can be in Passive mode. For more information, see [Windows Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +>- A Microsoft Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. Windows Defender AV can be in Passive mode. For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). One you have selected **Run antivirus scan**, select the scan type that you'd like to run (quick or full) and add a comment before confirming the scan. @@ -130,7 +130,7 @@ In addition to containing an attack by stopping malicious processes, you can als >[!IMPORTANT] > - This action is available for machines on Windows 10, version 1709 or later. -> - This feature is available if your organization uses Windows Defender Antivirus. +> - This feature is available if your organization uses Microsoft Defender Antivirus. > - This action needs to meet the Windows Defender Application Control code integrity policy formats and signing requirements. For more information, see [Code integrity policy formats and signing](https://docs.microsoft.com/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard#code-integrity-policy-formats-and-signing). To restrict an application from running, a code integrity policy is applied that only allows files to run if they are signed by a Microsoft issued certificate. This method of restriction can help prevent an attacker from controlling compromised machines and performing further malicious activities. diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md index 10a0f81607..3df06ec29a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md @@ -24,7 +24,7 @@ ms.topic: article ## API description -Initiate Windows Defender Antivirus scan on a machine. +Initiate Microsoft Defender Antivirus scan on a machine. ## Limitations diff --git a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md index e473635682..2dfdb89168 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md +++ b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md @@ -39,7 +39,7 @@ Run antivirus scan | Remotely initiate an antivirus scan to help identify and re Stop and quarantine file | Run this call to stop running processes, quarantine files, and delete persistency such as registry keys. Request sample | Run this call to request a sample of a file from a specific machine. The file will be collected from the machine and uploaded to a secure storage. Block file | Run this to prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. -Unblock file | Allow a file run in the organization using Windows Defender Antivirus. +Unblock file | Allow a file run in the organization using Microsoft Defender Antivirus. Get package SAS URI | Run this to get a URI that allows downloading an investigation package. Get MachineAction object | Run this to get MachineAction object. Get MachineActions collection | Run this to get MachineAction collection. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md index b1194f4e5e..5c669d24fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md @@ -46,7 +46,7 @@ Attack surface reduction rules will only work on devices with the following cond - Endpoints are running Windows 10 Enterprise, version 1709 (also known as the Fall Creators Update). -- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +- Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). - [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md index b530361305..ea417b545a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md @@ -42,7 +42,7 @@ See the topic [Review events and errors using Event Viewer](event-error-codes.md If onboarding machines successfully completes but Microsoft Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy. -For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy). +For more information, see [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy). ## Known issues with regional formats diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index 9cc579f9c8..2ee2db32a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -43,7 +43,7 @@ Network protection will only work on devices with the following conditions: >[!div class="checklist"] > * Endpoints are running Windows 10 Enterprise edition, version 1709 or higher (also known as the Fall Creators Update). -> * Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +> * Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). > * [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled. > * [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled. > * Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**). diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index 53a20ab583..c8c682d83f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -71,7 +71,7 @@ Event ID | Error Type | Resolution steps 5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. 10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically
        ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
        Verify that the script has been run as an administrator. 15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).

        If the machine is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again. -15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy) for instructions. +15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred. You need to enable the Microsoft Defender Antivirus ELAM driver, see [Ensure that Microsoft Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy) for instructions. 30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location
        ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.
        The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). @@ -131,7 +131,7 @@ If the deployment tools used does not indicate an error in the onboarding proces - [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled) - [Ensure the service is set to start](#ensure-the-service-is-set-to-start) - [Ensure the machine has an Internet connection](#ensure-the-machine-has-an-internet-connection) -- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy) +- [Ensure that Microsoft Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy) ### View agent onboarding errors in the machine event log @@ -244,7 +244,7 @@ To ensure that sensor has service connectivity, follow the steps described in th If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) topic. -### Ensure that Windows Defender Antivirus is not disabled by a policy +### Ensure that Microsoft Defender Antivirus is not disabled by a policy **Problem**: The Microsoft Defender ATP service does not start after onboarding. **Symptom**: Onboarding successfully completes, but you see error 577 or error 1058 when trying to start the service. @@ -267,7 +267,7 @@ If the verification fails and your environment is using a proxy to connect to th 1. Open the registry ```key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender```. 2. Ensure that the value ```DisableAntiSpyware``` is not present. - ![Image of registry key for Windows Defender Antivirus](images/atp-disableantispyware-regkey.png) + ![Image of registry key for Microsoft Defender Antivirus](images/atp-disableantispyware-regkey.png) ## Troubleshoot onboarding issues on a server diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index d7ce1152c2..963c08c5ff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -127,10 +127,10 @@ Threat Analytics is a set of interactive reports published by the Microsoft Defe - Block Adobe Reader from creating child processes - Block Office communication application from creating child processes. -- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) +- [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/). - - Windows Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/microsoft-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security. - - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus) for Windows Defender Antivirus scans. + - Microsoft Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/microsoft-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security. + - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus) for Microsoft Defender Antivirus scans. @@ -166,8 +166,8 @@ You can now block untrusted processes from writing to disk sectors using Control Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal. -- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
        -Windows Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). +- [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
        +Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender ATP. For more information, see [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus). diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 1fe1a3c6b0..54d8ea8492 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -62,7 +62,7 @@ Organizations with well-defined, centrally-managed app management and deployment | - | - | | All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. WDAC options like [managed installer](use-windows-defender-application-control-with-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | | Some apps are centrally managed and deployed, but teams can install additional apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide WDAC policy. Alternatively, teams can leverage managed installers to install their team-specific apps or admin-only file path rules can be used to allow apps installed by admin users. | -| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | WDAC can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Windows Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | +| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | WDAC can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | | Users and teams are free to download and install apps without restriction. | WDAC policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| ### Are internally-developed line-of-business (LOB) apps and apps developed by 3rd parties digitally signed? diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 27bf7e7c31..c215717a36 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -36,7 +36,7 @@ In some cases, it may not be appropriate to show these notifications, for exampl There are two levels to hiding notifications: -1. Hide non-critical notifications, such as regular updates about the number of scans Windows Defender Antivirus ran in the past week +1. Hide non-critical notifications, such as regular updates about the number of scans Microsoft Defender Antivirus ran in the past week 2. Hide all notifications If you set **Hide all notifications** to **Enabled**, changing the **Hide non-critical notifications** setting will have no effect. @@ -111,35 +111,35 @@ This can only be done in Group Policy. | Restricted access customized | _Company_ has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION_CUSTOM (body) | Yes | | HVCI, driver compat check fails (upon trying to enable) | There may be an incompatibility on your device. | HVCI_ENABLE_FAILURE | Yes | | HVCI, reboot needed to enable | The recent change to your protection settings requires a restart of your device. | HVCI_ENABLE_SUCCESS | Yes | -| Item skipped in scan, due to exclusion setting, or network scanning disabled by admin | The Windows Defender Antivirus scan skipped an item due to exclusion or network scanning settings. | ITEM_SKIPPED | Yes | -| Remediation failure | Windows Defender Antivirus couldn’t completely resolve potential threats. | CLEAN_FAILED | Yes | -| Follow-up action (restart & scan) | Windows Defender Antivirus found _threat_ in _file name_. Please restart and scan your device. Restart and scan | MANUALSTEPS_REQUIRED | Yes | -| Follow-up action (restart) | Windows Defender Antivirus found _threat_ in _file_. Please restart your device. | WDAV_REBOOT | Yes | -| Follow-up action (Full scan) | Windows Defender Antivirus found _threat_ in _file_. Please run a full scan of your device. | FULLSCAN_REQUIRED | Yes | -| Sample submission prompt | Review files that Windows Defender will send to Microsoft. Sending this information can improve how Windows Defender Antivirus helps protect your device. | SAMPLE_SUBMISSION_REQUIRED | Yes | -| OS support ending warning | Support for your version of Windows is ending. When this support ends, Windows Defender Antivirus won’t be supported, and your device might be at risk. | SUPPORT_ENDING | Yes | -| OS support ended, device at risk | Support for your version of Windows has ended. Windows Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes | -| Summary notification, items found | Windows Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No | -| Summary notification, items found, no scan count | Windows Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No | -| Summary notification, **no** items found, scans performed | Windows Defender Antivirus did not find any threats since your last summary. Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No | -| Summary notification, **no** items found, no scans | Windows Defender Antivirus did not find any threats since your last summary. | RECAP_NO_THREATS | No | -| Scan finished, manual, threats found | Windows Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No | -| Scan finished, manual, **no** threats found | Windows Defender Antivirus scanned your device at _timestamp_ on _date_. No threats were found. | RECENT_SCAN_NO_THREATS | No | -| Threat found | Windows Defender Antivirus found threats. Get details. | CRITICAL | No | -| LPS on notification | Windows Defender Antivirus is periodically scanning your device. You’re also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No | +| Item skipped in scan, due to exclusion setting, or network scanning disabled by admin | The Microsoft Defender Antivirus scan skipped an item due to exclusion or network scanning settings. | ITEM_SKIPPED | Yes | +| Remediation failure | Microsoft Defender Antivirus couldn’t completely resolve potential threats. | CLEAN_FAILED | Yes | +| Follow-up action (restart & scan) | Microsoft Defender Antivirus found _threat_ in _file name_. Please restart and scan your device. Restart and scan | MANUALSTEPS_REQUIRED | Yes | +| Follow-up action (restart) | Microsoft Defender Antivirus found _threat_ in _file_. Please restart your device. | WDAV_REBOOT | Yes | +| Follow-up action (Full scan) | Microsoft Defender Antivirus found _threat_ in _file_. Please run a full scan of your device. | FULLSCAN_REQUIRED | Yes | +| Sample submission prompt | Review files that Windows Defender will send to Microsoft. Sending this information can improve how Microsoft Defender Antivirus helps protect your device. | SAMPLE_SUBMISSION_REQUIRED | Yes | +| OS support ending warning | Support for your version of Windows is ending. When this support ends, Microsoft Defender Antivirus won’t be supported, and your device might be at risk. | SUPPORT_ENDING | Yes | +| OS support ended, device at risk | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes | +| Summary notification, items found | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No | +| Summary notification, items found, no scan count | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No | +| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus did not find any threats since your last summary. Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No | +| Summary notification, **no** items found, no scans | Microsoft Defender Antivirus did not find any threats since your last summary. | RECAP_NO_THREATS | No | +| Scan finished, manual, threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No | +| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_. No threats were found. | RECENT_SCAN_NO_THREATS | No | +| Threat found | Microsoft Defender Antivirus found threats. Get details. | CRITICAL | No | +| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device. You’re also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No | | Long running BaFS | Your IT administrator requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS | No | | Long running BaFS customized | _Company_ requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No | | Sense detection | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED | No | | Sense detection customized | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED_CUSTOM (body) | No | -| Ransomware specific detection | Windows Defender Antivirus has detected threats which may include ransomware. | WDAV_RANSOMWARE_DETECTED | No | +| Ransomware specific detection | Microsoft Defender Antivirus has detected threats which may include ransomware. | WDAV_RANSOMWARE_DETECTED | No | | ASR (HIPS) block | Your IT administrator caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED | No | | ASR (HIPS) block customized | _Company_ caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED_CUSTOM (body) | No | | CFA (FolderGuard) block | Controlled folder access blocked _process_ from making changes to the folder _path_ | FOLDERGUARD_BLOCKED | No | | Network protect (HIPS) network block customized | _Company_ caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED_CUSTOM (body) | No | | Network protection (HIPS) network block | Your IT administrator caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED | No | | PUA detection, not blocked | Your settings cause the detection of any app that might perform unwanted actions on your computer. | PUA_DETECTED | No | -| PUA notification | Your IT settings caused Windows Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED | No | -| PUA notification, customized | _Company_ caused Windows Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED_CUSTOM (body) | No | +| PUA notification | Your IT settings caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED | No | +| PUA notification, customized | _Company_ caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED_CUSTOM (body) | No | | Network isolation ended | | | No | | Network isolation ended, customized | | | No | | Restricted access ended | | | No | diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md index afc4696bb8..62b02608f1 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md @@ -1,6 +1,6 @@ --- title: Virus and threat protection in the Windows Security app -description: Use the Virus & threat protection section to see and configure Windows Defender Antivirus, Controlled folder access, and 3rd-party AV products. +description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products. keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -24,14 +24,14 @@ manager: dansimp - Windows 10, version 1703 and later -The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products. +The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party AV products. In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in the event of a ransomware attack. IT administrators and IT pros can get more information and documentation about configuration from the following: -- [Windows Defender Antivirus in the Windows Security app](../microsoft-defender-antivirus/windows-defender-security-center-antivirus.md) -- [Windows Defender Antivirus documentation library](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in the Windows Security app](../microsoft-defender-antivirus/windows-defender-security-center-antivirus.md) +- [Microsoft Defender Antivirus documentation library](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) - [Protect important folders with Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard) - [Defend yourself from cybercrime with new Office 365 capabilities](https://blogs.office.com/en-us/2018/04/05/defend-yourself-from-cybercrime-with-new-office-365-capabilities/) - [Office 365 advanced protection](https://support.office.com/en-us/article/office-365-advanced-protection-82e72640-39be-4dc7-8efd-740fb289123a) diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index eeece88781..d6c9634430 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -40,9 +40,9 @@ In Windows 10, version 1803, the app has two new areas, **Account protection** a You can't uninstall the Windows Security app, but you can do one of the following: -- Disable the interface on Windows Server 2016. See [Windows Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016). +- Disable the interface on Windows Server 2016. See [Microsoft Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016). - Hide all of the sections on client computers (see below). -- Disable Windows Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). +- Disable Microsoft Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). You can find more information about each section, including options for configuring the sections - such as hiding each of the sections - at the following topics: @@ -103,4 +103,4 @@ Disabling any of the individual features (through Group Policy or other manageme > [!IMPORTANT] > Individually disabling any of the services will not disable the other services or the Windows Security app. -For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). However, the Windows Security app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall. +For example, [using a third-party antivirus will disable Microsoft Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). However, the Windows Security app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index ef900522be..d39a343109 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -72,9 +72,9 @@ But these protections can also be configured separately. And, unlike HVCI, code ### Endpoint detection and response -Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Windows Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Windows Defender ATP portal. +Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Windows Defender ATP portal. - Windows Defender is now called Windows Defender Antivirus and now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). + Windows Defender is now called Microsoft Defender Antivirus and now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). We've also [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). The new library includes information on: - [Deploying and enabling AV protection](/windows/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus) @@ -88,7 +88,7 @@ Endpoint detection and response is improved. Enterprise customers can now take a New features for Windows Defender AV in Windows 10 Enterprise 2019 LTSC include: - [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) - [The ability to specify the level of cloud-protection](/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus) -- [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus) +- [Microsoft Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus) We've [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). @@ -226,9 +226,9 @@ An issue, known as “SMBLoris�?, which could result in denial of service, has Windows Defender Security Center is now called **Windows Security Center**. -You can still get to the app in all the usual ways – simply ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including **Windows Defender Antivirus** and **Windows Defender Firewall**. +You can still get to the app in all the usual ways – simply ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including **Microsoft Defender Antivirus** and **Windows Defender Firewall**. -The WSC service now requires antivirus products to run as a protected process to register. Products that have not yet implemented this will not appear in the Windows Security Center user interface, and Windows Defender Antivirus will remain enabled side-by-side with these products. +The WSC service now requires antivirus products to run as a protected process to register. Products that have not yet implemented this will not appear in the Windows Security Center user interface, and Microsoft Defender Antivirus will remain enabled side-by-side with these products. WSC now includes the Fluent Design System elements you know and love. You’ll also notice we’ve adjusted the spacing and padding around the app. It will now dynamically size the categories on the main page if more room is needed for extra info. We also updated the title bar so that it will use your accent color if you have enabled that option in **Color Settings**. @@ -387,7 +387,7 @@ Update Compliance is a solution built using OMS Log Analytics that provides info For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](/windows/deployment/update/update-compliance-monitor). -New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. For more information, see [Monitor Windows Updates and Windows Defender Antivirus with Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor). +New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. For more information, see [Monitor Windows Updates and Microsoft Defender Antivirus with Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor). ### Device Health diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 7a8ef2bb5f..8421a263ce 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -107,7 +107,7 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10 - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect previous attacks that might not have been noticed - **Investigation**
        - Enterprise customers can now take advantage of the entire Windows security stack with Windows Defender Antivirus detections and Device Guard blocks being surfaced in the Windows Defender ATP portal. Other capabilities have been added to help you gain a holistic view on investigations. + Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus detections and Device Guard blocks being surfaced in the Windows Defender ATP portal. Other capabilities have been added to help you gain a holistic view on investigations. Other investigation enhancements include: - [Investigate a user account](/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. @@ -127,8 +127,8 @@ You can read more about ransomware mitigations and detection capability in Windo Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/windows/mt782787). -### Windows Defender Antivirus -Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). +### Microsoft Defender Antivirus +Windows Defender is now called Microsoft Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). The new library includes information on: - [Deploying and enabling AV protection](/windows/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus) @@ -145,7 +145,7 @@ New features for Windows Defender AV in Windows 10, version 1703 include: - [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) - [The ability to specify the level of cloud-protection](/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus) -- [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus) +- [Microsoft Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus) In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index 17f5cb4dfe..468c6ddce9 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -130,7 +130,7 @@ Upgrade Readiness provides insights into application and driver compatibility is ### Update Compliance -New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. For more information, see [Monitor Windows Updates and Windows Defender Antivirus with Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor). +New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. For more information, see [Monitor Windows Updates and Microsoft Defender Antivirus with Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor). ### Device Health diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 86d2c42f10..93bcfb411b 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -171,9 +171,9 @@ In the Feedback and Settings page under Privacy Settings you can now delete the The new [security baseline for Windows 10 version 1803](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10) has been published. -### Windows Defender Antivirus +### Microsoft Defender Antivirus -Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). +Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). ### Windows Defender Exploit Guard diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index e5ab713e82..ba0090d559 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -107,9 +107,9 @@ See the following example: Windows Defender Security Center is now called **Windows Security Center**. -You can still get to the app in all the usual ways – simply ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including **Windows Defender Antivirus** and **Windows Defender Firewall**. +You can still get to the app in all the usual ways – simply ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including **Microsoft Defender Antivirus** and **Windows Defender Firewall**. -The WSC service now requires antivirus products to run as a protected process to register. Products that have not yet implemented this will not appear in the Windows Security Center user interface, and Windows Defender Antivirus will remain enabled side-by-side with these products. +The WSC service now requires antivirus products to run as a protected process to register. Products that have not yet implemented this will not appear in the Windows Security Center user interface, and Microsoft Defender Antivirus will remain enabled side-by-side with these products. WSC now includes the Fluent Design System elements you know and love. You’ll also notice we’ve adjusted the spacing and padding around the app. It will now dynamically size the categories on the main page if more room is needed for extra info. We also updated the title bar so that it will use your accent color if you have enabled that option in **Color Settings**. From 3b7a10b333f06cccf4073dbfe0017cc3eee2da78 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Mon, 1 Jun 2020 16:16:08 -0700 Subject: [PATCH 26/99] Rename microsft-defender-antivirus-in-windows-10.md to microsoft-defender-antivirus-in-windows-10.md --- ...indows-10.md => microsoft-defender-antivirus-in-windows-10.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/microsoft-defender-antivirus/{microsft-defender-antivirus-in-windows-10.md => microsoft-defender-antivirus-in-windows-10.md} (100%) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md rename to windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md From a143a5bed0220bea48aef078275f8dc7c05bb4a6 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Mon, 1 Jun 2020 16:21:08 -0700 Subject: [PATCH 27/99] updated files name; was missing an "o" --- ...indows-10.md => microsoft-defender-antivirus-in-windows-10.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/microsoft-defender-antivirus/{microsft-defender-antivirus-in-windows-10.md => microsoft-defender-antivirus-in-windows-10.md} (100%) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md rename to windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md From 3da5f277f2167b1c99cd15b1fc9c33fdc3feed5b Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 2 Jun 2020 00:04:26 -0700 Subject: [PATCH 28/99] Update faq-wd-app-guard.md --- .../faq-wd-app-guard.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 1e8839b354..cccc536c12 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -92,3 +92,12 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca ### Why does my encryption driver break Windows Defender Application Guard? Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT"). + +### Why do the Network Isolation policies in Group Policy and CSP look different? + +There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatary network isolation policies to deploy WDAG are different between CSP and GP. + +Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudResources" +Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)" +For EnterpriseNetworkDomainNames, there is no mapped CSP policy. + From 0c531dd4906868ff63aa5bd0e5ae02a54c157056 Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 2 Jun 2020 00:41:05 -0700 Subject: [PATCH 29/99] Update wd-app-guard-overview.md --- .../wd-app-guard-overview.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index 390bee5992..799cbc5386 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -1,6 +1,6 @@ --- -title: Windows Defender Application Guard (Windows 10) -description: Learn about Windows Defender Application Guard and how it helps to combat malicious content and malware out on the Internet. +title: Microsoft Defender Application Guard (Windows 10) +description: Learn about Microsoft Defender Application Guard and how it helps to combat malicious content and malware out on the Internet. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,11 +14,11 @@ manager: dansimp ms.custom: asr --- -# Windows Defender Application Guard overview +# Microsoft Defender Application Guard overview **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. +Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. ## What is Application Guard and how does it work? @@ -48,4 +48,4 @@ Application Guard has been created to target several types of systems: |[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.| |[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.| |[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.| -|[Frequently asked questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| \ No newline at end of file +|[Frequently asked questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| From 9a2f04de673938a0828a6d98f639ce660d23bba9 Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 2 Jun 2020 00:42:16 -0700 Subject: [PATCH 30/99] Update reqs-wd-app-guard.md --- .../reqs-wd-app-guard.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md index ca449ea92c..0f700a7b26 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md @@ -1,6 +1,6 @@ --- -title: System requirements for Windows Defender Application Guard (Windows 10) -description: Learn about the system requirements for installing and running Windows Defender Application Guard. +title: System requirements for Microsoft Defender Application Guard (Windows 10) +description: Learn about the system requirements for installing and running Microsoft Defender Application Guard. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,17 +14,17 @@ manager: dansimp ms.custom: asr --- -# System requirements for Windows Defender Application Guard +# System requirements for Microsoft Defender Application Guard **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. +The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. >[!NOTE] ->Windows Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. +>Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. ## Hardware requirements -Your environment needs the following hardware to run Windows Defender Application Guard. +Your environment needs the following hardware to run Microsoft Defender Application Guard. |Hardware|Description| |--------|-----------| From e907e77e00ab41799bd645654d8e9d95dad0d084 Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 2 Jun 2020 00:43:10 -0700 Subject: [PATCH 31/99] Update install-wd-app-guard.md --- .../install-wd-app-guard.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md index e5630f24a3..2ef6c54364 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md @@ -1,6 +1,6 @@ --- title: Enable hardware-based isolation for Microsoft Edge (Windows 10) -description: Learn about the Windows Defender Application Guard modes (Standalone or Enterprise-managed) and how to install Application Guard in your enterprise. +description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed) and how to install Application Guard in your enterprise. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,19 +14,19 @@ manager: dansimp ms.custom: asr --- -# Prepare to install Windows Defender Application Guard +# Prepare to install Microsoft Defender Application Guard **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ## Review system requirements -See [System requirements for Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard) to review the hardware and software installation requirements for Windows Defender Application Guard. +See [System requirements for Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard) to review the hardware and software installation requirements for Windows Defender Application Guard. >[!NOTE] ->Windows Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. +>Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. -## Prepare for Windows Defender Application Guard -Before you can install and use Windows Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode. +## Prepare for Microsoft Defender Application Guard +Before you can install and use Microsoft Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode. ### Standalone mode From 96525e83294719c72416ca3b5eaef2563a4199e9 Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 2 Jun 2020 00:43:57 -0700 Subject: [PATCH 32/99] Update configure-wd-app-guard.md --- .../configure-wd-app-guard.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index 5020c63596..e3871020d7 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -1,6 +1,6 @@ --- -title: Configure the Group Policy settings for Windows Defender Application Guard (Windows 10) -description: Learn about the available Group Policy settings for Windows Defender Application Guard. +title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows 10) +description: Learn about the available Group Policy settings for Microsoft Defender Application Guard. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,12 +14,12 @@ manager: dansimp ms.custom: asr --- -# Configure Windows Defender Application Guard policy settings +# Configure Microsoft Defender Application Guard policy settings **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain. +Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain. Application Guard uses both network isolation and application-specific settings. From 04e7635fb0cd233efb999ad9033fe3527f35817c Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 2 Jun 2020 00:44:50 -0700 Subject: [PATCH 33/99] Update test-scenarios-wd-app-guard.md --- .../test-scenarios-wd-app-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md index a5eebdf2a2..f380bebaa0 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md @@ -1,6 +1,6 @@ --- -title: Testing scenarios with Windows Defender Application Guard (Windows 10) -description: Suggested testing scenarios for Windows Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode. +title: Testing scenarios with Microsoft Defender Application Guard (Windows 10) +description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From da785f2a13a33fdf2ff276866417d1b37ce01d67 Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 2 Jun 2020 00:45:31 -0700 Subject: [PATCH 34/99] Update faq-wd-app-guard.md --- .../faq-wd-app-guard.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 1e8839b354..f410bb38de 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -1,6 +1,6 @@ --- -title: FAQ - Windows Defender Application Guard (Windows 10) -description: Learn about the commonly asked questions and answers for Windows Defender Application Guard. +title: FAQ - Microsoft Defender Application Guard (Windows 10) +description: Learn about the commonly asked questions and answers for Microsoft Defender Application Guard. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,11 +14,11 @@ manager: dansimp ms.custom: asr --- -# Frequently asked questions - Windows Defender Application Guard +# Frequently asked questions - Microsoft Defender Application Guard **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Answering frequently asked questions about Windows Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. +Answering frequently asked questions about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. ## Frequently Asked Questions From 3d76e12ffd2498f10fd9c41ee08d1741119f3953 Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 2 Jun 2020 00:50:24 -0700 Subject: [PATCH 35/99] Update configure-wd-app-guard.md --- .../configure-wd-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index 5020c63596..e78a0079f6 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -36,7 +36,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net |-----------|------------------|-----------| |Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| |Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.| -|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.| +|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. Proxies should be added to this list. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.| ## Network isolation settings wildcards From 68d4ad7ae04d7ba38d7a4e60cb9c401cf836ba14 Mon Sep 17 00:00:00 2001 From: Rona Song <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 2 Jun 2020 00:54:57 -0700 Subject: [PATCH 36/99] Update faq-wd-app-guard.md --- .../windows-defender-application-guard/faq-wd-app-guard.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 1e8839b354..6fc40a60b0 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -92,3 +92,7 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca ### Why does my encryption driver break Windows Defender Application Guard? Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT"). + +### Why did Application Guard stop working after I turned on hyperthreading? + +If hyperthreading is disabled (either with KB or through BIOS), there may be a possibility Application Guard will no longer meet the minimum requirements. From 4a0105eefbe1560e7004787ac48c4f8feb59535d Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Tue, 2 Jun 2020 08:08:28 -0700 Subject: [PATCH 37/99] Remove Fallback Diagnostics Removing Fallback Diagnostics for now. --- devices/hololens/hololens-diagnostic-logs.md | 74 ++------------------ 1 file changed, 5 insertions(+), 69 deletions(-) diff --git a/devices/hololens/hololens-diagnostic-logs.md b/devices/hololens/hololens-diagnostic-logs.md index 212f936079..741c9503d5 100644 --- a/devices/hololens/hololens-diagnostic-logs.md +++ b/devices/hololens/hololens-diagnostic-logs.md @@ -27,7 +27,6 @@ HoloLens users and administrators can choose from among four different methods t - Feedback Hub app - DiagnosticLog CSP - Settings app -- Fallback diagnostics > [!IMPORTANT] > Device diagnostic logs contain personally identifiable information (PII), such as about what processes or applications the user starts during typical operations. When multiple users share a HoloLens device (for example, users sign in to the same device by using different Microsoft Azure Active Directory (AAD) accounts) the diagnostic logs may contain PII information that applies to multiple users. For more information, see [Microsoft Privacy statement](https://privacy.microsoft.com/privacystatement). @@ -37,9 +36,11 @@ The following table compares the four collection methods. The method names link |Method |Prerequisites |Data locations |Data access and use |Data retention | | --- | --- | --- | --- | --- | |[Feedback Hub](#feedback-hub) |Network and internet connection

        Feedback Hub app

        Permission to upload files to the Microsoft cloud |Microsoft cloud

        HoloLens device (optional) |User requests assistance, agrees to the terms of use, and uploads the data

        Microsoft employees view the data, as consistent with the terms of use |Data in the cloud is retained for the period that is defined by Next Generation Privacy (NGP). Then the data is deleted automatically.

        Data on the device can be deleted at any time by a user who has **Device owner** or **Admin** permissions. | -|[Settings Troubleshooter](#settings-troubleshooter) |Settings app |HoloLens device

        Connected computer (optional) |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it. | +|[Settings Troubleshooter](#settings-troubleshooter) |Settings app |HoloLens device

        Connected computer (optional) |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it.* | |[DiagnosticLog CSP](#diagnosticlog-csp) |Network connection

        MDM environment that supports the DiagnosticLog CSP |Administrator configures storage locations |In the managed environment, the user implicitly consents to administrator access to the data.

        Administrator configures access roles and permissions. | Administrator configures retention policy. | -|[Fallback diagnostics](#fallback-diagnostics) |Device configuration:
        • Powered on and connected to computer
        • Power and Volume buttons functioning
        |HoloLens device

        Connected computer |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it. | + + +- End-user is responsible for sharing the logs responsibly with someone else. These files are primarily useful when contacting customer service and support. ## Feedback Hub @@ -110,72 +111,7 @@ The IT administrator uses the DiagnosticLog CSP to configure the data storage, r - The retention period for the diagnostic information. - Permissions that control access to the diagnostic information. -## Fallback diagnostics - -While device telemetry usually provides an initial understanding of a problem report, some issues require a broader and deeper understanding of the device state. When you (as a user or an administrator) investigate such issues, diagnostic logs that reside on the device are more useful than the basic device telemetry. - -The fallback diagnostics process provides a way for you to gather diagnostic information if no other methods are available. Such scenarios include the following: - -- The network or network-based resources (such as the Feedback Hub, MDM, and so on) are not available. -- The device is "stuck" or locked in a state in which usual troubleshooting capabilities (such as the Settings app) are not available. Such scenarios include the Out-of-Box-Experience (OOBE), kiosk mode, and a locked or "hung" user interface. - -> [!IMPORTANT] -> - On HoloLens 2 devices, you can use fallback diagnostics under the following conditions only: -> - During the Out-of-the-Box-Experience (OOBE) and when you select **Send Full Diagnostics Data**. -> - If the environment's Group Policy enforces the **System\AllowTelemetry** policy value of **Full**. -> - On HoloLens (1st gen) devices, you can use fallback diagnostics on HoloLens version 17763.316 or a later version. This version is the version that the Windows Device Recovery Tool restores when it resets the device. - -### How to use fallback diagnostics - -Before you start the fallback diagnostics process, make sure of the following: - -- The device is connected to a computer by using a USB cable. -- The device is powered on. -- The Power and Volume buttons on the device are functioning correctly. - -To collect fallback diagnostic information, follow these steps: - -1. On the device, press the Power and Volume Down buttons at the same time and then release them. -1. Wait for few seconds while the device collects the data. - -### Data locations - -The device stores the data locally. You can access that information from the connected desktop computer at the following location: - -> This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents - -For more information about the files that the fallback diagnostics process collects, see [What diagnostics files does the fallback diagnostics process collect?](#what-diagnostics-files-does-the-fallback-diagnostics-process-collect). - -### Data access, use, and retention - -Because you store the data yourself, only you have access to the data. If you choose to share the data with another user, you implicitly grant permission for that user to access or store the data. - -The data remains until you delete it. - -### Frequently asked questions about fallback diagnostics on HoloLens - -#### Does the device have to be enrolled with an MDM system? - -No. - -#### How can I use fallback diagnostics on HoloLens? - -Before you start the fallback diagnostics process, make sure of the following: - -- The device is connected to a computer by using a USB cable. -- The device is powered on. -- The Power and Volume buttons on the device are functioning correctly. - -To collect fallback diagnostic information, follow these steps: - -1. On the device, press the Power and Volume Down buttons at the same time and then release them. -1. Wait for few seconds while the device collects the data. - -#### How would I know that data collection finished? - -The fallback diagnostics process does not have a user interface. On HoloLens 2, when the process starts to collect data, it creates a file that is named HololensDiagnostics.temp. When the process finishes, it removes the file. - -#### What diagnostics files does the fallback diagnostics process collect? +#### What diagnostics files does the diagnostics process collect? The fallback diagnostics process collects one or more .zip files, depending on the version of HoloLens. The following table lists each of the possible .zip files, and the applicable versions of HoloLens. From a3442b0de79dd2b38fb5a09794a848a3dd205752 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Tue, 2 Jun 2020 08:24:21 -0700 Subject: [PATCH 38/99] Update hololens-diagnostic-logs.md --- devices/hololens/hololens-diagnostic-logs.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/devices/hololens/hololens-diagnostic-logs.md b/devices/hololens/hololens-diagnostic-logs.md index 741c9503d5..a1b2ed38a5 100644 --- a/devices/hololens/hololens-diagnostic-logs.md +++ b/devices/hololens/hololens-diagnostic-logs.md @@ -123,7 +123,7 @@ The fallback diagnostics process collects one or more .zip files, depending on t |TPMDiagnostics.zip |Information that's related to the trusted platform module (TPM) on the device | | |✔️ | > [!NOTE] -> Starting on May 2, 2019, the fallback diagnostics process collects EventLog*.etl files only if the signed-in user is the device owner. This is because these files may contain PII data. Such data is accessible to device owners only. This behavior matches the behavior of Windows desktop computers, where administrators have access to event log files but other users do not. +> Starting on May 2, 2019, the diagnostics process collects EventLog*.etl files only if the signed-in user is the device owner. This is because these files may contain PII data. Such data is accessible to device owners only. This behavior matches the behavior of Windows desktop computers, where administrators have access to event log files but other users do not. **Sample diagnostic content for HoloLens (1st gen)** @@ -137,7 +137,7 @@ HololensDiagnostics.zip contains files such as the following: - HoloShell.etl.001 - WiFi.etl.001 -**Sample diagnostic content for HoloLens 2 10.0.18362+** +**Sample diagnostic content for HoloLens 2 - Windows Holographic, version 1903** HololensDiagnostics.zip contains files such as the following: @@ -162,7 +162,7 @@ DeviceEnrollmentDiagnostics.zip contains files such as the following: - MdmDiagReport_RegistryDump.reg - MdmLogCollectorFootPrint.txt -**Sample diagnostic content for HoloLens 2 10.0.19041+** +**Sample diagnostic content for HoloLens 2 - Windows Holographic, version 2004** HololensDiagnostics.zip contains files such as the following: From 65e6dfa9a185ff3876e717199ab22abaf5376761 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Tue, 2 Jun 2020 09:05:10 -0700 Subject: [PATCH 39/99] Removing "information collected" --- devices/hololens/hololens-diagnostic-logs.md | 91 -------------------- 1 file changed, 91 deletions(-) diff --git a/devices/hololens/hololens-diagnostic-logs.md b/devices/hololens/hololens-diagnostic-logs.md index a1b2ed38a5..00ddf87b8b 100644 --- a/devices/hololens/hololens-diagnostic-logs.md +++ b/devices/hololens/hololens-diagnostic-logs.md @@ -111,95 +111,4 @@ The IT administrator uses the DiagnosticLog CSP to configure the data storage, r - The retention period for the diagnostic information. - Permissions that control access to the diagnostic information. -#### What diagnostics files does the diagnostics process collect? -The fallback diagnostics process collects one or more .zip files, depending on the version of HoloLens. The following table lists each of the possible .zip files, and the applicable versions of HoloLens. - -|File |Contents |HoloLens (1st gen) |HoloLens 2 10.0.18362+ |HoloLens 2 10.0.19041+ | -| --- | --- | --- | --- | --- | -|HololensDiagnostics.zip |Files for tracing sessions that ran on the device.

        Diagnostic information that's specific to Hololens. |✔️ |✔️ |✔️ | -|DeviceEnrollmentDiagnostics.zip |Information that's related to MDM, device enrollment, CSPs, and policies. | |✔️ |✔️ | -|AutoPilotDiagnostics.zip |Information that's related to autopilot and licensing.| | |✔️ | -|TPMDiagnostics.zip |Information that's related to the trusted platform module (TPM) on the device | | |✔️ | - -> [!NOTE] -> Starting on May 2, 2019, the diagnostics process collects EventLog*.etl files only if the signed-in user is the device owner. This is because these files may contain PII data. Such data is accessible to device owners only. This behavior matches the behavior of Windows desktop computers, where administrators have access to event log files but other users do not. - -**Sample diagnostic content for HoloLens (1st gen)** - -HololensDiagnostics.zip contains files such as the following: - -- AuthLogon.etl -- EventLog-HupRe.etl.001 -- FirstExperience.etl.001 -- HetLog.etl -- HoloInput.etl.001 -- HoloShell.etl.001 -- WiFi.etl.001 - -**Sample diagnostic content for HoloLens 2 - Windows Holographic, version 1903** - -HololensDiagnostics.zip contains files such as the following: - -- EventLog-Application.etl.001* -- EventLog-System.etl.001* -- AuthLogon.etl -- EventLog-HupRe.etl.001 -- FirstExperience.etl.001 -- HetLog.etl -- HoloInput.etl.001 -- HoloShell.etl.001 -- WiFi.etl.001 -- CSPsAndPolicies.etl.001 -- RadioMgr.etl -- WiFiDriverIHVSession.etl - -DeviceEnrollmentDiagnostics.zip contains files such as the following: - -- MDMDiagHtmlReport.html -- MdmDiagLogMetadata.json -- MDMDiagReport.xml -- MdmDiagReport_RegistryDump.reg -- MdmLogCollectorFootPrint.txt - -**Sample diagnostic content for HoloLens 2 - Windows Holographic, version 2004** - -HololensDiagnostics.zip contains files such as the following: - -- EventLog-Application.etl.001* -- EventLog-System.etl.001* -- AuthLogon.etl -- EventLog-HupRe.etl.001 -- FirstExperience.etl.001 -- HetLog.etl -- HoloInput.etl.001 -- HoloShell.etl.001 -- WiFi.etl.001 -- CSPsAndPolicies.etl.001 -- RadioMgr.etl -- WiFiDriverIHVSession.etl -- DisplayDiagnosticData.json -- HUP dumps - -DeviceEnrollmentDiagnostics.zip contains files such as the following: - -- MDMDiagHtmlReport.html -- MdmDiagLogMetadata.json -- MDMDiagReport.xml -- MdmDiagReport_RegistryDump.reg -- MdmLogCollectorFootPrint.txt - -AutoPilotDiagnostics.zip contains files such as the following: - -- DeviceHash_HoloLens-U5603.csv -- LicensingDiag.cab -- LicensingDiag_Output.txt -- TpmHliInfo_Output.txt -- DiagnosticLogCSP_Collector_DeviceEnrollment_\*.etl -- DiagnosticLogCSP_Collector_Autopilot_*.etl - -TPMDiagnostics.zip contains files such as the following: - -- CertReq_enrollaik_Output.txt -- CertUtil_tpminfo_Output.txt -- TPM\*.etl From 769b5ea16c6d573358215e4a9e42165f1a7ce018 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 2 Jun 2020 09:44:25 -0700 Subject: [PATCH 40/99] restoring a link to an exterior topic on Intune --- windows/deployment/TOC.yml | 2 +- windows/deployment/deploy-updates-intune.md | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 windows/deployment/deploy-updates-intune.md diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 3dda78fbb4..7c8dff22d6 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -156,7 +156,7 @@ - name: 'Walkthrough: use Group Policy to configure Windows Update for Business' href: update/waas-wufb-group-policy.md - name: 'Walkthrough: use Intune to configure Windows Update for Business' - href: update/waas-wufb-csp-mdm.md + href: update/deploy-updates-intune.md - name: Monitor Windows 10 updates items: - name: Monitor Delivery Optimization diff --git a/windows/deployment/deploy-updates-intune.md b/windows/deployment/deploy-updates-intune.md new file mode 100644 index 0000000000..c1eb490a3f --- /dev/null +++ b/windows/deployment/deploy-updates-intune.md @@ -0,0 +1,20 @@ +-- +title: Deploy updates with Intune +description: Deploy Windows 10 updates with Intune +ms.prod: w10 +ms.mktglfcycl: manage +author: jaimeo +ms.localizationpriority: medium +ms.author: jaimeo +ms.reviewer: +manager: laurawi +ms.topic: article +--- + +# Deploy Windows 10 updates with Intune + +**Applies to** + +- Windows 10 + +See the Microsoft Intune [documentation](https://docs.microsoft.com/mem/intune/protect/windows-update-for-business-configure#windows-10-feature-updates) for details about using Intune to deploy and manage Windows 10 updates. \ No newline at end of file From 08510ec4139d9475260b53596df2d2a07fbb9860 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Tue, 2 Jun 2020 09:46:42 -0700 Subject: [PATCH 41/99] 4 to 3 --- devices/hololens/hololens-diagnostic-logs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-diagnostic-logs.md b/devices/hololens/hololens-diagnostic-logs.md index 00ddf87b8b..0423539b62 100644 --- a/devices/hololens/hololens-diagnostic-logs.md +++ b/devices/hololens/hololens-diagnostic-logs.md @@ -31,7 +31,7 @@ HoloLens users and administrators can choose from among four different methods t > [!IMPORTANT] > Device diagnostic logs contain personally identifiable information (PII), such as about what processes or applications the user starts during typical operations. When multiple users share a HoloLens device (for example, users sign in to the same device by using different Microsoft Azure Active Directory (AAD) accounts) the diagnostic logs may contain PII information that applies to multiple users. For more information, see [Microsoft Privacy statement](https://privacy.microsoft.com/privacystatement). -The following table compares the four collection methods. The method names link to more detailed information in the sections that follow the table. +The following table compares the three collection methods. The method names link to more detailed information in the sections that follow the table. |Method |Prerequisites |Data locations |Data access and use |Data retention | | --- | --- | --- | --- | --- | From 36792dff7e9ea57d95b45d9f2f6605dc4687ad49 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 2 Jun 2020 10:49:32 -0700 Subject: [PATCH 42/99] fixing errors --- windows/deployment/deploy-updates-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-updates-intune.md b/windows/deployment/deploy-updates-intune.md index c1eb490a3f..8737d452c6 100644 --- a/windows/deployment/deploy-updates-intune.md +++ b/windows/deployment/deploy-updates-intune.md @@ -1,4 +1,4 @@ --- +--- title: Deploy updates with Intune description: Deploy Windows 10 updates with Intune ms.prod: w10 From 3a52c98053cf6dd74c29b322e4de0c2ca93c42bd Mon Sep 17 00:00:00 2001 From: illfated Date: Tue, 2 Jun 2020 19:56:00 +0200 Subject: [PATCH 43/99] Security/Threat protection: password length values Description: As requested by Program Manager Robert Durff (MSRobertD) in issue ticket #6856 (Bug: Password length value range is inaccurate.), the upper value for the supported values for password length should be 20 instead of only 14, verified in preliminary field testing of the GPO Password Policy, described on this page. The actual upper limit may very well be higher, but 20 is a reasonable value to be used for now, until someone documents the need for higher accuracy in the documentation of this value for the GPO Password Policy. Changes proposed: - Replace 14 with 20 in both occurrences of 14 as the upper value - Convert Note text in line 83 to a MarkDown Note blob (MS codestyle) - Whitespace adjustments: - Normalize bullet point list spacing to 1 (codestyle) (3 lines) - Remove redundant end-of-line spacing (8 lines) Ticket closure or reference: Closes #6856 --- .../minimum-password-length.md | 27 ++++++++++--------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index 7917efbce4..b57e36e03e 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -20,18 +20,18 @@ ms.date: 04/19/2017 # Minimum password length **Applies to** -- Windows 10 +- Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Minimum password length** security policy setting. ## Reference -The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0. +The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 20 characters, or you can establish that no password is required by setting the number of characters to 0. ### Possible values -- User-specified number of characters between 0 and 14 -- Not defined +- User-specified number of characters between 0 and 20 +- Not defined ### Best practices @@ -51,13 +51,13 @@ The following table lists the actual and effective default policy values. Defaul | Server type or Group Policy Object (GPO) | Default value | | - | - | -| Default domain policy| 7 characters| -| Default domain controller policy | Not defined| -| Stand-alone server default settings | 0 characters| -| Domain controller effective default settings | 7 characters| -| Member server effective default settings | 7 characters| -| Effective GPO default settings on client computers | 0 characters| - +| Default domain policy| 7 characters| +| Default domain controller policy | Not defined| +| Stand-alone server default settings | 0 characters| +| Domain controller effective default settings | 7 characters| +| Member server effective default settings | 7 characters| +| Effective GPO default settings on client computers | 0 characters| + ## Policy management This section describes features, tools, and guidance to help you manage this policy. @@ -80,8 +80,9 @@ Configure the **** policy setting to a value of 8 or more. If the number of char In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack. ->**Note:**  Some jurisdictions have established legal requirements for password length as part of establishing security regulations. - +> [!NOTE] +> Some jurisdictions have established legal requirements for password length as part of establishing security regulations. + ### Potential impact Requirements for extremely long passwords can actually decrease the security of an organization because users might leave the information in an unsecured location or lose it. If very long passwords are required, mistyped passwords could cause account lockouts and increase the volume of Help Desk calls. If your organization has issues with forgotten passwords due to password length requirements, consider teaching your users about passphrases, which are often easier to remember and, due to the larger number of character combinations, much harder to discover. From b51ae476da1fd6873cdc2520052a252bfe925431 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Tue, 2 Jun 2020 11:17:07 -0700 Subject: [PATCH 44/99] changed Windows to Microsoft Defender Offline --- windows/client-management/mdm/defender-csp.md | 2 +- .../security/threat-protection/intelligence/rootkits-malware.md | 2 +- windows/whats-new/whats-new-windows-10-version-1607.md | 2 +- windows/whats-new/whats-new-windows-10-version-1903.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index a9993b1e63..709cf61da5 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -419,7 +419,7 @@ Node that can be used to perform signature updates for Windows Defender. Supported operations are Get and Execute. **OfflineScan** -Added in Windows 10, version 1803. OfflineScan action starts a Microsoft Defender Offline scan on the computer where you run the command. After the next OS reboot, the device will start in Microsoft Defender Offline mode to begin the scan. +Added in Windows 10, version 1803. OfflineScan action starts a Microsoft Defender Offlinene scan on the computer where you run the command. After the next OS reboot, the device will start iMicrosoft Defender Offlineline mode to begin the scan. Supported operations are Get and Execute. diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md index ad80fad7fe..f27af5c133 100644 --- a/windows/security/threat-protection/intelligence/rootkits-malware.md +++ b/windows/security/threat-protection/intelligence/rootkits-malware.md @@ -55,7 +55,7 @@ For more general tips, see [prevent malware infection](prevent-malware-infection Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your device and your antimalware software isn’t detecting it, you might need an extra tool that lets you boot to a known trusted environment. -[Microsoft Defender Offline](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection. +[Microsoft Defender Offlinene](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection. [System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity. diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index b1e29d9585..390498a069 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -103,7 +103,7 @@ Windows Information Protection (WIP) helps to protect against this potential dat ### Windows Defender Several new features and management options have been added to Windows Defender in Windows 10, version 1607. -- [Microsoft Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/microsoft-defender-offline) can be run directly from within Windows, without having to create bootable media. +- [Microsoft Defender Offlinene in Windows 10](/windows/threat-protection/windows-defender-antivirus/microsoft-defender-offline) can be run directly from within Windows, without having to create bootable media. - [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. - [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. - [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 542e9f241c..09b5ab08d3 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -137,7 +137,7 @@ This new feature is displayed under the Device Security page with the string “ ### Security management - [Windows Defender Firewall now supports Windows Subsystem for Linux (WSL)](https://blogs.windows.com/windowsexperience/2018/04/19/announcing-windows-10-insider-preview-build-17650-for-skip-ahead/#II14f7VlSBcZ0Gs4.97): Lets you add rules for WSL process, just like for Windows processes. -- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Microsoft Defender Offline Scanning tool actions, and any pending recommendations. +- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Microsoft Defender Offlinene Scanning tool actions, and any pending recommendations. - [Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) lets you prevent others from tampering with important security features. ## Microsoft Edge From ef0eab99d6498c052e0d74e4f765f23f2dc2b0b4 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 2 Jun 2020 11:19:34 -0700 Subject: [PATCH 45/99] putting the file in the right place --- windows/deployment/{ => update}/deploy-updates-intune.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/deployment/{ => update}/deploy-updates-intune.md (100%) diff --git a/windows/deployment/deploy-updates-intune.md b/windows/deployment/update/deploy-updates-intune.md similarity index 100% rename from windows/deployment/deploy-updates-intune.md rename to windows/deployment/update/deploy-updates-intune.md From 7de3786699de8ea65068365c9db402f4c07941fd Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Tue, 2 Jun 2020 11:27:11 -0700 Subject: [PATCH 46/99] Changed windows to Microsoft Defender Offline --- windows/client-management/mdm/defender-csp.md | 2 +- .../security/threat-protection/intelligence/rootkits-malware.md | 2 +- windows/whats-new/whats-new-windows-10-version-1607.md | 2 +- windows/whats-new/whats-new-windows-10-version-1903.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 709cf61da5..a9993b1e63 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -419,7 +419,7 @@ Node that can be used to perform signature updates for Windows Defender. Supported operations are Get and Execute. **OfflineScan** -Added in Windows 10, version 1803. OfflineScan action starts a Microsoft Defender Offlinene scan on the computer where you run the command. After the next OS reboot, the device will start iMicrosoft Defender Offlineline mode to begin the scan. +Added in Windows 10, version 1803. OfflineScan action starts a Microsoft Defender Offline scan on the computer where you run the command. After the next OS reboot, the device will start in Microsoft Defender Offline mode to begin the scan. Supported operations are Get and Execute. diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md index f27af5c133..ad80fad7fe 100644 --- a/windows/security/threat-protection/intelligence/rootkits-malware.md +++ b/windows/security/threat-protection/intelligence/rootkits-malware.md @@ -55,7 +55,7 @@ For more general tips, see [prevent malware infection](prevent-malware-infection Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your device and your antimalware software isn’t detecting it, you might need an extra tool that lets you boot to a known trusted environment. -[Microsoft Defender Offlinene](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection. +[Microsoft Defender Offline](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection. [System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity. diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 390498a069..b1e29d9585 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -103,7 +103,7 @@ Windows Information Protection (WIP) helps to protect against this potential dat ### Windows Defender Several new features and management options have been added to Windows Defender in Windows 10, version 1607. -- [Microsoft Defender Offlinene in Windows 10](/windows/threat-protection/windows-defender-antivirus/microsoft-defender-offline) can be run directly from within Windows, without having to create bootable media. +- [Microsoft Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/microsoft-defender-offline) can be run directly from within Windows, without having to create bootable media. - [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. - [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. - [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 09b5ab08d3..542e9f241c 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -137,7 +137,7 @@ This new feature is displayed under the Device Security page with the string “ ### Security management - [Windows Defender Firewall now supports Windows Subsystem for Linux (WSL)](https://blogs.windows.com/windowsexperience/2018/04/19/announcing-windows-10-insider-preview-build-17650-for-skip-ahead/#II14f7VlSBcZ0Gs4.97): Lets you add rules for WSL process, just like for Windows processes. -- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Microsoft Defender Offlinene Scanning tool actions, and any pending recommendations. +- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Microsoft Defender Offline Scanning tool actions, and any pending recommendations. - [Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) lets you prevent others from tampering with important security features. ## Microsoft Edge From 7531057bc561d089cbe29ef6995f62c98a05b16a Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Tue, 2 Jun 2020 11:40:44 -0700 Subject: [PATCH 47/99] Changed old pic to updated one --- .../images/turn-windows-features-on-off.png | Bin 0 -> 344490 bytes .../install-md-app-guard.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/microsoft-defender-application-guard/images/turn-windows-features-on-off.png diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/turn-windows-features-on-off.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/turn-windows-features-on-off.png new file mode 100644 index 0000000000000000000000000000000000000000..fe4236c8cf0c6fe494427bee551239cb39940112 GIT binary patch literal 344490 zcmeFYRaBf^wk{mJa0+)RoZ#+SI0Tm4Y6W7S*hT|RBi`OFCA57MYegh=n+y+f6i0js`y2Mc`n4kjJ||Mri4)nV#e z0p+YJE&i@zjQH^F0oGhhQS9Bj>Nw;lBe=I`LNI>P<_EvKxkO!M4as~-FI zdti6A^xHQ{TU(){V9P3O@T2 zudJFJG}H0&Np`FWqwv^=b&fG-zA(LrK%=1n9bBT5ULw;_A|ldCOXH`rJX&G?L6d)< zT^zE16hv8H|NST_E6-ivSB-ZzwlGE}+sL#f$|2H)6apm}o}QrtW6YvDI>0YqVD9MYf_dyNr!e=Xkf#0ohiHTJmwxv)6g-jB@YB-GhA^#hRyy$R7 z0%$*E<}N&qZ3BTlYj99dh!gX70fB)$&#vKtFSfk=@E~qxWXay$_^EUeuD#r>TEsn7-|< zbr1-mi0$i>pZDVw;Ogp~$!8+T!2JY>7ofMv?IVHB&-m`z>tBY5zy14N=2)=0$OfaFetSm4r3?3eh7(y!Km8+B^{L1BhcgD0^=W%HamXs_z>$$fFVqgUPa^5rS z4nu`t**Cw+59~Tc+M}|1{x*GM-lK?E+gBQ39-)}nWmQcRjQKu!lL{{}iLa5_Arc1` zZEE^TSi&aLfxdIc*Y~%LK8vLM{IQL0qXc1LcB~v%VMS&bHnx<8=6LAHQTP_tj}r33 z8EtpP<4=W&WJh!|pI73%IA@ALo5{=yv044Q$3}o5>kTG4g1>1hn)Z!bp}%WY_6@VN zM^~Hl8;_=QVfLE)hixsH4JYTh9?w}U*E8wq>ub0hKQ%z&;wT?0q}JP>s~o4%A+ZrE zzE}MeOZrMm=q9D3(lMl{CMMgoUS%(D1f#AsPtFd)S^G3OF#0vGtqtnytScRTA|*%V zJK4jJ5JeeDZEf~5kKWEpP2TcKgwB~2bSauOR`xa+H8uOx=~p5m@6F%4%gS2rAPMiy zy-~yahcHS3fpc{G@&#r6urD));0JgRl^~vHBtOzGvM?)kyb?-kLHs&D zEd#WVQpEYb!5btAu`@MtGa5K~RD39#VnzT(Mo}YbxVvvVad>s=O708x1cCJD_5A_V zUX9qAuS7Rb{vlz6R*{URG$9@9{a9xWSsODW*enSBx)&&lqNxqFK0Lg>Cd0wOX}9_CHMtyum=X-1xJoN4B@|pZxos98ZO;gX%k?CX*q3b% zAvt+@BOBu&$L)TTkp)Lq4i4|Flq|tFdWO9+Mh#b1va+@=y<)&1&4#r8hD^8c!g#%(|N6*Xq1wbAyYUgusjtVL&5+ImI z<>vNl^qfX#W?oAYzCo`fDr1Qhy(r?-7Bc2-%Pt9g52U73@x6OTh?#KW0T59ni>cf{ z>-_X+Q^>hok6QXYH}~dAhw;@(5dKFKe9Qsn07uqFn>*p>*z|}90b8S-ZyoC#_Tmr# zb7Py^JE``2VAIHS=dbuzATX~25XnknVUrbG`EVx{m)%-;sCQST#d3W#jXvF=AN0Wj z2k9knkP#L2jlasoY!yk42*K#af13Q0u1~`iGyFyKd4U^1iqGV!sj0>@sciTnj-ZjzQ58+i;)mP8UXwR* zSrhc-3ntQu8WklC4Nd1X2L_K_V>b&qN&+GxAUZ0*yjJ9-OV5zx6zm;!kP?4c9;u2-nu8;7E0D;>w$;#VSM1N4l#kC7*}6|YCvn1l zn9)|am9n=z^xk1V<(AP;DJ0@eH$&Ek7Op`NHn3IS@%eE)o)wQdQ##<`&$5S`vHJrj1m|u&6!zQ8aXfSbSx|>$y@;7X5~<#BTGnpm0vf! z51$1F_wxlzeu2NgWw3>{udlC55ZLjqn+q?GU<_H<( z&~}|6s1OySM!AyZ4eP#{ACH(hquc=>6=XSnBFd3R3C1O=2}}07dmDC9ur#VeeNAiF ze7d5tr0FWuudh-{e2w7%s)NLlcb&ps34nRR$VC+*#?uoO9?#Q@+PPSf7@k7dTwhDS zm4nT&G&Sb)Z^_c&;sXnH1*!{l-$xTw6SOzJkAK=>_WvjC3Q7s00mWz%t05OW%wvcy~?K1cMy$2;d z6HYzzhY4=3j$hU(j<=EA%t!jc#Ss)0+DF|_4;qbppQK8Uslm-z;PPQ%Dt>$ErBf1_ zyE)O%3UoE>3}qdX4(@m1b#;^qidm4@M#t{M@dyC6;XE#Xms9sUpPO6rgXdO)iXP5f z)tl4GQi;H6(gP+hU^jnjXh}9l5t*b?rT z$gRrRE%bW{(bM??<;*C?=7%FdwLonA@gs&+HA!CaF@|v)RP|YtjQohCjSu~b5VXT{ z6BZ*Qp*iU3BQTJ#nSnrs5V^YPIQ)RsNW@J5H}@crr!x)k>zWA--4||J8ddZ-xqG5w z6=cH`1>Sk4wZ{&n{C%RVa59B-j`jld)~|`Ld^jSL2*%5-kL{>^l>~O$qSr?sgf=WQ zces18LCPO#KNCISswNoyf{qesi}J&|-7>{jE`JF7+d#i;hkM(bXN-P}3WIj2V0hHz z&orE?HYzr$_s5uF5v;7N@!(K@BGL>9d9?dR2h_>ZFDx-AF*-(uFn zmKF?R!l3&eDpNDFeDe1Mi;jLWHw|Jz8QfbWu@plOV*A1vFPdTqZF17`<8B;R2)tjaI$l<16#6e=Wr7xs{RRQr=8$gGmn81 zR>eKjL06A<5=Pj_Q6|xIqc0ANZNK#vzh!5sTgkliz39h$+Naeljd`pr`|d$%{6My% zcrJbaNl{lOIWZ|cjIJ&AcuiF%TcrE<2mVJx%3pA!8mlaNOsCqt+U(8}fLlJm@BU;z_UGEdE@VMeD| z(6(0wb!uzETC;m>v22Zoo7I9SA+5#hElp0Y9~PO;FoRP9V&W#wi&z|>`_Vc+781sw zj!Q+!6*fhc;45dX?piLbXbE5Q1q4h;4Svc8(ftNtY#k$co7b38`O?^1$!qwYEBlt6 zsQ%IS-K02rtU@(D{;iTO>f5(HFTCxu3{w$U4HzyH3wdFSJYRG8JVVDPC&Tf~ z3slv$M(8%!b&jv&O|q#B430_tDksL-W#2LVOwKn&W*MkCa5E=bzx=UhiA*eD4HGuQ zPEuSOdkgdZ#x@Ze0)mpZu6M`C$VV)y3$9f~}KN}w@87qZYndPQn1z`Mu({A;EYFji9$#5Srbavy~yEzU0wAz&C zJ_hlD)1`N`kZ?v21Bxd%PcyK_18?D3kRS@)1$=I|I@v1i?sCkHjfH#O!}j={ zx6YFNv(Eye0n>D_lt-eWW)QDRKEQKr-_h2WEc&%ZpvmQ2HnteS>-Hel+&V|zKBfn_<{y{|zHu_jf$25^+RvQG98w>;%Yz#nghGRCW*a~$ zL+aiOubglkd%kgLM}dH0yi={HZ!H)h7UR8pgIN;|=I$=1Ygt2+sQL&WMB`8&l<$~* zYM-gnBLSzlMrn?MTVz%15)-+i8WlnnWZKb(rs1Tkkkw|@k70T1BUrpPIngWLNAjo2 zUjsdspLw|pM8f1P4+*Wp&#oJecYbJl@DWe;4w-<7kU&5$Pl|d4yYN`D_D~)J5BOKl z8zG;GVr2fCgSc3=hHc#f{2n~B`~f2tG+!RlZXT=6S}nGr^Y!tc+*lE~BF5_=Cz%YE z?U5{ySx#Y_zRNymZ9`0dl9@X5sI|j{e(-rQN)KKup7HOvTL<~?%JsB6rDHYyir>yT zkGxl#Ai^`Kt4(pDO5e`&GGqrT?TlOCk0jnW>~|~RIYx-hC|71#twtq|)OXVF_vevG zBuTLF_y6+02wGy8xH^{W85vPTMn=A{*g^&XddiGHtPIEWcP(tr0XP2f3icA9 z6Y-p6kCJs41)-xbfko7N*I`toA{<1ByLx}1+4SXXiUg}u7ms$e6UkhqLAa~SbJ&f1 zwa=Pq^ywVDfzJd%>s-1hZOfrTh|Ualc*p+JCz}jbSW0;Gp2AT1YO7~2OTw`SuHkA2 z83PoXRk-f9)u@74M44QEu8CHhmvBd;F=>zO0^q^VSu|3`_1gK*c|9h0^{8I(R#xMi zp)BYd();2`YpssdkwG7}u2WbFrtwVJklOTrX?`1i zaQ(?<`{GiY;fU6bPnEZ)q7G|m(%UBlOg5UmaWVbg_F$VNk!=c>kwatTlp}mF;ZIu3 zQgpk}h&22;rY|L{9sEiy?RfHm`8Od^K@)~Xb=ZVR8?;&pW7m_UHT8{ScUYZvgO{Mx zH5ueg!moq0;LWIye>Odoapezu|F~zkRvK&Z*e7ps>Bw@OQx6?A_Y|OkP_dO{j#d+i zl~Bk=;w;b-T@q&3FPEW*z1|*DOhZaxPGjQssC9V)$)x<2+TB0U@Ac}%o zEp1yT=~Q7*YLn|IWr~#yxuGY1vP0>M!w;apN--X7LY-MpHv02B;(*H&HO$^A$Y7;i zP2cP<8*clRLsd=9@nC|2QMX%*xR1o^|XpRJA(OA;6B(fuIM%>2Ac-zBf-7Gu55GJL@?VHK(%I@2;)o|yw- zadGif(&NMghN+oKu9i;Z)05Aee`UM=JMGEIDTaqG*~d?K344CfM)P-+Gn<54U1~rQ zEda~8vL#K>j~_hc<*SZY#k^aWf-j0mQv4R>2 zM^mdCwBF`vuz z1O1`>0VUhJ0cOdbwSU&3tagYI8whD?Lwny;FZMl-#`uI;m$wHmSK(9OZzMhjIplhPx@Y)+`g4x3b7oR_3JT9po(0HI7I;)XJDniSL=_$97q0bBW zlvE^0Q0-VTG36H8D#35ntAf-X{$Mj8cx(K)VCV6377)GWMW7RV*0{S>sK)?0IDs!mm6{O$oaxH z2mNxc$9KVnQkoj14(c}&h>cN~cwhIrQ8qSwQTG`G`e&(u1|50jw}P7a{I&rc(vlJ* zg-4~y&kMLV)pC-?3A}ar#D9RrReH-rtzKwF4@(R_qx>1Qrd=W06^9^NY3NslX zWb!y=EeFulwuy~vv2g;rcg=(#n1v?@LIef3O4A6s- zyx=1yS%+q7j_rHLkl|imlYJwJjgd_dL@%VX*;?slQX;`!N_UsfjmqcdeK9={H~FyY zcF;J5pF$)V;>8zvPTcv2+IFIC8y{uaG?+;CYrH%jwjW!AB0=>}OOWW|b76<;4qhb4Qn zp6?yyyjy<%&hYqQ=3RR}r}mI=EOo-n#D^b|&GBJlPZHmrHj6VKHQO2jb&*RQ&Ii-Ga*g7m?^6@gYfKzx=58Z}ZKY~dGt{@@$!PWv3h zbUPXW7=%pR!^^il!JaD#1u(h&`sSwV`L0MtO97-~F+&dcrH($|v z{1B3plT+E8xsw_7BW;%(OonDGrxc!hdJ6q-YI6EHvGPbS9WQzPu9G+wj}Cs38SPvm z&-l6-=bTcU%r~RJSbK+rNKx?ckR1}FUEEv+{|e>f%yx5Qqgs}|lTZ1-6NIHk|VVg*|lWmLP*fbQMEnQ zUdt^~6Y5H=?K}q=;KM7%k(2V-A7nShgOK?(yKpzkJ(II^MeX-YHyC5^9kOi`g<~Z~1!EM5|d)K1P=;4M(vIdPQ@|rI=sE0Dmo+v5x zKYAW!t*gWQ0LdQ?W1voTHol$>SIcm~4#wckgi)y4Beq%IF+W5vg&C~8PgtWm!v%>K zCSw3~HnY~Tfbg|_-ineT@NiD2JSMLTJd;P$i>b~u*b!53F{KiU*&MSCWKuqJ@U8XD z9Y=vhA7|8@qI20AX!&aiV?XW(VTi&6x8!p03S2N<`k5bhQ=1^v^Fv)=*g zdPN`DMLIYh>%eZT+Z|wdtv?;at7`O>CbWh9$J}Z$-huvm)UE8&H0IYTwxZ zK$b7v52u}*5*UI|f`L(r;rhv8MVN3}x3)V){yGm>{8TJ<7Dz-CZoIW@J856W=CXD0 zX{eGEY$oW$q-897_i|r#rL^Eq8&@tm&=y>kD8XiTLg%uygA%R|l=}>teBtCqPYs{V zP}*!+WP9SRA=&e5MSJwIN|+><_U&LhC_jm-H*q(+vJyDkU+a91)1h=U#Zl&A(1I6f1yi zT;fFmc>Fq8)O2z+Ud^;iNfe*eo5Vwr=u}EP z#-<=-AhssA3JfVTXeDfaEgOHa@;$$g`MUzT#bA*59!XO@k<`r*#O(`&T)YP}a^1i0 z?3OG~tEBgSj1}v${j6~Tw$7rol`;arpNPA0_ej)v!exCdjsx^^shERJx ziM;9^nTXUQi!3zo$4z2>jBL9=E2nRn?5-;*ajj8N%r%%1x>{?`WO&|oqV7)lTDOr* z#Coy&B^iU9*wD*?1{c*P@b0mq!}y0oAt&L3yJQG9IC2-oS9kMt@UeQ90=?+XN=Qep z+8LhnuwU}C`BjDqJkkJl&D>pF=9+2e;vmXy|B7N)FIMx#yOZ2c`P3^w=9>R-n|Sp8 zh#}!}xPM$l6;#cdG>H+OPRu;X@LcTW%Y?(SVSDj5z*43lnszS6qiLZc-X zCKlGKt2`0ucs8J}4iXX3sWNn*5sF-NLza%mBBrEwS=_e?;hDwgQ=j1UqW^(*WroIC{NE*KwyHDLhdov8)_hmh$m^7 z02A{?9vBGyZ3$aQ?`coo#aakX?as4f=!j~}e;v{Gfu*~AnnK136MME;pmVpM0)NJq zu8C0)MxvQR*?xe zU>5PTjVr`41OOb4KdnO-aen}`3NUpUQ-B0rXo7e$-J*L>a8KC|NP(SjbH}AE_Vkjl ztGx8CSEaI2mp@Lm*Zp~Q>eoY8?b5yl2;u<*;(`tQBW?{Cdl_0~LJ$nX7Fi0|JZAZ9 z+)9J;sh}-2k*j=mRegMyu*No-9acGTkekrEPP!W$D06Ds_kYn#$X4Mpez5DPzlo}L z`fPB0Fo9U90q=$ohl=DhopQ2S=&o_~4{Rc@->wXPU6< za8dZ!g!_G-bJ5phmazQe9SpbaVwi6Urx9UhOnEvx_I+mWBBFiXyfj(fbh$xQH#0Kg z)Cm&xQOn)NNek}1&jhBAGd=NO93zN|a%;-RXL;YGMd;>TJs&P7C8&^G)f*}q)h_0) zn1>RiU>O+qIPJ?t8SgV*$4)m@A$ql(eej@ze6;_Q)pZeFTk-}+o;Ar8_hvPOtp2>` z#W}@jD_1Ct@6VlN{T@apZhu)MrU2_6C*mX*)|@?`F(D$k#sQLpPEZ!Qo{WmXpKuWIIFhKF~< z7sG+itSz74aR`~D9uRg7&7f3NoI#?aq@6U;zD#idu?XUpdF;gYyQqmpyigG0i2DvX z_Verw5s8RcczMBH{Q_{CM)VMfOv`)F!t&#!``J`qq%nL?jmyn3!fQp67IBq@QqL;Suse*3itnf}s956UQ254U$Z>8_?L(Y!x?G*IytjA0RvuyI>4nR+=%d(gIl zG(+hpRJRG0Bn>+JjiPWofy(qi(&yL?J$nUK^r@E9{fjI zA&(MwGl~F8OuEW)QqG6(j+_$}ZF3^h^Zr{u!wF}ExFF7D;3GGkvW7~~)D|%|jc(`f z{s{c1$r6w18}Si7SA@LZVd3NH7CmIRK!%BUOSDz$Rknk~G5lZ4q{V|pLqFq?d&^*g zwuns`v_A3;4brPe!~|PWVmP`&?fE?rdZDa_j+rDKJw&SI zIc`BPUuey%4o^7C1uZ@B&o^q(f5LaxVcy(o9{@xd>FI_e3)T3-PE-n`Bc)7aelx#3 z{*d62#kn5y2YH>(i03MF!=sMyj7)4{D19Xk^yUJK z!{8MZ6fiJ|gQ7E`P4{*v*|-sn&V(;m8^X$BxtTLXLY?==x6`u;7)Mqex1|7rf?F8G znUISM4_LVV?qLDku@7PnPQTx%;vM}vsb|E1)<{>oS(B|-qO}I@ByNMV-##KIC4w+N^%om=H;%I! zKclCzyCG`crG>W6`)p7X{6N7O^x|#XAo5vtB<8Nnio0B|kWTrSlDC~gS^rUePolg4 zNl+P~=Cf-pu1ouI@ZI`BRP6d;7iZ#8<-={>eK!bt^&=3ivLKPI@^0VaCz$9Bte^&y zE+GLBXBqFTjaw6KQ1N!)tVOybw$YXld--}^^=-b{qw?|YUQ>XW{_SF79mQHXDsaGM zg@E=jL;l?o>U&hYZ7XSWUrXp6JY#=@7FL31T<*sx_)s1_x47=q2HovCmGG+7OBG32 ztHm0Jd*Y1f#Z{5clBilo{>B6JnUA#Xkuli|4^Rkc+ii9fMwYik|$MlAIj z9iZUhAFd4>DJdurKmPI@P#6cRT3~Mp3S#UTqq;v@SJk&bQ>t;`r>_KsekF5#khy=5 zl9v{QhwJU^=OJyd5ARr8gUQbJd(-98I_bRZH8Nh>FIDl%22pb7Y7>k1K%E;eYpx~g}oeQN0Ccw0pMd0hu`>t60NE&?yD5bt7}3K)N}1Z#=O zM;VO2s%2At?*QyP-M7PEY{pt*nF==wVfU$E`7J##Sb6E1F@HJJKh1g;E%H=YfJdYv z*4YkJNWPVhbI%D|5+J$!!;gHx9r+f()TBM^^wLstvHJtJ_IyNpQm-g6_be_>zj(J{ zp>BGTQzRq zcvsrBH$exAK8bN(V(!6we!Kd@GAM6(!tU?+h0QPdMff$JY}|E};hD)GqlHC%#Q(w` z(v=!UHO!@bJNez?{3)DZv$005MI zAJ$El>uskLU>%8Rw<{&gil86h;irCwR=-(}69WflG?8(U0}z?R+OWW21e2?FQ_F4> zEMU)AqI4`t!mY#`t|q`=l$?|64PCk;Yhi8OJ=F#MVJ1R?4u5!LMAXO#YD!fVgA5mP z?Vwc%Ug+vy#-^F0nV4z_YO6-JTSEydF^7eQ0Ub7ZcvXGbI3Y%Hc1FEZ69DG%3fT3K(~017hiP**iq7QO_5%>h?fEy73n+>0(mK^m z-fPAkhHzI3hwd9Z;pZ@Mg-8Lu>JOzUr-Ue^bT4p~kqJLn;qk{TMz$_#HhM-?xI2Vw zD-xv=>qnm>)Ju(5L{)EzzY`xmK1c2$qQm9xx$$kCY#VM?wq`@cN?Gor6mz>1MxEu8 z;nWFb%9^?OwlwWg+^;%PVkmHV#z;oMfMdt1E)wB-r6evr4UHCyrVgLKikeEI6QYsW zWYm$FQ?(2tO~a;swL6|O%boEQn7g%(+F#2F<4d6g-Zq1v^Lo%X`J-5^I}j|mJkUOq zHA8h1p*a-R@bc?)_8n2(+6h6(xEH!P#7nu6l0qycOste#?sG+S#`z-?`*=2YT##=y z`6rfyF@H9NomTH`7{8XxY&ebssAb>j6if(yrNc~-7ZSFK;Fd%21!dU z>LfS{y<;MU<3Ieu2O=atV?TE6>@j)y*=>bgvJpSpy}>3Qp+9*g+lU;I*Dvjseg+M^ zVXlyxrCI~#1;%@8osDFC42uyz7H|TLQrdf?U(WMpbAP2ecVYG=y)q5H%r!c0!`|8n zL^BbQIM5bDDrBU68Y%pA904Nsb9v{dMQ)h;66>5T0cyh!Mmqsp(k+OYv#TIe|a4?0-P8XY8x6})v&iYtgWr1Nrebcm+H3D0R9w_QBir7m2oO2 zea1VbDpM#SA`IjJ$d7km#00cBu(VwKql%8Eh(aJJa|b4MpEgO{=Pi$HeCt1SA#0_DDZaa;B2v^O#s<==aK! zAeC2q?3(H$B0Vz#phSzy$Or}neK`~Zn$H{4+N~=Krs<{3^coa|TUB0jyqxnJP=9E*IH7kHcqbTon4mX!`5gJ!|&(Ji3 z=l}`YdE{|Z`gFrI*>MdarHqQfOIGR*Wi@PS*J+Lcy zSLbZ)a=w5g^l+UpXMA%wiFGP~Cb3>7vQ_0tw>Gz+9Q(K39a*q#e+57vs2y>1SfzUH}) zXCJJ1Vz*`bW0YhW$7?>sv#+36;|23(8G)5rZhD`jwZ|qP3^RLPlqW~*K0IwiYnIb6 zB;J4w)sJ4TG|Mi1DbD^~%qB?1QD1RND?dnu9kZR}u;HKT`UTc!{e^e`bRh5?5 z11a~vyKfIB3sPz-ug^lyvL5rh10=OQPWbiIhRFR5U*Z4h^XeuyPStOA+l=8^>oCvp zEha{O#ls#3HMyV1HmrF?LC>_kWyq+kMqI9ok6@><8bM2y!G=idcU`bTir&zjc3+lG z?k~4X%PieCUci4rVWH{i>8Hwr^_$%(S?Mr(dv~$#rMHS(Nk$l>jm&HVmm9J$u(6|) zc1&f#@md2a@dl96QoxGCFDTTjVcueIC~wXW+f~Wj(M)#T(?WWfKxpXv2*kH+n6S1s zCPpTbfeW@N8i%dT$EzVlpxhRTk@p$h?a5rCv!IXLI?L*|p2$cI#q zE?Qj$h(89ZnWc=YT6o2tXJ#FWm`8%usi!6T)Jo4F&c5Rq1GbT;20HvN7u(2V$);QA zB18#~wP%J<;z$=B-t5KTRclS7ntt|Esw?!8M~$I2eJ za(N(VlC)vmt~1-!`oOE2Lu9wkibT_Hx&v_;yYRWVN;4$i!h0c`FIp|7+=xU!w#(av z80j&J61eYxYmR>2s{*6tVLFqyWhYjuPCNnG_Fg>!Qz9^^tD6qGza1#CX_Ji??Uc6aMdfxjwRx1&8s~RT7cc zr=PWPft-C0EcDzOD>Y_OoJ4{G8F=Y08W@4slLgX778ds%Y_a~h6ciM^KKHEU<>fCp zpdiRyYfH-uKTz!C#P4cP@!;qP#K{RxHzWT{35yWERX=RIu(;eA`ho;UD=bX<$J28P zGvs7N&*T1a)UX-z9J3mYLu2+KFqZdaL(jc=)}r}LVumTJ`Z1Q%OiFD2f8{WXlj$h5%!z~&lZNKc2L&w}PNYXF1Ytw{BFCDGDfL{${Z54Jc8Rb9nEoS83 zcn!5z=v>DUs`LDku}Wls!_HSsZ?#tgJboXV(Ds{rDKfj8)v}z|IkJC?yHzt{4sx40 zdHMN0O8rwahl|3-;o#s*rCww^&gB#iNN19g$G*XuV|&awLwO05AqW~8aaF)aO7Yq_ z3-3uyr3WW?id+Z*7AYyIe-?zC-`~$q_$~3FNS~(ncUU9uPYcuF;V zpp>q#sF;FD2qq9{#9GtPY1Ase;Qa^X)`GOZi9?`zYloY7q7jx73t{2YUBK5OsPF9w7D5Ib#ZY&4d!ZHQ|Ny2h3L_Hq7yZR2{D^@v!`bMpl8>YI= zOpvud{@RF@#^2gfEo?bD_Ppc%*EN#zyul~8VB_Cnb)4c5MB}nxLtA~4YFv$3jrjLF z@n46PRaHZtR!~e!dMSk2F#=!K08vO1PHu$kzkenqBu1^Yh|AH=ueJ@wK5Ckc)f z-yh+{4Y+yt7nJa52uXb?Qdu)TG$@l%eZX||bgKVveC|JrZTlW9TF?q|9&we|zvb&C z2GHt(|Mkt_%fkOmDUE~ukBn47Ozr<@BV+jQ>8yQ}f&Y=0`hQU;A&rf^#KJ!JT5lOg z6=(`HiG!x>X@3`rixU$8Zz)0E=AfjMl;D43^Ve;=x#3GXS%_l;q<^oM3{ zMKR`0orZ<7%9E}SO&gXaSSL+EYCf4OV_!t<-%rIy!3GWg>TQ>M&YGsl=l%^eD1>oZb++J8U2D>fC#J1z~U8FdC_ZS|0eRPaJ0ylD3bVtD1k zhPkWrNt*@3rMWA|!wEkpW2QsaR7fwC>^#I;l2ly5;{VVcOR;vCa*;B#?7+ZSpq2xt zOQpAAcoRY}vZI>%nSmx37| zX@;-!q)~qCBeX)Ukg#n-eQu|o#2+7bdi@~2{xfAiO#uudu@#eYi zR?k(MZrjGs{O)M4p1ifgen&c~&ks#1>jvtCqU??qn+UTH4}_Ucr!&AUszc4Zx795m z*Nr;QIe2+v_gCHINpgw2_<{-@!AChVWdp^W2q-0v@pg7!xFf3p^BMZ-`MIR&cZagC z&;MX-HQA3J39x@7?d;;ocoU8+7X;sxkaTb)eh|0KBbd?j7Ps|%$A)2LeRwYCU&?f+ z@uDyN$|9`0iBNZb_!Fl`bRz=Pv!PzsARPY< zohEb1-pV^{fmm)o+TS)d4Ug^KQ*^C24=}gJ!Xe*;wN*aEN)^Q?zil49O4Oj~%dpJ2 zKf!Zx)L}ACjPUE()%u8NiKSQC5c>3fmpS%&PV!%pZ-h3` zEz=8NHC>l?o0a7>*NILcX9wt0JBGeo(eZDoT|&3FLlrLx23jJo)&8JR@HJh(Vcl?dglY-<4vlm4g=Z8Z=kEgd*QJdO*_G zsg1ZP!I@%^A+~+S(LuUb6HA>0wLUE>zWfk*$vNS2eO?psSL65vJ>gf3_dEHqa54Z$ zP((4$Z8ln1vOGKp{AbrR@pFaI3w+sYgrEAy%-|%51HSHRXWag3l~Fr_A1^L6)4T#$ zC5Qe;VL;%N$Y4+m-EyLyFwNDV3Bk|~5*@?AI)QBC_GWmZmQdB7RHC`pttg=;$HuSf z0VfQF;{o*YiBi1V?Km6@heUR&*T{-IKyD9bCb zGw6m2sZosKyR6mFRVONo^y)7p=w`TqJn(WH!0bhgfVjI5qc56*^~;6ZnbOP(L6Nz5 z$`H!2MQy9pXuELA3s8}o?r8}&W{+w(^_X%-dEk5raZix1mcud&F;ev+XtntlyAayT z6)4E#k^E(E7sMotvj#Qj@cTp1Py64k*GiqXucnRPJeDgD?~>MZpA>`rZJ1S&eD77N>*T`S*8KdK7{Ft5<+j4 z+Q22XRiC~(CX1<1f|C_Ih*rC{5_CM8!{MZ|AVDOH<)szGNOJvwI|W}(WXFE~e*hLi z>At!+53zoMICazvgQi}>3j;1ft-Tgr?q-Q;rz2ob{id+K0+n>l6Zx#tvm};cR8>}> zwo)mIiO+c!1(W$(B)?9+U5L-cDM_$1yM<+|b@0(}dj5M}f?69rd@;)nhyAh;3*|9Y z3i1V26=f(%O@_UhBfeXugAa#ap!Die`hk?*!#5kC^l~|+`zn)&%cO-w(AJ+E82Rs@n5F%svo8fLONRj~2T^@U1}#ToPm`tEz*HSR$`Q zWow$#)Dx7i4#aE}J@xpqsq`@0%VrIe`x_*fh)TV0SeY(fC3ucH*$&h9vh%z)+ zzQ3CPxQI|DRkjSJ;SsRDcpZ}$8KKKWBXpf^jIJ{pX@agZP0@3X8G6q#LGM{6=yCTu zK}tVCTyq`s&qu&4sT5fi6r4O^Z@d2vmdR;QM)fWYkA%%xYfM;Tj9y#4vDH2Y(K#~I zD@0KL;B|uXsxlhTbGE>n?@Ej`~h+U4>-ZCs9O@mh}ie;mdEB%qNQF%HMQkCLz$=3DXu{ z#T#8U@Jzp}czd!jI*vBSVq?c49rMMc`BZ{HtUjXO0GUSxi(C;3QBddY>ojiQ;GhM&r4%Alq z(zPNF;x{&UcKk66Tzv+YZCsI+lZRR=!{4#2;hz@~#JQO?NH4k*0PU^U@I~KqQ2UJ7 z{yd)QNbGbTPq#gXr(2(aTI;h=`-Ir?JpC2l)93WP_^b8_v4bwU?F_=ns8Xa*AX6hv z!*Bk+|8FT*+Os+|2*y9@;N9M2w|-XWegr-B^5bE3${K?@ z9)sG4C-B0zE?8z?gqQ+3DB6<*il%R3#Tr&cO*x7a6JUSL7{mG>f?Dq@`1q%2Tnbg7 zw!Rc~mC?}GG(o41N1*oR1+-Y}ixbghNS7;6P5J%vZKRrsAXCmnSTb4*@AS05=#xAX z;g3=T-WAjzD$sm3O1HeaPdz^6s0eqfIuu2d9rLv zeW8r{dR`9FLZWfgAsiYmX}FzGEPbzN?)hOdnG(w@%jq|!5V@W{IJf2s-s`D>mqyuQ z+_6v`wT*#^btLTV)^d^m+<1~8yJ6_(%*=IA*FY< zk3$xv7klamAJg1@nM@{=$^54%#O(@cBXK#rf+D583SOIf6i+QMhuS(nG~dF?%y{t3Bqgvc}YjSMXV{^LVFs}OI2V&Hkz3cZGFK<#q_e7?dD>cM%)t*uaQmUz!~ zWhkqtKy6trio^VHe1{QQwmTyUGtbU&z$D!?_-2%$zDfr9J+l~;8|PIw6eA-l442mE zp>vxPcy5Fl#_OiyW@a_2YfDj6k%U{GI%0^DH zvbYdMAz`pMYmI5Etm@z~h|LJLf ze*42wKda>-Gs=5sFq7*n^zKQ9BFXF}S`sjZ!97d@!6jV}rxiUTb zUnY~uWIm}B$2rQyW{QPH(7o=4jtdV%ZNdc#_C0@{fgqMKNGCG*OEVFkS?7;7`@+!g zL=;-?4#f*={qWRkU#P9{!BgLPq2-SuIOCd2F-pBOQ(>)X3f|a4c?c1K(nvzWYWn}B zE>IhL2Avlig5FIJ6c!axtXGc5eOkjmzbAqi98f?}l3ReRq%1^5XCNpt10lrlm@Gsj z@R}k8DI% zRic6dE_s=9PlS+=6nF-tAuv84Dbz;No(R-N|NP*PMTEbEWy-$SAWK7-{cU_R=`x;e zua8g2NovOwp#oKCsFS0nssfdbGZ3D%Y01J~OEzJynY>*4(!p*ZbV zEQw}yie|23GXK{p1}o$PYUKqeOA3SbJ~OoKriG`6**-r1WAV-nts{991+JqV&9sfyrbtnNK1`&@SHo zhsGpg$0cigIR7-%<`^lDa1^r;HVE-RB_PnaSS)3DivGT|F#spnchZdz042lVR^^}1=HfB0@XmSga(Y#tcQ{m1l!)i z)CoFxzLf!5FZRWS@I2&D*eI7`OaaOp%27$*m#L0)^H-5tEMEeOBZ zXQ5P4hm^u9EYeHF3u0-6*j%wuL|9FE2od2MYrH;J9n*GS!FBfl8n4oCE|sadvi?kirogvC5)B&Di?^U+ zL#M`51jHakR#8C%5d|8=F^83uznJwP4PYKDgE)#%Mh2;-^!4?`8nGne*EjFt8YxeC zlRQ;NCzjISNl_(^I251LwY79DHK4dw1SVBA@+NsI%O?{%zt_-b;u`u+TqoYt)>qT# z6s$MSr1+x)XYsbQyrvRm>1ps*H^;PbC-K|}Lv%kG554FL$;P!52uVS)C?DCaitbww z9}lbjCKxvSGG6)00By!=;r#)Z@!>2N>~haRG?i5$CtIuTQ$hnkIpu}KDBM;zL#I(1 zQ0r}huDilv5nG6I3cjUjs6s@jmj5dHsE*-m92hDCN@^Qw?^PdekVXWD9q5r48BTicoOLH3ARGdXG&B&qlsFQ@tTx3|@#Io7vpfSboW# zP1{j=9;hFPwySQe6ZHq-XPWpZiPFE7{k@9%yX2Fa)W3oHyJ&+(Kh&HZ1*P%}n~)u= zs2t7ZQ!A~1FQI(Me$C|Zs8rTl)S1dG{AknXUAmvBE7?Q!%-?OdCV43H5rHY?LDwt& z?XUHeiKCCC=U@5UOZgLpPZrNp;}Wlj+2fB=+0LRLlARjctg%kgzp0-0`G*Jc5N+P% z*_VDBsIN%vOYNfUA0lt+f1=-s>zek3M`WY@#d^-)vVX1OzUQXtU-27Azt?CeMMGv7 zbbm2HYat?xxsBzPnaC8!|BBg2!q)w8a&Aq;;mo?B8+Ze!HjcwVYD&6 zx{wUZq)O?npxBsC3Pu`vUw(qpMofagV@NRo6@SG#O)*GocB;KpF8WT&Q<=9Evll_HNnG_V!rlPgeL zkb~S?&e*V26VHEn4KJ+;z+U$P>HZCss(h(FVrD{ZLq3uN{jqtd|uT8MTq-$w#$f}e!wyILuyzyj>ijZI!?bXGn!_=WR#U7Kcq{1gn?4dy4iL|P6 zHLXXZUGAYMx3H7SzG9bCAyQOO&>$YnVoD>~h`uio-%B=9+VHmq;i5f7T1jXUZPb_- z)uBkVIrXzj5sb;R;BRsZ-~En=AnI^`p3>Rnl&_Sh$XleNy2~2dl58yY{$fm#0tFDAP4L;~U|fqRKp_PvqI@E)RIVmvFQYm( zmaVZ(MH&CW2;AG1-ZH64_t$AE_Tm_asst;#!gS!`rbbm2D*X1iD7l zztJ8dU-4Xu&l>ZT+K&DT8#VeFDIe*(#ypi&`WIoVGO2#|JUhe^`dmieOSY!8js4)R zEmh?x6ZTW()A)=vJ~zemZ}AL@dp%lxe~Zd|r1p^7Mg0G-_max3YJaKzqU_?|s&e0- z*WI>I*;YJ*Qr{vro=hY4E26ZdO0uca7LES)!F(T`Qom?YAE~TFsUOmJjrT2~a*5|f z=^w=X@AD5$De5okB+4u5B$ZidH|h6Al>5H2KT186ZLZ9x(Ju&pEBaSspJ^eMVTCt7{V^Cn+hrhER)gx=1{ehtqT{|0X@-I%B1i&)_$x@)E%$=j z3no}V2KPS z2I!Tgxkw3(!nLcu*sKwT({5Ra$u35V(Eh5wB}9J_D_8;?*ht{)HAltL8N z79l4s5%$+8&tH6T&>#UWSrnL7l_EbT0nU~_IC9<{n~r*5#}S1w7A0i{U@ zv~s|t30LvrNC%AA7lrAFX#s;Bww>^Q1dA9`nQxXMC_tF9KSgnF!A)kp{lv_{ru5 z&BbDaO}Vf|J`Ge8;BY+v`_JD|+WUwbHc);)Ux|hd1-Y5!ITZXl!FJ`reDYSpIx!>lsmRu48URgbhsyryvwAM4oXU>A5>7;YUwkwXQ)R6^tC7-Dwotw z)JB^xc;hFVNEk-tA-R;=vr@SvM+7>*mWKixIoX)T)pw5j z;3w^H=zC@$BDVx()%0A8{Tb+aDbLGAMqoIMjl8k#pc9rZH$<0_>QL*igV$!=z_=gX zvH7?gwx9CAcD+bk4Jtrdp$xU<mG-3Oustd8X?c6m%Vx z?XE3V!di8`m~BBe@sEU~t~X9oAK9wvFPqMKVmsxd>5_(^L>UT;$$nJV=AOadq9meG zAX!7tSRIu)D=waXfC6wzm&$xvw3%o-@{6Yfuvd@l;YID5OMO$!G7(44N_mL9l>J}$ z@XVwH+|*av_K;yBZc{xAt4fd?9WVLYqvzcyUwTf--)_1Ti2dYm9imkJmVDuVd-{g( z55hM#`iD^R5BlcR56M4lQuXOgC+PR1sedSwqq1SQV>pdv_AQN<1P3h@b+d}Dg=to00 zFdxbJcV6)nM~$CLGgRrKmmIxjnjU-XolA(?1$QXE9J3{jk6H$5fGXP z2hvfGDgj}+H=d<`cRv)4UmP+Kmrt=nT?3qA%A}JSUK2|hmU=0dFEk1W(u@SUc2xk> zW|+{uf59G2b1G8_m8n{K3DsPg{|f#;6%l90AAW?@LB=}SCH(eJWzO93gDCpi7K%aqvWqAb+@I;=;l&1q`Pr8Da zhuuW4^RaLajX{LDBbLwB!nGSdSGJdm zM0r{`t{gB&`|g+V%#fRyb0rZ$6tqdl@QDED?vjK^IGi;>$I+U2W}X{Xnx`Vl-4`df z>EZQ0x_D;(9c*;SMiB+A4HS5ZdnjtjZWS5u(!Ygo2dm@Fj=JczCm1@ZGGtYXBQ`0( zsx78LUmPq>+hF(?ns~LX1;(9?fjxEVqFTB)4M1z_N~kPxus&;pA#Etl7nYcGIuaHX zWLsK#V#g{&45o6u+3ylw>UIIob|YI2qabyiJAO8ggMVr38pw7I%?sC&U$!%`b|td9s&)I zT!iK*-^5i?Uy`O+hlRlCfIhkmyM$L}-og~4Oax_;eH*94lWj!%)RpI>EYcq*b{gQ5 zj+gPD!4CLFFBuWk7M0YFQs1DuiauYTmjExr8<;p=TRK*4!1-jjrI2%@AVDE7Kzd9p z>@*y(Y0edN?R^O^ch|y;eKhf6*NbG=3wU$76{cQF!L4Yy^mbGX+8^v+O(>o<(I<*h z5F$?CpunMpIODyq2A=Az0k!U$c)AzmPxpGU`vvLw?RhW)+CjzATg`e3cobrjH40!d zQsQ7|;ffztl0AEnJ=;+m_0hmf{itkx)bZ+My7q`4PIzY{K3|4PvgO^qHK;#{H|MgF zd}PGN;D&(<)@?9E=gDN-uc%!_-=RF7p*&yiWr*JEJh1a-G8{8Ys87?gQmuf3{7ks1 z1C}kmjF;)YFLYPO^HgrNUR0MpT6ne}wP}xwc%Hs{=R0RCvdBSXEJCH zXNKNHzq7Hp6&5S`nbos2@$MI=@xq&z@$Mv7?D5V*T!TUqiRx;^eJF7C4TAb{TTB|O zgZJ90;|1#P|LK1TFZ7`{`06s=U+I7arW7zH(z7FiNNPhN0w|XQ(7zRAm%L1b-15c6 zt;U!%Oat$ABb)Tn!hd>R!gF2D;iW-3=&;!rM{boMC0`j-iZ}g_8sJIO=cx}=%ZpHu zoepo8K%6;p9TVp1pv91jc!ApNKmE1ve0L2z+wL-69b|^?>pijEI0^PKCCDfh%caPs zQhvf0kuM=19_#Og9W$sOzN3rQvpjLYJrR!NZ_gjTj(Ib6@HzS0mwE|*dk)X^xq`RI z-%dM0{?;!W8RTz;sQRcucvFgciyv#Hf5<~Zw9-GUUvGr25 zT*C*Fe+VW2kVF2VT=EZc%0tWs63=vPMLuLPK{&tD5Usw{#~a`KVYhQKlKlOk_p=dt z_dkml-#w52d}4-S$0A`zKBK6S798`*!WWdCBazxeGCZ9x4_?1K;+0mbqe`RT9F3LScNw5`FuVEy$-oBYZ|rN>BHDt~aF@&l=_N&XU_$Y@UhGtTK?} zlxA$Oh`?krnan4J;>BP?ol->Daoz+kf4v`S-&}{<58+A?p;171n1~<*gjK$HYPlEM z>L94iw7@Il_F=cWsU#wRMT9>o zBG8~1#Yyltv%|y@%C-8R9;Sgf4VqCa-kjVkB8b6#Jq_;Td?{G|S{pAvuR#srf?d8e z;D=mV_b%3=iaZ0%Zer4C@y5g!pX~C(>66#7`+F_C*XKOcK0Xb#cW4ki$sPLxaw*4r zBnNw8>(@GX^<^ErHS7kKp0>y0eH5^Nt&0w$jL?6!B}U9M#8+c4p=B@1qZ19@hUsJ2 z{vcckEJIo`1>~wXF!$8+p%fj4f~;x^s)|$La>W6&hF-$!J@ql*Ko|^?%aB9$5o@W- zDQFQ>Zp(v$q4(oed@@8GuP^t;9=}3lDaF z4(Eh%XG&;*0lIbzdAYYbnahc?6X&}*_e27hCYk<)b0b?|w-)a4@7 zx@n>Hw>PoUJRNSC$}>@`R6(0G!$Q1em1QE<%^N#c8KV;oil6IE*HIAl(NseWTWo@% z3$LN&=*tvvo1)b+M@(L0j;}{+ zwO5_sjj-~0&)c^0owi&iOWIayjyCU-#dvw1U%FyYV*?(>*$Mvn{6<0t^qpF zq~LcTJ$D_o@bUly^qfxjm~Vu^D{o?vW)y593nA7-*H#G;DIaNxp-?|*g^^RW@D2qM zPqouQtD(v^8n##$Ek{zn=tBKx@HMpC;*DLmawQ?5Uc5!8GKe?$irNz7#EX7pgPD^w z@jeBMPf^=`IFs5%XC(5Ur%fptBse)&%8d~6}u^bjTa&UJ(tzOcZr!nrZ+Kuq|(oP zzTFQePLZEku8EetshwJ%mHf;*LPYQp*H+PUB#u)}ft#HxR;?mCQC*)W`@huf8hT7K z!PxH&(S3$C{?mu-*zFQtn`MLXm*QX%T_W{s;bWA3gPvCO=m1$OrOuy#RucGsb6a1>8@AMdW<1`M$g)}X7sFi;edD}lU<5BvW+BuH&-Vn zlgVT<{{c1?5q4fM!OP>DhzR0zhP&cHGXjDT2gC-6t9c&-06bXs^7T{c?at37wHQ!5fi zwz05troh_52WNk=!h{Lu@oeWacy^o}#%ZR(J*^bg(&+(>Q`aAXB@_gTkjrV)WQe7uA-mZrl#VMPpB_+GUIW6ZO&VD-E>lqlH)cQZRff z8V(ff6xIq6LF8Gc%+u2!C+_BX1#MT;K=^ndE*VAOhD$7LZ^yvMI0WZU-p0!H`uONe z3fkJ}p~ZYZ?4jT{xmu2@hH~nM>4KT=dR02Ay+6QduMz4;M7_zv>GJZkCv)1S{nu3D%`e-@N1wZPAKBz{ z*Q#RV#zw&Kgeitn{hsQ3g`O#Ad~+xeTBg)SF44H*8U}T9Z>-sAiNRl~Q`;Dz%Z^}N z4l6`Kr4UbKQs7lxUxdWq5S(0Zf{7G>j^E{h)jEMVe?0=WE>XBiZEa@ZjYB_LVdMx6 zywHuFb8^OKeDjb^HmWEtM0R2teEkz~(s!%qbdJVN zuVe%y7NL;(2g*_qV(o}olds?z@-y8|iX{e(ex`|??#@I|`I+guc=w$v_;98NehJJ$ zVp9=8oOnWhX3o^Bcy5$A-kxWRNt3QherEX3?pS`(2Rn}YynPh>=G%! zlir{=?HkRKo>A&sm31X3$x48;x*cW=xqufsT)->StT5(BZ|u1g0@EAhZ`@;HMbGLL zZ6EC0V}lVhH1Skhb?PTKG3IC@9MUORmYx@~Ej=^JnFv1EHAfGhe4>Tdzr2Qy3$LK- zMsp1L*$X?V&l}x{!%ZjZ^On9i^NS_MjX#fEpwJO8@ZQJb(OrD-S8; zyA;%S#E-M|hChyc>~0gZ8KQ@0X5K&_>f5vEH)q&7drUv-gUw=@*tt+#amzpy*|wyT zuB9?P{I{Zs{j~DuL$H@K}WPg;S zvb-2&nc0XBPKM9zFj$-2#G%5M8a->G{q4L{5SUPayh8FbfnRv?)arS5#jo6 z%$rVuUvG6hJyaK8jJ3g%6Ok}aE<oOZtu+O-bqyjb*Qy9M5|SPP!GyOu9&t?`9At=1hNa2 zS)9c!4+)0xUb?^7_;7|Jrs!uNC{qShiN>c+P@Ia}muVnBREQiln5>ZiKM_z=6(HQg z1?wiLxYO4HfL{Qe7B2u>GN|?8-5j^?{LE|&n$!#Q-DP6Q$=}JRw+LeG_v#SbGni&DzLzd{%j`C}-i7$3|;&fmx(&_t38fYsj zD6N86S%U27D3~5F$Cwf4@$}~usB|McoS}eGhzL~9O6rRu&l1Y>>Ol+iYA^EC!WY{; zaEkg!ss2+>?Y9nDw`b%jGVxwTP z%LsjYp2u_a%uUft#;t6!GucY)Os}XaLQ+f|Os;rC(>MyQ@ukSEP(WTqfq9LBSc#fy zIm(h_as3w)4D5X#uZ+Kr`DW?xC{RexSCzO|HTCb@OvD-A#CNmLD>qjBDFRxd)W4{| zh&QjI4$`KXbPY<9|FnqE;+-q_XjXF~g77oWm^)QRS_<;i5M8t#cO6SrekM!uGvaNz zC zZ}P=~fFh*G#4h}mP-LbfQ1?1!Pb7c!l_A<4jK-Cya+FcqR*Sled?;uvp?pHq)8Uz% zP5q`=S|TQ+=cQ@CXqHrFVe48s^)qKTtem2Q*FQXq=O$QSu0af3Gs$;}{x8Z*Wf#JR zc(%$i6LHl$Yo;Wb?WZ%=i`R<|sKN#YYdf8^84==ZF)lAiU1 zU}*eog4W&12aIvTVxttqP+rw!SFz`dv?(K{FRu_MR1~5tF$kA_`gLQ)?@ZGWCwwmX zHIZJ-J`lh2e`sb1lgVTEi>s_mL~t>36n-%Je^W zIzv-Fu_A))ZOo&A*YlsA!n4DTFz7%ebb@3ktP;~ti1jouqF_Y?8}(A2zSuoW7p*@! zfoBF^L(ik(xD-z5slzGLilYZBQCF{^|Ib3KyF1oSzlyg$(7+p09kAXp6TvjVmx5E- zeRcgUQsW8{K{|r*q8U1k)`Z%K>*#wXLE6}kM)7E%0bF@<7%uNKMf-lbcwvSI*51gH z-d;CUmm$x~59ilwqtyU)yt~>9ySz$~R91xsapYT02I5TZuxR!LJU7aif~N!+#L|GC z%2_K7YH1+)2StRj9nazU&(Gn_?`Ys@lLJ3`m>R^fkhK)NkxfM)2$Z5KFA@e~J#B|e zc(%Ph`X2~}ehLMRV*0;ezEWsdvrsvu`S%=tr=z5q2u0LJRU+u1JQFC-)eA4-nNHexZsu()7kN@ZC)!;c zfmTg{Ru!?PhHOipiTw=XUA(YwVDR~cE?91#gGdVC0XYie<6*Yf2m^avz}u7T zvFv6h{L87W#YTe^7&pk$5Ol)@-_N>=fwN37Y=srNj?%>^b8lgR83hp(L{nrUEeVm8 zCc*yV4Se1IGF}w+MXQfsM4h=OxVKx%Y?XYByQbhQ8ZzQhLGb@e`1ldW{K`ulny7yxf5p10? zck*StKz`<#VFnm1{7f+UjcQ>Vs+&0CQFWvwG81rz>NI?;2GjqQ2!QONoQ+c}t8Mc>zxiGD7!b(a?(}|1AP;^0&gaLPXd-oBVCd z6L@y0K6)Kd`r88Xv5o$=ivBG<_vCNm$ltD>as{uyPyTj_12*2ulKia*_NAj}o2kP+ z6u&oe@_Tv0KRA)kA^*^Y`~&sp733e%C7(n0qrQLFKZxh8(LcB<{lj~`$yY5P|6oV{ zp`e2NFSV0``geQ?F77c$+b&|M+eN&;_%_y>PUy1q44#>zOToP>q*(|}MTDl}fuPtAK_wzA zHB3Q5ekC%BtFhWRMJW(0y7Q}ma92DK!aU_32&t%% z&Iqr*+qkNM7zM~VanZQ4*$BNTpnhY5Ef!j(!?Rc^BHZ0b?olZ0K-Zv@>~P%?Q@+;0 z^KDJgW!4DKpuK%W4+6XqB*A00!CDlXPIPedO2-at9F{14SJm2Oj zdLIabZkhr`^iVda)+bBrsEL(zWCsc;{Y_|)KI#(Q?5u-My8>__rW6@8h;68?ggh-3 z-WSa24anDF>l5tJUh-3gD)k(HkIt6px~K;qMDRQ*q*V%;L(N{w#ywqn|fi@ zQbV*IO`jc)gI#hdYD5rGT>x2J5KiqdM5|u9cy)mnwmak?R}zC{$h_@^qbn|=MelQX zX3`Bz(n*GEIt}O>swt4708_m6r)NT}Etdj3(SE9WJSt1bj$(fe5deo?zlE8qBOX8h zAsE-9sJ~J0EuB0;&$W!&Ns*O~D1+;mH&q=kjIcz{i^;Gn5a-5=Kvxy~N)-PVL2Nlt z6bZw_6rA*+U}L&79tX6TR8 z8n>}#lMy<9bq@a-Yl0E#$*@dRiU`t72{GG+d`^_{4M`wV8=^eoQ6s2C>f2(U2w@ws z@5bYsiI9Sj>rR+G@iLzMREzwK6Sli4{Y;$*L{)x99Dyr@!eajbT;6^K9}l{Wx0d_h z2fs2DGzgmsTQs$$ur0A68>t>HSTL3RST_@Vww(gXxFY(d7K*eqxSun__)#aI)?XK& zZSlupFR~@wTgt13o+B}9O7s&|fB7Rbq=Ziw*JQc*;M5uoeE6j%-u%uJ-#g?Xu9%(| zabkwbZg-z0>9>IHO+k0Dw+HsFy^L3TU%`v>?_jH4HnL>&4AzxXV4j0Gf8lSh;luYX z;;kw6SnZgD;Bu-NwQb|+2Vzq}v6-&$x4H3A(Ai{w9v#l%)vs-_$T|aFC1h9nzVZ?3 zCCa9tU|5JRUKh=k{$XUJe-Ll{h0nRqKTy7R{X=FP?lk&`LF69}l7C1b{~$!=D)C$g z$#ihA6YTIO0)=2;zuG zgJeX~JuB&%5F24C^A$pZm~Byja`IglRWlKu8tH^ZG%(WHOmd=95No zB)6EMEq;$}T>LS0*A=`rmwwZ~wT0Rmf2gewQi%u62ndph;EktO`Cy@55`2=&;gKN2 z?8^yCabSrM5t@hxO$7u=M4&vyOoh2tczyOoOxt}0wr&B^IICJAm&(>$ng0s1h(P?~ zBEl`q5qWkrLfcIuATOkVyh0g-iTtEIe+?KC0)4P!#x)8UbnyNR4;%>2MGB~1^nFE% zGJRux6}43;N=|{}DHDttdLD06z_-X!IjH@^A_8?B8QG||AsKoLIW>+VUBU^*jLdYnA%q1>f@7@zBm(9fLswM zmgb_^#TDz9T*mW5jnHm?B(8*0udJk?K)j`o3Wv=ZbBr8!iGoILyfMcf%e13l?w5`` z@!5#ZD?zbbyvhst{1e;r!HAx3gQ=e%o_REN&enDx(vL~6!Z4VPBPgr8E)axFfqD?Z@$*SOKlDD@tQ#BP@g0V zptdL*iS{noxr+Q%Z*@F1*a-c0dgGJ>T^pW(p!9sCOUqHHzf@8k|Bz1-M_f`p%ZdR%`ez{&X<@kXizz-79E0+Z_jja*<5Wu<*|!fNjiIxfy3AN>WqcaMBo~$=|*q z{H=8+d`guw5gtWE5cyQr%8^h0!Rmk!z8ZKDZwdckpDpPr&jr(|FKAHu}G6kOxjwyhwUbz`wV_BLP5w76F>7FSw^I zs16kw=?KuUz=Sau@alx?m}!&>*F2%7(O{5*&-&^NL`&0sui~|jbn(G_FPw?UrvYvu z(gOXkXD$ua+v}tCDqma(&P5Il`a~cpf}B4mB52};FGQMX+@gGnRmUqfZQ}~*OIt0lIh5#)q@qu*WZ#f;73b&bg`0l@ua^ z2yV0BXX=FS$7n`sE-=NFADmHEzrHkRlGRC1uLn&(`smN zt;j`~u{b)Eu3O}R<&OEt%}qlLJqyz&T*ezy?WI5^tf~(6`I$&EwZr@w+IVH+bxfy$ zy=$H_5E7z*qAUlg0YT8&Yk@%{weWNwZM;2FA73mmN8ddzSZ$jCr<7vJ=}02NBLq+P z^Y=vr<@A5yWUJ~+krf$<%i9d_W&g8yq0eQsm}r8I^UTm~t_ix$GC`O7*lj*>t^wK% z*TTybKt4B)0xA)lP#>=nvmC05QJS6zZ$lSsSZ9XrQ}xkm>{Yz?l{Q)q(ngoD*U;lz zQ}kYHi~*Ci(6Z+lyz;dv#%VsmBEm!+Jl&c6%;r!S#Zs`3bSe3luy%q3gSHbK|>?KsB-J-#tPCo1oU(y@A`XuDAauJl~j%TZHR zg0iec+%a~>>IGEBewui3fG%21F+u0mwwS09h;vlla#1i+QAFH}z$cxFJoV3OO3SyrfB7~$Qgpt3hc|b(C zidM5da4?9T(*_|tDn*3GJS7o<{6&c*?7j70Tfx`w+u~LrxJz)iV#VF96n85WcZU=y z?ogyikW!$yw`g%ExVyVMA-O!~`#k5Kd;f;>Q(noQo!PH>&0aHWt9^ykO)}29S@8e#F)AhI_pA#(&OEdKpN03COazVX**ZS;L=SoVLA`pHl_X zPF!T}=DYY(UbJ!5oBo@D1TQD3m+9l3?=A!$nEJ>JAV=ok-5OxrtY(kO{?QP{C1B!1 ztNjY=fXTcuJjak9p_KCV6Dua(3dxM0$nmAo3RFKN5|(lrW$}dFaaXP0NNNG%zn8Kn zda#7iKxAoP7Jv|xdk?!eRde$cl=t%8AF33E)l#n<*;PD%-2nvLQTWuddBb1Rr$lLh zp9;BINbi``e!f-=YK)RZY>r{A(=q%2ZQ$Us>Q)jJ>&9KxVC)tx%0bvxJaC?pDLH$8 zQ7q}z=~LA}q_cFHcVhH%(9+_-PHAO+wCK+ z;WWMLQ$4Wzm0Dmmnq{}3^5xYQ^+wQMCgd%!eFkFLu>zUDMgXl9A~w1|1bI4w2svy6 zw%#D)v2-#42kSnC#1kP4ycRc4doAD`lSEiBTCe@gX2(CEjiLUr%mw-@O7gy3iW3hp z=A=CR zQ5;v|`D1oe7F}~rts~XqmkQjlsSPb%M1$W#U0oD13Wr-^-_91c3+xq+QY~4c7KA$r zg@_M>lWS(&dWQKw+pTL*+JkdK4RO@kU}Ii!VkeQ?-b!eyT=GiDv$0Rl)TC_^Kceyj z)qfwwCQ(sg+{U9E%s*r09l8M^?Mz> zR15xm?~)1K57k_~)bXU9Tr5s~KKQn#GS2vC7fkco1_u1YUmjoUnk;`SWJ~_e#GwvO z%NIxKgUyww&1vfkltUW!U=%acxUH2e0S`fXi6^gRgT9`X8Q*h;^3pz7|C2c<>Yy%3 z@M!^uExl1|MvgTt_XQh(lJK`DUHe(ywQn58ylC+l!MJlkY9Gv z0tr$(8%3Psv}Af!!zEtjYA{t;2=wO#4s|L>NY?2Gt1QyhTOe-mhM|%yGadCsImkB= z+GBfsh7Yg|bG2xGWv5T}dGM{&EHNUI&geP(wgw$Me!9|oUZ3>o?cQASHCljIyt*A@ z56k_>WT$4dD*x23X1ifr*lzy<5&y%`dhApKXvfrQa>UcNhZS*q%rmqJ+@j6wWwFYI z-gXVY0M3YUkuv-?S(LALUzcoNjXwFUuSEb~Wi(Wk^Y^cZ%yYDb25gCL6?nB3`2^GLhJu3$<3RK0a^|BQWYKsMpI=gdFF7CuJQMV8>0o z6AQL`^A!BLz@w3bM@jmP6Z!oPM`tn5?@Au5uf@`MMIX$m>FvGNkD3FN6B&1VgkfE5 z&Y9bV7t<{bkV}lUM(BxucJHU6PfKw+(?>8Gsy(e=53rT?8sEL^oMM7aOU z1y1a@moIdlkiEXsCGqK&jG^$NG1=0L&%l)~ z-6K60FCHoKx_WWs+1*>hQhvC47gf=f z-W2ew_^22Rkg}3a!U?7aU%*_V(Nf+h3%u&{otd^aDy~c{Q-yb@NC9cl|2W7y7-yXE zXD`(?yxN}Q34c*|4B*&`F^HT6{tITMV#;$L(2b|baaD}4l?PlMJ|;yUo^+euAb!%; zii=6J79#bxy7f20%CY%+*HZ?*oBUT_q&C#wHNi+;La6nZ^`J!ot>xPVZK(de1NOt` zD8{uT=ZHy5Muf%sQr(B}$k^AQNqCCBK4o+NSLYAD&REDfzsjNryV%73tNJ)dUY0ps zHr&Gjbc^#0O$&zIe+JIP;s>_1)59+qA0r{nNua1-`^{xhH6v&os0W*m=WR8+x&q2& zLA@VSP_LjSFnf@Om;yV=Q~nFchcUDUj&1>G^VO{bk!|(yslDxt`ww;yhV!vkY?okQ zb|UjVp9qfOoHNOv*P61qt_b#+&XP_h`6-t2-7moIW}k~uWon8V$j?hz#6I=gg#bQ8 zjo2)db$?N7A_NmIp#cm?f<%mz!?@&f|2qR=zmKH7nRn*|fCLKR(0W@)_xd^;P>p=+5XCJMq3}kw$UX zB%i=XNjyBoDdMmFJA_)*5zV4P?lCl=8`4ri1;$Gan(X`!`>#qh`~s52WD8BR>clF_ z*TBvYw*GErbbgHT7xba_kPtgQ0Mf*UejZw@ir|Hp9!J~M8iJL&TvuMlD@KM{{&V=C zHcqa{@9onvZ2i-uZ@7NNR|iA=9|Rd@%|y*h6=l+L>)pq$B~?5>ki=(S%9U0Ya~J%0 z3aLO6Hti56Vi){P zP+R+lH<8l3xaa#}R!($8^TGJ;Q~g)Q04Y4aKLfl{J+^8rnq3yMC$b3+p0Q zdkV-ln{-XYu*st!M{k9r9@66-rbT|3*|Gko(1W1epVO;irN#~AdWG-wD!&f+bD8g- z*W}t2pW2B>qW)o6E?=-MqjXUe_f5#lJtN7CiF?m@! z%lwY^3l%P1ICW}thY^yTJ#*DbLGbMJe__$hD@};5n0*PE{>;#k*TR#ck^lhK#~jXX z2~|2U-Dy_g5`M@POUJok8C(b=80hL;!6p;ycVESsHaXUKE$&=bR#f$8Zjb^nn6Y~C^qK+s(xNc${clNWFbw(Mskn~S1*|+ z#IZ(3fSfbz`_ZV-`2_Ym#2MER28Sg2I`vz|)faPR-Cj1!J^{Pi{H|Rec?U8UyFl+@ z$3W>n5>+RnQNM0U28EnMUTVk}`~|Uiu;zCEZl&!grublnX`*;kCC-%fil9$kAE*?;@)+q`AkkQIo)m!+!X+(7|%c0(Ey;3*62<}uX6 zAM~pW^Of$!7ZvlvD+=Hmh~yX8cnR5`4BE25a_GSIb{w%`N9=FaLW|+ydt3OixaAC7 zk4K9^+aazmVb3v~krxe`TT37t$zn#znspe&TU0O#0A4HNceO&yL#njQ`S9IDizxu3}KEHUJoBo1tMw$h8c+mP&r3RCuuy&REBBPSV zhYCLYUVIJQ!5x8+7CRoX{%?&`cI)Q+;?6z@GTtk_m#b6KM-&h@F^%U{0TFs!bmUV13^<4*SY81wZ4jD0B5o44+81BL`okZCl@d^-^uR zY{%;S8TDG8QEny-Rp_|mUA#S{Z`sSIaP9|94u-}pYu7`ABAz06cA3~0YguI{bLY&i z;ZppLYbADxA$@}~(!{RrhKjTIBlTi}a!lqwg&|(PL3#iC8iy(QPu1L%=QDGrmk+~0 z>Dyc8ix&>|_Wt82HKXKvrrB=6H@R7!%&3#9My?$&_@7AUcFpXQtclHhHd|`3N`5O*)&cyv; z7nEy-u*+0^SU;2k=crRnpJ)8tEI3H%;y@dBI&7s_$i}Nz$Yx1LH2jegb?Mj&lw%rz zWRlI%^L$sHR5@)h`sXU=uys$bNc*uNF5e~E#?lTeWF4mc(9vUQ&DDwoz7qO4F8#V&f<$ze|45nFhlBJG@Mq?py-Wmxb5pJx12!lp+=$ zU&Rb~vH>FC8EgPq*soIDl~vG>E3eFWD~Kwuc6%e9`MXQ>D8J ztw|+s8j0|JMonz9!-hcRkhZY%I}{5FEw4Q%s7wsX>iADK8snW#StcCoFB{`cAlXRt za@UhBwZW3 zqD!N3T0A&^&fXzH9{r3m-1DR?hZxqOXpm=bAx&`bZC1kZ+jNG*1tj5FtMVSZp|k_b zkL^TuRajhT)JmtD>uud_3+N^fEjEbma=}sx7i zgqH8{w#{xaw>So%fw}#NvYqHNXO5|MO)lInQ}T^6=ehMI&Z5zS(&+-S;qp z*AOB3A`$4s`=12(WM^bnmOxl0MwOP*?Wo>i!Wu901>VaXu2eqw4lduiR1JC=4AZbh zg*T&FWaf&@M_%mUJ?N_7Ut;M=)$78HYRMOg)^&E-1B0%jIG6+4ei;&8;(0A#8gfBp z=`0%b)|(e}XGh`i1VZ9X2|0nH;hE(Hx+{&T9XMk-VD0tw4~Vx;qt`5$yFci<0$3qK#2y2k zu}M7`o+kReQxWhcUz1&F3x_)?Zr1&J!S-kIw|Q%)kg z&OF`yLbkqVSSOP*HM0yAF}}>AYn##ypXm*sNp|JG)-Br~lsy;I8k=;%@&b^!Sb6qp zFpWPEd9?3SmKwfbm(&^roYAzfhxLmEd@&M>rd8*IY(sV$gl|;h60Tz71FfHPo-x>o zq*Ikml}!K&>L{91|NKg0m9!Nqw`P4w(UmBD$<2;uF>`yMh}hlJb4kyRVDV9O!w-Gt zSaw_nVV}kzkf9KF_xxMm48-y=V{2M|fM*Yi|D;5##+YBt4panZO=!7IMqtR zig;|WyF?BkZdxi!Ki0^#`HJ3C8wos3joN4`?~ppMr_^V-zc<71C5&}rQco@xBovF@ zen|al%#A1$jb3El-$r=cWD^74=Oz!#76!GM4tB1j6Fg>DTxqB$OYEENi7A;L2M|BY z!uY=sr*&ozuIue+NT`da&I0`bQm@SZ51vpsRy329YTb|}(p^ql+-ExC&7xltv?};} z#FY0mBlETmI_NJ|xT-DB#+up8u=;xgX!*S`@}on{fh z8b4I!V<%&4&u<9B6=X{th8y{gr_V#+W57_P9xUALZ5e>;F6-wT1H?$n`isQh*;@AL zIAK&MAF+J5NW!y7dI#C2h}-(jR)FeCB&%kU|47%{LBP16>Qr@eZs&M6V)J(j** z)bEhoyk@_UVH%z2KrJ8H2)nSnGEX0%f$adLT~)CV%@`^B_kF!@DSlxY#japuCigk< zb>#SAE>p?UhSx=XhkXRmAJ&rOb-^zPN6*H;w#)=VV}l-S%U12W#T5axaW4&ut`y|h z+uKI^*VEo<_>^w?5s;_cu4XF8207k4%v+^9<0QWnLKGqyv@^4gIG$~R!lYxMwVS28 z_#$R@7~N%Dba+br!EdAu^a5X5lU#l~#F%-rcpvhrNbPtVS0@nen66m3Ev}b_E~lbb z>M7HspT&JnuB&qmvh!(EVQ^ynL&cr?Cs=ayB0in;R@Tf!a%K@-X>8)A*Rwdb8P>nu zd~VUrTkG2}gOgZvxttZhIIMrkeb1T$7Cf-(3*A8BSS29{d@L3XYSLbx-U1*dkBFj4 z-p5Yk`uhex5Z?18hw1YxPDpY|BaZ$ig~kZbgS0|&NzyDdSzEQ^an68+}m2a>Rll#>GRs9Px3Mc-yIU(YN}H=)HdW zqcW1qQ;vFNCi{1zcpQJTULPhfowTm2BG9@KM@e>jyZd6}NN4nK#q;#My}*v+3AIEQ=TxU;tt0YVg2ezs)z0QZzqCC9oGFB(#np5- zrb96=EUrxs{tOW_g<{#eVEV-=^p~7^(fG@XUEK9Vf8Vchyry()A&!1Cc}WsX4SiF> zwbnDV-1SEVPC)Ao+}AQoGo7v$|Ko>_zg#6>DQv5#I&G5Vv6@oS#1{2e7nqU-g8(v8FC@1We%Qu#-h zVyK)zt)tnA`VcsX=<&Q5>R_}BZZBhmA1lKsvImtxIsdT_2j*>kB%wUh*GZZ>igpqf z$nNj6!$JHHqy|gQ(&%XHW3LZt-A3B4?oYRIui@R8aJ8t^b$JKKI>okljSskX+cUD|OT#XzUCiH_F@osxZ9IMLbsQ&(OljYWCoIuqA3HDTn8`%Y+b^v zI8b~z&wNW}@StY5xpv$c=+}I7-K1^5r6qrFERKfHIARQpnK1FR#EQ7<*mUnV;ksm) zgq^gHTVaLmFrBp0JK$Xu8}pd}3j8OFAAD+0OP^za(q63$z9Y`$_U#q`i@G5X>qoPBP)7k>5?AIxV_XA8)$>rBCG znwEEK@ybp(c+~j!#temgPZe@J1Hyw_Eo5MC z@rd#1D)XnkY<<5K)aArS^XZ7=%=>Gto0Cp#;Sml=qDcN4Ti{bY6C|<7l(!(McZGT6 z#KyF&eDnT%^B{-PZf1oNo*%f*@)uzo5wax$ab@&iymf40AJU6{s&D=Crwh?+&g5I7 zGKYK<*WBjm-oT`v$s1^?o_&cY`VxmK@Ewkue>GEo;%a0Se&Y5r!+ec(xuCcIgE>5U zdEvwj9iNCoaYIV&H zF7Lf(e094f3TbT=CAOh;Km=OIfRUX{#K67V=*t_!Pexxsgl19qMklhlm;2oIhhFRp z`|Rohz7e!B*2*0YXg=Zw!N2u52aj&t>~8_LV^6toDCf+2b+8nmOX+`yMBWX?lPjIs$aN=Qo09OjV6xt4hu!a1zVjmC z5-KCYjz}J~&x_VUb!^+ASbIx?V_? zkwl2*{_gJ__1Je%B2fB5X2rN3bL@CrGF{n0%RgPBX$_OS=J%sDItw~pG62rA(?qHx#|_XP2XN^&e(YQFu+$;`sJn(I zm$F;&g;1XmfJe8Ghts6G9^(Eti+*P<)SmCm9P}F~UC0W2uzZGyG7=*$=45O7JyD)~ zx2o{z)^2uS13sKeL~A+iZy}ZxGYj4D?md!RDxUq&lAnCfoa~a;EO^JU6xLFyyEXk0 z^Ad;HAg_bsuaTqd7&f_9(GcEF|=9LME3vH&B9B2X}GR{2C<=;Fw=-+;=OXR0Z-Rse2KMXmC^TZWeyf z%OYg{Xv@axwUAKl@BGzagwVHo#j;KNGYduQxk4vpqAM`!soz^R-Q_6FlmGyA^V*l1 zDKV}m&`(@>sWN}8^pryq&U@nY`I#Cobs^%1UG(fEJp>`%3>xN(Rm)R-V)I^(m>SdF zu0M*s0PUu4tYVyatWRfpZlOEN{;>GvxFvUgw$c^S*ZO68+f2!NBfihjGzR|nM5PaqFGUB*nFwbGWBvVSaGTwHgt6(>Esa16&=!<^n~`O3E{tH<>6b&BW3dn>g=HbV|Ue&spCL? z`Lqqiufteb#4sFUUnz51HeYk`8-Rl~<+8L&{>(I-wS#Yqt>Bq|^N9Q7{p&`gI4l1H zyKc}pLlDd#m9^<7)hGQJoL8^y`MYkB=5@PW=L5F4Se$g!)kqtsm&uJzOq2LN#9Z-Z z_W{zGvC$K8(@ad&b8jOT?u!XLd$xikI%p-s?!Y(APR*#B6|YQDlKXx+Bkpu-UVZu@|QwsS&FQVxyEi)`9&Qau{9%9LAz4eU!b}B~hs8v;F1^-AA4D zcY5O-E5>*rhxF=e9!y-`f1|%Y;$Mj4ctN1DI2=#46Z1x=5P^lSIN5Gk_3yzQ+wlwx ztC*UADzT?zhR&Ov#}|cQYlt0>m=AU5%db7S%2mpm zZ|OJ@=hzNYcI#EkCi!$H+KuP4A7kt|dt=~p)vKX2a+yT`%fI^a^(LZp?j_ zbJ_cqh%K27qS|KUMtPOk5@N95gFCdr&y)IZ#@y1JO~oO|WqU&urGIwy@_Yp|xe;dS zxdg*ylHT#**i;S5BLJ|Yzm98HGvZ|7vX*UCqM=QG`#1*%`qi0RQMLcC_8*k^ z$gP#7V$0;HzM~_$z)Wj~(8wk{TD@=InT4M)h#pA+)*Qgn{WH>h!$ROi&ehF=I~m{GhEDBi@#>iNzD6L*eiH0_J-)@rxvFG}zHHDecF&5Z8i4NGo)L9{eN zDhprV?GJl5X0cn?)0e@s@ul47;sOs@WhH541oJ-+%s*S&$4O4iI_O_sqkMAarKbMF z@o$+^<>I_9CCP*H3##yMC)u!MCT{qSm~jAAG}^E_UY4L=To;OtY(93`?1upC0=XAL z-+4DaiU`x5BN5uDoxlX#=7|R)(3C(H6fs8#*maQTLezN8JJu=K_5H0zv1Ct$#Trea7R+$V`Q8(x7&VKWK z1+}!l%6B5sFo$!?`$|nw zjQJGTMRS1^*j;ym%)z`1x_G&0qE)_WMj^ODQaIgfAizeq!1`G1;d7tP$$dbKLh{G_ zpU}m`8MaJQR3mV460Z9>VBERwt6!Kvk%f)Vj%z+>FQ-!{x#?5hOH~U6xN$lDvo=@H z%LAfuFkXn}uySA(%akNsvdSEeUqQ|`ylu5uKRK|d3#6a4)vRKXLpm~721w}wRoA1q zevc0*ygPJpdJUbU1}g!iZVaGd-^7(4U-2lJRgb9qs?eTRulX-9i*~^~-_8pho?!{Q zCR(|0W^j3?gg@eyj(#l8EE^TLTQV1Z%LaHK1+|F-!ZnlOC@gr|FrAg;_CGqXsd=m` zoZdcyN27g{CF{=D&I+Mb-9am#cS@?-?{^F4D`e568rBI%sha`b41Q4J$jL9-G-s~P zvoXKZw!Qw7nd_vcmyc(#?dN91@qfbFuMV&pTbm|1?Z8(XcvW2AFAlD4F$L;_@We|+ zw4`7nsGS~1;;3W&6}==>t={V_UR7=VT1#~`V-n?GX&zLF0rbqtB96Z%a7A0(@yX}& z`WK2-i6EkV@gM)yxfmj;O>wS|Z#5^Op=(`YGZqKJLSU=9AwM3k) z+94iDeeyI<(Gm$xf5Meg$F~RgJA_Uk*Vc!BkyK6+`z{DV1kcP@k1$F8E@0Mc@Fx4( zYx;0AxT*cEGW<23&mw@8h?u!h(H=$3XkwlnEJX27fb`ApVy3cKv{$NJzJh2_%raB8 z<>Jh13C@3_z)awOQGI&c*S@%%;xlJ^ zLmoGWkneiQN{wth^dzth7t6b=dJ@q`cE;+C`1UngH1iE+tDyTVOGH68?FyRB+cV1|DI;^9)iceVC8y~t&hG&8p}DY zp2|>#MtT=1@FVt3*A`k%C>Y28CKNL*qTX>y3rMQYMxq_1iB9K?9%lw3x>`YOD!e4Z z(D}wUj9!ll**2X9Q>{C-Mtkj3Z+fF8sw7B>-ZJ0jP7o+c^mUO)1H8^T?@l|S0Mii5 zQB|%AVSFs=Ec`nuBU<3VRcBUdxHxwA?hDq@e%`-7HhQ&3z|@8P&&5nl$AdZL^KIdx z5stF0?VF(^wyxu-yxu8! zs+G2|#&S;chl=vdCMMhrs&C~ygSkiV(ceOnx56sOl-@^dWSyJjECi6U5&2n8#Z5n? z*QEtx=Xz7o5t|O2h~2v_2x3Xe^Ra(c`m=!Iq)13_Im#Nshw{9A5;Bs>H-O($0`5-w z!o=fwCOo>}LA+1pk@sc4p!v*vr z%F?hth$mEbDoS{~O`V@)LW}*T~zxTwE4v zxTDxp1n>G=meh;!#Cd<%o-m=f#_ZFMCB0Odv$TkT&zt}m1qiy{-q(Uw8K4h6$j}De zKp`6y5ZiTj3o|1qwv#`qQ!E%+<}lj_Uo z0?wbEcU<2F&Ds$%U(~EM@vKwfIWt!hMLQDHjG)CF{xB%I5jeii2kWJFKu0xKrq#q7 zHJekSj}FEdz!UZ2AWm~iB8FqypSC!2U%a;9DJNp8>;3bR_`kM1WUB;F==>G6qeVpZJ$jrgcEQTLekTL}ie0H^>}O}?#Rg3JF^}(p}buZM!85q8uI#7_Y0;r zpH5izoU(XcM(d<#S+W!m=JAQ!SwtPy7!1!w(w_64&Go+(eD39mRsHl_7S`>Fo26*Z zu|JqiZY^5(b~}4evbE~hg?nzCRqc?1!@BoLdHzxjRr#1+zg5FuTkhcvoijt_f>${N zZ~A?c!r))~Glr0vV7+;wEJd)N>eG%QEZvHpM%PDh*3Z4N;q%7xk$F=UOX~(e@3#dl$Pjx+34FkdzO%>xR%L&TRiqkmxL6%Bp+*8+Qjf+3%lJ{VmD2ox>V?ot)@!OMX2jv|E>xI=Pzm&7DIf^%k zv$cPk2eeNFt8l3}b?}32MfwG>ckv%u)#S^(BjAVR^?gfUR^Je^lyj zCXwH*2@n8*rw=tUio0{j{9JMSIkAvP?{}N^4SzVgq1~NB466T&iRE@1OCRa2 z_dR%|gTV%7uh?!!voWKizZsVUcGndt0^?3OA0l4WagHyeo`E?&i*jqD;=LYKQ_b1* z)qUGSqf^zR{mIxzWOF>xSdKx1G^md*(qb@RHFM*5(TNgmqMxD&=~H=%OM=;w`nsO< z4f|XRFa4NbC&G_-O_%Q!jeh~83s1R^!q9p9qNB$0sgn0W4UG&g!W(W}UU|CY>GKG` zM9jv&E2MlXtautYmvgSZVEV0}&YMnrs$}GTFCKPQa>sYL3;iI0-_^uS?F4&h9?fXs ze2H7YvUy;AZjfTAEj(`!7M2L>#5Z7^h-6tMXxEsJh%>lJ5@+rqsn{PVA7I^Cft#8k zDMy^dw#hLH)QgY!@ZQ%Q(XRe2OWtzPA(#C?o%eRjMc8x~ETmhDm_@hT_G>=U3}rIc zZcM_OmueDqOhSL3CRO}*D9!-gbMT;V3bW6o$n7%uL3cK=5h^!t#t8CDojlgHU3g;e zP`WknjNgw|<)fy97lUE|LD~cLIMqU?|7-dkJhaL<(+?GG)%~X7Q8(3~R)MKtKB@<& zTJ6-jo$hJxoxYGh7*)zfSpzE(65zZwNwQ+^cqy*8p5reg1xd2FGs2_ zRVv+Ro?*okPbrTsUkZ>{=Q@_nU&Ng{cbaEFon%XY z50?oqp0S)dsSLpt`<>{H^S(vmM$hRj)tx(row%K{315;rKp35x=~+41cY(px2`VqE zBS|fl#HTjF6_QKpUTvp_Wl2{7E$7oRLl^N+nM4AMod@;r<~lmPv91E1JQ}b0MDChp z80UBHtB)Q0+kz85O2sR+s{iVQ6KgtsCP}^KNo!I{wJF7e>Nrm zAEn#>-27jS*UZ|3AOH z{?B%N{(oy~{?EoPNdNay|L>^&|K`uZf97f@N8Dr-Zl*c$ zyPJfgMP62cmUY_76Uv$2uE4fT3`4zCAivo_#pC6aW#>V zD>d886vh_T!7vbs>_p?C0*v4aQUolKz3%_jx}3~r3KGqvOZ|O zU|aCpfet}f*&llPm=1~ERLJ8u=;+7vMm1OvEBTls@ z6psJwW4V7PBjkI7;*9!@rk9`+HS0sLQIvRc4NxWwaNes2!EMo!ySvS{ z&Y})bo=IQ?v~NxS1mCib2P}Hh9nB*rD6f+=$hqb?UiUv@UbJl>u5aLm*N!PRJxXk@ zhiB}nr(i5qG?a^z`aL4^kE~xR)^K+XRj5&d5KJ%XqT8Sw{ZctX=G!)0eIo@QxZub% zZruC-awONOL!!Q3{|R;%ymMX;%WW0i^b^Cy`G%va`qR=^wc+h%$iC~#4AseUEvm>X zxs5&1ueS+{@u>;x6fU3%OAC4z5A;q za_IRkecTg3z(Onh*}7KLfzMV3opq%qEfgj&n0f|x_q84t4Qx6UHa$9A-Gv~AqEJ)C0My>CW{Z2 ztCbjaXf&*8mO2Z$c!5hPNZOx-5X2a*oIC9wey`eLnSl_4>02{>>sv&wZ0~fCsnU@$ zL#w(2MijA5mx<#Qocq#`rDozuhEv?fcG~o$s4SvVXkgLA(1pFIUzJ)VyA-1$9@HV| zH!k$k5~H0jYc*HyzGQ1^V@9>&&e4o1?tH084itk ziG&#lFbY$F&WqG6s%tp8qj9<(~;ffZ5R zDi5Yc=EJ{~Sl)+QE(m4d8u?w4cczBMKV)@IY$HtaM3?QD;WvuJ6+^4xUOQYlBjP{8 zs=Itf(6COYiR0xRY4=fjB*zIQZbqIITBCT&bU-{BF8_R{xdWH~@Y^@i?E9y9q;8p~ zDEPsS1dU-vQQ(Fn`?Ld=Q{$Hx;!7~d5YR;;w^i3myEVzNvcQ9WEq^arohLR~ggRM| z^K=78S;wLdaf!t4&hKcy@Pbf5^A09)+MhL}1Yo-F-JJ1zXZ9t(`-{|fEokERO=T>Fa29UvyavO*EUzS9CCwWNPk;> zA|P6*w>Rn42MkUAu9@N(-O*Pv*=#r2Ja24-XQJ&$FZ}}999?30@SB2Uw#?!0BS_=2 zj1UmIO~Cbov_e~~3Lgt4^b+Iqho-qAx?D^I1GRUleVgsH-)HVAfgR-Lp^(_k%n zkOvQ`&XG(&SI@g+UrAw$Dwpm)?$!MxVoq(MC&*m)j7;~R+E%FB10a3SO1%w+p}32> zhK#BgGt9B{_eP4EZH~&DHmfDJ2;(698XAFZ@)6M=vodf8G z;=-Y$ZfD$TuvJaQ({e80&)d!_wC8-gMwj`?|WpJv%lN(=$Bs6OJKQMj=rDRbw?<_sI$K*Pi3)lW}EkJ9VBVu{>? zencP3-*yobTdIdalHlzKs-F86lQxGSQOnuugv7(xswrZVaJ?9=C#z6cMvty6+Q8~q z5O?8Rj|@<^p(ym5-go!9c2Bz*%u`F0XZuu|TeY1XQ8e4w zK(0T{vayBggS$dlMc7FbsrYcg7&Ki|Y`wOXgtn9LDFIV&kD9Bi&Wg5^7`&?P5zd`6 zh*nF5x55k`E7@izDwl$|6t3Un-rv|V-$zK(w@$`S01nQ#lW%u+zr<@ox(NN)0uz-Y z&;G3g+eWQmnx=cAHW#U6TyPF5k>^#(zxsH%R{jZ0k&Kpx_)I%Pvq)y~3-Lt|I^1FU zArh*Pg9W6g3QbXwJGx-!y*Q{J+4hKqh}({zkTm-*33C_Bv3(UhHgS;kYGQKvCy|Cs zKO#YfXtk(East4?wc6)i1_hb}QQ>9_^&L-)_2T@oav zGcxtj%Qb-|sMu$#-^5z)E$;K`g?wc4-txgBAYX^v8BzXS0z8+P++5xDu*z2vdiHX< zVPEM<4g=X)lO`__JS!N7*@ek8s;hdBII&&Xbpdkz9-J?ubGA0yuz&G{MKd3V{_MPY z$jylt9&;#inIFpZV8!xzhaM$3xo`vQhNDao0`B5nWp(sW7aC2&89@2~TC&MscJ{tB zQ1!8{mGs6*jhjY{s^d` znZU`5za_3TG_M@KY#z{Wt|_80eFQZ6~&m;2e$fqCyB5-|8=HvePQT zK3V4I-dg_|^^ZQ?sfqI}B5<6J=PqCH>?M%^@TtaedpBEEGV!F_*}ZCO*QB11D+8X? zX58RRX1X?F<&Dl2@DkicLF$c%%IMQ`@u30vs;&c^ry1z?2g~L zHdMc96&I;pp8q-N?#^zxo17#On(?lCU+ z6A&dlyP6wG;1IF+FdXxEIDEyLzc?y?2b_C#9xmW9p6UU&lnalvC6o}THX)Z=X72{- z$VR=K$Dk#0{d2HzXlU?}p<;4BgX72{J)zJcu2}b&kU(Cdw8TcXbMM#tL9k0IR{kd{ z?QwDdZf=xp>ZZmm7<870#{2l&GEdb@@l}`|u^!=kpvlfQ9LSG{59!~CzGXU6An(K6GAzxKxQcA+P`9beZAlAH8O|R>5y%d8xU`h znxh;n%&0#eLPkznLT?6&{~rL=Kq|i=lVfd2b(|qG24+hPlH;!7%9^g|lg3MuO6@Mn6%%gnltO)DgDW8PEvkLhxEt&Vr0^$LT1O>kp7s| z=UI{AoZkYe^*l8)JJyO!k0<1}Ur|KJw5?alN|4z(0%

        rWiAl6K~+kx^C!_=N-7Z zQs4F%a65ut%EI9JWv@Lnunl>f!D2vYz&UuXorak|&cgI{XK_9-9FcJ(4}`)Puo~{I zG+$I}$X=}Tv-u*qe)@LP_fha_{eCqvYfppu6-9)&BnG@ZMm>(9@CJQIIW{%kr0!#`0~&LxwlrkkRz{>h&xXv7B~l&p>fe9G{HO4;Fm39O zH}0_|QjnJ;wYxFK2Wx2yMe+Ij z!pnP#as^=DbrvQa591tK z7|WPwOHr^S$}u-^W?D0JE|(t;oo8U;u~0lOSrPEBih(~3b&fyV9X%{?nwbXfy5}gKif9tk<|?HW``GBM5p@5 z>rWW;NkH_vN|pRBRUi6eh9yXNxEhPw+oMdb5@m!m+%Tc9iuaziH2f3i-b7`Rf$OajO663ODM*e#CQ(RLIx2Dc9Bd$*2SoH`ZWH zr{ZYPpdGrb4^+W{`mm3ZNXgixJp)P897ma0f7U*{E=f{e+oJA_*yc-JpYo7b3Z*?k z`y{a)i>3>z?dW*ADt;1g!Fz3Iv@P-xT&oYo_opm)tWIEG<7D|H^@ehfqkQGHZz6Ls z`jn-e>bgt-E!J1*@EDnQ>6aX1WPdCP$-I0VVi_EnV%QHgh0-49O6~M(9WP}h%Y)O( zng=Iouc=WR|EcS}Aym7RPqc;lrCLh&Ve-lT#z^vNlcV)K30O4U({>~ly^2Y%S4@VI zXk+s1z1Dy0`M(y@U&>qbB%_`33wiCH$d<=y*Roz$o=c?MGU$o25hfN95s>$uzq*LP zc{W6_J<6HEmds_^59dwfV6)Bi{br&sx);k%Wav8mRH8heEk7jR!L4;&(6Q(zaI5hR z^(_{`s^bX^0;!+r{X+`0v8rN%yn-z@4)N4y@oyYHKlDWp=!@FfqpbL%iK%@N#}h+4 zRsDR0J|xGdv5|~@$OP%ep5c?6p#F(7$A8&lQ`_xb=8J8o z9?z>F{iJ@WzFC`k@nJuNmrdFjUOkVZ2jn=5^oqRfwHj+Wlb0K|SG;^n@v^kX;M_WP z)uyt+O#E$THmI&odwwY|i@n=?4%@f!a;ZO6d78ttMRgMt-Pi(Jug#!HeROQYA#=jTd8@Oe)DDH6@H-)_|?2@BJbGzNt#bu zTh``@{fVN_m!D(r;o7`b7+AvrHNRbtCAXAR_~Dq$Okm|d;{$MGVOxAt!yaD@U5iCt zGQ-+2u{K%#l0K(`rU$S0`IczS=Vx9-kTzt#w3sKOY{iaf&oX{nKh?k1cr2sPth)4q zJCuxhp7c{eZS|FPPjl3RvrNqqmZxYQPh^Vl?f*T$@Tl;kzmGhTe;T-o@OeSCNpUYQjU zWObUzEwznMCxmk|#s=CoGbr61h=pD3JH?wwrfBXfC2rpn@v|y(3!Eg>27BeU<@+rw?AVwVs zgO7m@BSu^HW)P=C0h?l&M3Y#J5upeT2|yNIIt4ja6q4V)=!1Mm zl9lIArEi8X_Bj;KQ+Btuw$Ec^oMs7Nm<)wk$M-xW453sQx!Yit!0k=OXN4qm>e?KO zAzYK$b7}K=C_=&vh+v;Yc};J$D=quQ;LQ{jin}KlVqu$Ns8hQ++Ph!Hsr#V_kBC(A zN|6WKHp$M+vivk$=IlAI`w^$v9eFSDU{O%2Me+=THbjY(t#3l4Y89q+e`9t}Tv-dLVkGbRdL%lxrxNvhO_i zjjOtug4a@Q38@z&Pq`LtDngEv;LduE(tSCHauZ!JTIHtBvFeH1PlYcaja>kqku@eK&54E->*AJI#Yhx7~O4D!oUfQROq9f()G1}Z|x))CWLR;Z6(NPgF zg`UExg>BH%E-PHB^~3Nzn!bfagi#l)W6TVcwGg^`4qXa2%BM+Rm3c3G z(dd2HbVqy<+m7T|lrLi6ZR4XpL{J|@7gB75{WOSvz41Jz8as(FieuMgW@|H)Hbi@5 zq#472^4^yI7*#JTa+m9jb_*}Vhv%Ewk1(-oIi7Q@bY1mP>@>4$5h8!t?O)DOK3tpY z)ILEGwmMJRWB|$4fOkNp_ z2&ItUWh}-Yxr;!#6C^%L>9;`iOXgOtq3Lp($0t&3nYIxlwq~8XG`7rsN#Re9QS-}l zR4_-KijetdJBmldj;-x-uEjpYF9~OahihZ{^}!5fE{Qi~jmUGjNM3GT#bJkDUY+QM|Pg?z%xd$G}G3o=e?uxIn@n%~RBuZkS_yU1S2 zOoC0@T+8>uH%jNE|Kw%bkm6;Lp=v`rMmW-}?1R_0`V{e>VdOj+pJtD5GCmE8mqj1w zqtfy+|66!juBmjD*U#kqv=AL&TTvmncVYn+2rt)Zf%c2Y%l9;14(D+xJSF;~bd-Om z;bqEI{7Whul=ijcmvWN%;~a-u=UB5p;bkUTA|L4kWvY0YHWu~#Bs>>bdAZsE`pE~l zsd!oD(5j;{2h<~tm$mCVi*G&o?gT8Y0c56YEjhayAVI0c!nV1BI>YB|9>4QN0Ev2Ut)&Te3vq(k+ARN#2y8&8M7W8>i@%%(eU` z{*!Txnrrd9ui#vP^iys?q;RgpC()b><`eWYkFU(ewB|+On#YNpyBAx0Bj{(OFIGPz zcB*_>YQLS9b45pgG3Q$4AI*Fqt^CEWi2Re(^)&hCK;8;n(SE^2`0!dX{!m*VZ1JV? zQEbl|+i3pFrvI7Ek@Y+^N9pw68fPfq&h`w}I76GK5OODDohUPmvJ&9|bt2Q12xjVs z$j!`aSUH!R@N$02tcXwwd7R0)$NdqQY=POzxwhCui|Mp$$oOn}rXaDFvQy5zJO*K% zJ9VxtUI`UHZ`BEFydwVA#<>wPw<>-X`B>W(KSY^D^LveR<=9l${WUPM|MXFazJ!Y_ z2cc8(3aHh34pyAIf!jO3Mc+ye__TOe^jhx)uNcN8GA7}&%-Z^$@wY4@L`KD`%66jp zF@lc&j1}X1pihtP=+><}x_9e_?mY&g@8FeKb;KW!kSujt#E3%5HPT&E5M_>4h8BEz zI}Xk3iD8{8qXLO8`+HeYpmYP&Zr>L@28==9dHb>BW)MOG&g1gt8JIrX9kce`#O!!OQP7&TXHG319a>&#v9jwR)v_-s&wMQ0x#bQPD^Ou)>+lvnre=t{YD>)Hd|2Y!!lSDnS- zdy$Y876~y?nYSsZnrWBjnFt1VyX1Leq}D(RbW@Ox$rD zw;mY~CsofxGm?!raAo@(Od0SsdUfx{>vlo+Uc)hH%3f^0@&u7`cOlMoP5?tRevhgFz)>;WDbEUNNq488-e9Y0{v$R=o6tr&`Y^bWG+ zc1EfCUD2-lK=c?h4?pg^jXObsczSLFw#=K1@yj@;SD&aLPWEn46+o4IKE&M0kq6u5T=wWa3FBvUT%mZvD`E>^%Ii^9J=l0&&*6 z0%_zV!Bb2e3_-UzFEg-k)^tqYbX7gh5PWMljx6YfVI6F~=u`Tl`l#Jbe9(QCPISB80sd+93OETH#bbg?7>~plYJBY6}{>?U@QhLJBEFCIhIG~;k&%OwTQ6T zT11G0g?1!&O``4}#+jvq@ZEsE=sj^6+}Y3jA!ctir0J!pljrbto(;dYAFK zikI1L(B-Y<(gP^La=(H6Q7Aa~BE5BGY65P$OWCfd-fMVPf;<7Jsg z#mfwI%(3L?JQhq3x5GjltBVeX|rV&)-O&F1);aGiNBpnf2(YeewjQacPKSpey(_V$E3bi|6uKF58BZWt1 z$4pz3#{nZAX|a&|?4L1X^A%hO2u0AXoj5eV8%EI2R4nqbm2(;YTRFG?+`ZUzi7~HQ zv0&p|&NX8&#aYsC%Bs)!#h8BZ4!oZ-byh{CRM$^~^zx6Q{I_WGryO3$zqe|0_KC;1 zYnA`lMtM-6%GdaMsRu4!+lKW&kHmm3T72BS_c!Q0c^&4Re26CoO>W{xmCvA$mN}C6 z>e}|XFXB>>w~9+O&W%)@D{-mD)kd?nQZO!p`OAhMF>7Eq#krbq?~b1R$6)BPa~>ZI!Xvx7|9cxVl?+>RW#%vGi@ixfWTC$aww5D!nL}ZJg`xfz!(d zs(4Ao&k`?5eAk0^I_DJ5KBeyP$b@*|T*e*VM-=Cd8#x5uEj`E_$$}7LJS@@F{lsX* z#QMW$FFAME7!01iOX-P$F|Fkn*<&iup~RS&gWcbVU6Y!je92a*KV&z~g@z*P-YzWZ zN-iw#KO?_rl+*h#=1-#aKiU7=Q)`;>wo!__?zyYL_m660R}H%qtK@n@n!qTn0w9_-b@PQuKmj@%d!kbs_+kv&Be-rWl_s54?g?oKX~`; z|KOvXb|~!V2ItQkqU_*RSac}>L6??eO(zG~yHA;T&lov#9nx)=P~Gb?j6DYkuIp|S_H+a_rj1-12M4YSEyK~8eE!8!4LZ$z}x32 z4o@nJ+HOTrv{rwNm^uMJ4sDBu<;tLpn=48e&4ogRi=a@eNf^D|4*_AkriJ4ZqswG` z3Puy1JOid^Klq-QgC9CoMRms#aB_B~%m_C-6mckl+|}rS=6T{yuu(n7sP0CmZ;S27 zvc35507Rahk2ymdpiIdE$n(+L`0&F|@JT*<6f0Q@ZjA?{_58EA7-;0k>-%56lG@^HvaJ#iErbwY8w z63D0IwvBQNL!>Y!1`0?OP+>MrHd`!Sd3TAmlV}w6^FKmMQx6RSi)efZ{sDH9UeJMvcmvTVXs=ZOJ z+ic7q*#wi?6op&iPw~OqHhtq9JC%lOqrqsm&=Z#e!qpOIS>2N&BPp`T-E{Wf;C%pl zhdZK*b1@X{v<@q-JVW4>#aK6_0&2VFM$Ql4QNHNI6kk*yr3Ws@90mze_%PhNgab3W zVL+{1DC1HbB}|%$k<=Ud`u>ClBCzMgHR$b4WXxKLfp=KsMCfc>n`OR1~ zv;~^ePl?^h*riP;>Q46Z9Z>1JvpDPh4B-cdVnSouf=dI`A2bOwW(+~U#x?M{lgQWs z&IPjLeY+~K>#-CoPd#8VD}7)xz=YgFnZ$-%f%lG)7~Y6;ozosgIlj`Ro#0TEb4{Pn zjB|b9f$R~%`H{I{|6@!c2zht`M^=50A@yBRxmXdnIg4KqKStelE{Cj*f5x~S!H9Wy z5rL~aYDI*$?pS>G0V2V~Hz^6GhnH}CdNcHJ{XgW-SAqf0Bn;nvAHL6My-d_(zEaC7 zbrIp#;&y27T#|k4f-ckNVa~k4_@-eg)DT;wtX%Bv;F#YY6`Bmji0xN!E|>`k6Fd`T z9L07`^fj6-pTG{97bn_s3EFbI6k87AwJr3?#v5C(ZD@H^%=;Fy zSLunKn}XpLnuKH$c~T4s1cg`mbFK5;-lO>)3xB&r2XJO?4 z@^UHK!bh})x86~_T!^~j^mzl6{bn_J*&o3dmtj>$a*u0uIFHWA%W<6f;PdWS(6SKh zovXre_+A{k%W?4&b@wp#jdCV0+rhp@FMKm<00#B^66MNPgBy8y^8N?#@i~G+6HDVO zSMqWlj(-|?c?kVy*)p^Z;pLoGUY>|C+x!qnUVg3r6keu1C|*832S0YIhML96%T8=B zg_j*)@bVMt|I2upx@9oMk(d3+%L_1fNCT8Ak>AS8A6t33G~DQygqJTpV5BX)94@>} z8ze8==P8b&B}#GJCE&>U%3Gopd0G5z1Z|LQ(`RYCd|2^v$BHF2-zdCXn!M~>P~+tu z%d!3}6I*g-H0|vCf;Jdjzc6h=c-i`P4=XR1ATM_zFJB=q-?8y>U2^W0d(=HMIalLl zv*P6&I5V>a+Lh6Gc_8gIl6H|C6HZhYVe(~6bSUS#KgP&hm(=EZ66d;}#9(eR*W0k?4r2g$Lk#&sEzP%%Syl7hg~iIm)$D@;`I?DMAkp$HXR#)m-bN;ed&lK7BCyH2ngfyYYCZVsI{)9q-vy zMWJ5HvD)(i^}?(;S5_EUVi{Lk=V(M`aj8>lG@nS$P0@eyAY)U-xeqkX9a_H(DiM37A@ladn<#Ws#lZI14)|3>}- z%%R%;h><(UxlG#CV=Jj+q%=hYDcrX~n-cU%CA*@_&+{>R?jQ_lT#<2~tCE$gV^P@W zbRg#r#mMbfaW=@txe{B;#-Oq?BMc8OpTPDB9q@I{yeQ@D2uG!F^ouUeD4IjF)4mJ$ z<4{nz+T2w6@SEGQV_11qF7Qv}sL}&HH$R3~h{m}Ia+B(wI~H~>3+InrP_X4({Cw(> zT8$--r>33rHvxSLb0D+n34(Wz#?)5jP^8AU=)B|x9>gai$#frA=eNV)YDH1H72}+J zPw>=iMgsXa^Y(sU{EdnTjDbmDiAe?q1)exDyC1rg)L&G66v2^c#96WLuhYlaX z&K1)zshK@K&z~R8^@n5Jem~qaCaWb&^4h8N*Oj{zl3<5E@`3;5ZSYtz2z{y-fPJdrGfF_@5Sx&@z|BQT^!Q51Kq zh3fs5V!@WfIB|Rrw(;D))#%KtwnDwxXK?P3$SMg4_eS`s>6kHjBwCClQLf#GBOZq+ z1Im2Q6nx*Z5~>!dhKAp6!G@bA7$QOuanBRi56{7ZZ@xhFJRhQ{OH;J_X**W!rc6&< z#Q6sycp7pYmu56V3x^N!R`qYuYoi~+qhmmise%=4r&|UqQyZd%U!qjrM!a$OirILwwghy8?+om;8 zAv*);+5<6S$tLVNatMcx9HmTlV&&MD=;V?W4))d2@Vjl;=5JEThZMREJ|5WrZE@5P zy?Uzv@>T4Qp46*N`>9ul_v6@V>Q%eq$Va`hYda0I&WK(mk?3VLL&ko+9JDi)H2dP( zhS3;V*A1>^8lma8bFpHN^z{IBZa(HN7>AZ$FTsqZ*AO0QL2_~&lA~|o&d!nemU43} zQ42Nti=I$!NA_a#Tu zav;HcH3Yq9?Zy7XY;WHZ%Q{p)0=d3#BgK+J)^S8lqvDGAPq{5JoTBg1twM;K<>P*tzou^c(Rbx_rA2=NKd< zNkAh-gj7LQ3K(d}^2g*TFZk~J9^W!hD9o|DcK87^R_$bahlvdw`wti}@+b6UKy&H( zV}u+Yi75^KgMuGs!+QnlqDt3kn7M8b4p1MD>|KqWlbWG{Yc~8Ne`Qn}u@l>FQkP=l zNO%mOqrGrv$8Zc48{u5n6rZqJWV{z!IoJK@6N*=Dt>*gNgJ}BL1m--U^r2g^Wo%Pa zXTX`GLKk!xzY;t5@jUAA;X?~BZ{c@n*@ymOoj*(g=WyRvL}<5I>4w}bk9~3#o->-D zL-F^KKVKPqIb;duobbUF22T+Yn$Jr!UxZdfNJdQ1Roq$D9^ET`jQ8HlhU`UZqEY|J zn7(N*c6uD4EgiwZjSI1)e^u0R`ULr_G-m*C1&k}y%9wZtatU~dM^_eOHf_1Q&6XE) z&TO{4cPCbjYlY6PV$1Y#wB_xA7TPkC_Q)Xk?VpM%&9k9sF(yAfH(}H5NNsh-)AR8B zxf&X~=0~pbgE3&uC0q|gBG3s`yiE^bC8sipt2L^l0(B`K0(WXJ<=^72+3S~*Cwh3w>I+JfTc zLnp|~cNH%Ok(cK;CNJAD=o*@lmt_OsptJKZt3mb`ylj1oP}IF6*f+EgYGfxbzw3zX zjYeU>0*#lCke6>iAuoF$!hZ5{jU3`X3nB04{n6_u`cL6y@t;;+&MUm!mb|R|CwW-po;x>6XNfo)$wI$b3yc~+i z$9Ld!oxDst8dQV4T&^0v_$D|C0m-H+R_Qh53JMO+{+KOrw)_?et5yeyncUXGCBzLl5F!pny1IQ3I~G%NnG zI_B%m_f!!9u?F1TOkS>>1)u)&UB%1QhcCwBE&Jec$P=foJwzbwKzP}Yamdh`#o!?P zGJxY%{G#!4-|EHTNM3F*hvR)f7Kt}e&S{H@HW(P!M9UpO+VaCIi!i5&m6z)bz)144 z&6W@B*+p9xUj7vJ4pnK(+p#Sm2G1>0zaLzgZ8Fby}?5e}H-H-J7yELCKe79o~28{R#y}mn*ON?)x9vF)6Qx_2;V`*FTKGD=A z`tu<*?36B5Pthg%a~0#+)1S9NeaiNnO_##%C|!~mujR;Pm@6^fA?ngm>e9}s_>Q_% zr3ho0Z?|I8E$TcklW3NG8Tw#sr7Za5AKF~k9I*t8IM)(`ow|Gv_nwAnZ-|jtHPx7< zXc?23jIdjj@1TMxT{ItZH*<&kg~y6>A6(mpL*(2()$*ZOw!+HKjHjR3&AB+j_}`bD z`{XuxYbP{%oNpMH7H3>)jjtXUkxb4_j(x5; zchi_As8QSrc|PxkjuXl4dxfj_k#px`&VsRM)n^4}uMa?U;05@v>0n)nKpVXLT&+lr zdwdC=GaHd}-$Q}?74X$i+Kh0nzdX_)t0XCxG=4Hw5h0kIyRG!Byq^_Wi_}1a zKIGiZ2e89K;}?&O3$UbLb#iV_6sXz~U6x$NiHFH-m%d-#aFR?ry|fs!npa1;yrtk= zmv*|;7C)1-_wHc)+yb4Pv%dt>Fl=lMQ4|H@Ucr1)R}(^7lYXOIF6Bqn5ojz7-gk`#s4(! zoY{pnr~Tm>Vr|d%dAbWb+T}+D23V!O*^BLWA`r*KL#nwM+9M(ughUB}^AmM@JvMZ8 zL?g9<(<6AxnmzSl5^7<KTXCY?>di=ieWHu5IU&TfScW%43h{jnIh?Vfs`E2W5FU5RjZc58GjUjW$~$T8X- z55yU9Z|4yFQ2igspCu&&f%cm7kpCtNBns39v;)lXMAQ{gVB_Ln3xzC12$mW4^>b#j~xoSeS^X4Zo*sX z?2Av*(}VE%;R`g(_Yrb^-UFSs_~K@$reDUp$8mT}8Pr#LWd}Rz)yxa2^a_D^xUC<$ zxQbpiM(uewsaG6yoEGH2nKP6E6Kx=w!EE?3?EI!88f43Xk}Z~D=G7#Xz-b>NA{dOG zI(!|MJUP#1S>hOiXJ=+$ZnsjDTSb)VzKo8ViMI6&gi&r&YU2xMXM9rYNBnf;0mL+; z?;XNHYZ0MHt3_Bs(o#!CpP$90g>BHHf*n39+YNnJkgQYmlELBe@tDz~I6f`j9M#7j z#M$S`h@~So-&}-sgG-=j_Ja7N=JyzNBpCe3`jP*5gxfc+F=-9NvrzE~_u;dpC%QUh zr@jrRz9m|Bt>>|c5`@~GKTZW(5rKLW;d2msN0vlYHwP4L#pLtSGwYnhBKgreEbmkT z74y5G=}+fzIE^oQOkX%2-IKJp)raL4NgPM-`$@WT*1*gqVTzsQ2T zS>D3Gi*!QMS(kAsMWHyjM?0{wzY9v_%!>CKO~vQ~Pt>!WNPLc`oa;GV-C$>5kv?G= zw%oS7nCplabN$g*KVULtE%u*exPyC}+M!$d?0Dz1I;i|T=l)5`fZ_ zS{O|Jp18fN9a_|`1N%;Eu=0ih$(DP#y=EYKxqXa+1uNpKk=wAzFOFyOLqBe@ZdRLK zPA`fG*BQ{XL-+Do@UM5?qOJ5qpG7xtB}KR76AQD~dMxW%1f>dpfC9~#TzPQJ;-i?D zL*?qJ%hUx2cdlupL*bs*mC|4Y0Eun%RcbZ-uuR6C;a)|%5hh3|s>3BKd1ur|3mlx1~23vVK`X&C8yd(S4Sndli z@5Gujneg(nUD)0>Kgty?1Gm9@6feiWj+bLKn~1u#4ja0Wmm9T5w+*!27o9~MdHD%> zc}`bXCXeLho-4>x62DkK5od6fyeu}Tc=@1}mm>mT5MDlh8k@+=Dbt`nr0f&RRNP`){Z}TRm2=65FnGUhci`5rR|ka=hgk`9;R-0z2}H_?*r3IVs~MFJGTp z$I8p}IUe`$G*<2il9w})a};@5p1n5uug6xg^suv3=P z=TMI`w3%}Ox0%@|CWa$KxLfH`d6elvU7~EQ;UT&E46aQPU2?)lUsAS*0`P=`N{9%g zF6~k=-o~48nZ$UaOP?TrwV~*<=|04q)M`-9^`xr*vd;Aw^xMz5PBGV5^{9wE5}SU^ zs)&$~jIcZVv3G$=)IrK1PkZ3Mwc@5z3;q@56QW`-EZQmmR4CmjHkRdkaHbSrpU)A)M6UG zXT0&mESn|9AoAWi+G!P3&Q}zL$`8em^|v$FY2q^vcucH;`guM=&PqMdVY4r8S>xwq zO8^3ne1mVkC<@n-9WaKR`!L>u$H(U5r|QDF&CzD*4O|Qtj;4PW9sI?dOFQO(lVcwt z`nEfMYE%jiSt+k^`>^vtB241f8KWcwY{Bl~HBsinVkp&gIu_lIMlfTOILa|IU-f(9 zZ&5@Txjz(s%EA*6erp>x_p!(4B}$-p=apD>Efi77OjJ3U7TK6YUd2K~iZl7*>cWob zUN#RttvVPzR^CJq$u&OSoblQW=w&I)l@C||0RQw!L_t(wBuODL;WiG=|AQPQnfx$Wyhbjy#FI>9`3zli*tJzy-o6lu zm#hH$!8@`0b~ut5SXf>fENai5s`uT>^LPnN=tAzn|H5IMK5`g`kDkE3HB<0Y>-^fX z(>9B-OrF^nhb+%3WzweF1v{?G9aah5Q%%+2Vz{+{~*uDHBoECejJUkPy#gIm{=sq zW-lS3=H)H$F zFoqd&x9uoAM!Mk3T>n8fr>^KrCwiU3juo9EoUjz%J@lQX=h& zfz+ENA+khI0(K*!!VX|l@6xFEepXa$y99HtCLx9ENqaWXo1i3JEM4$X;|nJkH<03ad&lB46BwMMXK~gx8=9s zYvR08HnH?C%EyrS)$%}79Cee4zWEBStmusP#j>N6>{@@AIzoSyED5Pum*B$2LhYUU;0Qu zm-&$muVm+Z+37we;0$goYKIo}o1$d5wODoX9DEKA!}kpeAb`We|qIU4t>MZZ_m} zY>g(;)`_lQ=TAF1kCFL!Chz;C^s7c1>BHlJyu~0onBZHWurC#e8v2~1}`fjjNBjg zf|qYnj=k+sv4j&GyR5?MYavXowRsV{vGH=e;^hwLUXHw6WiYz0x@F~M`rb@zL=_Rp z%Spn^KFc&-R<>{iJ8Zn1ARH8_iUSXR8u3)y)2)M4S}ljP;8oFSA4BWyUKZp75AZ7foq{1=^99&!xA)Q2N^`7*Bs| z&eUQ%958|yP&PSf-WkK^Fsqm;pI=QysW+5L*ASq zZAAom&0&TjLRsPEF{z3O;q*nq%kLuBM>X&jdHF~{sU?i z7UPg36YHUwQvveJd`!-Sm*cNY!&u?v!t^=hWf`yHDZWt)MT)rnd zy4!e}F{sFhwj7(n%e3WA4k%f?0v!5m!q)50=_f=oiLe-N;q1)j=wIC))d#M?+zS@< z77AIR7%g`uW&fWjZ(Nwu3InSbMU4SVG5Z`7P|iWJb+v>x_v!ojGKkNo&x(44TPwR` zXw|GJQn?R({w?@K%en%IE3}weY+qLK##-o4jkZ?|%EpSF&}Qys+@;S-h`5Af)TL(B zrTmobPnqaaJh}UO(WL?nc-~o@454h*8;NKi97k*{V?1A*E*-~V72`FcE`5xw&T_2_ z@a2Rh#)iRv#{i72{2%0!7;NML90{|{HD%72LOolbiEX4UA~>O{n-mciW9h{wS}`z* zoO@>x=C*M_>AcSLGsm#!5!4$AgmaS_t=~B?5+m&2L)jwr(ZT&L&Zh}#=m%u~Be|aP zUm5$LLE<`k_-K)THw>*J@+ar6xD7v(_>sTy*FXKS2$%&UoMR2Xd8ci>6c0z>9K=vpmMFoz7Aj6!-M09l`)8&3YTzXA=g&YPVG^mctzNMy$RdBLam(3rocU<+&GvxAjKXDsISK zeh5bF3&2CEC)qxU4-v5Y8w_yE2Dhrc(09jEc!yI*V`0Xl;mMsOCqhR0= z7Z-u&cXnah$OdRv&Jiw7Zt9uQl6IdVXSQtkk7IXqn#%y4-bTs@i15S(CN82sZgR(r z!LE0NJi99!=yCodZ{oaKiSP@H2;nJ+X##w)wXhEq=i>8R#o07pT%zDi>|IAnK1t+5BNHGqLE z2~M0(YWd18t+B~bhz>u2z2DYAqwKlh&|)s8o)Z$HvcyKyQHkD1K;ASUNom}Zi?}|g z2^u;u*{(1VKOOT|cgE$p-$M+7YdDHt&Bj8t>_1W6r8H5m?;waR1 z5tfr&qbW1lAm-(Il^zVblBi?G%Q!Z*B|7DO8wK-JLEX_iu*EwR!Qn=Aw@j9`Cnm+y zR_V%PpTXd>1`9isK)Kw-Q0d!USnbUuC|uJM*&*E!{t!>EaqNxkV4tldYL7pJJq+?9 z?;gdmF~zkaLYw8vrjp@{TkF3@*J2;SzG4r2z5OwKLZV;@lU;bj5E>ea$k0>poZkiw z@_Yh^%0n=ofsb$4WgH$+9qoz~MXiCGvGNWBrv&;13;mOI*IjwMMD9RI@g;@MwV6bcA^5Z+(;|YsdK_cvrDsfu_(^<%$Q$%Ut>}yL(ie@j z`64C=yl#B*a|E7u$Lt1$Q0~2)aQtEfM(?P7;Imc(qJex;0^fsNGWW6ca`whX}N+8-cSiKb{i z<1B8_24yuzG>Hf;M2WnrnMh8MYg1?wHh0 z>dHpcTtC7SHP=N@>{Dmdo^T8Yj27HG{u8EE%z+veI-~EVAl#N}OF}et&7ge0Jc=MY zK*ut%lb}N0&fvAU16nm|juK72!}#yJVOXo&C}wYuvc2e+F396PN!qJEBjwKb%Qq)_ zu_wYM>)RRZk-Ovo4BLMXciD|NDME-XO7JMpJd=Z>F3!f1_9amuTU}Hgx(BCa7w5?H z@c6bm8e467n$4EuQrmL0dekM2Emxd`$w%)Zh>1r`q7;b2U_Lt^n@6=qg~r`cxo%B# zYT$;iy8VnvJ1IW~qY2Un70kXWpnWx7UPMU6%SR_-e3=|5S*!u-&$)q1a`z^QfxWEi z5Z$5PNdYF7JQ;CjD(1CvLf%|2c-fdFewjgIhU?P@+IZQ^UE^hC3kR^7wh&1hN??#3 zpRDonuPq`(-#tWLc2c}tRPpjt#mllQyv)0q0dKhXL3K>k5`|E-`5d^Db8WmV{?kl- zixB@wUass?oPqjc#mgp%PhQ2#M)Igx+ho*axQ|<##wuQ}V&i2;;pGqTPS&z0(s~hA zU8O8u$@Lm9$0n1PJr}{<%FFE*k(VD>C==mj`WWw(SkS&W;~abX+dWwCYaut;c$qdB z5s2rs!RZYP!~WCa_;NIPnLH)&mGE-B;^m##KB58Imy>;p$ji>IaI(vRoS$aHdnJ0I z%lxyrMWc~IWNKb^twvtnM_!gGG8s9476#onaZas7_!UJ2OSqMnKcO#bhqiMr!P`v# zM_*(lhYG($`mTn%#38wgqVl)9vCfByj2f@zbA*?lU7Lp~P%T`;yHoLL1+{ID_9&glNpUXKken-pvuMs#2m&vVbL$mExev3V_?N@T zx!$<;%*YtesQgiEyuALIK2zOz$;|KC^oI$fl7BU{E-3QfVvRSL@QeJF{>Z-)Z!oqL zKBN47$+=_ee2jcf&B?i*<*WscTKTx!#QYh3#L>OA~J{ddUjih7gCxdtPAk50yviaAlUVrTT*{1~?l>_~#F zntj2!;v*&2kT=Up5#grfZ;hIvc;oNz{r5dFyj5N}D9&Ath3BIY5}%AD`a83gmon$v zR7C{Y6JcR1w6ZUT&m0Hf+XMcJb0rRnF~}o`5im0OmYX_J7iMBf2PYKD(E!zl?7^vc z`pKwsI6ymX{8=6pZ#5s&&qq;a@k||Qr%KOhOXOx*G!^%ZoIAS_8rr)cXF1yG(R+AA zKW`!D#>a)hbanwYjc$$dO?r}ZYoJrZ()hC5Ec~!52v5b=F_zF?jRF1pqet8NsOORmpXDio zV(ph=jqHxh>#A1)W~!80up+_PgL8|p*j7YXbOYxea9$E=k+F}M2ra{-sst@9|rdCir#HMN7>J^;G=i*p~{Fu*c1rP(_=h6GY=bP^hKX8 z%}}piLo{v5WBUw1zuw)^u2xBuDv%u?yYxV(dFQObiU{Yd3U*V92(}HtD4XA;h_HnO zRzDj9fi7q_?;`Gy5F}WMqW&aVf)MGo5VPC4pu|TxU{|&&8g$`!`*6Hp_d>7U{m{Q} z7xZdV3FUHS!N(uuN7a%0vB6h@6|>r;EVX>)(SUf)Y*gqjZ0b`9wLY*z*-k4k|B|L_ z@@#C%@zh~sOfnKfyzqG2VDuYl;(5Dt!^Ubz)TkrwmSvw{&SVErXU1QHBoZ8AN_!>jwTc{Bsq67P{jN}z1Z z-ssqWBnD1d2lvxKcqSK>Ppl@lS(IDJ4=J~DBDX=B+`r<#j_#Ca$|4%AF`PWM};}V-#61xsvDJ zz@+fP(o{u+{ShiSmiGw3Fus8! zD&_wW#j7?#z3$YvZztoswdZjnP?ki*skg0U+7Hf^!ARdG#lFBbOzd6pMJ`vg8h;Es zA82Eb&Ezf|V=DSw?R8UP3%Sd8L%W4n;LBhlP6A#YCo2I=Q4#RpF&N)B{1o|1w@1s_ zS8+e)31a-0VP1O%i67*kPiTsUGS{4wzP&XYvCXykgb&{>gc{?HV&9`+T;JRm1Bzus zmFhz={%9obG4hijTI8HM5RrncO86gM#I0o=(fKPUWX)fK3C_p(tY9I0)@(dxpLl{W z+O+ruTQKt~yeJ~rUh!BK`CY!lgu}iFV2~mE4#+c!YBdfgR_;DWo}a^jrW}fV+yGSv z?!s}=Bf}wV@BKOId{C6Oyi&8}7Eq;1 zbF7Iz)*OVuvx_mhTX_^Om=lg)cE#W=S8zF;X&bpzmN%v!$1la}iwJk&vwt{-l9yc^ z+N1q4Z(OzVvb@e$n-`8vE&q-pFR#M(LG|F6y%8#<=4H-7%Bw0udr<(rE%UbYp~ zXbVQU<1WSh->Qf}-&nN$Vl2OyiuJvy>k(!qy#D9{P ztCN?Dv>-2^mrY(@#mn*Z0~Un(9L3oUqshx16ff7W*8&|o_Q8Mw{n4{+J;lp8gqPbb z!|JQSY9+$!iwNZ9vx`!S`|TE!mmdl*)9EN)o{w2=ol$}|Xjh>Hd3lKDZ~J_$czHlS ztG}fUe*AuZ^0EguF{w61GFUz{ADd?MCoeZuyxgo=H+uiMUDN;3|kSw9WzcF znE1#hu&J)~CSZRequ9s9=ZFkg&BW3fH9m7e%kfNTW#1OsdIr9;`urEK7_=4<=3hrZ z%wziVrI@31DLd@SH>WNQMV~&JKkwO#KASP#*NpLmyH(6H>JTq>NY~tX5Bd-1C%bct5pK71+w8|=U(Wt@B;i~C4v+YBnGSZDS1bm>pQagQDnrv zzDgFaFCsjFQS2h6h`<=*KK%pdG+y{zIQQu-T--Pn;~N!2r2?P8zDh&X?LGv3Moht| zb?0z0kUmBBccNd)_(%ois^m|frsTg0?(LjXnbd~!uWvaihXH)kp6SN zBz_KK{JeD_dX%by+z!JqoSf@J&Naov!V=8^Mn6J;=OT>iRsqEe=Y&(O?ijM=DlUi7 z%f--FyzJ4n*TSguGl8t~*hm^tLDn9v%mFu0Sq zGhAFs^0tFRscI;hSrNg_0d{S)XR)*(Ba-njlKRJ~99*{%K9J)CWpazIhF z#Ot>yA{f0EU`~h9DE`*F$d=n4#hgmR+1Z(Jf|J~B5%BMlj*ci_yA1}cyoS@yQcMFdGatVIMSp%Or( z953W#NX)I50|rV0#p4 zwGfMye!f_V@TShuKqsb>;23EIjCoAOmeU z;W13N-7&W#<@O)SEtkkGot{|#Em^W8%GGLt0jnkJ4y@-r6qc1CTvBUrou3Kl4W4?pjVHq#E_qVH1} z#4pIQ_6&P&kVMJSNimXC%*FI(Md6mq1x+U$)y6I>E;2k~qXm>HMFa`vXbWxTGH@4L zkUK&=PAejW<30oDaSc92zOo(BYVI}oTZ;(uJC#B4e}6!qPz*&m*D@bz=URLM=el+~ ze6!{nE(hGg1t#xp3w;bX1~lW3MBrXzvKHLEw1^-9O?z~$mIv>D_$hK_eGhLHsDPYZ zmt*ziFoq%g(C$@0^BVomSVSm;{4Qhh{UIORPtI6GP&RXM9+r1154#WRp>n?+I3hug z6cLzs)c$~pM<*s8mnERdq=+ETa)#eQ7;U**Ef9<%8qsebA%jXC`t5&r#41Dw|v5&Yo0e;9@cFFSNVM_UnreEDLdH@Qov z758y>BleAGMqX}$&xM!6ev2Z4@bY5JZ&?(@N__#>aR+fY9WTd`mxC`XCNCF(BY8P> zaX+PqK;LNBb`iNxTZN|rGFuVBx)PyUDM#41Uy9|*f2JxTC|f3XTY0%iD|h-&xk>N} zUXF`LR9FBmFaH|DD!)r!wnHKE^0%Ar;Ksu+M39%C-`$Jsy71wa)SuCD;ZNs+y#qd?Z5Am5xL)09*3mYy! z)7~@xJP1DI<+jwnbwfY?SZyPTk4NOvYFMC>~manad zU<}!bjn*PU`7WzdY&m@qL7smXTMpeTyezgn9K-hBR7C`N4Cc2hB53yhN*k9rL41BJ zbzD|}HYozvoGxfG;RN>3=bPyBC5cTNBWpfC(;|XJiU{OQ%C`8wsY|(Sy5wTjC2PFH z7|5waNmQ)c4g*(Sr7p!#m$p-v92ny<(R68mn&UKGQZe4Mhw$F0-LT0^?htX*a&;Po#(t6^8q=DyQBjluu{0o_7O*u}={nuoUy!yTRcK}5O#eNIkzzEKKlgunoPi4a)CTa8c&~`_J)M;{Tp&F^Iwzd({)_mIs*NQ z6+zLD^Pzy)Q7Kora&EM_5_@umn`=q9I^;z5x9QIcG(qPj7uDle^0;kmR7U;zz3?|H zBHYKl!(%YQF*lrxwL)w6+qleRQvwCGk&0CzMVVwn6Z5r2Sly#Cie_s_W!i!R5mAUp zVqn1IGB_F-v~BYAyeYdhGx)_}_x4;=O*6DBfP zVH;7jbf)Wgc4ZkBx5;EMiniN^>DETkB* z=;cKO+3P{=PWl{1-_2Ow!xdF?D^+`hLp%IwUJUa@MYmb&QQx_3DadA;Qw6q4hqYs9| zH{D7Et%#5ZSsRSQ;O+h}Friby3X`CiM2txDCE${^Aj-9!g74R!z<~q%acJL8ZM?gz<2`l~XD(fVm;X})hmlyA;HBLWo;s~o zA{Y=Ix({3XS3%v63!@YR*f|$C&lU*;B%slbmq1H=T>SH^xVO41+LbJeJWiu9&chE6 z*>x!*c&H)*NnXt_19Q=e*lw1gGdH^@`3qnoicl`4&A?&-thHGZTnoC$YyQ z$g^_{qJpl&>+BJn_Sk?uOZwvLS|yP!s|yN!H6Gt@_ra6cXE5Jij`?j$!YzAYly5I@ zA~>e>`|c=q1dx<1G1MI)gBRnIx4DQ< zP)U*at0f)Krf60sx74=-hTpD;pdM$iXW~R(G*0tHvLm<@5o9leXhscjNy&&aK19&1 zlQ?&DKaTI5j`>4sp?u-Oc)w6nG#IuG`x(^8yPxH;hO~)?t%xA+mS2dOEsDZ5HZhsx}CtXxFk5At{#nD@6n~E-h%2K+H^6 z5c7b3VM%+msZ#^Rt9QXSeVU*}ZAZNCQV(A+`PqFtiV3n5|7cI_v*`58^g3e^!43Ic zM&r9fe(;y4DN_On_Q8^bSaO+BJ{W8qC$bcqR zHdEr<$h9~QBe{feCT;l|?yc&I_F~JyuOIwkGls)VR(t$aB*mjHjCwv z8VX7!@U{S&*=L}+D) zVx?-rmA|LqWqFK`y!`a?Qu1;U6ql6C_a^<{40tGstCIn%as32Uqs+BR$eZm ziu*4qA}C&_ZIPEFeKulgHy0}}PsVrTTh?ZvOy~^-+mN|sE9kbvA!SrxV(oFikDAf>n-v!ZB6?m zA?(m_Om3D<757y#uZjq%c$q#~;=0iX!mY)9TM@wvXXW*cikGE`;EzZK)iz!>)32DL zZsYvy*65^o`6We!(jApAx|zC&pl%K=(s)_Mt9;IJHQtmsB*o{P#OXA=oWA%foGV2H zDemvZmVT8{hqhe0<8sWoM7xa>UZ%dwvC5WdbMeW_mhZ0WqVaM`+VTN!Mzp`xN(A9s z{+nXs{O^}>H0?nvB9Pm!&nMp%foraks5j2K&qyq7ihL)>8YBj>`g{x3##T6f@i>DN z5$MnTmt!trLr2oWGEtVu0_Xwvm!z~?e+RR%xqZ*eb2B?QlXL4b z-q=ab75PiSLXLkSf9e3`BJxiuB9!Z7jXyIM5#$w^qv}c#K?*%L@F4a%;sTa&j*7!M zTS4mo)K|x)oFi|}QS|e3s)*3M@TYK=eM}A+ao?DXWQ$fr(DX}mP2|Ep&=xI^&f})y z-0Ezg-4_}Vmjh(lnVUj&^gmcr_ReGc^BD6wFdpE|k*qp#O$TI2BCU zO9C$|5ftZYe%K^^v~g~l@uh{40gKwi_2x2c7+4dfve!g~mOoGdG{`v zt3BAYTi)KY9Ug0kVQ}^QDEOfR-1=_7vK!<(&O?%{g3RO^zX$#%8!LuE7u}p*_BQzs7GkJ|mh(OTZ5%{ilL1Zh|5sfFGf|o&zO$%^e zRYVYSoylOOlx*O{U|K4Xa`#Uy4^6h<$<+;5)x!?1F6H1nh!g8AceG^Lq&VXc>u$;S@@}OAvotPg_ct<;8-XrKi)!bs6Fpy zytf}a1~{UEeQ|9if^}oXUsptsJrU?A6T@H(+>Lep%A-cH;wUq8FV@T2`d5A=Gdu~; zxlDlaehjx-qcP=tEM(D%?Btq23CG6MnQrWh;nlMtm#ZwR zY7E9$4<5^4MV39sB_+TV8Hj63I^yd}+3;D-q3FHN2Ty7I@*G4m%dr@^<35Zcq?Z*D5@YEk%t)Z#MLpP!4gJfZW??&&8N3T?NJ6jtFwl)L%JbMZ zr<@ujZ<3=)UTrm{2|CzkN8!5TG5X+BL`ac_=h`;TlK?`j!4!BDN5@t|rDD#=Q*SQZ z&&u*w>ad>&4*r@VLNX;nr_WrA3d7JgUXlZ=qs-7>4Pu9p29w$tC_X_WT{h1T&o|vf zz=lESU%?J^4Skr+}g8yqWlL#J&Kc%*gU<)36Gs)0MOwr>SgFI)sAd#{80b=poM1FrZe z_57bUX4)yo6_=O*ODyd=;w;WHIBs1uD@uJah@=x~Eh0#iNuADI$oR=od{4R1+xE;Qb@UBd%cFAhsrY8?0|Z)lEhh5D2pk$)`15R?mEAmH@p81^pHM`gG9{V=5piV(er#Bfyj&VBr=7>K5aDIYFP?hLz8UWw zz)te==fxx*SfqIQS3l06_Cyd~ro9L5#JaxaP@|{=d3hh!y_T1GuHghc=QKg1eB{8czSz6io}}$46g|!Qh?N;{HpE2=WR|@-l7F z_;5GY)92K%D~hs=L)N~QmpP~8W#Qzsyet8FwDNN%N&Y7{LOb$uk$MxYwyg28X3NxR z+Omkq6nF$j$9#^;!prsNV&R#G)G;ZqP>25OB7*F_Ae+h39f~heuULK=M~h8So}4SA zidD*^TA@O4BHt~#Aw_BWLiNshwl6$RpDz5be7;HcM6eYRI-||JtGFLa4S#X~8s9&=G zkAeCr`w+#^uZTQkPXyV_xLN&XaO<)R8xQWpDRORys`>CiiMon&x8I~pVzqG!=Vpw1 z1*wY&7je_wx+g-3K^X4g54wN#_<-VE%1Jm^;+SCOec#tDjBE~_$+@2JVS*cLx`Wd{ zHbO^-9I&IEj`d)SMLn0t-4s6w=Q17>^)o*ZJFSS%i#j8BU5TGH&XtYFV`Kesf6YKl zsZ{}Gs|`lW4y`e$T}4!CIUPgR1t385f}AUlvB;iOvPXpa(0+vrGcVlB9JBxN%uP(e z)a}6-`9)!TQlckX&A+ZT-p~9)VTT`Qyj~TRvwec>)y84?&H&A4GEYkXit67Bf0H6Y zD161jDKm56DV&~K1r1#DA$!Fk7`*lx?l8NPx_uIzcak_zkg)x?V{`v1_`=>Eg*(l} zq~nhm44LR~qhF%1{NBi5CGH7~K8rD%!HQef;;1v~2zCY0C(Ao+)lRx{NB1a>PoOcD z%!8bDf57z9vcVF6mP3-6#zvfm=fZaAkT)yd&RPp4M;^d&c}|L-KW8O^Z1%x`$7c~{ zHnT&?kL*$T+k@C5x2M&I(lgOnZ2tx$s^v!RPux(n?NY4zul7WUp@R@dD|h~VadUY$ z^sSNyA5`vv4l8cqktU8*9}~iZ9>VYXBRmU@;5=NyrKL<1a(;lqrTbvOeuFg$l=#G1s> z49BEKpU~0N#+MV1;(Vl32zZDXeez>Gy*?N7n!CX9-}&%PwFwxy`#z#xSws+$kK)`g zAmDg!FYk{2m2=^vN?p-**$o7!J9eo*W`sX_h;8BWLek_n2A>1! zjVG#z(24=U)euNoEb`VSZ28&=E>14U+kH7UlDM>4wtbQiZw|$STmJBuy9RQn-sA_b zW!=$_bN4}+wx~1ZI6Nu8IO<)Z@-MXSgh)IM4uY@uGlYe524XJZqU<_e;3Mi=e~dg7 zZPhmhW3du+WD?AgxL#XCNPY&x9r~gcnlGw7TJuHmGMPzI)C|GX=RxrEe~xEi5~im5 zBm^LAdpC40RS<6#?1-+buHps*Ff&Ov#+WX7q~4kns0UGgxV@q$23p5nf66hOe;Cc# z(tK-T5(D0Nj{R{E`~wXLe;%Tqy&O|N>l+jivT8+ySr?c{Coq`|q>c1Izbd)$QPrMk zzx*a1Wv~(Y1U1(IcpSp^_`guE_1M(2B%F(vK#o?k@bi%ecrH6A(r~r;VK5c-90B)& z@hF&Q1bX7;l6GiOw>}&?uf>|{PyZi#Ujbj$m37~l&eU6qyC)YcR+zYg& zrL?$9p)D=$?oQB<5J*BGA%P(AygZF({nx(ly%2-a`P!Mze_p=d{+K3L&e^us-uK*d zk*W5-(U;QxSYp zrZJjN*@r#%b+nn-#f(8DKjC|^%ex_(SF=Io0gEyJB6GdOfk9$s$dP>rTRit^NuwXK*4}%uPm}P=8^2uw!g}G&AYstMkM*>Q$af6^zRqyE<9H z<)r%?6kK*KW{cL0g?*8xSYVt<+Ezb2jdSzd(b&EmO1Al$xGeakxCZr^hKxk&ZxwO5 zEOEI=OV~|&iOc_yCW1y@k>vb?)?iWRstPXGn{o`h^Wbve-iesrs5DA5S4wmLC*S|W zo(N`KmKB-m`v}-L7^CVFm*sP2n*;Hrpco`BKfDu(sMrMZC*m^WsYjWQQQ2)Iyok$B zl%y*5)n?;zQ*xg|)rVq$?1^AriJ+zb{6I`E`w8rc%hOJBd^vGho2WFH=65WD;?UsT-7G1Be874=G zri|A@wnNaLzLdSO;vd~aV4NyVgv=iGdk6C#W5460NAsqL~!^PI0&_=!K{{`_j1|Z_9)eBIhLG`K%6|W$i`giT@#HkV(w#NuHmr{?rrRYZmrwEX237_*)IyI z#EzT9+%|R}Q#Vb}VCG@$4NyUsVZvOcz|Py$&e248CYak3{TvJ9lhT5@`?320M<=dg ziZk&UX^ie1*AOjis-x;asr#NnEz~F_36UpeVqwqHC}-6Kwa0A3o*-f_&o|Pm8T*0|-KSPr$&EedCEq-`J zUL<-+;e28v@F;+_h+ytrVr~rQXTsdv^OXOVrX+Qj#%MMG4pt|^7;&z zCyZamG7ED!2bD^jhHPOTb}xlbt9qjI_ZQ($TuIJK{moeTqvS8zMDS6Tt#+$Ou&F;5 zQ;);m4Kp)K*Pe?$LEM=k7#e`kNxkYW^S*;wb z9fo1#j$61cJDAF6QeO3BP{>LWOOMQWXruOH+o(EdQM4**4%mq0J}jUJ)}k!gbvq*_ z2+#M7#)t+akyZ`S{=0KH{wNtqvJ^!X0>9nU@Ok6nuzu?wc&k)v*iAoy3*knxq7OZR z!&9rHzP%MHbzhD3*9&MO1R04)0|zTqkxdh?S+1|P$rDI^^{rc#eJ%EpSu4I1;1 z6~#fB{4(O8i9UdxV;Z3TN99qx<$O##^aybp`OID-9-aLTt3N9P_fI+If4ZZR=SKYE zXDl+`q=^vWvj%H>Rz-{EUD0!m>;f%hMF(B7ya$_vWd9$r!`ls&E0sa{F7xpH*%*Yy z>Y$Z z+=hLV-C$e3ILdaMgZVO^I0@8vJP%@mn%Wqhiob(@{;f3r(ex`!J`nn{iLi4trnmYO zC0$6SmR`l(Br{oIVQ7%~s*!%@XY3m94y#He7oF#DzR`FT%Y>*(B;Y^ce9vL`noanA z`fi-Q5sny=9E~h_%BN$-1+%EKJMxR;xU{MZ+EginkBhcO)A2j7FYqbiNOa_hTw+2D z9-aOgi@R5aQ;C|WJ9Gnn2xXy}A)f@yB3U&)v2Wl=zv?MIQ$Q1eesyH3E$TZ|MaAx` zu>NKYQ!~Tv(Is43-W`KRe}?W%tQQ|7B3|UG@AB!ia=3+_jN~r9}`OH0mO9W&Cl93+pGj>k!fK}zPDBpQ5zCS~|M4R-c zCHZ)97Q5E`fbXX5#@Snu96yVP2ORU1YK#SIC8pMK%u3HOF$hn#kHU}!CGfsYBXnAL z9%sTxiW5jCRI&8kyYRcR3(KZ$!ln&A1X}7jOOI6lpRjjwZB(yR8gDxdLdV4ya3eI1 zBv->6LSKzJkDa^rVcCjn2)rN58-*eG&@@b>uR2!uMBjDya83M8d9RT^mrFk;$=O5* zK8izAO|h)xgecBSV2g8p!CW-5t}z!4{K1rqNI-PV2&sVx2snZj%MW4K&O3;X=Dg*J zJYzaGlqB`LM(9wpIx4kWK>s5t$S}T>uFV(A1Z(=Oj&Yhozuh;bF08Atu;ARgFFB9v z^dWf-LNEG{K8u~Z_hGes3M?=Z&kl_vnfnyQoqMDE(rb)`oK1u*V-rE%&umi&rCoZX z+aebAx=fZ72IXEmyxmciwyw~1E*77SMOciUgjyO@)H7|pd+jF0)~9bqD(@U-B;3Q3 zZ6h$WX&Jm<$`zISti-a@VTey4(PkdgY46~+-$ATcbpi*DJ*D6J;Qr>`=+dG&s`T1G z-;h-*ENLDd!||E*(8TI(ylveCb!U)#_$4AyeD@Vg0kc;kMEW9VLoa;h@ejQHcaoY4 zgD`CIS^97SVw35sB&xB3LEpDRPwO(UvLgoVyoDPE=28|O>3Y2}mRHjEt5VO!7|Rp3 zV_(oy#PZ&1C6=j+Gv8owk1B93?qQ7Ous9`_Gt*L$6nYA$Xy4W?Jm4^BBX;b8f-#~CV9>J`ZGUZ$MTIR5;^YKm38b(}hG$RKt^B&ZR;PTn;Tf@`39IPCMW5mvz zxUM%A!^y9FYGTCYG+EIWEwNAsEsIuBVquvHmu0DS5(6nCCJ@hekHYWq*s$wk+tiBJ$O%e?eR%VZuR-`GB?K5@AMinaV2 z(+(4tg$t=!ES*`1H3Q4Sy^s-?E9b!FH)$e7Tv>xPg3B$sz*D}OWX5F@Q@yMR@*^&L z5tl2LMuje4V9_~ZhzXaqW?W{zT{!gs&fb0kLsmE*9GQ+uc1B#TGxsb`hbAca6vtS* zNL(K5_5nWp+b8&E)e#u9_8NkuS;Clu;PS!A7;jq=4mF6&>jO-<%rUe2k-aO@@BM=P zlU-50LJ8vX=lEK3f*F?s_b3gD4#nQVKZwik5SOPM2!lpxBE;k24&rjlLMY+f$C!(< zn+THMWW%u}r27+JINvIjg@?>F&DZz^6D8*;xcq|&mmeWkRwup&mu2a&#PY=zozY5i zCULphgdNzQBbMchKw*N*jAf_dg3B8j%dvPapX8GjM=ZjmiEw^lM~tXf74=4~!=lT~ zLG-)KTup>Kxb%G&jI37~^+&A6_ZN&!1o^UzeD*it!3A7c(H)oiGpYpIi%7OnBFG@kQKVt}!q-=ygvJ6LXGuw;yYMxU1y+$b-^2E`n07 z(!4V`{V-1PrTB31rA`>+_CDT!>tp=0$_NakFFlYZf*}rJJ4a!9i;q#lNjMk_>EGK# zkbOp`)F9?EmSyh}@@F+MH;b67eX$o?N7P31B30qeJhS3joPxOq9pfd1n0x0iR+=z3 zD$0ntk|SduoWqsxo1lHo8mQ7?Ar_r|gy-_W8?IrBm*; z)5}${bvgQfLA-PqdFglb|1-Cq5OcGT8Fv>?iMd0Xl*Qjld!TyXRakz8IVwR-od{On zf$!~uSib5c_8ol&eFVAG=3eOBycsI?+<>*W;uKz<_TUJP&T2@^eIM^yH%0v!2e9jQ z0x?&ktR&CRlkzkXHgrdS*MHz2|0s-)Dh|frMdxriF42g&jDwia3po2-8}zg)3v0*W z7)5-!CUswOI@0B}%;(1#A6?Lje}BJp8#E;j9uWS_ydeBJDS^5;^EDQAs|d$p#N1(w z(?{`$mL@}5I#dr&u05KvP|j)g05LK(4}z}jYhq^Fly{5czF%L@DaVyw{-*5EBPVbDPJ3vCmzPBhsKtl zjs?#FukvtVaapw8GOW5PO$0iFxrvYoCBYpWUkR>NN}+fM9^;dPtVrR(V-kZ7W4~8f zI9D!(V(pgmI>x6WvKK`DCIaV`LeYlc;i0eab?4fsTG1W0jXg1Jv=_X*y)k6u5cKa> z2W@QLMUhXfQL@u&Y`AGAD;(Qv$cntPA8}~~R&*?Zx^-Kl;|f1qjv!f)PgXGrNU@Zu zVnRLj9hMGqhO4^^tXd9%=MdS=c_hY->yM!$+M;cDZw#Ap9_NGQdjPam_z|3#+Y@c= z9Z;#l#?bxGD#x~;l%yeFnuUGR%0>Mu|LN+3Zut)VdOCCx@8kIYTg08 z=WW3@-)D$sft8Y)LO-G2PKn-J;qLB=s?CR@#~{($DC(^*h7NC|=xx}{bGQ&B9uH{l zGZw}fW1%SLwc;w1F@K+#rbTKPi@T-0F`#Kxl&{$i^?Q0j*@<}6P>dbd6+QcQL&pK@ zuxxt>9+L>j=dCj1AL7}y^;k2nD;m4Hp@LOQbn+aE@ysvYW9h3LLz^M9FnVzS{FK*} z2m---aGd_u&cP1l>U2Yge)Q{kYw*p100cgzKPS_MIXlqw6{U%w#PT7=ayirZjX6Or zpv#HWQ8q=QD09EQ5zD{qj#jQL@HzL6JqE*zb00Ux zsQyNHOz;J}ry!ABTtAhhkF0zu{wR zj&s2!_-j&WH|bc3t(g-ByTFaMu0mV)lo%N)wq}eBZ;N(4CMdQ(cQ+mySp{N9L~6u2 zoZm4SV|&zxO}UzIsoR4&cMQglWo(VhUD!9Z4w~9Bhg7JE>YcyF>`gDI_Ku`f`rEr!)~r(hQN;ad%}W zbhj>qf4*x2hX&o?IdlX*V{DJ`9!J0O!jK;A(9*gJTwQx&&=QXK1+T?8(lQ@P;hv^v zEC(}|7aC*PNn*J(W7%trDVB$#SIY)yP?NDd#2CwwSy@QVN=A(TKJ1;w-;<1$XWr_w zhqh22eP$p%_6lyT?TT*hK-ztQ68ZE?9pGeYW!5!j7 z4nHVJRMKcR;quiSxIA9LWg+#l%XK0QasKc>vJ`U$wjnOt!L4>%^c+rH_A=t~AkVI7 zS=)`cJQNd`k#Ilf^%b3v?7R+_N#J#|JX?DopMe=O!%Vn55`&1#JsVbmU5S6- zohtp%eaRK2n3s4LTuuzyt>AK7;oY)mjY8 z#^sTtdt-3_uIT7c8Rbm4JZ5L8@kyg09uKw>m+SuxA21iS{mut>%uNIqBeK+A3P^Ci zPi4M?ot2zp-D((m$b1!i;e3a+%ElK3m(!&{c{MHzXEVm~VeI^N4EhKzTbXg$7|SDw zcb<&p`Zb%P%a9d}<#6IMahF_EOU@#%D{2#carUbg80cIA&VyEA!3FvUZDejD82N=i z&VStspE(zU%V*2*^*Q-0U5c_KJB@aEe3_U|jCLbNH~H>1&OefUp6Fw*cyJ~;UmBiZ z&VNC?TP}F#;sz`0*67evR{a4AxX6SO#m zV7Z*%Ip^N@^Zq+ep52)zJG(PGGv7&^%jURIY-N!iJHpMKRag?oBsuJ|>!+nBpM8by zyH*|FYXa#BB)sqBAOx$EP#9T#?~mRQ0{Sm-VwU!3^&3ybw+m7CH~xK#4z6+$4JSzn z+VFi(#42(W_M?t=bUP_W;sY0Ov01`Q&?O8GU2X4hB?22Jx!sL8^BG&~Tp=Ggu4Rm` zp07DRBrO!lH(kp_-MQ87%iy9Akes=!yJtLgu-_5rz>ci=ef3FXX=H_Uq2 z#O@vaQfT6VL;X^V{Cp{rf`qv|ft zE(+&-xW2OW2|@M-4HXUzR zZ_xdn`RZwSSH$*;#Bx$ufM8ZY2>LEsMnKCZr`VSV5J~3^+H^D|nds2zvDlfi__|JN z!ST=z1TIomP3`}>@LyPZaRVVpf+!}3i^ZoXLYQ+Ay@_% zBulS4{rV8D$K`Y-ozQ6rpci?fgVn*Xn*^CTg;rpO6k`^+>^o{x^#dsZN2X6wpWdv| zMTVXYdgJMrSs0~sU(qyIQ~KW7{-PdT+(Zt%ZDBV;J2g6t#y@&==QPV3B)&gK^RG_u!jqPj15Djb|>KC>_*78*k-y z#Q$M%iCvm33*t1jMm*&ur{*}Vo{@$>LFr2achf{X!&s+5|z z%!FGr?E1ensCQ}^?~2n_oj{9Tkbjg^YS%*1DksIdK(qLpvca@&rL@Od{r62r@XEkw z7d|z_B#PbHXDhp268Iz3*DJRXr{nY@FZb19m3hS%@(?^vUvpkP+52XIqIv zQq1vE)!5i3-Z;>&ZE2vdkL<_auFdvCY*%R`@;U}49yEd*jlqJD?;9sum=Y_~@r!P6 zUv7MN<^9E7m|}{$QoazCdHZkPhMYW?d7ML`;Pw^gkg!ssbTi+zaj0af79Uo4T9Sa+ zNKnRHjq}}DCYcF;9k=9aLFN(XrMG98z}~v+s`b~lYB>|h#GtP8;Nu7J5cYJJ9UAC! z4cP6+dw`|S)m!<)$-el2ic{DU?S~u1y_yd9GYisrv=^!-O&4;)(WC^V6`KeH<0q`xJ0K+jVKRYV}` zeWD?Q#(yNIvwpk_5hF@5$W_Voy-ydle+IY_?w0!Sb2i(Lz6yVP#^IW56;u0d%mw6w z7C*xa1b^0)02}U!6QBp$l;<-8o0BUfH%-Y+6i!y0B0p(p%>d2Qosfh;#Vutde>PI( z-!(45Z=p|G{7RFs$wnec6VjBcRH~_3<;JpcKI+z(em-jkS>B4h zzxZ=5xUG-if=4l@uPfU8=IHR3*lF_SJ~VaFlwzv@A~VpM_@+mdvTKMi+0M;YDydeM z=J|@4x(9*3oaSh3LfYb+ZC}JxOJJ@`&}OKli)%YTE<$4z?()OCc{=W#A6vIKD85ZM z*3oiwT-osaNi4s?nXKF@CSJUwK*3~?);yZ*oOhNsIyOsQSSN7UoRmuvW!`pgs6}th zE8qOS!&T=#o`*a4^kVG$EiYK1Y5#5f?(%I@WZ;uY-2y>jlTEHz#Li-g-TM(n$LrUD zf?zj@YqO7yZyO45Tyyl!*7ozzTZ*3~zdw7+-T!1ZFQ$jCO*1QC{2eZJ`a50Yq1;l` zP}u&blX%mx{jqYSh$;d`rOFCAnI(#exf@vZUMqAc6^su$ zSs~c|b;`sO8lM{h+cvh|tYI5kD7{nIx_J4Oat@O_aH^klRI#8qynUaAhr|*WYNtPG zI$p4Sq6V4-TCy37v|Oea*g$s;Om}b0K$Ao;RRWJ^5qt$lh+q*Skni^bS-yL{b}MiD z)VRF|fL|g!j)t*vWZIZsg*MZ?bG>wf25zEz5-{~(hM#I@oK0-tQ(jzaJp`#6F;;M# z%Ahh}E=i!0d`qU3GUm&>eN&ti^5@pBp7{GvFJsuMxW$<(u2Mi->1W#ZtOyo-cTW#p z&!-RYhhZ%CIPs1bwO!QZhL#uf7j+mr=C4+ar&gQxe+<@+4KWXbTb1|{0)K*oSB9N?q>ILeqQ6#9q?CYph*(p3+J`Tzta|2Hgn%=r7r6) z-T8AF6}y8=40|?P4?3t$c|VCRP&?9GRE`fjcqHZ=E&mjD`S>xe{jZKgzqZNgQHuLI zePg?}b4#tO!xfF9_PE=m=H}|I^Z4)G6lJIn;-z?QUd`t;cK+8Fza^S9)QW0T&6$U!M|15qMcCu8#8r*Pr*54{^_t6~j6+O8xa8 z>@W4!60gJh)en$L7HZ>}RafJoWANFUO~0LHd|1E_1?P7XkmS9%(BI1?_O*1BU858Z zMU5LN-I2pdmVKbn@Q#NfVD{$*{EXcjs7}vEQNDVzl?4w4JY#Df|BV@|8JTv+x|l*i zBpO(N6wuQHre^h}3e)Q99vb`O9M?WD-BpAE+7}oT1$>zEjcZq*+Q1GLXXhki|9r$w zW5B=2S_P!2rR(+m%@s7$hn_6z5I8w7qHeAmne*HKkPd*Ipvx!1#FRlfxaw(7^b6NV z9-KnHFP(}i;bh4@&nCwE8~OLvTaC@DdY#C8kFLL)j|}L`i?5Nk5L!6n!w6*2 z@iPzMnvT;>$6$?WK4D6sT`6HOyEX~;Hl}Cd*Eeb+v~2QDmp3r8jumudBJ%%;m*x8r za)%dF2AfShi`QXL|HrfafUJ7<=%To=6Xm>a%~#ufs6<>bn09ip8x3-RR0#qjth&sG zF(%Mew%Y>nr~!;5iDM4WeNu=;NZba+Y^gd>{Dg)>PgqM=9pfEIWKN6Kj4qVXhU+nN{I~K^gSYX zjglN_Ze!kea`%1!OX9TSuhT5L|8*7ZFR#qksN$c{?6o9=ZOglE{6OTq*#ZiSQvi26|u*T?oEb#aTL z?--{~sq6BGjLsw^#iDFx9Ww~&C$>*5B8%5)(R7q`vCu}3@kMD(g{gr1X?5woU@RkL zg00kLi>9Of((Sg5Kzf4hYn6)N?=S0^joI(sbYiwgA5}r9y~no+ime;a6`3A9D2vb# z)5`mt?{(vLyA&{*h?0X2S;T;V_rAQ_4$SWPwC9Saev39YcGy z*N(N9a+0?YI)H1vWvo;TL>PwM8b(-K?$#3WV?YM>1C@Gy2Ha3Fk{E>j;}80!`L>wD zeA;<~^*FFj(aT6Y-Sh=1?n)T}BDM4~}qXWX2>`M&DPBw>x~OG2Igz=B>zH)S7`Z$_|B|-@-s% zLX^J6iVV_+40Pr)DLBdmdpQ)*!+@TL7kyLn%#>S+ol|b`w?f2~R)P~!=V=}%!xQ2H zg9nQ1R#8J#sl8%s(v@@%yaMDW938ppxOv5$D(5UOEcKu`BkFV@*`FV;HKN6P{Q4obm zgoKO*#&2D642t+k!OskYkWXjSt_4yF^2(Fj^WQNrGujACrm}Bt*X2GCi(>Ru)rO2q zjmrX=jjwtV0mBUE1XRO)+W?F`n!bD0IXPsg(C76C)2=tGZRifk;&G--2&?hYhHGqHI*2T~b- zhjvrq%(qf{28N-ul>_i6?e=!#{^NV!X{|?05Yi(ZtX>M?;mkt#g#;7~gIj z?P;o^6_;kuC-8 zD}6*l)`sUBa0gHuo5zxYN2YJigoG!NKsov~bTJMFZv;r3M!wseiSyGa{^w9f3W6~6 z%n4)j$Pj_DKweXy5}AAQY?h*61@e;x83dNqm)UJxlF((!TR4B{db4v?b+iCj#(RD5L$@SvoMGQr@B;WIJ zG;+y!ZL0en8ROi`(>%}a{tn7eG4H@U0B;p9mTOTD?S)?J6^p4@K3DhE>mFY7l5RSw zkSMnBD;CR5zww3Hk%j7{AO8ea?s$S3d9uG*vbBr-IK_iw!R2iVE`r*-`;oa0QAkU1 z)yZBH<|4Xo>Zm~IYE-pOlzTep2wdO0mqi5@^Bt7&(?kc?&_|b3dx%vfLy@8R*$K(G ztQH&|1I`)Bm3B>8ddgep$vD{Xys71$(-)AUZiR8XqB5Be@$KhCEfhfGO@Zedpg9@R z@ywqGeTE=5I2{YTsQY|6u6;}1ADn09E)3TbS&VD%7URnn79DwT1xNrlpVQttiNH0X zcHRvKW*l&Oba17AQF1%N{~)uM5{eB^m!TP9u$!CB!IW9;@Wids#(_%@f-{N03*+n9 z@Gr&NH5;73o0q_w@QC)5^BuZ9|7hvY$MI)hIzL{GLYGt|+XJygCN29jX;KJ>whh1P zUK}u2VLAwnRCx~&`a~jbR`Eavo;96C*EE#p7^9Y7<6kp|EB3Pt5{G@&IEc~J{T!wb z(S4cGGl%6gs_@xm?US~Oy`CQ}hi;tl(|xC$-`9(7EL4^3Jd|ZZj{7_>X{tm7<##TW z?1?tdKO#7}2e_X|>1qpL&U~eqj?AoM_&F(>42Q3et?{qC7qhQq)_)r0`W zG^u8dix^`hZR@G(R%E}P1iLlc>bT7!NZ-NEIk0#jHLq!^bbD%A8u!!+E&?PnJvp^caPrN zPY+wHElREfZ2Yznc~ik%BagfB)n1QtIF!Cwqds!bPgBylQyJ%EI|9r9GD9ut%5T}K zc!~q~S50HPE+uEa{K=+l?WefO6}+OFw}E)XG!&P)a&V>z1A{ge|_I724nsUe0%C65OrujYKcC&Y%T9jHQ;`nIzvv#SjFE!qiE zj1zu$J}LDGo}?FoAz}(4#dAD>9)|T>&GwNXb8ygDhxfQFJNg}pViuCKUYD}oaN`k& zaL~=}#Hl`~W4{z@wcmDVhLSz^8 z*w+v;OsT4>kZJKCY?82xV~$Vzef8L5|ecQ5Ers@3Xs@i z7SnH!A!K+mzo;J1=n+CdoFM)~1`U)c0^3d2W4J3^+2-T@IXZb*^>HGDY)EvF@Vc@! zL-gWg4X?k>TiVee1(^ugDEdYd)WwVkWWS0<{-(`koFSn{9Tz^Mee&Scl(?)tZZj@D zB>(}Yd{Zh zkAku_f#56z(6O4q4$GOc+qP;~`Vkx&xjpJ#{rfm*=w400^g{8(W-uFd)fKb-5yDv+R}pQVcak{n^h@4w+!%y?ht49{8Q|dJ0td#L>+l zHu*L5a5|~I-LL)u1{!kS-KypTxd|yj`Aqhm>4fmq^BOcxcsB$Z8~oVI=w$Pf;!{e3^6q| zsy-oIx!Kw5pS8iZEzn8;Q^T1gGiemk-5kp?$0oaqJ972e<|m=c>xGa=T77equbu)0Df$E=>NY72>8q^$c;Q*!wRab-`}{E&>4nCeVYe{~7<#3x#3&v7|7tDgpk zcdJ>Bd_3xW`o{rGS@#N(?jYq0SD+9E<3pPpeOSm0=qMz zB0QYuU!krjHwF(P!(A845sW`aD1N(z!N$buM-}ZyvunX|pqrb0(b$I*lS%T)b-_Jj zYXQYg$uZy+79CSEiKZUoRvlsaqEyFgqwNHJt8)Y5L< z7@-&bQ|L~wdmHDhvfzdf9s)6T=Ucp9QxJ8{t=$SlKgbVtXv~$E%HcB((rNdVW!xSQ z{3enas) zIllpO?dKTB?GM zDB&vowBB{Vul@fd(; zj(xcso1Uk9COwZIT37v@Jn6@OvEW9bPSW?^?ELq$|8VwSZ>E{#{YQ}hdFOxWCOgT{ zS%rrGJJ$cDLmAzevsfekcaHxLo!p=4f7tn7$^Un%5t{h_7W03;$p6yg6xUR^G|~RA zod1u`b)jVK#Q6Uo=fAi~6G`teA(5?&Gs{lexzez;w?`R~GqUH<^ZHP2$WcwI8leW+ zLuOsh2RxZWrc@O3WO0%YD8KUz`V}S#R=`fd1(yzSs{*RuBBfbS4|1tSR0MiUCeB+W zhaD1=R42}v_ zrf!697yH`|W8&mfr1g9cFxH`q7zbPWMnqu}M#E(GY!dNkBM+<#nytcxP5GiO4WCll zQp;ksAZh-45>t#l>I$(5q-P?D4>i_sm7fN8E$$TteQZyVp4O#-|NLD~9Xq`93WOI5 zp4Bt5wR3N)RKqx=$$>K-af#Z@9$V`z5BWtU<%<`m4{meqA9f|5+z`gltH52r_wyU- zC+DZfVpdi{gP~Lht{!gB&Y11_9JuZ@ki2okE%CX|gcfJnqyKgcT%f2SC&hkejZajl zTGz0DB*V_z_|{=4LX?RdN`gbYOWA1JeHoIHV-qDTGCUI65(h-&3ueTF#m$KYIjk); z0M<6dsi`?Rdwz)zuDaMJ)?c*TeeHqg{E2w~S!X*vT2G9c zXbd_W)z=5p&+$F>W3-@k3h+A4;{2WHbCI zLNI>4zsz2@*%hV-VeYOAnQdp(y__^;bNZA?v690ldA^)rnfx{jKMpT9v zWQQKD$dztSCYCvc=Q~KNk}l*bg6eU( zDL_F1$J~=x5UW4!m(5)EIy>ONT3C53@Og>RVHsuLq+YF;Mh$9|$?y5EE!vETK5 zKMmmO80tB=9#IKVB#||;sIc!lyP|&iE1;|@Szv5Md-$u3tY1zp{x?YPyIy~C#5(DA zx;E`q&4CJRrL?>b>oX zcduLa(V&o^wyf1VzCE3l$LE^v=CkgL8X9bFEU`;jfJV40ye1QuN<4Wv!~)i_;1n2E zQG-y$4fr;wG!&Nyw4QeQG^D%c{Ip#5Rc?;D`cy%(y^}0I zR=hmf#>wEzW;k`74KQTc6toG%g7S6&iuWF5jH=mY!uR=hEAhP#6)M>;E!&SlGj7Dh z>dkBSF1Yp6K5(kLyWZ3>EEBiED>b&I9aY6cvA3UV2mm?EtWSR7Q8?2d8*YAl8ju z_!Spz{|~&uilNi3jKe=On;o2O16!QS29yu%nrMWtw+XC%>xc;6DXT7dnMa=nRm5Ap zg&*Z%I)yRJVm!el%H&NsNxw+aW#FSTGIPo^jQ!WKE7+Ch$2VR*hJKDOnW^Nccdb4> z={-@UovzmVIDg2GXL&3U(d7{Aap{UybRn7v$kU1P_lRl~zJ@GEC(=!gS%Kdb&FdIsG@Lc!MW-zLiD7u4doK*Vjtr#pWzPN~$QbWJYL`tu7$dvq zLqryRXLReDTli(!UAf2T$e~twmLDV6xZZw73UvgU*0}!p%4(o`v^wfrS^J z42>97(k_NYh$wrg@o?F7{iwYFY*`_R6V5kV`&|kOU(z!*o1Z#|29bu(Si*ut#3l_8 zLr+Dq6qJ3I+N}8%WMd}gP}%QPa!rY%-uT`1E#*d=w=WqiETpagzr5GDORQ%XQZdS zB4e!Q8fv{>@2hePPVhYnO=K}HW{e*x)F{Zr%f%5#`eL0{&HyQ@1RyU{Hg9Lqmpbiv zA*(h37F7U{{^`Ku%9wOc4ehxsBUe=KeXR?mf*fLN`X7T6%7`?)Saf9EzaFc7F;!PL z_{B9-=T9ZoD!gzQ!H1gq+~~qIq44U((>vDpW*q_5>#iKEAKR04f?4(SGYFsFJtyM5 z`Y(Na>QF=_3+CcxLOHB{ytVV=_TsXMb)8GG8Xn-PzJAExl$lo0fvqu%+g4yOSRoZO zs&!vYP$%_WF`Z*-q(-Eu!gj`F4 zAG+8Iioo+r9e8dN{=WD&rB95ke_8RD`(_%d(1smQyt@P24~SbdBw4)l`;GANPnu}v zy9N61#Il(cu{@?JxU0&&-B>w}@31Eh)uof1G_ zaCY}c6K!{`$v}UA(cI^QaH5t2=-)T?wtZs-{~kS+R)i$#Rg9pmCw@#+d8h`-rU{>1 zTJ+95X~hnJ9!Izk-kK=8E%Ad{uzgafkoRRUTXzGF}GC zxU=(Mq{$l1W)qaOgn8JesQ(KZvB=`mmJk{W+@W+kvB4(3TpHiYQGlN(c#OSrE-MBN zC%&=a-mqYOd=o9YSLQO!+MRw0nlwBy-Vn7jb(XdHZ-y%smGHy8+%`DH6ths&K|2eXtCnk#p_vdn z>8;BIX**YdbDdb+>Daoc%x;0P2+>I+rRJzwtn7nvyHQc#E}_3TXUJpyAo?C-H^Ux0 zk8|+qCgPM^yeyg7!qUUyBoh^oz5JQ=aRed$)auzOO*YDIpfvXJ_DS$X@L1@J`@EKI zT|Bw@7Mq`wx68|m`wTsl!?$oBL2KDpf_^?Wg%Rk<@4Vz&@xt4#3o=7lKVFDimRT$$ zrF|WzWKlBms(rcGZ{#SJ4D5fo)CQ{5@-v199gb;R{siE5D1Bbp&ZLj4|H$9Z>s;)F|DL75=~5DsK~>DG5M z^l=qCD2c5xe!P}<_*!jsT;wT2u~M}Zl0z`}kV9}^=6m34bt?TbBZYM%e3DXmj7<%^ zaz-W$gV4|DuGwhZalFaOTtClo$=?%Y^_3Rf8(SP#Z+|rf^MIr)hh{KQooi)(6d1}3 z4^d>E9i|;DLV`*9D)JY1dtOck){uw|Rb)tdFpK*yApYAoP0PNZcV#4;S2Yu4zrb_P z+K_$MU>C+M?tPe2DpAa+Gg2GGCSgb{jS?@(f3IAmR_TxqVtIY#EApH!ISPNr6}CgO zg9x2XEgJV2rM#3ZOx3KMH;cTm`1mBCpO)tbxbLKXu6=0@efDsVA};V}71~miJFR8Q zGuZS;)ffzVNf_qRHNH##-Q}4_gzUUKLep0yXj&#gE)efb+)b#-e+jZq>d9tfUCu{T z+EEW@WF`o95uM?z*}?>QEcA=+;y((IdAc&6wTJpm7#xN%v+61q(o_e|Sz0`uG1HYx z_KkYWP_5^$%!smXBbc!Oln4GOGM>D|SP*5gUtUEqcLqa~{rpn7(alK$r`*l_salN8 zwx_$I$>QV^MPVK+QSd91HU@l1OY996&~H0DkrUa;+f1Q_BBqg!FBtDV2$CtDP5JyWhH=rKtf|< z_PWvo&BqEun&7Gp)_%iPL)eAG906FfDac&W$9D=C(p(44PWm~vQHs8YSDrHj%V*_u zz8t(!1+f%Y0H@d&M-Ul`izPgtG*SFz=Da=EZVaWl7BkC~A%-=!{xYgv(o*kaoVdJj z$2&~NG$(kI&)Ebp!+Y@iUi{v2|0srjSzoakeSty8hZVfkvM%%&=YvT2)zT!qMf619DZVNs{~#pm@G)V7KbN#4P=<@SokUWg$K zwym9;3mZVPhmE2W<5KSz3Y#6Hf@i4UCsN9M`#?UonPE@I(_I2^i);dy-SY)#u6hze zC@oy`Qh!jJu%V8ZwY3`ZYwm~5Ko?hrW$q<+%HFj_u%!iaWH)p72fEq^^`6WH^axY* zr<}cNP<}||e(InrG-bY&`$Lwm?4BFXmO+H4pxeN9JiV%?rd?R4n~xUX)WmHMI%jgX ztGH5Q;fx6Lkll*u!B(OZ)J04yWamhoSef7QF!quR^v1or%)zd^eojCUo>j8tt*0rT zNe_2kQ=V97V;x&%nIfUV@iKX8dW*}CbINODC2cUDO_sD_`Kqkm`+b{maSU&rBT+dh zw)u7Oj4DulmmNGtdJmr*P`aNXXCG%@9?tprNn+7%xapy)jHIiKWZ7Yx#Xk3<)Kdde zd>oV$YO%bO_rBBfq_|)yZ%^{6wLi_T`N82c6U&q6KTbf+2Vvzqb4|1iq>Ah4Dapk^ zfz25An6ow;H-Bj#Ht)9GQ^%Yv}Ld*&bYXEDCpO=oA0 zQT8OlR)asvMFXBVc+h%!n?>=3?@;mrJVM>34j+YHfM85DAvx9%tvFf4|WGcY_h zdQpmoLvM=v{nvkEKDQ{6U~QG#vtH1dd+?4~pHbL%Itm|iwX}Mw#PCZcP1sOZc0cS5 zSySF2#4m13$iFEkl2^(}S1S?zE6!uZX7g#czJ@ASMHN@R0;yUcYiS+s_hQH8E7u4E2H&>Zt$?QtjP9K8ZlqUBZksg`qUN-=h6bT zdaX0#)RqxUljO5 z5HSX%aPXXlfC!KugGR2xW-nfz*1>cvbC2@Q4V{7Uft-gJu=qg_R6lH=bn_v zL%d?PJ0M*vnooC_x=>f!(i9Prkpy=C%@i>+&JSS4|$_4+#7*TmP#?pdYQj#(+rM%GCcs&5x zLMqb&zf9jcQXRFskcLq7QRLF&?_O=%h=|vf%SA(dGRV4ez9a^J-)Qr7?DmR3md-OF z%`1_%*<>}2w!RQU~GK_)r9*Dscb!x zBoQeKdV!<Q(BI}r%7g=)e8eVf}3daYBy)K?hz)J#Z za*2847)O*5*8ZARrt09=QsniILg*JI9c~xBW<7p2NxvR7$V6R|p)V%tn-`|5e)Im6 zXz2R-HJXA-H%rK9$K!mhFdXHj|9Zw)FiR`_P@let2g@0{b#6z~X)S5(`0n}C+3}=5 zNJa}c)z9eIgD_SL1RV`y^CQ)^RJH3h^WiC`kGYSo^jblt-@uyrUO^MC#`l+ zTm%qYr$g_%{rpfvT3t8px`yLY>jm7$%}^WpgivE{`6Ne&H2aAAZka>_HpzqNI(rk* zE(qiQO8Sqt<&A_Xzz3dV`~=$1y_&ElrrXAqs}JYVyL#4=iUyiDo$$7TMu2P5E{+4lYAPHo8hA<6 zU$&i#JlU2FJI{%oD&oxX-ebHhO}9a7*4j+s1*Ydz+DVI8XT_`Mi0XZzdKb+E^dW;N zxJbFeRoE}Cq(zj~M#uR)D+04U9;5bC{-rN1`C?Nzo^DhrH-bH#y?8!++*0X0%@-ts z{=imJaot2h+9p@^_>@+$_WbxqqCeS32!7sOu?O6gYQ=4{7T#Klp6jt;D-jM`?(}-B ztgQBa|L=H9=O-kHL{_C(n(W{_rR1M!I$aibPEV2^WHV3;RmxR8N+%0a3X=%B8`ov`D z+qBS%qOTuYCZgM{l*y~Un?FGY8Z%xg)gPWzZvknF)ph+YB)G1;l+`KLVsG4Ad?RX= z9j=O-Q9I~A5EW`Pu#T{6qkeLBvQl9pnq_5t*kN>`G{@m~{yoq)8VxRY{|bTpon8T> z3xjY5w#U6FXH84?1$7XAd%KsvP1kixP$z?ucBMZ^YHeL(RXCZdPS@~kt=`B3d%LJ4 zU)4eT=ZI8n(-^grF38m{1eJN!mEDjLe*`c})M4k89riT;ESBT!fhoAPD1GWH#g|t?utC(~x+n`3Kz0`uNm)``_W>s?L2{t;m!9fe{2);m_BD?Jp-OfTw6GdGqAs-3w0HmMM^O_RjTFOmV!W0uhEW= z_u5@3T)q3mHW{#jIB(y*9qnK>>&TR^kvrWS2irWNio*Z@0 z>E; z_J$9p?tP$NwcT_JI^_8Qlaf)4dMlunJ|~by=|e`5eFGIe9Lp5vUn~C6SdaIg8jveN z9`ILHDs~mP|J^6tl{ffAY~)shOK``zP;&TVCxrt(H?+WlTQ^16)3Z#pqinKQET>U~ zRF;=A1Ca8SJhZ)$5v=l;VZWzHadv>S?dJ@Me4v+HY)wbQo~xjsX;WUzj)f6$26^Q) zp9yDp`9pK~nCE(?0mh|qzd%m_h09rh$*7r^)Ih1JcaIU~0{7)$FnI!}Y5;1E_H&Vi zJFP^U{;*a-ZFwQyht`w$85*~Zagw)guf-N;ilIs^nZoR7t*uj~1ap&(SGQ8goa;oj#z_KjUeciIv5Gx!a~8U1SohI&R{XX{oRfF@;)zx(|9%)_pCVG(+EO zQG9bVMj=`d@7xr}VU{ZQ=;$)FBCT0MDrf|Av7w209vkpicg~q4tN4A0RdMjrV47?czxa{@l$*!$J2e zyBf)0pnUWmw!JsA{qn#>ny}6V0ob@u*qs)3R2*0qL}zq$cYEyV^3PLN;^yLwJk1+% zE}LWyAy9S3569R3@F5%M>hF~DVu9j7e8n3(3Xk2iCB+j}soax$Mk@jzt)nEKu9%X& zi^R5vIDaMqlDy}hZy~vCF;_>)(iw}^H(73HkMqK3?$&Frm+0`53$||97nI56ioF_I z>e3&y!Js~LIO<_L?5ax?K#K0oYI8&ukoD3SJ4nhy70;8WpJFdH=o z+~27ah8iCypx)r2!QH~>Dvs@XVNu4ZY@NENMn1TCK0=5)x_oR{rycs~D3<1O6N;bt z-m>wHbnxECpx21$vG^PVoXJAg_tPmN?w7iRbboW>+fi3aM%xxl{1W`eI@4UI8yzzZ zsXLWtgKr=C(FN{)$d!B4p8Yu(RuQyil&4P_X3IV5WXW=1Zwv}+Ty2&&UlP5Mof2d7 zxO&2gy5|~PQT;aae#0f`e2%9;yzNCXNi(&(^d!F0_!ogQobgqPm{do&{9UU@4^g8f z$D$z5CMX});67lU7Jm&#$@WMyyZ&b+l_)Bb7^(S(O zAQ=w+*TL2umA~psC0fX5XUVEA`-m;0nK|Z;ul35>)uV(SEWIPb!vpD5)oVNn_2NiXoWcFt8+jZ z%)tieG^-QzD_YSrIqz&=gut=@Ur}^wR83XMtO+~DB=nXZlpq!tAZLpj@cOk#sg4_|qkvrwM{&W*0GWF(mFN$J)MZaM7v>2*Gp6 z9*_2IzH>CF#W(Z+H?ZNsFYT5DkS6V-{#mNU5-4~mg=b0I87aX*PU-bR9!geVIgcvk z+!?LyEGR#R-s=A3^rZ;^l)r!RepuN??=sj!gSqwbhVxGw*%kZ zHBHo%=z61#%)r?RoqN-F`P`p2!1r@_w=!&0^K9VmSGE;OOgvVcKALWkK6Q1~@HN!u z<+a@vYi;#h3vAexH3M;wBT9p|SA1qrzo+~nk>BtH>vLT1774hbgEW>8TLGr1q+3|1 z1LtFGx*Bu3kfQ$hA)htteaF7(k<$;g=g=x;iWPcN>ni!?%WdoMeIu713@uDW=? zguawpxBB10RnYoLno}9;-5o7AM!!Wa38xG?;fM%2FXI;tD8HX?(>}` z>!!nEa4>z{UYZ=t{;9<+`PXCDrj!%$Pzr5qVeTDf5#>I|D%ZWB)H2-ME?0 z3}U%6rT$6GiZb#^cL#R!DcPzrcn5)H#Z>ujeInwhdDXF)Vh?!2x1f(~h7_?FzhmDA4D^)hY^uGnte1J^ zr#(=CwRX1EZZQyG;|O+MT3UF!OLy6@F~THSc3Nfof_>!~F|TyL^<0{ckM5G6c2ilBzxoH4kqO=lpHp+OzsXu%i9WQ|#!eR# zbg2`y$bUBhB-jBQp^Y;-Ui%wZ+IJ0$|A(ftjB2Zk)^#cF1a}Gq_u}qaTmvl*#ohhG z3GVLh5K4=?yE}#A?(R3|+h^J=WT5&UZc!;nh|TAxAYH@pSlEzf4x`jXe0nN9eE_<>%m<#HjncN}4$S|nKqN27&oW4T@m z)KB1#>S634CsdgJYc45Qe5luTDlCIgirLau9|@09JJb!w1m@-!G;D(C{F2y0Sz@dl zPj`V$O{arC)EJ1aHdV>4;H!z7A|#Nn1Qi&6wMQ7N6AqP(PUw&4j0Si#HZnzSyVp$H zcY8vIWq4yq1hH|1Nb>PacPaJ>TNs#7)yo5Pk@KakgDB3SbOs_aecfg*$%*@0jr|oT zYVX3DaKTe+580*?=%|?*_SDwZ^XE(pW+8KoqbXm2vom*RCJ$E5v38)}ii+AIgyYzQ zD3a3P7rXre$7u^$QT6hF`xu}9DEBws*Vg}Xh}CPqh;TAxcTcC&TXL1W%haE7Y7%A91o=y^;SS zQ5I5z_`XJ73TP1mRM2sgF1bQ<1cJQS;4|ZQ_zvwt1c2v66h3X)p8Nk7nJJEZIBvQRNO zTp#I1`dZm?U_fD6CLhh$juk(MrPo;dMs1jr6EO70h1b_Rv0PrbC94qJro)=~L%dA0 zmp-AHZ@4%Jk}3_7cJp@;438>m6R)scP}WtASa-MrMcSacsLr1vr_lyVz}O9GNJFgS z2|KPIku0^SVbnmGq@(C8W>cE0)WdP!zr2_-qvbz{a$jP{m~dvL*v%T)b)L3ngZ>=; zI5T~%nK47#1Vq9OBBNb-Hk*cUEcxlFf%iH$b~v)HxSdZwGe6#8)JpgN>w#hO-MH1q zWmG59I=+_-Fjdo0K$q)Iop2v-p9><=p1+7-~9mZ#R~StJC;Q=et8qS%E{ zFVM;o^C9dEVfI<%WcBsc;#=Rp1T7QGRL?PyGNh0)@K0j;BN9L>ziKrymg|wE;P?GA zZiJ$tMCzE+xSo!+qEI_8O-AEyvA5Lx*gFrrnMgq~&s^w^p;EvTwb@K(Pb$0vB_Dw{tE7nLE?Q)rnZ(c6b454ZNe(f)|Q zoiZaTmwbY!1YWnVjiKC?YIH$>O(YrMPkJD~hvf4AO;=J~Q*7Y$&|k{~B^5|}S!;SL za~CaF8c4iruKM=aKZmo*dl48`fh7-XXVPb`O_N=3foiQmVo&|1t0c8jAb<1+u4@At zdACOx(vLsXnJbzy3tHiQiHGZ18lb)W(TLPw70C zes@b|*^hS49jm`|CEUhAwrwC?zeFoq=ID`g@z0d6HJ z&}v>(UT-J@hT3Sd3g#N2@0y~3DK2$Bl6*h>kbibN9Gyqu^xp?ixarOYxqpYtdUka)r3>Lxyr1Ve3mP8Z%j#Ph3;9AG_Do!S`J*rYDWkQtB zYe~aP!PA_^pIAEuN-Fm}f%Ry1{{g;RqQ(-ZvS*i~6!Ap#C!E7lifWG;l^!jyT&Z%)R!e;Lin_#|5 zih|?$yKtw_$jjJV3m2KhgHrG7Pltl>?*T*KrC0O!ABC4G2xI!qVw0rx=QHZq+w`GZ zv$bQ6@29SH>ZKy(IqvrTUe-gM8m?+$m4W6Ok1H{0brU%gac{(?Hw@#IYwG1+yjWnc z{H?eyAl|U-y0b|^vamEDi0@;ev4CZLbY3irNVfj1GZ0R*Lbg$iaOdF?&`sR(Hj+(7N#3Q0}vR&)WDw*PS0qA#8-j&ZIWH$BH4o;{MiPgvTunrV)`E_w`B=>t0*oA%aUM^2MG)utUqCa^7qYK0#8#bRWL3ePOC!5ChZR+&urNr4~q}_}8%*UWQ z+kJ1=spPPk*huYt_kIKc2Z_MSj-Kj(r8qwKcCm(v^LX(uP`%9e*AYgE28SBWxnv~;uKLpxP60Y&~Becu-l^Zz!CH4~Fh zc^Z>)4gsw|m$W|y@m6Q%S_#ki!rY?^$T9-BOeA$j4dco9b)L)gvcl$*2_pRJ6WpsY zA0&9n=Z!K=hF%)Gn5&kY{jVB#o(39=&cf*pYgk&Vn8xxzg5awltz~$S zd?uk^kS_@jJgiOrC2UUQ6{|?c4&3;6^`SmqvW+=jaDqX15eHtQgDzIOaz@eF*?Y0~ z(Ft8|9cT*dGPLs1z=r=!ZE0oMWjgJmTA?4T_%L!fzwmR);osHy|3_!h)qRj-)7`2d z%$3s|{3QLVi5bj@)wF~@I2@*>)(GYmS=)`fgsW+&ZtdoXqF3S~!`A&T=cSfJhPzRw zNUiGX?+U0N%dp>Ko;f5@i_+8CoBXGHHB1#F`n2mT>*;OT`O)U{rhqm6&>pWDs5TT+s=7t%6;3 zx9$j?{Fxx-ZRqQx0{Q4}&7A%JdFoEk)VZ6{Zmn=XWvWYSLh3Nr7-SuTKqXuNMJ9kc z6fWy0d<%Jo%N<2Jo5^Xg5khFDR`k{Po-Jv7z2@8M(-gF zHW;A$StIQJuBi9Zh|v9zLf-G|@>@l4>+mqW_)8$S+n%Up93lLM_p^~H*ksR!or1jk zkJx_guHrKqgkk$jEX$!-tR}J+xMrtmL)NJAkQ!O7$$xOsxZ%1&q+0e>BCDUCl;N9f ztn1#leMxAcUF-Na>1Li^2p^8@Yy!1#;S}@5DNLNlM_3nLRq8}SW1Stia-E7$JTj^0m6Gq> zJjp}#2YV1{#d}D{G67-9VShYUx&H&X+i3x?%?!_Wag-usl` zRusR%#x&fh3t*qWhvYr4<@>#e5H{0%hS>!&WA1)X>XL*{3-7R3*#VMWPNH&WnV~UB z2WZ@l=i7IG*oUN0(oky0F}Y|51EP{+beRjSB>-Wb=?jGtO$WYmKxw=gYZw=&TKNt_d*L877Fh9B4?Q60>`jD8 zQJrW-Ca!nf@aM(2D!pk4P?rQqIdjyAGiW+mM}?uX{d=XZv4Smz17a2HJh(|mF)DF* zLMat{RRyQOl^s0d(~FhtLeRZyfwUp?sp!N%DDih#(MPKw z(l>LMwD$;i(oirr_;HXpVrs2%Zmufl~HZOXDu zHUTMG$yB_@W`uxUT}}_34eR>GNU{0`d32sM^4;bQOM#@!g80(%1J`$9mnGS+3~7`% zFPvyd$(#MnjP}PshL_Szp`IG<(Jgu@IXILt#a$lq}Ya~x+wqaPP!!}8KU{Jzb)arQVFN9#uL<6t-;5Vr#`GGW3A4mnNXNV zhZH$dm3M&js~mWGU6b>Kx_1RF_LOv49#Sc8)2P_*gPAycV_G$$A;Rv+89H2?m2pw(B&yR*fvf;koS|A*NpSS zjE4I7nz;Jh5CsDx){ztf`~9Ln>Q48^fEXE3^`m3_W4&$X&p!#Y#FSa08n&9Vri9OS zNMiIm3`{hEB0?}X#~(@06)-QI%;!Og`Nbe>ehs-lgkRst&))=aVJoN~@RP3g1~jD@ zF~)-CZHL-9R6dfm%o|n>ZlLG~7MoaB?y7u=oU8Q58@qL-uXY$|Z$-hh+n>%r1QXRv zg+J;pI1bE;XMvpWNcgYOd3el+F)-hIon(pVhcc{vmqhc}7&v;NgC8UEa+n`PC(kPd ze{8GyKCok@M=th;2&s{=spoQtr~~>C2eR@9vXl74!u>M5H6uDNSvsxtKhxNe^!o2x zWg{n@-6bVpH7A+Y#R$}%m-9FZ^XNxyMURVSAH7jPhN?suwQP|N3bG(Kfy7P~*LU#y zgW0A$PjZD;I8)X0j*m4*!QctoY2WQBkelFKGSgQ=Q){Wsm9R5Yo5EBZmSwb!^7RLE z#W^2x`yPWj?{dw~PUlTB%-<0QeseqIlmb+QFe;!&o39B8sgaGi&)=*WH6K7AjJn87 z9`|~(M)>a_tglMfvQf#G6p%k`H_^7$j|=eGM!6jO_K;G&C$xj(TrK0BbwZ4}xNS3} znEucFIyhShQJot+^=?*hWf`(gz4KDjAvuFH6&RKVyRf(w*F*@fhfyReNdVb->i2W^ zQ^JG5Ojh!G;%1Dj+QH00T2Zw1a8ctr4_M8bd8El;USqmCvTxC8O5rYN9f?(7M>N^e z6$TP(?K5$*=K*J)86;s2R8Bk5FrT~JN84|>=N+2N0bCJL{;`)>_z<<|o*?H&lW%x8 z!B&zx<6>}c*F?|X2?D?WVo3K;i#mwB-u);MuWOBBit@?N^YOyHxa4nlCzzK)`fnLts3RV9-YneV8^rWBc*Tg=`n-iQd z9**g9$oFk8ILQU9%R{3Y@?E?Ph=&W*_DGG zNf2=(4s=?Bb;@g95bi|EyCBZb=}jm#9?ks{vaewMIzz%gtLa=k8#Z|&GFf5KZ}OBB>75nC zM%*Dw$`*+-v2TR$^n-olQSvW53AIedwUY1sJVwi_$|5Y}<`Icq$I|-C>h^TY4Ro#8dp? zzv6Ti=JeKaH@`y{+sx#>j zKD-G!%@iBF^doI^=`W&jkTm98RrQ|{n7p-RR<6%xd>7@{^IbwLP|ZRl8dn56@w+Q(6sErwy6~oH_=9@h&hGsFS4R>1H3uJ zML#d`brm3XTE_o4D$@JaB6lelC9+D;g#iu=eX4s%xD9<<=vB0 zcAQEuPp~xNnTgSz`Sh>ucXL8oF4izAH`&6Aur|*^6`9s^##lv%kXniWxEH;ht&TIw zbIA5Exil?m2%4^&@j7ZjerYt7HMF9EGBS<|gs&|UvE4El#IUo-=_Y^j7kmSBp%y0=zuMUYxw&poLn}Y`f#4_k#mRfmt!Z(z!bB=?LX{;%9yQB(2X> zm`Z)wsVQpXr4+6H9`NGPNtz6aG?-jI6y}Uv5@Rbvj;WoMW4qkAB<5lk5fa07)Ep3b zWZXK@&u_fzgPaIb+F=OBZP2~aw2vdbf=(lM{yZaOMTv1oBTM|S{gKfnHn*q{bFRze zEnskR>WAuP35!r^c5ebAqxGVgFz4dU3dfKFTwcnfv6!1CgF2ZzbF9C2a#)Bf{xI-; z);Hc4sxUo{%DSYpI#=x@E;*U(P|eJO5?lj6$rSP$>d%pc`@lBCIIL=xd2Mq@+IyJNjk%t-wNpxsDOB>Y<{{KoTIqaH1IRIX7G>N?;}1Ge}^k%~XU zUB~ZHYqB^LWy=qKQy|y3kpL?OZy=`(wxsg*A=jYX9ya}^8P9&6Ur?DM>FlSk?Di!f zC8X6jKWyqr)_P(HY#Z#}4P1h!qmclu7jCH1-@wBrI&wfuC7}Uufj~Suba8L2uXM%L z*9#1vlM2Z%%0-!{yci+P*ZSMHH}IFEG=ZBqPB&ayNQEYc2%47~p=@sR!EXN>SxAi9 z7WlHGgx)|pp#My^zP3zZHRtBVA2KW<@;i8tb;6$|I-Id|oUbJ-6U!tQ+Hi|*h(#B+lyd(9aYpduyfT?cU3Y*=g6=hQM&VBY{PD0 zsa;b&Jz8uC@Zla6A%)+`jo|7v`@k-*+u0B6gr>;_d5Oc1hPDBT{gj-tW#+``bLYJl z@+!ACk2y+kGvZ(Ex~51tv;4|STs5Wj`qOIeGlxw2jOmf(goP~wqG4;*7#P=pd9}T|3 zBY6)8$MkC>f>LVZlsEPJiT2}$Pfj46ru@#uGL}NniJt^&c{MgnT;LKNfaz<#jPt3# zErkZ+9jZ>KBLC(zK1evKk!!*hPfhOzw>1SUr_c>hkDnu?M+W zFqf8mb)d)%TVY`=C|5FcHL&!(lR%@csnCTKNARivamz$_T*M&CJ z|FcB3x<~GI^DumJ1vIov(@RPYkr9)M!r<0{udpz+Z zCjG%|KSsL;{?K{Xq4w7hIOC8d$3&PFasQ6D#JjEBSw8qnc=oZNBJ{rlc0`Y_W=Opu znj=kJDJJ@n@ruJ6h?ys25J;C`C9ZvV*ao6w?w1;6fpFNJ<088PMn@Xi;yoN*c-pEGg$D?Je|px{BuHCh4qTOV;C)$ z8;QLA+bGsPgKkGW)}ceF)AWP1K`3C6Z;;MB#Of$F&4?BGMDrA1K+uq-S2S~n=4O0L zbAk2NAIsAY%pn}PLOHbYq2XCo?t_=UPc6!bT%-Yn1g_BJ>aIogksacaNs4OKMN|6A z82{=Oee4`GDok?b>DWhzc1Is_O`#)EWHnSD3u$U6yIQHNLIU`K+0IHYG9t$}m_TNu_KU#xYcn;^PJ=Nj_c#LR zfO7QL+bQyIwUnSFnUCoHjt)Z;gSlfz7CqwF8X1$*Fv(@_Q=v(N4#Y0GNzRlK9B_+- zuc5RiRBSYr;Oan@YR(IY4Svg3Q$E z-L$cS?v)2DZJ794Fa{!WFtM>foFX@?KN14LFE9q%2|FPaTM|y=>wXB4!ZqJ^IR7uLQ z{g!H>uCYkLU`l?GGdN`H{VF3}y9k%G(yOp+nM3chT<7~$gLvsKq8I$>pJfP)t%9pm zkyD!^SAs|_E+eB5fO*)SDjo6Jrw}H1 z?CjZaXVaNVv2i%(aeSR4q}K9r=>6GcsrQcYnj!cCf;9iWh&DjQ*e-*$aC|-#ClzqT zm5n9sS%LiqF|pO3f8MpztQE$_!K9<2SL5k7Wj1?pQRd(Q6xX*W{{nXxf(*1w)%X9a z`}h0|b7-uEyLf$<fcN^-4Y z_XJaC%Vl4-I(LTT?S#J|H5he$UHG4^1NzA<#dgv5Z`Gnr%*TPaC+Xwa{;PT*%t*;a(Q%f@pK36mEdU?GM?wrlSl?RPft>xvPRja%1|Ra zeF8h$y20(Y{^VaePVXBULh>es`7y~V-#bgwxp)AUY$X+$MPNrR@&{d?u`1P%18C=- z+_=9e!!8mEgweT_bJmYcJV}J=z1%)ac#Sjfx1w;4Hbyem1d; zX0v1EGF^P3;wB#1+LaTo>PuKYp1Bb8EpP;`o?nW?e^()={!>d4Wy~FwFHvA^De?lu z7~tH@%MJIMGzaZINL--r$~DY@9f1S*y+mlEv=h&8TXIU%wGj&>zS}b)09{OgYe>sL zEn0T+3F20%5nLVH4F^S?BhW;ufx>0Xh+2k=unCb4TRmS%r8lX=pg*Fp6whJ_&<_fz zNMbfAMllxJzqub!TMQP`5P2Bm7}n`%Ow4nMnfSl#kEXqVYVc+DrxpOyOLO6K8$|&~ z_q(P`E%M6Bx|aK6N`OAumaPt852Yh&8_&A1uj#<)Yv3m@YmEK+VW*l6#J7OvxbIU* z2`Qt6LOM8y7<9I9qZLI z&c}Xgp|FsjUZ~Vq7OZ5|^ZS9$jTq0ovAqnsv`BolfX!=fQjDKaM3Q(-I3m<2;~&+@ z3t|Yr*cSQ5UlR+ITuiknp?cr2uO`wZbH`ICRBu~(yf=Z%wWz08Tx6)ix}KyigFbch zW>=fYN*xc|aCgb{ZI(BLR#?M7ipA?80ZJgeqyGkl_Cf7o^K+iju|tPu_N7nSI~?d8 zm|N}V4A|r!5x?KojUT2kRjZ@XEBT4e=naJ&zpg=Kq?4a^^>JA)Lfkih^i%4BFUK+c zZJ@zfH!Z$q?hx5c{`3}W(O6Q!P#oC@)3J7FC$5Z7q1ivIbF6N=b0sarHUX4eHSyVG zL1}%-Qun_Ev{Al_ufaS9Uf3dS`o_sFXTjuAbyQ+B#SBEp&2sC)?FdXSx&;+1Z}WpN ze;QB&pn2aPtb+b@R7%55T#AYU<8)nRU@S9hs^*oR)X<)|&Z&ZgGEL|TtNw*SDa5*b z)s%a2lZ$m^QB71w$Gf*G2JiGQNp}%u)O^Z|6X@0@jR(^ zf`}v_LZ(rfMh$Zo<*(oi`NHd$_SaJg)q)JwZV;B-c4($T-`KF7^Eh@ju*mwkwgue% zs+wBd@_>RrV(k@V-l*mdg>57^LQnp)QlRZ%pGF7kPTF4XNhWDsr}&g@%uT}~BhS4^ z%SBt1&gR0w9Zg35E%r&j9ptz~mVYxoEdGAU5$Vxfi!I|8{0HeQURg-dn}sLG02Yt8x9XJ+GkPoLsICN@+KThELto=uSOU|IdSWqp!f~z>3mR0+-hnkADGKCIv z1b$XSYiej1`y;1p48#0rgt`d{caDM>bFr~BZG{^VHGJ{;#t3h`ynr7z`I*?%Y=iXMeIl1FfinM_C%RjYahP$@5VispQw4-tF}j z{6Bai(leN-J%8TJ#zkr+EE5K_Bt_G?N^?ZJH06%ekZ*6 zU&2)W&WYwHNW>~tmRaA!d$dv{YrL$NS)lEhv3ve$yXu8Tr;^>@GqL$EOGN9R3l#^w^EZg~1-TYv8e9Ip_usvn>$%HD=Il=XkqM7l@!mKQ-^aS*z4~PB{WrL*qonLqPS z5TN1Xb8iGdL!hs~lWv{}f-bvFWJqLfic?^xW`2>?Srv^5>&y+{Vhn-a!C=S?v(QcK z|3^~6k3y#{da(Wg#)Qd?AJmXR3&)Z7!L&yG!)k=WCWK+=Bw+=8VW!IwPK1K~R6hfn z@I?(#Bth32d-6xN;m(d#GqMcMW(V)DP$ojMe3_$>uf`t9F!=}cO06V}d=tIdNwZQ$ zfSfvT_eW<7b{1m&<$E#raokEACkjUjt%PvnbHoGLCH3Otb?XQ`7a&o-Vf%a=KB{8t z99?bF9i^1K^V@UYqy!gH1<6n#H^|J*Z$-6<9mPo}!o|WRHeky(o9C4m^E*!xD z(YkGns9oGtZL5Y}-3PP;0-fzN_>FXdR<AB2BMMBn3c;5OQOvR$a`pt6(g7d<2~Zfw4d8j0*q!;XORm z@8YmT@6i!xI_H_v>uiKdNQ{LgoY$K!7Wz_eNv#XcKm5pS5E7w-ETUL#NMeswVpBt4Rk`6x@#JORbKRl zMuTt*UR@+N#!y<;iD~;8;UAv4(YI|;^;XGD3TbR1f_;1oF9X;W@n3<1lF^l9Vx>Cv;HE+NvkxbSAtIoOj(+BV>5U;U_>15DrBJTt)bA2PfU=70RYO zs1885^~Qxm3}F*f!V0c&+~9QxnhQh2V;ZcjcJ6rXsLC&ISBa~S4d54{$#C`)IAu}Q z%3V?=IBru5PM+H)Y4iu38maPF>khBYtSQe;=mC7J`KnLMwMHs{WiMn^U)H1>iEWa% z49abs+Tn0obv@2lD$UJPn?f)dbhrQ;*-}+^4fN6GD8Vup-)LNMz8Ta zhs)FWd79Rr+G206-jogDhJar;zZDp==YF{31d5b%0nY!S*!>-XCagWOtGJMM|N89O zQkBCxxwX(C%tO;RWIy}bx>JyLg%axw7Nk_6D4W_FW96c}J!_~Uw};h=8DCmAPW-S# z;1i&NEuOS9kaPrwTZA>Xa#xNFQK?_9XVJC;RhBr)35OP1<2QE(N&fWY5{*gh-INOYx>X)jBT^z;>)xJ`*WR@*fiu*)=y{7P`1-BXRV$aaR&p z#kEp59oSPf8lN&wm{MHxIT;s7hqI0q`$BhM zRBEHUtaBDpJND|N@rn6cYW^>JIiP37-WaBJ@c>14EQgzFQv^3Da{P7Y=EZmLzyGe4 z=h(lCurc_G%Wm7Q{xv{}YUCnIWDSVg6SmHG9htP`IfJWBsy|v-a`d(4bY<1WcNf++ znbE>8&X5q>^Mmf?RH5a$@OGn7B$tL805V%rwaR^h^nhc^+@I$4^ra#iIL6Jb2yH{| z|M|q=*ViihG}eKYUG7c(YN-!tCf?#smUK&u&ZzVnH&e(%sV|WQZNbroZ=&nGQw^{!^gj_webG= zHJ3a$#LI4vA>?uP0|FMCO_m@jE**Yp1TuPG!6f2o0k?yij9=z?ELBUtiZCvr{_PZo z$s=54Oo7W=8efuwI{qpKX+Mv=&F1nrGFdnPA7-V#%qW-!zSVI7D(~L`qR&IKd2fy{ z;Ub5+E5&)#9ADUUA`xa(5DrMZj6Ux-CV)ut$2r=-U&d;doHk~qERSPWhOhz9%oF|u zyl6&Qx!k9e6r`!E%kj^?y5Dn+JfzA>-kSk^Hlt1FC6=16I$ zAEwQP=C9Dgv4l3&tGH5#53r-bBjog{5>+rN%CNa8qX?bx4ivYLcD}Xf&Zc;56hjP4 zV6+c80M^~I;g8k%tEV)9{~=Tr)=XRWiewk-bL#@Tu%TiC-5T;%#aO0Hr`BrWRUH>G za3<>InHN5>?tAkc^$_SzqnXPLrh8i|)zMXj8314$P5G z;0SX+^brfk%XO#MDMigx;*X93-y(YJ?SK3R=LbX<3symz!_n871d4Xnlc2QyL{ziQ z_<$O)k$(;)oJUhk?>}N`V;v8^!BcRr@RPT+Iw|(HVhbHDIWo8%BT8O4N=CXXSts`8 zH#BD!$OV}1Y<$5&E1!JfAp|?U6vjMg4KO~$fJeLx_pw%dc~YDLEb#C>eg)ZN5L>dn zl&NA`KPB6=Ufpy&N4W3_k0Hm9+NIF;V)BkFg&a&j*7Z^yPuH|luTJq-oPxg?UJc7} ze92gT*xttkZI*qt%^~Rxbn@J$OtQj%i||gB0U^{7opm9fw61lx%24x7cqY+)=13D5 zn|yf`HM_5_(Plw&musWX-NgT^W~CxwyYK1yhV4r4&Ybc^OcDWgbbL|k5u!yx}l zOnh}1{t&|v?-t|HZVwHIYisQP&Ua%@;_5~p2hHGKE#M_8gf8yBk0ei(Bq)}mh*4pv z)YkM~W26{;pGD>tc_He88&;mtmD}081KN3etylYnEdRP;heE-jJ)BU5JUbr0?W+ms zmp9cCJTIrnURnEbSkAHhSTdvJX9?|>#Du+|RFRqc{jk;aM>K4nIj#_$&ggJT+>^GB zKAsOT(JZ#^gW*7s@NMaNM?^f!;)~W)Z^DwCGUcH}I0&i<@)C1fURek`J0yb+n1wy3 z)g;LwX%aYky9=U0>O%kY@fhF5RY7K|(5(e9jeEQi2zKQ$WvK*>2yVS(6GZF4U+RQT zhlmm*i_JuTJT|a+3uuXjZj4>-(Fin{w5&t>l8NyUtgv$`Uu`$(@UIkowO3r@ZPl{T zih{zr%*eq4NW6=;eMV)4^gl(hI&{(_#{(c>tZpi8{xCS{Z;LXV2aob0TZ<^R|JJ|x zZlj!t*j#cVyW`p=Q?*Wfuivw!8Vi6X@|m}l~g-RR1R)IYZt7o*~K0lJsRE4~b$@VnPDZX>;P+FVN36LU1m z)7BOATUis|*@?A(s62WZq4Uj`M_CtP{u5IbYWQkjKYRgJ-V+IxOk#Mvc4o|t+DTFz z1P{E-*VyxQ?A5a1C@tPP2mq^kF-QLmj zKnZBQfXepoYQYt@==ykzi{Cxw0ex0_WI&Xm+^-B%X3x_)D=JGOAFFxYXH+498)5uE zESMyi_%dT4sez8;&hZ_D{r6i7xl6-H2Y&4~6O6;lJGbn}A~yD}pXRCrx_a%+Enxm( zVvN00wVEjebBE6*;CN*}xN3FRL-j$JvxDrOp0aVy3L)Mcj;Zf-&}q+(jfH>4hGZ!( zc7v&c;Q2U+Rc5bmNHkJNPGcKYsZW~3Emqe5c+ zZH2&JKmyrR+E9$yj2AE;O}*{)ppe%Mm1vC%lt}Oeu>2Vx9tU zvBg6ZLvnMUnr~f0LHf z0W-7`%G-}WmEagI4OXNa3A&qOzu>PCSs_OVi(sO*X?G*0=>Pj_jHoOV&&g0vFWS3L zLH+O4>-1xb)E-gPv}MR-`%3r6ODUe7HbY1gqpR322j%VEUumwe5yAJ1w6?^mIPRfP zo28bjaX)@_*K?^7+zuVN=#3}Eg`Zg{W6Xi+d!S?dOXn*kBuYpa-6d07{0=2%=CG<` zncNr%r#sR<*%7nM1OD{A;j2QcN^gIS2Y~q-rt@pDsBnmB91jbRim9UQ>zpZNq zK5Wj!uKanx!A0rN2Dsz)JJu{wLDf&`!cRxx3ZRexDmbyOE`q8NQ(xi2jAASs~=+F*r^aTsUa#V{G`Knhk9LM|(I}@)Y z&2!yRdDd99WcxaAJfN9*+sgWn?F3u6M8UyF4(rzg}K}m3G#l2qp7@=XriFT zGW+>hp#t#oCGI>0k>hQA;9h)>>9#nj-4V}?!9#_fz!Kz6%=v$d+B=YiO)=t!b&NT# zav*Q*pJ%rlNOX-8++;WD73rL&Q@OAIrRY0J8qq>^$7VVBUkg5o!;n~?iw1e#&;)$VbbkTvMvW-;+(Y<|SM9Vm^%jHayT$5VJw>m1 zNoLP&al4q85{`J^He(7$RtCb~BF^S}H&m{M13!}Jo@iJ=#3Zt~^QMJA-_@_v3+xa= zJFfYJwM)r7V#h}dFU_+q_^OM}*Y%%z{o>h=mB<2`Z&(za2QXP8&`fOwwCSZv@{Z#M zg5^flGR@@=`kOFH@z^JkWt?+;EAUzSw+vmGgy*K!m%-CmvGf%k5FFj($A5WYErpZe z7h4wttG!P9$l2&`(3O`#)@lz`3}E4Ocd~D3ri1-aE{HvMFDkCdDojTyGK*POet;AH z2FUGxOe>oP*dHo)Hm83Qk?jdt7hRq749!cXq%mY|BzMZ66 zs_F8n%QhM~qF6W+F&k{jiJG|pZ8XWRP#5*7!#W$lUr6OKYmB6#MJ3$thT^?T)XF_w zxJZBD30_n=^YYCa(({S5sYz=xEg_+Iu9i6hb=6WUN|c8wE!vM1;5>SsNswka=}M%w zW}aAExB}aGxIRJ+@McZEFx|tbm->GZ|5{_yTSF0dZ1+ZUot!`_C@Sri=k)IjO=(@zN24l2@xj_C{^8m>E^2>dW zU}zGZis{9m!=*F<(>$X^oZep@qnHZ~A-v1QGI|x01}=}Qf6Hmd0J-6zglO~WW9~>L@-6$O_s@`@rN4y!d3^&^ZT3EoR*|b85+gfvi z1~!?0#uyq5huBt^xAvO0YD$8eNP6rJ-ASWUXoGwu68nS9l&q+J7(}GBD_3}AcKa>! zkOGs`-G>9b0i8C_MLsp^GJ=ykulKowVCrzE<9Y4VwHLh7nOIYq^FH}RQ&^MBUJpF& zKOQo_)z9fSy~sPCj<6tU`lWJrvW2?rbl?|Whk?p{b^yw&N~56 zAo%t-9jq@(A&SS!gADgY0V2g+O16(4zP5AdXZRc4u#gea(61HdWYn*Ke4 z`}n-CnK8)M<0wQgVy5)g`ij=L6#x1oQeL;pqr3$!jeitNzRGIz)DO$IN240L^;u{! z73l3i2p``JPDS1EEqo;bq-lYVVjHIFc+KBaq>q%D>YtA_q{~pm>2!;Z69`=ip(yX} zg-SF9S5VAv-Xbq4(n5#2!AN)I`8bkMkIeA80HKhZ18LEd`uQrD)_G3?=}rH*XCgTh zZz7mcgD*$J0tme-EurlRGv zKk;RTdMRPRB$2AP?i`jK_JuvaWbY`r$G+D37hA;pjU+tzLAs3VRn_yBy<}1*KyB^d z6tzuv?XIln2ei}AeLJ}8_Wf!sV~5XwpE;JyOeAv#&+km3d+`q&0&80cQzmYzxz+p) zj+B9ZkI)fX*6ext^d72jhn47LE`Mgd=wX}qY=0-RsJ)$#^5AGS%!g=ONMsP0DGe=lN=29mY z@AVBPFNn*kS?aWe%%?D;239YHO)=tni^3 zjB}9jPY@#ay*0Z6;mCRtz$r%`d#VjP&NMRf?Z2RHogM~1bsCvLoe-M^=V$=Ai*O|U z0L5QU%ew0B2J!oHgAQWSXTRW#EEUeuxUF5t8=sRko;FJkc*`%%^vZf42CpuoG{6o= ze1wKEAp4_~1)(h^=p`QS@i`j;j;H)~dL($A0za{54icKiSg={{F8F9lAD}w_C;mh{ z0h7(wf?buSJOowK&m6CL7S4Q;4j|LPzZ0*kOu3Se*{~Ef#knUF40aip>|(v^ExzB| zQhj83J+t#kK550z@+(PCbCaF_eM~j!Cr+ka^Es>3fbjNB`cZEH%wkmD;F!#BX@VS$>504RN_=agf;Eud^qbVsd-h*x-Zy&exk;n=KCv zcuO^&skA{#&>>NTwk|}W0a}_1GWF}+?+ah)Hv2@VPF9^56kyDrWKzJ27J^H$wI zaI3azs}`oaXQronTBf@|G_h~HLLwll2C=zN^K-hLSRmn!7>Uvtw7_xWm$K>lU*+wC zp9aTn9%d}r94*4Lbuow)#tMv*w&n&Ln|&k*fH=I}4ROtl^@PI0gwo7Sn1{SB628N} zxk3$;Z9&;XMBk!7axXDW8!tq`j-p8G{?aK>4?{HHN>o-YsIGk~$|rT_1bxg?n9n26 zTo+fn+Qh+N!?1Qe% z8?G8z{T=&A0`|7T#iuuWN1p?@+4*SWLKJY=@^1MHiYgr`KicA8&0v#3y9LzCwjhuE za&CnLe!2drsY?^z!)EaPV4YH|#Hhv+kS-TZr>TS~5|?v=Xek*-!elx?q3Z>Gsr@Oh zprUVm8I`Y1rMF)dYxB83#CkbidDv+iw|{jl%-yo&VMy$JYtgGU(8u3X0ZnfiV9-gn z6>+TdL8C<0gcq8bxO;#?^GQ49(+D_?-it0!7zcUYO0>BVjkI03s6y5EU5z0IpS6M` zA)(;!mA+QPz~;t+SYV@ZPaYvjNgQy|C%}tK*DpQX@oKyLyycCViJlb2i_OlTISnCtxDb0M1=+2(rqlW%AhmS^#-0L5IKF;>9v%x59f zc^!(`A$%Qir($SC5l0y|E6txi?D%`7?xtsKqfBvKn`?wM6HL||b0F;vS-@hTyvXlD zML7}uMc2><+Jh5C_X}y*MH_AgC%@>GNk!=y3`OPEI0c0RE8Vi+wJbWsX;o)cjZFJf#d4mXFZX%b$Y3d)r4a(Q@c-zSbW(DG?Cty#za?uq(vX?8lFT!E)iDj^NgL>k+*(X5~*Y5E~G z>XOIxVKESz-8K%i_$ILs&Ec(PjC0qKyJul~ti38+hvVU&Q!MibWam5`n?~zs*Wfr? z*+NfZgf&q6IONLAiEkhZe8)Y^d-}A+up@-Tb~Fht*r24Ki8r|jK)?`Z(EC0^;zwh= zIqIrwb&vXjmS4B{Nv(GzgZw#R%arTWy(Ooo#h%G+n((lJOm#9}CT3FQIEmbAI2H*; zpWaIN6`jchY;rw#8zXw=K*y8;H*_+l77mH=r^0Bq$&~#U^8Kp(P-uF6aa9Wf+p?#_ z@(64~MU$*D*v)n6AZ}&3(xQK8_j(;u1NEALomt)amCn46)gtXrc`;Yk_N$)nq6 z^CTI6WDIxvD0pC!ggxGNT@Q+?6^0uv$mTy4XTE7PzhC>5kF3(J7abdzaYf`NEo8Vk z`#WKJY7D0esd@9+Rc+7oZU15MJz9nXb)e!C0?9isW8UX0JNIi<_ z4*uzE-z+bGYO{#^I*=wNF~?Gl_98r>0pE4SfP9RVoFFr-nyOh$hO{gD&9@HeJrYI$PWu~=D1Ipg0?=}1xZsFC{Na4^RrPT_S+qVyzQ+;534y9cl{0SU z&$EO(HHF%70l7>gm?FA<6T?_fT9QJyV#J4{7<@ycMo?M;!joEk)LJe==0XQ?_DU^h z`n3&}su)0Yt21QJ$&6cPz z5I5qJKba8YGJlcFZ8l=scXnb)GSv`RMto1J51 z<2*^NzXvM;f0sJgAG4yuNx^C^o2Qu~FZ6@1gfBS&#k0y-RN7bthq>Q@fU+&oGHKb0 zp)DiOw1%1FTDbQ-s@Pki`?GcDT`3-o^F#G{c<7l!kzwE+#mpx&S^~R`CQA8nGlVj( zjY9Q`r}C?{w_}||z_FMw8CSLmxCB@JCQ3D|LG0j1qz7=cn1HW3{8pAt^Ws&0j>Rdo z2+}-ms6eLGcfQ}D4pf=@g1~3p-|X*5BkUnVJKg;XovIP!zEe;`N1=-$wdI=aVEMz3Mil7xxAOZW7|~TN?d(} zuVdlk{lv7oA&T9191xL2g5F1Umv4XgM~VS9M)v7qUSt|qs^3(!Bv#sbXsyqrsY)BuOpJB;r`VG@_nHqkv^ z5IC8i%zY<0g5KJHXBLM6@ox-fd6iR~Fx7n=#rLP4FGH#&T%)Y*wnr>g&xy64EwebD zJIZuE2%C>u+e-T)*_hd(5)-$iOmm{1Q7z9qdL>M@XjROr~|72RcbYstF?in30d zzk%@4pokNRJ-jUYT3luEe?@NOJUr;E55ElzAjxQ&=>PP1QuoK0D$HY-$r|W}bC;~c zvUFk+#0fk38cj)9)1OWIavA&H?Yb_u7fol`gXKMNs~0%o*5vj&#__?#A04S0p0+5t zqrCw_NYUCp%HoKP{G7WU1AVNF`W!(Rt=Uhi{DJaHd5h>S#vJGn`PQplWt2qWw1jtF zBhiDb%tE+8%J1o;E`v5#Ul6}8WeX@Lrjm?4U;<8Pj)jYNU<V=*3G@m<=N9nnuU2TCC;JhvF@W~J3Gj?ofZ7m{oS04oP_mmB0p%t*-`x@BG zq^5CQ{Qh+=otN8v?yb6g;CmGU+;enN}>Xj`luFp$pbh}zKnF;Wz`}E}@rf#ttGWw5iA3LNU)?KlL21W!T z(`xhu(_i0~MjDS)S8etQ@)YA|2h6?U>oQ5Aq}Zd9D}C<-la9pZVz$=2XK7<(NmCm@ zxq>n-P6-N)OWbmY)?Hkx!vQm>5gZTB9i4V^TZt{4qIQR~rDJ+kqk6q!U!9cc!_c>R ze~atG-kvzVB-53jEwe-&rED9>se9qB=`(Hi@DmH#_RP#v&W_--qeB?pJ{ShumepZ` zAr=Xdgo{8{Qt=@K;E;9j>c^E3gbB#{aCI4dTiu-&6U{7Yq2;5NpZv`X3)}YIuzx_E zJD!-r?j&ig|2pqdgFkl7^K7YF4{w{C>+T*=?`XGzbPn>Vq;_R!H z4&(IyGe_)d&`2D0PDfQABA~)TA>oqT^RRi3qv?if`N!DJ{#Ez1>my|l7n^#&rLGr5 zNRw_XiR%3#lPt<``_P2rINR7RD-Y3yuQr2f=;$X5LA>M;CJJC11HP75jfO2vl2}8~ zdOIGPZGFA9=Z6t=|FN||az+R(;IIX&4C_OmdfCNJ=ap&C#iW)vrHm%J){@ZqlLbc` zp-Mkq6hiHW8~K3&TmrDHY{Bl!1iIACtD~wKs1B5U?qj$K+%CeL%@s)9}V-b!wT5YKg?GCgp1*V!P zh*I+Uc~#YcF*}g&JJ7g>daxOTO(#wN&|+>__F`>-?~0X zIWj%)%2}(4#V|R+xM$tzn0Ofb-JG*l@%TrhSr5D(PIEV=C2edxd}nciqVV8xR_VH- zjDK8YtdA1aMSEp?QiXd;9X#{G+}0;Ty5f_F3e8HNmI;>s0uSJXv=K8)(m@t(qCDhmYcr0kshd zs?$QvQ%vgLV2NMEbB)7VV8jv^(=!F-3RMaS*bHs+} zE9g|K`hA&bI&UWG`~S@Mh$ zz=by%#4}9HBMMSSI|jnwYXe%)S>KREPS7pDbo~((JJOel$^2;ZfVo|Tv~LfCg@Q47 zm=Nzva>peh$&Nq3Th4MNQgrjG-O|iLBq{EI?^OUOU=`$%HPU1)L7=A83Sfnh2V`Ok?UzhOE;u^pb@%Jia>51#hJJk%I1qHLx??LiIA z5!^OIS-toZWvL?tJnB)kX9Jz3&8i#V3-m>HiS)C{L;$m=be~Co)H=EV&%{F@986^8 z^sjNsAY=N2_tM7ji9zJt9$kG$&({p`nEdp6oa z(>iXPV?5SkSlxmLRTCn2jVF?QoQX--M9{^uP`YxH>m=T}2ZW+~CUx={zpLxYeYb)& z^>-5uabtt~E~`rIvxbro$*2Z)8wXfl=-LzsI>a~l=ew%!+(xeLJbKzQ!8N*2qpABW)N=X;at+>ZzdX}m$qiIO9)*M8k6R#^uzTpyswHnOg}awEVtj~uzc3dVub%ScgvrkaqF zpYOyouy$;SXP^y>-VTkvnDpm6K|1LpoZ3s5#29O$qg;j=d**`9emW<+l3yKgc2S~U zpt2dydiM8i-iuHhHzq}!v`MduzCL(lFH#02*{;OfXg>uF&N`K6Af_eiVWV~J{y8Y| zV5bja!!klHJG~cm;(qyn-(btC-c`3wlwZ{zu#DX00iBN2 zw`r*|9h5Fm%wrtBMD^T#?~F)5@RmP4UhlnwUBn*)<6gLdDdc?~sNExcc|ViLQ|vG8h~ENwV=i9@7p zMZ0DWjO0aC+d~IQh)LK*)JAQ&50n}03wPWunFOT+K2RdWg-7WfZ`pma_(uEU7-mR> zXsK8LL-8rUAX=@*9#D*qd;S339ZT zzx!xf`Z0~H7?6&Fm(IcK#1r^-Nt~rmoMflpiGJmQ5v$TD1)-EfVgi=$E7Zfjw0V6wdyt$d7A;N7dA zfj%liJY)XWcKPYobw0Uc^k+W)RJJu~W6&_V5^pNPq+=g^+F-3IBehuN%k>~lg>8V7 z2erPgvmZvqWcvi_ivChNhrRxKUB>XIA0&ND`}+uvWN5clbK>-meWS99#mT!`kHt9G zp$AEZn#bAOL#V)%(t6H(U`36g_^!O5f)yl9aTqDRk#NsSK)QN?L4tdx&^v z|FMQUEhU*>#x(10%QMETt(1Fv&rbj4M()u;d5zUa{Oz(>1Q1mAX@Kfx(?`YLh_K*e zeiE_s^swb(x#?)z7WmRES7yNSh}DYb(pR}tUf^K#lEvDMR9#b2&?R4fJv@ZmRv1YN zV!UiCXG6Cd{&vyA$^`#9Do;J@nXzJ}1YD-_P)Sx&$x#;=>AuUS+kB@VRO@&B+kJP% zcQR~d&rY!j##GOf%`DQFF8(<~*pvxthtF)^pt~vU_r*MSF0R1g17Gijfiy){HNZ<^ z^L~YU5qb3B(^LPzE4wi*8-`(eMu2dKUiPW}kIKQo$alz}cgO`2GJBQc- z9Y=x*60vKJj4^^US{Ac<1t99l`6VZE;u#YasMfK1f@Zpc6xng0CEV0GCeO6LZ)pgAtC?DBfDaAstFO%O6 z@=NbLcvh{cErO{-3WbG5=lTe}2*VX9xc`>i<84e3j^z zWny8$c{lyvb^Ch~U8*h>>>mj0jx9_2&3re?G0Lz^5p_JNnO# z{IdY-@jf}vPCwd$1#o+IgZhVtcDDMWd@eU(D8&5!FC3gBjM2IMeW%MAr|XUH8{@K@ zYfKLZJ3~oskOwz1Q6KCmEJ^}#EHc6WyZ$r&^y~S1!XFQ(M5wh5Rh*pG@Af6OGn_xa z>i#)rfR%s=((=DM^*xeR`rjVP`W4)8WFs4w^56e?z90SZE4bn%IUgBX`T(FdI1Bap z_Vh^aQd3j^pAj@20^4T>>mmCR=^km6T9^KDWs$+AT|p*x9^giS*S3#2kfvj3Pu2&N z%v?bJ5lI4~VU_L!G=1*BFpdHNE-GMoJ~Oo|C-!d-%Ka;A0o(&KXXg@;G3LjX0167s zFe>DKKR#xfENRJaOTv8G?vwCbR!8^T3pHQMcmY0N{W{h&Z{ek||NUIObo(fX6!rx&l$B#H4L=H#zhlA2LmjwaprA}@vebV$`pHJg7e=M{d=jBI@Lxbu zsZlEM+yIuyGCn3IMST{lKTo&Ppbk~1)n?6T+l%#%-pT?XDT?2rj?ff=7>Iio?i$^j ziMvK7>kLJwk#J5(0Kwk9qwp6vl>e3BGw>rq&=mfYjNUF*;Iz|W99-tP3}alRDI*U^ z^}jT}L(GB_`3|)p@Uy_7i1&GX(4QxZ)1^8h0q0dCT&#kjzMYjOmjdiy;v2)m5>1UV zim=mV)M)AVg@Ser{nVJr5yCPg;-vM%Ey)TKQQMEOOjZO^_-*jV%{EhXl_3mn^gom; z3YASUoJJ7sJb*Ga6MTqj{~zp>y50VWHy0abf>B6V6v&Z%5*t5Mwyp!Vubh@@r7~|D z&;t&`cwt*V2-s=eOHwo-7GeA2A*q1`?O5n~W~nh6qS#hpVwo733R)!b#Ym4cTc-Ni zLl}anf1tz_DjWCzz;3OyI;G=D2*v&HwxvPc)>+7Dy`)zG(LMb!xBy~ed&u1x4n978 z{}5W4G_KSg`fykOM?hY=6bxJnFb?xPb;=4RNzKI%AgQJL%G& zYss?v_of)C!Z@;+?NM%)6<~BgT(19Rry_2s5W_9h@}bSQoq4$0xw<*h-f42l=_a^MkKHaHNjOL{n-;Td^V7)dYWu4&wSMh1-SxI|7QQ zI)Wp{k@;r1oe?^TeitdE4mLsr`?~08RT;~C^br9;vocdwc{c~PZ5diX-n$S{AyuTe z|ExR24a$@GnaBZQQu%hB?xDsU!S;ON-=hVFeM1}G$52nPm~#Vsit`JGE_$FRKe7eD zA^@0xZE==-vH3EE`vj|QS3e<{a!LC&1x$_M9VY6|k2kq5^B6##TDp#WHCm{ukK(kA zdWe%D2}HMrz9S056t2Q~n+3mZ>7|LkTTCTE`B;)R)X9n?Q#Ab=_Q|L1(38Y2mAi0a z1n+d?LW@;r^7`HQF;F?@U1`|c=kwj15L1{lFk187jtY9?Gm0{BkV@vZRI5B(o+R3T z<-Mg^O<`v36Jj;pVIjXW{Xge7dV`c3unvbCs?L#_mPTLsY4hR&%goGdtD)VQRA-t$ zXspBk9vc@Iu1;TTPkyP*i6+;&z&64HgX!9`6+yL>)Ovap9ZVxT#*J>zc_*(ibhVCL zq8c$UW!rJIg)YPteb<}TL0ae6LpJ8+9#R|*NA~tt&=a~K$1?OO#3w)nC&e97@i2zM zQc2!Yns-`Z^x=EmInzM8-a6!t;B4<8>LoKPHKI+C?PVq$ut%Ta#q+~62f?qltWvE zW?$A7ZZ8LtWdsRKZ_Ynv5h~Ce_3Ov;HAq$ILUZh#h3gY?)=@rk+l6`Ulq-Al9`A>x z_)903`)CuOR}j)j80XAmY`m1A{8srm5UR)x_;;Tr5(O-1E_eDZ>!z&M=bT@DTBO8i zz}VX#33{K4uCA>CNJ-=7=HAgUGIo7UO~sR{`8`N_z^I;&=SNqr!(w%q26oOy21uS0 zQyoN1%ewMqq7LLw?L*ku{xD%e%h2-dmN4kQ8{!BnwN`{HptJyd%u@KG*C~Z7MHoF* z%)`~L#;V`c)VGRj+Pu4i;c`LPy5~=EfGKF@(B@V9)DEb8N{ZY$LKbD-9)Fa8B}b)I z+q|4IEPquJn9_owTAjg%$OYE1C;r!~%6R_k;oxZ9jm+m$z0s}22bidu7D{eRK z$RU4$C0F!UPllJv%oWmbaRHejW@kY%IR@B&l*iT36@v=AGu0*ML)p>BD)Iy0)?dq@ zq@?8P;UOa_8N&Iakft6?*L+MKp-_l2=wiyi!=sHHh2`Y)&Fuws9Sb)U%h9|*Zn1D& z9L-=?D;kcKAMlP|hNL;Bc9T65SqfQ190}JjD3bcKdQV3({c`g+^lc{ibCZ~XHHV&U z@T**&vj^9+F>F5TO|asQNeW@)WyQ0rE3|Hy2bRKa8*gstp3e2JDv*6uuovY; znj}Ln^lba6!-|uIPC9k-r1$kPkx%?7<029VGghwn62DC=v}(7foDFIh2xHEbNQ!Yi z9;gL{olL#Y52bTQiG{P3#5rafi!G6VECShCFBsxpAe~!;QygG^{HRPPOSiNf&9z z+-lYPW-m96%oyVbRm6O;I$*+=>YrteE|Wt~`BB8H7h;N0Wz1IDXd#%d3}2U;ht>sO zF@q~rV{I^$2vDZl_r0A-rTY+^-h`Up6rh7ejmh;Dl_2Vn!AB!{ijM(y2O0%o0iNtYq#>H4%a&k)Z3Ufm-vnJFSZ-s44#&} zghmzFYj`S6zv-YdEuqxU)dntIX{9gr!hy;n=Pl?r?KKcXXbAsChb7IG?IN@r zBf_E&WC3}&T57O`TCzA1wIy2LYF*?k-a(BRmM<&}y=z0$MDLq09KDV4NK(i?$9%B` zKIckg#JHjkiw}yMgy!ymCLyd-*3Hs5EkpyMv+%f5BwT3q#Ptk3W?k?m=Yausq4-CI9 zEp22LT-C8c2-U%C+S#@icd=GWfwWh0*%iGm+yMPzu|q134{kkVw&|Gp?`@IN(2V?*s#WwjTY;`P?3hqRd8PR<3fs_-UU zv9L*-2dbEvP1dvvf5<>XS;BU2ZEJ<`nFShmhP4QrYcI)t$<#(`oi`?%iFYC!Mx(Z$ zv-b~$_vkP?Mr4_MBBH^gwLzh@r{oX5+;y(G2Os(tXnUfQiSBo52Rje5kOI_Q`tNWB zHUXOY&I4!|KW6M?jYZ?MV<4C<9$XV-yU6P zg#fSt#vHd<=q;8Fi7av5Yyt3u|=X=E!RCMJV@m+VP6EiD8?tdY1+%i@nO^GWSxV=5CODnoHQ9esIZv zuZG;X+voaYg_--IFA^WX@@%AYm}`c-;X162&_ZNAgY^IsqsBf$886E;e};Z(ARKZ3 zFFm)w*?S^$=R`ydqe6V;2AvZEyP0NIwkVhW#ucUEatGFHy)0xBriN|ovmhe>vc{pN zGt%DGPbHxxeZL1$tFm(n?Z>MRCG15K#noiLtLQm%ptAFBqkoNP?(i+7kscN$|` zx>~4hbcoTdA}y9Li#crNM^>N3mprw|&Dua3_n+t?>XGF{EM}E{>5~x@?u2Pwctmpe zK_2VE|GZ&A!K0bewSyeiQIqYP@4!{Xu5Z+yQuI_t2E(h;RHSUIk|$$6^$vBDxz zjc0PxE)|o7+Ld-hdN*n<>VDte^?W5cErwV`FI~-%VRV7BViq-B_cP~nxx{%{ER_$6 z9|Ec~`@q7Mr^bpO8|WNa_G6ZE714~X|K)6QsokYgATOEQ839;e-wVKiWtNNI4+;{_ovHkL=B)@IlUn9s_a6W9g^~83*^rA0Mbq+ zRFd?6?*|mu$|~@kdG~CaV%R=1uM1U1nIhiR=2QW%f9~nGgTWLitBRXqI6mQdq$rTg z#Q`a(;z4HUC6-Z#&w7XXQy%M^F~T<$j2108gxNEN$%uSp$3`>RI$4eY#FCSr${v(W%;j>{-M&6_)+0!y)Q^16RMZDW%Z%|kz+0gvN3U~?y! zG$`MB>12uW&&p3J$0*t*+@c86w0QLUUzv8#0s$H|BAqMaB+ZuTHq!bGyHnPt5htnX zcK5#s?L_{FCenYS9yP}pOBJAG0i_@p~Q3s4rjVKzqZRLS$EAD93V7`R2~inM;< zWihJA^RdDVNq2)|04pd#x8=u@)0BV0PxaR|Ztz$ve5-BWRYZO&`wXR|?!N%qXP zYsRH23|ZNBukH)qnqVj4+i(IkqnBKfUu z>v1z}^PzRz@A;L!fLKzF5=Uwt5ULG}d$n4q%rn+y57KKtlIlU<)q(78D!LrAeC&l` zWy2F5dDWo#;4N8yowAOXBMkrT%bNno#l}^W;l}o8R$JXcuWGt&liSd2(d{*20O@OZ_E9LY%&N=s9JJ?x-S{T=FD(eh;dM; zBm%4X0E)RXbdCE1XJja+_P`%4;I{+YlQU+o zM-r~28rk%J{L?8;#IQ-YZ>l8KWGns;9XAT(ygU30R@B{Y8~ z0@x^~$PyfH6kHCJn@6~-KUnERK>SZ?_bN#23>)y-GMaZj)+0J>eKp9|QrnraRMroe zCNjHO37Pkf8^Q2rl6RLD%@-Y$(yT^q9sc8*H;XpzKRMKl%RIbYSJJ#=J9Kxb1=i-h zXd@bR{z_Z-Lz6l|rgex{(5ogU=@>&c3B%j%S&k47CU9Epp@t-}@b)z(IB*7iJTDmJ zm^xujbExlY+uC6fx*au^Q2Q zInPtlYNW?Emcqrj!v$2x+{J6*Inrx*FmFC+>$!ls@@6TwlC=474t3wtvFQ8KmfxH}QLUajK^>)AVV^|PzS;{I+!XY6covt)tIWATYlxr48I6;N?V3@rf zoJ4*T3M&umux$AoXPR6IZvrezcq)D_Bnk4sFePw}`IDBnVD)tf*g^g7-UdC>9jA|c zqB|%ODR;^HjOa@2(>*q{lMuYHOs^q{qbB0T3&VsEz=_8fw z7TC;%rk^8%-;3hok$+*vK&`9UN@^8J*MO|u{F?&4Jk%jpCB^s9t7;jNtE-)i{zszt z&Sy((9X}Njg-5(;|4xN6KV3T^ODz2rd~Oqd?g^Dhk22wh<`peLNN#AmR$1vNy5wQf zhNby^jfMCQHwQyG#(Sw_r&SXxM_z#1cBXThAp3{}z}o}ICAT(MeRVO^3n zTNNV1$ z-X24_4NVYN$FCZsRsJbuQ<&I`++l0h8O=Oc9Dg}XNjrWH4O4%iLOAbtvhzkCj4fWd%J~wrr-IN?9?x9z1nlp3BM?-55%9 z<7K3k^ulKBzC?@1foI33TXpm@p?WbvmaoEs8&7mOu`2JRd*QvHd~URYUELP4{VMyz zM8g2cca3w#8K!kU3sa;`yE&_vb8Io?1hZzIcDnV-=f-q1M)F%v5%Y~J>`ndLg3tQ5RmrYJf^^P)48-x?+zcPBzVUWhtS{<}% zZxM1ZWb26yL0^a;mztp`6wC~U1p~=BM=Ow-Q8DHM_ye=Z-0!}nBGN*JebB3)nGNss zBYuWLgU7H>m*j%{zi~VrF^2RiE|4)q`?6wEz^;s5cMc#gT`Nu>GdAgj&kT0jF0^01 zGKP_=DO?wPw;A?_&^CH~Pv|r$vr1H;-ez^jeyi9EE+DrUnq8fzn8<%rWdHnL2(Ml; zf+8!V@Kz$+_x@4eQ$2Dnw(QcU2g=9SDZVbO{GOF4C+RX=r;4z>EV)F`R^=Q4SeQxn z34T98g&QOOAjp*5=0t2~=2A0pr->`Mt@e^02##g2xqs&u0-X7@H--GfADCyo+iq`i zajC#`m)SKO>_@E~)Bc$j45QXLzOP_Owj$FMwLA!BJHbtV$T9nr^N2lJ4F6XJU{Kh~ z=##l(!f#H>K;*Wf8=Hf-ObJZrZc*~)(Jk!9Udv%;N!JlAfRD`im-+KJW_QQon56nX z-+Cv816=V|{O^Z~pzaU%4a2e8^Jp$J;83E5Zqx%uU6h-%GbQg4FPcmv5{*H#%Iz>X zGwCPX_rlIwrubFdu;%NGRKtjNQgE%Gq-VgiJ;@+toP6sxhOzfQe*XRoc^wsa@dB7v zHnE5vYbw|9kb6l^41-OJ$A<^x=c}_-70z2l&Z^($BsiMl6n`@)J3EH$L~f6cx3~3s z8%btD84l)4)xXc4sDz5vwXV=C9kZ!%O0*27r|&B52G?FbEQ{ zdDFhg5Jor08Bgs|P)H~}7<6|LE}2Nm`|X(;H7~AL;j<>5HIkd1FK&-uizQisz8mw$ z80A9s6~vBRX0-O1Qp@=VJ_czEoT zjCSsOl!i033b!Mg`VP8Cjr*TD&prqjnYKV++Yq^dJvq>uP9Q&?iLLK;q5k-B7~zEK z&q2LYvcV62s0B1$#k>@n)WQfqEEHUWr1XApH_3+&Vwg`K%0T*#MbLl0Xgqkn?y-s^ zDK+U@w8)7q{m2brE}Ok-?=^)NE+6pTZ25u((mhZX?c@aT$^|v=U(;Fkr}aO1ZA|Q5(F-pi!^i9O774b_`9A@eIw16~_W*b?B3ctz~bD z?dF0p@!Y`hyU~fIpxBHPBKsk@ae5`1lYI z9({)=MkEQegG?LE@qAYOLP9?aSYClXD=Mpp%ccT996ayszo!NQGxBz|$s~dx>XtNQ z78u@1Z#%Llj;lW0PP&5HU|-xV zwh7tM<(69BX4URP`T42p3+@j=l~RMO6&x#H&}8O(k>VYDXCRY6jmcF4U8mpa$_-V? z`~2js=7%)t`#iU%J6-x_%4^c{}BSyG6t?<`lP(;IKKXF5XXQHrM^?>DAM`Gnt}g zF)AKa;(?*tSe?XAfQx`j-3oEVhY_3GZfh3m0?NO0301REfj4W00_od7>{pE-a%Sv= z^~6bS(zDRbcq!j-5Yl~Mpw?bWMz{+1%-m=bAknYtAIUj=`E-()vm#%#Hk^>@$AIUJ zW@eqSM&3kpB^e7x+3{03ZL)!Ph#7(CjK0I7DPIG_Q;Ggog(o zYIJS?abRQ@TPfP$ng0432-+yW5 zB-9hV*jhn3;R;@Jqhp|lM)sPl3vO;cZe^CKzoIjQkt9bDfw-(sLpi@vTh;U^4vUYF z^tEY{aU(rqF%~l==O8Ecwj&2bB1Uoo!z>~ZRng4~Etr2?p?y&{y+X=HW>(zB2wHI{ zUv%I^Jc}FPDdZwfh;EqW>Rh(9vk-&D4Q>tfSbw?f*b6rj7nk;?q@?CBH7eneqKVRKZ`hXs-478A7kjDpn9u)(&^zTd&coCI8YQF zUE126p#JOAV$IZLoJs`S*N29|78~-V%%q{O+TWrBY}Da(n{Z6r-1alrEKDd`Z;h^R6fqZ0ZI)U{dRh}aro7qm& z?r~4|Wy?FM9cdN+Fg|F}`wLH2ZwXfltBUT8Dch;kywR6HW?U&FvJg^_ww)DqlH#*n zZ9$0f>v2AEy`A-+4^c6?0F>(hY3d*Nk_h_Pn1=qM*HDdFBpVNF1vl zHm?`#GZ(7ho~m0za8XEhYK9O^p&@g%2yMYX@ntlW2AvhPUuO^OrlDQCUvncf^%}K= zd=>8uLrb6?kBf51OMUQY${@h$E)X}AuF967;|90cQAG{x0K6!qMFpcc)5DG{=JO8s zeR;0_CcW*bn&X|>{m)$1wsbfTS}@yfm&Qv7fjPXOpI|w%1pjeV97A!&UJA0Ddp^UU z22>6t2;laH3UlHlBz-)m@F`?oe?LETj@y?}ZlN!4>30K%;lfGWx`gN;?#@?`jiyYV z8{$xDqdfSS-JJiHO-+<1o21?@;*U& zPhGOKmDsFwo;T?t!N-9^wfzT&X*EH0@80cvvtHi|)#d{?Qra97f#+I>Q@oF7-1s?- zW1(xQN3};Sm_{AirbNPi|KW%i(tq?_WMm|?CrE8=#7?8r$|dB{V@rR1kTsa>H7Dv< z6#HeDn5d|^i%U|A#{mr!Q#6PNk{yHJ65gj8F*c@B$XVaefUtM4Cr!g4-QA}#X5c|4 zl4PnN|DHg002EkX|DXX9rEZXsmUe}vu-pfGA}VpBdr+UUInr2@gM^P5@en4ZDJUm2 z3S+wU?DXHLo*Hojen4ZJ6RHs}M50IV)w|h#NU5N-E>Utf?}@EstKb^}o^T;YyXs3t zd9`0h$J8+`5sn;cOKS*D-DGIW%rlO&VB7B|l=F>)5FG(A>fPTN1n^|}v+ zsL?8@$pfy@@UaI>2NGJGra&bv`D@I^@l|$IZ`64zy1wnrLQtWOD@(G$te*;EISETR zhBwE~&**`7R`BPiky2+QMY>HT`T^%cpG>oVXdrohXB6G{R45=|pYr)F{vnVCl&S|4 z$nXg$XyH8h`=PuK{{PYTp5b(L(Ytr_t=qQVTM$vBvk{%>5uNBI(Szu{Ze0Wk!d4;@ zZ7b1x@4XYfMF}F<`n&QZ&+|XmbONgE4R zNJ07iDf=A0Jas)G+cr?1m5kwC^Qd##viPv!@ahO9s zd6fgC#=hMCb4Qw=7{Bila~_U?)Wj1ygF>Z2{r=#jtf{W;9vicRcM3bajx6(489}gV z?pZfMoUwMgr-hHoR`YMz@yfnYEeB4al_(4b4>=GT$B|O{GV=a=!a|k-6**Mrp5xbh z0Q(TehzACPN9_a>2R3CwTXHRHk%^ei^ipSQT`}$DtE;OrXjwf5V|)M%71SrUg3+4R zx}qTS>Qx1N@-0bDPg~`7dF>Sgg+>U|?D=)WEh487>=PV;W zh>&r~lNDh#a=%sjNdps}vF!7t9sLzkZFg}>?Q=DT!0$VWZY3tji-+4JjLZ1;Q9mA;T%G!AJ z(dlrPL<(8v5a*;jH0rg;mx(8QTTt>uhD;^Yf4LsnB1Sv*YE5fDFcCj#@@<5doZ@nO zaEIsWrXHw{1v`A{gg5!)MYfGUufw+XV&5BS!&kSkDC-xJy%YQ0?L@bMi3zAb5*Tjl_o393^m0mU00J&UOnI~Lp*LQ3hR zv5MlDX2vICcJuRe>OaP!IQk?>-C%Dy<`S~QWcMkOG!@Kbjro-(~Xd_938c#CfpxHV|^H$qJt#w?#vjYy!+VuDh3&CfG z67J(78_zTF$y4?2kb_i$J+$qm4F*IR;}5J)JAEZm&m1G>@2*fJk)F%~F7;8#Nj~c| z_{A68^)YZ}=3|oyG33$7;i&U1>7pt}Sf^Lkqxa|r=hc>ng+NT7$J|`y+4bK2LFY$) zla8~77BnZ^!LeLLmFtq*a|-AV2pZ}ZPD&%1DkED1}j{`m3SM*J>=z9Ukuw!WT8ghkH9^Gkb! zJ<~qcc!0$`z9d^nmNI1noxC)6Zy*#OL!%&9#0681@hmY+REBI7ResU|sPhDsjly9j z=xWexV^>M{_ReVMVL6c0i%9dYyYOl9gE5amRn^z-VZYfa8k*G=0Z9Brx7mCm3WbQn zqlgi)DEhMd3}4%ikBU7~PVRZ0$93cf42=~InEj$Uyyr_6pO+_r>&()vMgz;yPOxn8 zee}~Hv=PsT567vbwRtH}(SHf#C`sw>8OA)zn-W0zOj+{CU=nnYKHW|(OSt0Vl5|XN zBj_$l=z7=wR3!d@V4&MHS2p4Jo%tbWe%qWYZ}%WYWKK+z%Wf$R4(-G2_MX~6Gbn3C zw{wSj=%{5Tph=|@c|Q*Q?wh&=nGL*;jZw^ZV<@MkBqoNpEPMr`zy5fC5DS6$@In6? zs!_LZfK*wjy(J!&=$GTW`|zAJ(r)BtR^$bPk6@)jWN9d`PXU?=+JN}$;%~?#iqVg> zKEG;u*1i#f-{$!o$A~E=!xmeUXIsoknw@4)hK8EEM)_WIst3>|o7vuRVa}HUo&oQp zMo4Ap>(CT!syntFZB`l%q@#p&jJ$~-Ev8wV290P|o^2!Z58VA)_HnqOLm~RiSUiH>3l?p7-fWUU*_a(+spkq|rYih3WpLY4>%Nvp`5igeIeoSQ~- z+`Xlxe?}i$rUz}Eh<)l$<<3NMS=xFTf7c!;Y32d@(DTb)zL)(#epjcr779`Exh18q zrU{o`kR>{Q1JjHue#klEdrf#dXMv7+Kp>lYo%W3o`=6v_lvL`Mcc6m9I#;t@`J*rX z14X~euX_$>y5xVuGo}X2OnKgvz$lw{yXVb4ydO?6OT)h9QqP`O6kEO!Fpvg`2@nuK6f9;r2)(+W z^oOTKX1eInP>J6QH8d(0r~(i7O!uRjv`|OZeac$Z3jS`aj~?DF5V(LbEmVE~h0{d0 z?rh-jXI|(a>6xFzxWLAuag5qTLyn3s_3Y8nlkEp1G1WJtKdugD{Un+vp?FkEZ~Rv3 zUZEERyojrY9){hN7)YMUd|EXszcqwb^y`$97v^ZAueU8-yqhYQsMntZ_0*VOELF=Y z;%z+ydY`SC$JzQ{kJOfbqm#9D>iHQ{UhHbJJ81Q}x2_y-kF`o(yeJDnTaQm&%EmA= zd2gnRvF}{5m};8Zq{LDGgZZ}Y0-a;MxY=U$-jPaeoOq;-`Kn$ApLGdaDa)=Y6;qy` z4dah_9|zho>?Vg2v!Rm)u7}JE)rgB%I10rUrwqzJqp_I`3=OEBHcp$*tz_-o-Eb7w zCxz!f>LzZ4Y{006uU)QOnVx>s+3Dwjhm+9_X=#4 z^|P{sSABUvBR{R~e;XcXm(e55;k{4NrtyQBot1X(i9d!7+Jg4|5OxXFF>nqjZbY_O z_3G99WH@`2SL~-Hp5dN}j+l>(L?ac}GUONJJ%#WGv5K9{sWz{N3vQb9({H@e-8RdV z+%W7?G)Y+)zRxj3>w(ICV^7=zsC3rRub(|bSA1Tnj0$s%XRms-L%`q_eERCLPl*xK zM~#&CT3Ye)Q@_ucf~g8C*NHr5$OB}c&}9RPr2sFQln^{!2|=i$^<1w?Kt!T#UzDY{ z*6UKNW(iWtBv04#RH?>81?ER4sPf-K60MmeHc%D#j1418nyvFOHRP zaO9u)alhIiO=Dzv(Ti6X*RXW$Wx0fKaatl!G<#D#?#(irLO@zn18dVDBBo0SV^XX0 zvqIEAdrK8E3daKZWJTb?hV7`{k5-zzNuq;9t@NVHO1>qO{S-c5tDz}}x@I7uspIwN zZ=SlLpN9_|K$rwOif^MnrWSG_vYFgSHovAjx)1g8Yjk-o1lF&V?;lU{CQ+J0&37Wr z*H|F1-o;jW$}O9|OW@t@!Ojnb_t&H7oZ%O`HNpFuupQ~Nn+fgTE?fMx{E1?^q*bPB zW3Fu<@wZqG`X3_wHj+NzaZA8WnA-|vSJyU|*TkdnAwbmVda`B>3Euqhh?>0-*D6Z@ z2)Yfec_DHMD6|XN87O{sAzD6pPXcWRw64SFr)~Ai#7Nm=gc<MLj7$Cu_=>MVqA%(=hWgq{G z4n*gl>-~32pxh_Gum44NfB)BK*uNk0zX4>3;`m3L@ZTVyYuyKa4GI3Azxaaw`z9L6 zKB%)%^`A-+T^#8lipL-2^vibra8@mla zA4v z?QHkcS=wl2U<1n}Sjs)TCg;@gX?@lU5rI9}~s0tFmNw1Pklr$pHio%T!wUME5 zAXF~o&tI)%h{?n?n1r%t@dQ1x0Y58OfyWzRsA^5Iorm6fqM9uel!u7%Rk(H|zYuJfSLH#5WqNiLA4 zPku}6DGp}uq|0sXBf?S-XYmrt&*5jp^$cR_$L_b~)|4NK5VPSHa6QR^ncj13x7Z;j zmrg@~E{iRLI3_4W{+&qZT9m(Mg64xpaEt4@f@-D+5Q2icotL?xS=bO(P`Gvuj3EZ~ zClB8Zp2@H`d$Ol2)mOYVO|~f6eMW3gn})&Q>p3WUElqb-8SQ`GhR=d06gS+itHDgU0rne}}zM`uBv*d8!IT;FBjONQo6$ zDkKedN(RU_*jO08QUM4LYEjg-DB0Hn!vtPQ=C7(JDh>v(&H1s%xiN#9z-wu;83^L} zPSVl)+_N=I|ij{46nYB!uZD-P^H6 zC4G>`{@N>6U=CC+ow;CAzJ=+zTHY}YdQ?P)hRQw=wJ2y}CM#VIbQ+C!agKQj zPq|q8Vrlg2GH}XVXpOfT%O1|_RVg)i0PtdZdgEdMEN5oJI$K!%qlz)wGurb_5P!IFa zg&q1Dz{5+p9OkR#7l`L_O-@G4ofc3`^sd%6+_*>%{Z*c!m0S}z4ITtL-%WrV*)m(3 zdGX&m-!yt@pa&Xff5S(U1dQ*K7ZFm8(X1gtv~L!Q5b!iENqaGZWaDhcOr1(SHUo5> zHRXMJ``~zd2VT1m^iVf1`dBG~CUqPwAG|j*%t?vd3Q6gz_op?i zK%#81tRWd~&)Cnxgtk$wMsy$3IAFb~<=@cqQ|f@4D}{=^1`D{V#5IAD*Ps~q02H<9 zr&)o^3;$uU=}TG+zTyBXY2DPh@9FFv{O=6+$7 z;gD;NS((fcy?yG&-Yi8NJo-c}%%X6O(6T4-((d$y+b@GHwDWzbak)`xF8uay2mFZr z3@v>h29PJtkvJYB3htA*_J19>s$=sW5Z>)0Rt(84sq9M4*A4@h9ErO^d_zVsIcR|O`* z;5YcJGE|)?fGBw?ozjO%?pYmM2p49_Nu({ebN`(dd(L2URPuU8-ayM<&Yg^u@$l9% z@!uJi@kgb&`ArzC-b692=|wwV%%7;h9nS88$zraaC_gMzI?hY~7Bw*4 zR*y0S!S2{fjpZQjp^TLnOy;q`5eT&ZS#yDX9o@?~0xGVBJ^ynez=-hZ`6w=0pdKVR zrwMnYPT~$%4Lx-{Gu!p$Qx*5ZDXLK6aHf?54Vk}->~)&VpK0+U9rVed~e^&gxL`UZSLyH~~hL)(0vY-9yl8WEF#m)ZqnB@`sTf)`K zeENuhX}k{{KwS7T^(;4pyoWqWlXD9GbC|+mUFDdJYE5T3bf&$T;;fEROv7JK6+P8C znkfoL?S~UJBBB0H9&n%tni__%+prJ zOp(`kJ*5~-4;CRc!^P%3TtO%OxFY8)knoQaa8>DwtAyE>(P4^aiTwhe&fRaetKhx3 z%7>8_?)dzEqVEN(J09wPkWP-$FYA~UoxvX7*Y{1Wey{$p-0qW9qh)@X({-g+a_L=E zDD=6n@1RvhjVVj#9_3*;|A0ZGAlK36GhrGe&@#*uqe?x3*aaYt~C#}GI z6=}-to)EgfxP0*Px`B$Snl{#%Rjl1Y`c;Gbh?-4HG{-2YodF4wq|;G#1LSGKOhO<%oFwa4vq_OwTvyhv3_DfU#^gWB;HQ4ohMXt z>67=+iydQb9gX1frdXUNf`liuEfFb>&h9j|7#UDvMkIlcXud&`*RK;yPTE$4vOgDn(Y>N1`Y_g(Oywyw@hBo0nB0CIqqb~PCaQVCwjEqZRd``W<&AFuPvV=g7 z@2Jl)D$(7s3dD>Iguz^VNw>}&Vnz&Ay9OV=P!e?VxsQ>yBG!dtQU^m!A6f%KB^ha? ziI;O0-lt}Kb9>8RT}ORN#IN~z{ha#)8Plnd6~9Ts^G6>ODGAqirYuN4g{_=D7azQ; z7ZTGqK)hP%F>D?GLixobJ&Gp~B%>r&3JX_{std5uppBn~{P zrNDB71nc%&S;@tyI(Z!r*`x7&e^C!F9f+>+|^ZNUy7v>5>7FlLYFBAbLBvO{i<8C zo2|Oll_?`m$E@1dR*W|1PS__|>wL(^ydiFCT&AK`b6H1*!o*EOB}d+A-``bzhnD{I z^4D)%;#|s8DM!@c7faoM=mUnS_A7bTB`#em^gR7VNRvTcZETUgR}Iau0twh zrSUARbra+Ew|fwgDISrRez2aOzy!Tepy{~IK=8+z0krLz zgdX>WU0(jZxHkK;b%j0zIc+}dd2O=;1E%Lr5J3l-`KgxY;>Kpr&zWyGii0K>kbT`H zS)?0Z(Q9R;grlHk$}CTOvomjI_w-sc>VUK0$Ylv+SOJ5iX*iBz=ilhEvn=QzLx9b1 z0^oN14)O{@N*_imS{sXO?`^oU6rL+G+GZXu@yn3`T zdx*G#)uK)A4&#qfnrQIpEi6#S8AcXQ?!qa9`xT)T(LU-gVzo>#G*q9P*I{6+(H3(- zIhhkRe=B%tXs|A2dK2Y%KIeUMsDs^m^bYmY51=&m6$`%5jRj(FnUo(hSv29p>!7}) zzOy+_7rnd2RSm;aIxK0cKp{ic8oCMW@!>GrigmP&iCn`oX=p#SJ2`0h&HaK*I`{r` z*ppZsG&dOOusGHJ;EnOz$Oo<%x@9-%`XJRmF08r%`kFXvCfLfz#Q$R}%Qj zGCFAtd$+6(4yO1*ToL9QV>EIpqPk&K8*2)nxfUG9oV%d)0-EI=IL+D%A5Y)0`JdB&L0?{!m7057O zQ!Z1aTVl3!r0sWm_!9XkoWFq1H-dB3UHf={6nOQT8oVG5L9m$6V~;ku-e6-phYE_* zefoV_q;^vL{^-5M^9Bt1<$K7iZ}GGcs`iTa80qm6Fzpf22-8vi!<8Q|sect2pq+}} z2C1D_XtlQRNaO0{VlC2UPVS3Di0bQ>Ch>%_z7(G(L`V-sbO2Roirm?nbSn+yppfj$bSmQAYdUg^ z6b0>Ef&E-{i8#w-{l+Py)|cIsG_c}bmk8C~A0-{pZCppIEmCcY9_e}B_V)UQ2JQXh z#HrR+7!Qkd?HqN+|dY{pA8@V=n%%eOzSh{{DC|NG#_R;D^-7AY_g_n<?c6O^-n|Tw|4rQDPUx&)KK9@jgY^Y9Lf145J)$Z|Lqhw7Y_q` z-i$bsMCGcl^{#a9AP?v5rULIzdv!6^E8!){VZJvsef z?DtBU!vE;~n4Hpu2WyCCiN37R38M^8aYw5B1n3%BasZuA70DaYV8L^Xfud3@K9eMh$+aY3e9hnsn^w0G4g z$B)&mTuBPUCQ&h02qQ3#4%@#VBD`Z{sr1v2Pt-g3tS&i48bmtg-Vb0@Zq1he@{sSL zq6d_DLNbS^2`fFsNf&k!(?-)FadYUZ?kci_4+G|A?0>Yn1vqyQCrkva5+?v0RhDBI zjP&3e|M9%RqiCKE$1kMyKSjaQmz4O-5|iOID?b+TO#>Yw)cJ?ky*M9otOns|-iOcn z@@3AS%bA>5>#t@r6>sH0de$#e4rT>vN$Ul#2|0c6yNIp;SMCZ@dv19qgabJk6NpjQ zG=XCwq42B!GOSAkf0x?=7!j)Z)2_j$h#Wl1{bWMNUQraaUAiclE%?!@6$yr}71JPp zI!FZ`XNqY8XtI-aADg-_5S^7NU^VSNxK2Ioh!Vp$6Z`>sjcGq1*g24soZIV(Ed&@x zv|GhK-~+!Q@-X9M{aTi=D?4M^Y)fFZY1GkgB}YS(@WO-&ewpZ@zmwu@C%`d5+XJ||R9pwdFelj+22`ox9KRwOCejojtElSF zY?$ocz(M+PbtacN&j&v0Z)J48dY>1m{y^b2Pr}8myjz&|A~7<;ZW4hldHag2`_LyS z(F&YTrF{VSdHo5LkT-ww$KHUS+t)U^mE;FD`+V=P7Ug;9nRFRy{_#IzW`9kN7W+<`~? z>9#!!bf2|dL{*G3+y&pcza`qDkXYSpSs&M((~=3nWPRFesqTq~tfHJ(6AjJdOA*+z z9_wuufoKEnSUkG|5#j%$x~^T-)2=iHcvj}a|vg=ewyEX z0-=uNuaax1Po=0jlZ3i)P%8YJ^KL=;r(W~cvyx2);Y!ir1SA~C&v{dXz&6Z>U}3P$ zW16Q+0Aji~C~wp?!d1>kv?`aMikPY@x?ZRg&wGXaK+-J>e@RGanGfn}Zj|SVgl_V_ z#&ZG<%pV-xloCN7%)FWWc+ugRbH6_QecnYa#Krfy4n#U^k!=C-Sw*d?c$wZ`7;{zm zVu}rYc5dqyPfr|BB2J@|O$@KNIjdlWIf%T&Ev$-2-ozL7;6ll2fw+0@~Cuh z53Oi-=tv{uLVxQ+7^iv0yQzkC5#DY*$8Z=aJ?J}-EBy1tcv1h2E*n_er5XIw%#{F7 z5HF3e;*L?4o3Pv!gTQyNdnTw)0S5L(0;b(~BbyjkeMoX!cyB2}zK5e>nW^~T4*bO^ zwi_W~u0&>-^pa%xIjp2ZQWihP`FN@TD~j{Ptr{c`j&${UD`Fha zK{R?8wm<4N)BS8T&W8@jNtZ`^?ngrVXlF7@#^Sq-N)|YZkA@xzWvL+^<76?sypxNq zxFx?WtEZ$Ay^T%QdA@dBlL5*q9^>9G1Lq)@#P%tSs87>R71HK@97QF!EK*A+2T$4$ zASx7@1%B|NnjYZFDV4^D=L8vR#l{+Abn=Meyl1a}5&6QAYSme-z^prbTZyDOO*&;O zqQi1>d-bvpCeL+8?qa2oD)$j zLI+l4v+&uwThWf`qwp0W?(5DjIsKfrT31DDC|DTmBRjp?qZrnO`L*6m3+X_y9s=gTLZ$W=J^Q0no2DO9cgABg|j?=5xx>i zAfl%CI|@876FMW|?i}!j&?ueue9%eVF(0D3wMlQ{T5 zSCT9&1NOJ<@Mpd7w_Oak(+WA}#(Q`EL4=Zy!3FB%E`wE_%(z;#o^(HA#NY<&^@UOv z%x6$CX0>9oi}s%i20`tOY)4R6OmRJ*HEFA?RS|D!MOj^I-8MOLhAkCovB0mx`tQ13TlcS9}j|n1K$R6izZTGQo$xPqS&I;FK z&-*RWnH-p`rnc{frZ*P$bT zjm*=oQgR>04XO0_ke&(6!EHHqKCm%7D&1sSF3JeUktQ2rzDX?r7AeLsL{bnAmxXq0 z1n-QMlVAGr6PyvKyS#eTZ%vkI6W^T(h=_IbNaxk0LL{Uy*dKje)S>MCbpy^&5L9^B zyuUUx!8aX1W^7EuXFrWTt3ex{Gp(k1K9O+L(lldHt(dhsn)6|_Ho*7Y zIaR`Eg5iA%^4W%2%iY3eWdF4@a$jml%XwC-R#F&Han!8T6oTi4O2VmR3D=Zd#s*kX zW2Dp0?wA=zvJ1m+183^wBa=bQwZ3AY4j?+h~>Hkj&g7a zkCBTGA_2DHRA1-e-si3nUM9vX0?yc5WybAmv_K2T?3`g!`NBV;^PWN=Iy#g)!(rXG(9?`;;xF+f?ajMx<+k;npRtyo2c zev+XQqy6b3&dz+0VN@ z027+7MwEXIcZ3y>&gbG@;+e)}UuzSUJ&=enC2SI)G!WJ^@0jGav$e-pvA3U{orU)t z!QLJ2hC{Hb%?>8pkgr$4`?aQ^k1mLKYb~ay*EQx-i03;FV^q3Ax`-d6q~AWAnO&4q z*Z!J7AIuQLVb(K^w0+Z0WUEdTLKqi*g9KAl?}|BfDw~c)P0M_G@;G;yte9dPmv+bi zSuKS4>J+JKVq>;Ay;qw;6eJ#LYd!`rVBYvKJj0WawkTG@H>0w%{GJR0g!cNCZfh6j zmQz4ZzTRx~`bLC=Q&zoi7mY@?5&PDt{G|(_yOTAxJy}_t8nu3)C}cg*>bQGZp_P&D z5Tt6b4O2PR5dgc3CSuUH4!^e?vp>QqZcd6qJ|VOcPQ)WLHkKq##)|D)WDc%1HQNOu z?2%!E)Cm1^k6CDygb(5oqH5K8_~Z*dC(w-Wh;(K(nKQUT)fl4}TPj@EvZc#RB~^HO zpT-+lI*jIi$waO$AigW0R!sTr$iA3eme(K(cum*sKZQ+3R$}(egJ^z8BJ?H!xBoxq z&=$HskW4a+H{jX}9TStP#lPXmtMT`~qotgCanor%|f`7y>n{8;c> z>-)0rFa+LwEyn2mroL6YO|8dC#IaEgH7)}SSdx+-JM~zO0>eHfeeX@(>lczy>wT0+ zc>_9kuJreB3|~j3i)0crjR*;$vFcJ_U}B{G-1X8<WCZl?R(#7WBDy~)&sPhpIGQ8I)4WOP@Ornl*hnl_Bg*I>GzN6viS%ON#^ z?5L0!#&D|ic9#4w1qLxb!nz8a`iVW9qzs}k-&@K3#@LJ1gE*rA&m)0|O{|AoINI<* z1zq%*nS`>f)&w9^Mdqw&0glnbPzz>U+J;^9rno&Uz(I(8B(-G_WW{L%!<72<8hswg zp>X};APbOT$qJWeV?WjS z<6q&fS$olY%2XtB3;nnxeo`0>Ip*Ax4x`Mezn)y@ticc7|a?!rHy( zI@v5&+UUW(;*vcSoocp8(dVNZOJPDI8GTswAx5eJqvS{+HqH28heNnXg!S)f99@g? zkW1qXo29^c*GxURIKK)sG0v(wyO6j^jy6G`qq`{S)<8&1{Ehi-W6ha zkLcf%$*Z; zZnl6ug$8?J+6sWKga?VB_ln`Ol%Twsscgyq85iOI9}5*FOz;O5)3A4OL6`wvSSZkr zr2^zAHr+^;gm0LaM?H=$4lg_fW!(00Ds^Hb2Kz58cb8@IRnT&Aor{sXLeT$0>w%azV{+vT*-J zSBN^D|6lQ1|M$??bKEkPS9Qj{waY3v;WAM*GQY$gf3l(HkS59(^82*COnr-gcBrRf zNrH=Owfo=YpJDtj(A;mM5NctkPQVanx!w!<+jDGf>bnCR;dEOG?E36H(JudT;WE0hW+2xI^fTds|p9jC%Fo1YQeBSgTD z%nIzrkdTfg|I6=R58+wBLzpv?)fEHq5C$Zn_>Mn)c7Ae8m-Pw$?+(V%Pd|4ON?ivv z`(LfK2BXO+xJm?EBjW~0ghn3HEnlAQ=|&XBX_>D zM1>YSCWhjVYl`=_?=vR2hpoNme>PSL50E5JpS}3)B`g#Gc8398!usg`XMB%SUf^Z^ zJ+Fa63i197wiA=XECL0>rY>h?m4CcYqw?$-39ITm20Z(f zf)^{S?J|WH23i0`cfJ^!8c5>IL|}5nk=38~7XB@zMx6uT;amR73NQ@~USMFL zbdB?JX$A7Oxw*O4^N`NM!jh3pV^qNg!o9)23>5F_)bkxJ;|yrO;CyqK*%5r8 zSbqMBs6ED=-4oM#Y?Dd&nuGgrDK?bNZzVfF2-#A1Q)InO?}io-scX46uPp*ej8;9^ zdnAYb;*uFEQiYZ=L*K)l?ZpCnUJhmdcfD@;`#h0gmu+sq=mcL+PY5>dX zRK0~EcJMPmVhjUlp3?*&9!>GQ^qxd)kgr6PHO+WMSoQ33_3GWV1=;P@+tA`89+~by zH)r$`3V9TJ#7$9x=3chY4s?O``GsL&T*gCI+CJel3*DlTW7iVrU*=;`U%+1Sp2TG3 zsL!1wn)0-*-yfWg?c`nB@dZe!7rbN?`k$L0`g8O7`S~DOV&ozwu$v&`BeldbuY&m~ zoLXq5_UrLJ_K#jPTuVYT0nccimkMvU|0BHc=Zhx*!pk2pDW_5k+quv@)}aa@gqVLb z)1NtH!Luz)hw)ObXXu4GmU-)cKVNoYa*<=ln+xaqV4t%UNo&5fA8z!$jA~Rf_Sb;A zzQq-x-&x;1JbhpCHiwzJOHP(Qn|V|XKs6sG!B)1nvFePu{XR{6k3FHHX#W{V6kf*a z&^kV3%cw^|wd5yGzMR$(DRk|vioS%l`u~f3X_VSgjQ@jtt#jbdqnCP)%JH7cjUJQI zJ=1)lFREu~@@v$7O0(#h<`)C+6aQ1O*R|b<`ru>zCI#$|svMKb(#3QSo>4UhY~3Sk zd4dw|l6mYEPQ|&CMx?7Vil{;e>={tOEnhtCWk`9zuJ?`#s#?KAmZTUh8j+Gr7%w@8WInK;l(zuBvLL6v6t&{sQ3=_N z2YIkjH#*(rhYGB?3XpA-z?xI!aUpqWB)RNyboR8M{0Mln8R9E^&^mpx3L3G!xKALD zoU)v4+QbPU=vRmk1CNwCcP)8OtUj9fhYwhR;>Og_bzLAVtXjsE6Q#3uBkjfY%wfqA z`?NOgZ2@F7sdR0x6Xf!r#5TCPKT%qDVp?g}nDu_+FXo!9U(w7IE%b)3W4HdFT*0g7L%ZYSR?JMHTQdT5TN}ljY zC%dA)iINA{KOEPnP=rhF*^pNt?EgK1>ig>o8}$$VPk<8Tn|4b5jO7k)p_ww zNw(cuTvf0rLP%oUa)=rHYPM$gs;K?qqk63B8y4zcEK2OcpgVBqtbG|M&9V*Lji|*{E|rL_Ol=>t8_e29D3dJ7=*bU zmq5h@rmPKjN2*6MAF{y-;UtdDtmo6tBX8&dkv0V>uhTSxEwo)&aIOW+eU$$fE#V3KXNwo<@MS_?$#Nvi=2(TZYGc3Yp9;CA zS1_L)%trWJ$w#r^beuo(=#y-W5j}*tTxyszg;7WFSka?YsPocVixF&?1hL+TbgtrR z{c`7!YdcGf5T*8I9t?jo62nkD4&br!qunE++$Rj;eSp_z3u!3KWgE+h$z5)M@5<%c z8~iGkTu+{Z8>eFe0^zNm`-C|7dasBsDzPW@iD+Dmn<0E@drH%?7jqv^7Y=Wv&e3>$ zeP2=4{+3YSD@Evo?MiT0WJM=UH%3E*-O>477gnG>=0F)OVr69nIk!L!*oIsEY>m6A zEJtRHjO8msW@it&+BCgCA8l$@p43*XQTy4O2kWAxn*WgI@w!|JnVCwS-M%Kh{Q5OK z{6>1;k0T;h&-MeJ=yO~|`S#t~M9Vd4;0saW8@(0>~~nG=)J$MH9> zd7NAClGd6|FWBCLJ_5(Hx=P#Ql_isWThi4p&d>m{ONs_{$+p`GY1Lr;@&htVb*YdC zxFeN^*%gN&*2IE;*e-2zkLC=ETpA^Lo8iPo*3p6x z=z~!pEGzz#D|6%r9A^c^51rQA-GB!Q7BV}bWb{Qk^>DYcRsmrQ6Sk}E0bkL=verm7 zee=Zw(77A_=~KY^G76Xw_4c?x+uEo(+jSznr+7eb0Ab7J-c+QMrwskyQhghugSKmoI(<)hC2&yz)^bdN@?+sBvHF0~!XJMLChcADnbh&|?P+ zf@*sI=)RM(R;TZRA|>^~2KG=s?>1{c@l%!v@yzfJ972(@W=21C11}8jqNWvp9&BtF zcCGvI_0=+9_3cE_oam7#IPcAa?!<~1S*#q*rww8EL&1py48sN~pRPB8`t2m^*8B>A zE-H`)qWRgn(T|518|4u$f&7bdwXn!y^X2N}ZR7&mspfJ!V14u(*NmPTuD)+LeTP1E zd&=_;-!S6qIZH2?YRRWJmuF=S4_CkXlGvuQX(grD?^va|l)|FLV^*+KBK_=n*n`sJ zUXpli8FFvD?E+!>WDP0l55aron@JSjq*Y}elqg=cITDwK)pG0Rk*)$Vc(mfpA}&&A zc#dJyA0l$^f<@$%;;`P0VlciuS91Ssi+uuaaOKp(rxaKB@qHk4enGw)FpqVUcCp&5 zbk5X-ilg)>oB3>&Yw`FvIAMfqu^w>l*`MgSLir(~Ec3FQm}lDDY&*jRCyl0|HP?{P z-3>{ZRmZWO7=hR6%h^E_gNdkmkJ%7I8THvKpYY#L$eC#A9XC7sV_jV`z#b$iIr$_K z)-$rO*qA2lT=oWL#`4>7a5&REj$0$&)`l4>hIV_N&AeicM~B|c%nqeg9A0c|{VcxH zxJzlq(0D7X{#mT-;a-if};8P%k=RTkaCqVu)GmT^uE_C zW`P{E0w68;Z%Av_4O5tY74KX_e(Q9&ED@Y@6?B8K+bn;nE-PWQpT%`Bk^+zoVz(sJtXYDX~aYBhI z11Tb^s^q_w8kMiRaz}^Z`|NB=*S5Uo?G_Y@oI+a8(iIB{HE)h8(1k3pPzzjCiPsM{ zVP;$8EVmCR|)B z!1hH_6cG(gEFh3tAO0X7i24t&L*K56dE2)w)ax3`>On7Oexix=!inY(06$kPEsQh5 zF+tV76x!(u=GbT@f4l_D}s*PDd-q@CS|$TU4oD0y>0h z1S)s09d?!pX!jCYizmiFkT<;?E z_a(iKzSM!DJCgQ=Fd%~qIayPL`hh&5Q~6$-wqY5JkN+QQZxt0+8f}es5;Q=daF@c}-Jx)ogy3$$f;$8+ z+}$05yF<|69^BpC^;Wt&ea^V|f4bv;}~yHV^xCjk7o6+BL(0jO|Xh=o!>!A-s<{&)cqtnbhBzWH;>pu zJvVy}Ydbjc_Bz$u&swJKYsF{HfNh#TZM3^G2)&aF=}V^{tjJ%VxLUcEu(UMG#f4o|d@=(SBPRlj?HfK1LcQ_0@XxL1WXe;@ z(4?KU3i3`Ai;<=WQ-VRk#OoAYO2qb=`c$GYk6Ud3J9(klW~|>hDi^l@a8x@uvi^N3|?=pq-Z}s-qe#EtwNMsP(GRNA%?<3s82pdUgW+RL=82Ch?a{#nwm}7XFy1J z&RJ^5OMKT_N(Cu6tO8Fl8@uV#dvg>5db}|UuJ-~owCnYT(jDSl;M{O(0ZX90Zw0>s zb53(o8!464EP-HPl$!|+MRJ2!+b4^v6KkF=u*B1teA3*8J%k639>Rl%S!T8PV`iov z#PMWkL|N{LGe~5Kt9)Bnj$bx+y6;~ zF8VV}u`G05{Sytk8B$VccDTikcsIG84#J;K#(cuEe}bZrBmS`Rd`n;@(QmHEi3E0-higYBUh}| zFx^O3i%3#tY8>c$?yej3g5MNw*j_QG9l<{|LSs<6nF7PwU@pITn;e-U-5HMO9SPg^ zYi$Xph2;oA(2DObfoB5{)hr0H>Nko&h4RMX%Hdo+;9X7SYF_X-{LbcwE_NvkeBZP8 z4$)wT)UflBlFoWH$e5T^cp)J9^F#@5%B?ygRwU492L@3N(c`b z6*?=svz2kcc_zASwqId%OvnJE-M+l-tFINdl376`L3>XIylEw%V1Gn3nOQZwkS9vJ zzJbuoItN?3J#HktYA?ADPXaQ1=(w|fNk)6ylXzi2;T$+7`B%YqMU&Ajp21MP7r$!H z#^~Ta(6En@)hV7>a&J)$gF{RHDgD)kkb{n?Z@A0n*=e@U79fg5=8Ji{sqZYR(e|m z-9gkb1lG3V_i}U$fq#7mYjf$(zQ0aE5_Evc!LP%4YnsUTH@0?pD z!-?umWwFxrsr>>a`NGo+h^DSw(y{>*J%}Q2fkQce@P1xq;VOW0S8Iy9QI?FF3C7i@2VrUmh{#Z za}77X-a^=4VIMi6+8shO^I)hBJc$!Nb>q`Q-bPNz5G+^H_x8inaJ8Z znPJ?-@ZTbb1$aKc2Bo~7+T5+#q))iq0U8BpMSdMI{Rf5kbT6uE>^~FXDLRuyGrseNDIN; z=kX)I9hk|VkT62{m!Qxl2P^YxA&NQ1Q+4@>tM8BNHm0l4-;xJJn~eMo2G?c2iIi68 zvi`YThi30WQ^FO;j%X1HO@oSSOu9RJaYjcOzS`Dy-(}SAEsf*0{XFez=T%4HA&JX+ zYj?7F(r%ly)WD7Fh~uAurnR=W(G}tBA3CHMmd=GQN|E{F&8-9a+4sCy;?oq;gqx?o zUagrCSC8R@pHkC`gc!wrPH`>oFNp4LVd;$6wJ)J7VNa--H{sibsH;MxGzB~7HW(GS#k4u1N ze+UNQzPhr+q_h=x=7F&>D69LD>0wa{yZs5(+Q^JnH(faM+Z|p>mB&|wu)4*FXCKt9 zPpWJ&E=C!tVK@n|UAlr*KHCP!TJm%qF>ktSdAj4unH~+`U`FR7VlxB{=KU)s%JQM< z%IK0y#|J(BYA0}qvyOJ9Dyk$X53FAU{}4Qpm~tK~8cu_H!a zTnFC6)v}=TF9mnoyRRR@msB1Z;Im*r+O=!6AIV(1yr-P8C)?;3BGf~-bzJ+S@Hqdd zOrEzu_U0ii1}#!mKp(& zq!f$7-ZosEc5GWQvI41tv9(dO!VHkIh#*p+eo+^tOX=Gd7~lw8)PMk8xa-D1ui-L`mr=QZpv5_hS&RF*eix z4lL2=JO$fey=-t1P~i>dn;AMdT6l&^x4mJ+hun_ft?QL0EU?n>bytbX00BJ;=hk26 zr#wGFGQ2+6B_k}4uSvh$pEEcmpOY4KtSfVadZkUY(yqFkr-fO$;t{HRVs@osNp;{F|uBZY(=Dw?c(qj`jx zZp!$3I379l?`$07K}h%Lr#xFS^h<$eo6QH$Q35`lRf1(rCm}zQaxM(&@;OVYnx0MP zy{0qF6SW15Kk)@F=ir}F_Zd7kM5Hb9<@pg|_iU}xuYrM30W$N3y4=`?Csto6uJ*~{ z721I(cEpQn4Dqyv21RDi4ra|3C&d{<3DcE^q)J}w*%*EWy5ZqaBad0#WP}jzaki@YA_|$6ZBploC*61akUEsT>+Z?9!#lhW43uKc=S3}17~)`Q>J|C zUT6b1nX;qZ)LQ~6fd}WZ7jI2-KV*dR7!jsK-J6MGWx;EPP`q$8x4Qfvf5z6%&VdAR zt@)I=?kfb2vA3Ap+I}44t=)UR>h(xJlt4eV`pWGP0$vN{Fkw6Z*BSBaNG^D4PM#o= zKc6s7o<VznDHy-!5Vjw=uQrNdL)M|PB;^S_K_3B^#12&t$=^d zd@B_09qflKNWkiIUZs~7Ld0guf&+9Sqaus?Qc>?tkY@;EG{u)ng!Z4M8=(N6`tS!bgHurOeK?GcQa^v`HotNW*U{oHJ5V)9E7M^Ky1u*ni?HvD|iO6E_$fA6~G zjq=+?vL)llbeLmerfHAw=oL?LOC!&^kp){dK$2X4*}44hJfqUGhz71w zWfLmi&9@JlL5YEw;NV?-Se5X^pyc|sYDripdXHR&fW9Bf!~}|%q33xWWsmMDV8d6QTNL-bt&XV6q9-PGqF;|T-=s7 z>^f&SZu~~9?y~DktoS6Kv~?8jjQ(~NCQ)`hm&yZW}7Yr}K&>zC(9%VlTyNI0b8 zL57%^RqTnMEPlc5j!DNBiA?T0=mlX!LvvO4y~3|wc-@#U)wnh>lf?tihgZ?HKQI?s zCeLq-d8pQ4rF*q2=w+POyh=@u`}5jAHzO2!D1%4Y+MmUZvf=IB+^na)d$a#_FK>_E z;l&^5It%pO2!qJ!LZp=ar1K{`3b{6~fnCCWV3dwkMRXF9YhX&Fp%H(YMBpwqi)UYq zww@J~A2_QtJcjI&VdHU&s4rBTR8z zW-6Mp<|ygtWMA8>Z$u`5zKlJzqyQ%zG5a#yG?Wa3+=CiMb;_y#HfZC^zRejPd3gs&32rQ#?t5; z&Ltn%rLG?X6I#Psw4Pnj?b{E#OXY6QP}E;i51Dbn0s)6hpHv@f-}WAa>vu6o$Tw^E zZBLRj><<|;@aXO?95VqYKXz;^*Z`~;Y$H_EC+navaFI-Zh@Uo~GoHc^#-W9$q+Ll8 zX6Ovx(wFFKZ@k{!9qK!*0y?`@H*Fb3O8|wtF{yyg+*pMBm&J>XrO5lzc{sPD_uUFt z$bSxJQR3gjAqW2cP(VZR^70`Qsoww zm5f|?qqaGHEMKJ_sFA+^oa#qN6V{0W5)Y#q(=6(?KHgCRVQ2TX>2h;3i9pmHI>U{=9&4%wEs_fRJ{iC8CAK09JXB5+k!`80y8 zdq@ZWJ6*Y15(JdNh7s?T2qPwxbgzp7s5N7Eg;4vjJ)n&52N~`fneH2s)6%9MX|W%O ztY=S!`13IO3`;D2UM$3Pr2RZ$zD_PLI6%V68)W&B&~?LiEVBS@7i?i_EYRW=)JP0!joB0Lc z178<89v_}BoH*^Ql5M=c4hp=GV2>kC%9jK>A>E9Fd43zpIu0c#jMpZ{cF_O;IP9%(wc%*_)m`LlDs#Bbh|j6V>JWPe={2yT z#8ZACGE}8l2WtV@R&RLARd!{g@BSx_xV{KUP^skk3L`?2F((W!tozY1rJkTWp2cXu z1=*rYlCLBT>$@~t!RnMc_nyNtUjL=Jz5{ZVN`i(Ma@eOcnPC#rF6c8XCQgNQN*+4U#3LZFV3DYukguIs@uJ%-7}?%6bZ(@iInx?_EdYvivA2GZHJoRIJvzb% z5mjRu)73i(R(o7}Ml)IHpzyO5XZttV=+BO7AMv>-D(X^deV{jZYQzcC{_0QKkc&V^ zkt`?gPrExqr&sT%Y{QFxL}@^2u#;#{!biRg&9>iacxS3lrI|>&jQ!KPCdx6jd9L)=%27OY$$@65u6CO!yUx~n ztG^WA_B1W@$EFeGrY)ulyZfHU{K+W?c>k{9sAAND;c&ynZ9v=Ca*_%PyO1W|12y73 zDT>KxT5x3KnEhMduGCPtMWkGmxY^I=DK3bP)AB4Hg|TkVcc=28adF*lPall3vJ&O8 zZnm9@$LLH`E~h#foSP#q7lbS2_RN>(cNca8)7z+MjbMm zW03GnSgIr}Qj*jSjFk{-zUNa-RpME7IQNpXMeep0h^4+HG3|;CpUz`Xu~1Ai)%5i( z_%5&y7n?Chc?s(LAXSpcpb08nOyy#0B0N4!$h|6*c7J79&`hVPqpvcXjD|tGtvNSA zofiwtxEpVz@D-aEPeNK8s+tpl_Yih)-4nrYVk&&Is`?-(&4K54T#OA;3Ck>uMym_b z&c#(OOv3mGYiXLEc*n&0?aogW$IN~98VIKw2D0L`-MJnLi)~~dj4lh2ZV=(%2KZw(>vSPUy(3lPN z#kU7Bb5>?Pr=}`p+o=r4CD|fxO10D1s`qfqnVQcs7MtA@Xp0R$Rl2}wgN8qAAQ$ZN zNoaM2=O`*sk&<87DFq9Zvk1JMe7>>OlSJaFJstY7T!9IQOPb_!E>9Sic$^dboVJ*a z?04h8M*pWik8%DtiDyIu*xA{g-QMm(Q08ty#->#h8+*srs>*W?LUgYqciSBv8Pch6E7pN znENW2Y6PG;h(iH-j;>XCzu(kU&H6O(oej4-CSQWVw(}add<6hSNjq=I&;+yUHDbiH|&H^Vx1RdEZc4{s$i&oDX4Vx`Z6jg_b~3Z z!r+wF+)tj!y96gm!b}>DT{u8zb^oUKb+zM8rs)G)jpkT^p}dxpefO_@;=)f?IquJl z_tVv^&kc9Bnq=Mzm+IO~*;trNw=D}v>JC{Wd2N>b+aaN$Xr>$rrUn+QvYJQ*j~qmN zh97~t$fO6Iu38`DjYWnorm2*I14Tbo9f4sZtktfMk))L|uwBntdX_UIKt&QG?T7O( zT4yYsl}|MejJET=?;2Ei=Xjd{R&s(n zLxFAB&6mP&9?{8xWYJp

        m#!*Whsw2_czUyYpK~Xr6|B+SfISJE@8?=N(;hm>@_zjC4Uy7bBeC63g74#s}aP z6iizS21x-;(w3H*9Gr;oe%9xQgK?&qQ}4G;Xp$eKcToVT8ZBgxy%0(LRXq^_0*%HRAlf7JkFGksBRb*>iWZV-iJoBwvPT1EdU=?1U> zam#4vq|{JQP?cZTMIc69_&Pi`b{cOrnAw$e)TL))Qh-0%~HM3l0PEzSR?lcj@;n@C*=4>PqIze z%2X3|1eZJcf8Ip{v{NWE7GcL5l#tpj^~Ubrz47N~*X8)$LaRPItHf0wK>&%LH zqtMP5nW^y{U+w+ii@Hi@)GEVg3$2|yN_^5q_o@EnTQ$*B_^X-~6n_KXkJo(^=k-Ty zO8GF>T&HBzID+QXx(u4l+CaLPHje7v`VZ_D?Ah(d0`f55GsEHf8-rHA-_+LE=6rt4 zyx)h&xz}B>b>aWy=30sq-!9vK$*o+j(7;dv0MZ)IMX?T4OMg&)Y%l2j#*C;|-~|3$ zTT_R@%$*R8P=C>;LIv3GgDJ@YUnX^iar~-eAsF^mnIHoNUdp3|}Lr)v3yKt%DkPcVv)g zSN>n~a)tVzA_E;A5Z8;0fj*%(U8JP?T{Rd633o5{`NxkRSfDq???pScvE!%_2XWyb zTOJkYDCjG)pgDTf*%6@95`zu~vv6x45s08^n;Sr~Sqx^1UJ4rA2nhi*5jg%}V|x=j zE}%|%vGg#4DZ6-? zBm{665NX0p7brnnG&8hx1?VGV}NSZzsKa_jpg0VuVK+ChxyuwCr<0BRM z%MxJ>(=?b>+vLLY&|9f}uAw&BGx;z;HiAccYja9{;egTOIvM^NKf?AYSUj%}T2TT} z>kgNTm#`ITW4iH`B?8^}uB9&%Ptd6#^CLM8^8E1aEgSG79XO;Fw&e5lN=OCGt=`%P zh1P4iQ4&TwB3_te#g0H6Zww}UiTn-9?W?j=#u=ZHR;7tv5NOJQfD936%n<9RgIhMYy3gX7gb*&!~ zb^A-d<&nAPLR8@U89RY@Q)k^)BK=^J)WNno-JzB*OToLnmrMS)*N5OQl6EPBF@->1 z?TU^lQ3W`mz;AAPC_C@PpJjKex$I8o;|s$``D9Ci$Hf@ z?;tfet2>O$x#{YaIE095Q)c{eH)Ps+JiR{k-8oI`yTBWU+u55OTXmH$PFT!nX}Ojh z(gh{pBn8yVGZZ9vHzu!kKg`jxZMMNS<;2!QK9qYDCN_#oKII&%QQYR zl0DsRM!J!ZbXZC2Z8PR12?huQP;}S>vWY9O0Ig!ajc7TXIYa>{ZBppxxD7;(Jroey zj93qMZ0g&-sFUL?T`ZDCo3~BK6gbXiiZfzK5foo>7b=a-&=hi2#AvWMmo^2nsQ@H9 zxYn1$X2u%PgZv!TBb3MUj2Gh5>*bAOHF?Q()E|S6w%58X4JXqBDU7i29+StjS~1eG zTI?9=g~IFJKoQm(gGLmJfAwV8VxhvRIvJrb7xiSf8@bz=T6j0d-TS7D6ja~o1bWGP z%xs&}ovMaiV2bW_bOxPune@w$-aHv$*1yJ847*Qg;-j5Ch4=xnMu|IZX+n9>3mv+n zuT}vftu)9n@-;U8+~GshS@W`#9|E?)Zs?^dr~{Fl=PHR`rs?#>T8vM$rX$yM6(`+snZnv?zmUU)(glg5`?bL1B?iRTzgHGd*00j9QF8i17 zoSY)cQYsjh4j*VT3DUI2GyC|D?g}8n1kM!-?kz~A4)P+eh8_a@$Z*T--`>=fs4RG} z)G&zQ&f-vo6^(U|91(mG-;NHX*n0?`KTx~>bfu=97& z1gXDTm7X&gaE2fX`f}W6r3RDh&ghPgIim$!LjlUQG|k92%3yxEA8-BGEZwch_8i{q zb^@9R{LCwUhsKcCN@j9mZ(||Y>~YP_-k#By(}L3z3Lb9eOW!6CEKCC@zrpi_XT(Q- z#e@W`e?FnEM1PNALh`b}S+%5@wY6-J6{rfLY{e!! zNU?zFv!>?Z-+#0Yh=l#NHIQ%PW-=IsTqoWf-qu}7!jf#n9d)1~D8|m_N(KbAxe?+s z*cHM$5jZS@caPSLXdEXtvC)U8wAB@&W}9jw9@<TC;Hvlm+PI@STZxf3keh2Q3vpR3q>aFk;94 z{@ox4&d|{z4hY`aNH?YLmS0-2eLxb%`g(JJEy&|SSxi76Iv`y}xxR|t&lv_qi7Qpj zG-i*_&saNDseJ|I!TJL+2dCzpsh}pTrs0dN)EBlRsl;eQBwozDL*vNqMx`*qxj2}7 z!L^!5+9?koTGNeqgm!3%o6uQ51YqD9a(EC?_ByW4buT~}@Hi*K0>}CJuK?{^GgFHJi2o$65dAExz!o>-P1M1J-1F@6V6B#n;aGa569PohZUx-)Luq?M>VMvm?&n>-M`rHo~D{Je(fzu37{T z=s+vq)JKZlDApsJUCjPU`2R7Gt&c!oUl#4ofdMH-GSy<`0LW_YVSqos`wf%z64&ou zX=WFsr4}|TuTRwv$*vH^Kyx1^@IX0@&^bLNEVv}r4U%26u{-R+TdCrJ&XP(n(>xV$ z7=*@#XEmfZvzC*P3J6REgxMgc#|+sM}j`K z!Vc?vjPbj7YM@`Z5ob<}x@?6ENBcBnufqe6RZ!J9gcWDOl;)-RE?9*c*!8A9 zvM6$YRWQdTS!24Eqo>Edw-3gG79qt6zkgcPYiZ)NJ4tHP8^R;(t=|iigt*lA0++sy z^}s12GqZ_ygs+sIk{_y)y~|R6moKQ<0nBs|6mdq%>yY9f)TB2~b_ZoszqdDW)- zb>k^sPC*omP7tjbF#v>uXn;QU+|6AIHbO`6apV=f8~4K3$)z3U;`4^MVu9FsLTCu- znZ_?b6`NV2z)FU;C;-6cniZKG6L(j{wrw%nn^S2MXJ93k9vHsQA=e}OEksqD5C>?I zuAUlk6vo*8B2BI#)d0?AP~ruLob25#i*nvjS3-3u+Az zin&o>p)FJwkDm)l-3k*fiBloujYc1E2lwEKN;Q>$;cgxr0dWMlc2|c$Y$r3tLua!j ztGOL!2ZmWs&0IC~!glF?#Bzq1bes>!(>oE4eh1@sl#EF%gYuh6jlqH(Rimx6%*)vm8eXqfB3 zuur>Z*sArd*sxLP6x%!*4Kt~ScKeIsf3?q3B+1{?=>bSH9=bOxA|e72k3&|lZvAph zaQ4-g+h(Ozm!6oaH5puqlrw`{z(!@@3volIAjnILIp98r6!z7kqT_UIkWp;l$m_8L z@aYSH?BU~dUWS*x7;+lwd$NRPGhn(2bD5Xz7xo&{=>UfnvrTDjhN|7dR%3uZ z_H#WSkV8$2>hS$;AzO~sHSTog`f%sx&GQO!zoYSE%OlNqsnt6UI&NsYJ+C0pTvvwT zHC_muEhsaoOTh|Hsp4K029fATEs31jj5GUGL?D`G<>SFDXiwpFp^nOsIek7+w~j)D z0*CNYeWe|!JB=+en|X36+0pIS7Zr6V2Bp6k{sP)x{m^;1YmHc;9r7jJOE21eXQ~WO zmw2700h6=9+|j=Ms4`g_x#yjHYZ+RVgJX6bbAk>KXqF4_jLtlj1y$EkWjfr8-|dE2 zA(}3gwyC;qp=A0$2R-)hL8pS@-VcKPA%ZZ>kQuZ_tywmtwyeFDD`Y~?GXn_cP2=2# zPhrnsLynr4j!&t8%~Fiu0j)S=Q&O>jb%{W%*;F4OJfBVCP1eC`3`ah^S9$h+RH4CJbvz2q&Nuc3^K**2 zvh}cV1Z;aAKMw{q0G&W>ogGH_@sP(Mc(eXzGDg zB~EoXKl2x3EgzpN3IF5$F~t%Ck1Jz~g;DNE!`g>?BLaeEY}2#?PtjCd_F@);ceK_a zu+cBX7`B6$kzFqsxYR&j&h-cBoftPqW($~vT#@h@wiK6`nyx*@5GrOqZcaaLxgnK& zFNKBD4!=a(ZHaI&d88P}!{_h!T@EnNNb^2F#fCo{m|Kg9J$BYnoWeH*~3Oaz~i=Sl5Ow_X($$;~*R4cnIBQVc( zA$t8-Q3%9zG=6phf@1V=M$WOxS75T>@Nu=K>By?H}$u$G&ap_6$K z-=3otNnYAcC}HGV6sug3hi#B!{nhDFz$@7~1Fs#v4@%pQW+0h$6K`s#MtYi{IdMb) zz6X3mL3@lbZ#mH>$p(C2v%Xx^R~`%*_i+{1Cu%G;7!Hs4!qlbu6C>GP&P*&`WnA3j zrc@()Opj*w^%PDTEE_LM8m$Ww7m!Bwb;xSNmW zypW+j^4in!#i?+UF#~El5?>K=BSQjB%frd6cBGFBVFkC6N|gCJH-0$W)$h_Dhp24OOTz`6{{Xv3@;*^-ud6l&K-5l2ki%vy~IPh*3^7EoP~pwnP}E|d@K>2o730B$9=^`}UTf8A`&*8An&TQ6anCq;eaekmlj^yM|S-Wl2qaa9GCeX-lm5O8rlu1l}V@|3>ru zE+fBg_8~!_T9~~$Vxe#ikUj(^(96G{oeF{WAfuGL+mxn?&=c%%|5bA?2;@RGG-v!kp#EJA4H!2>B9VF;}?L!Yq`T zq?!^k_YKRXu8p*fcvcaN$68;G+6r)8LIZ@+>?0pF9}GDw6S;N}BS_StBPMcW+I#&( zRj?lLh}f=CdO-TA;pOTIW(Z)r}gEYlW}c{pZ1f7aMPG&VMmaBLHINN!F(&S>i4m&?Kc zA*r0KF)ozYgi2Y_r8?xjB`i}*b;)3!a*H0F~gz-J$ax#dSrrN(x&_v@yUSqF2_)FZ*mf^jb< z;YB*mG%}Hv`in5I4;apG^K@c0M3y7Ie$0f9+EAbSuPhH^p@0MN7A00AVAHl0`4q*;Qd2HtNau>v zKu5hn$xNB%;pt-zI4fWYTk`zdo;J!0ssAV^-2458adW#K64$<*x98u{(^-5w?_M7! z5CcLl@T#U!$T|}KZYLNB9rMIBX!ID&N^Yro{5b+5oPW@zY`92=vlWHHelWFPeuY33 zOvfv91tGeok29fm+S?C#tr8T}cDvZg zMb-c+;0eXxR^;xzq!aWp0_y{LjI%^Dr*LZX`2Nt~Q%RSD2~QBJ>67Fi(Dgm(-;nE8 z%sP!S8yO9aly-FM-9@_lTg4LycDs(sg3O3N@NO!~iO9IlJ$Q?glr^b{)jnz2@UPYD z<*xb`=GOCa|37f*0eA547jX8H3jxaxWDTIaQWTUihOHveEd9IF_F1tYau>heA1rQgjuJ0z=5 zfALr)oG<)2aL8S$-~VHJ(_iWYvTde|0Kb9a5dBiqAK%`bmQu~Co#ZarKw#|;kAgw+ zehgEYtzdd1{v?@{T^HrkaFXSz2*ipiqX${yAsf_rFO_~*w)mx=Q%caoWQ<=q4%V6= zNbYQS?Qa~GZ&J>T%{COWhC(@YwEmb6#5TqLDb|Bo%7k!m#tY=|Jn_nPJ4PY&l~)xu zEnB*3Rk3y*5G~&5)KrVoV1V&~NCD%*Tw4+8O!Tu0iFrnS-U@;AL)*I15|LCv1HHO{ z)7Bkt)Z_mGud7ZAPmTWrUXL?3Gjsxri{mje{BaA&vO~^4Svp8+Bc2+@4;Hy^Y;5fA zq@{OtRo7dvmmAXJt0olMuvLo44(Ii!aVT@K_^_{ID0N#4$&TpMU(g0znUa?zRFwEL zgmu>FraSEwgNB9Cc!;c$sInnIZ)@0(apxQVhco{TCZB}x2sYX8Mw~A@hoT}5P6rZs z-K}E)eTm5MS>m=Xqg-%5_Ha}a(gVAlQE>z|dq_6_Sr9N)!JQVafnf55(O8hJij+;V zLqCfD-r~48%@I!BQW*Ed(qhosnKWi>^^2AKb+8qa{_ih{5hQ~wtSCSbp+3U-lY^ts z^YinJMQ@#)!uPKWq@|#yV9=7 zerB|K)5dGvsXpU?93?4tbWhJ)a_Zn7qw}XR^fArr#fXN6pp!^F?|-7{D?22D5Q552Qxwn}Bomfo%5p0=p0$m~C8n{1_6rGF9+(FZolQxHkz4NIt%h zJ+BJm$+X@|`7t`twD-G*wxjS<&BMNW+9yv>`vzX8oFAXThov@$6UaxxW5DM*JeG{d zB<}gmPJArYu8R2hv+Z0?wN2MRQ=Y4nQmxW@kP6@OxU#OMTb}yn!<>9l-!Kv-_kOCp zbjJDJDu#wC{QZqC?a}G=%e?O2UNqp1K@DNU1ByV1?@kES<{G>O-EU9yJ6!0sJ`nNr z@5lb+_Bz@_$UKH{rRv@s&3B(~Qu;@~3nN9<89UVgfftd^AI0WPQBai`bAoxrXS(l= zTp}o@O!4PmVlyJd`w^0|Gbgi-CbQrnSPU&CtQsU$g)l5{1T)XGW!AVizdC+2_Znfk zZK1x*pa#oMWA8+9FQ(b@1{bfJBa(9eN=b?mnxYLDY zJ?|fC(Td@aY^0+*(7cim$2jFzZ=co_ohGhf!oW>4^7=#tmCkV3^jQw0>S5UV3k#v8 zsmf1f)rZFS`7M^lyWLl}LJk0WMe|t=0Y3`Wfuc7eDB7opbLQ0@se>{ny5CAU;0? zi2n;9x1{tu6S;qj0nn$LhsOLojF1%Zupb9w?CHO6mfMg$~Fs@t#_!p4`OQB~+ zVbz1|=ZUEGj`VN>8I|jrgSf-$?Pp1YIw>O;YlG)Tlj-tVlp(KB_111cA;KsZZ>Zfl zDwcxP`tV?TSQ1a<$)ac@ng!pja{zGTNKa*VQWbE+SOJE6G5<56xaj-m2t`Ci=Ubc^ zPfkuAijf#eIY|6eMsFMUF)TfH#d30UuVp+4up(z&%_{jemie>Qh-B~&yx0XEFhfL zkj3tu;L@PjJ?bBc+1dLw-HF zJWp*0IRhy7`x?B}%&u>4xtmt> zUZ(_31D^lc%X#vO0(Q9*1F1;i!~ zHR)+HZUXLp_I?u#_n0APA;}X;@$eUp7pqhoZwMlz`*Sngy@;>${0Z|{9#`QS$S02N z|6%Se-`Y&Wcim}e3lu3qi`Iv6$zTJG7Lt5XF4ZcsVyvbM2t+e84bEMI#sA+ls!TEg#ud($vB zA2GdMb|{F9c7JOCRT%f{HmEwU#G4uHi<59b0UrA<_d^3!S`Y9=C7D8j1V;nq&vQ0IJj^L_(p2NS` zyVzD+pxO~48_HzM%No8_LrlFlfo6pd=g;T&hz#<~VsmdXcmDJ}DfOl#Ac;v0m7v@?m#725a9 z%HizNI<3nI3e_0u{vR+jSSe)R_V3H!eLMLwIwIks&xG z(M)5%`L^w!Z8tvJw(dsI235o{aVg!&5Eb8P6t=s_$l%>53bdp6%aRt`QV1*#E_wy1 z9k=u+vfWn}O>Y-|05`J_j{YS=vD9hRnAnLYcWh)5vufq!Ev4wr4IhC4m>DS{XDV8gs{H&HJ7HEl0hvIPGjF9>CV%OB-ESy+~JXyzI%ONP>e zQB#GX8P)zE50Cm*knxtev(I>l%K*-K_EjpsuJyKwE;L*Z3V<=A32i6v+j>qw(44qh z4vwiwC^lIAKi5gEL1Ufp(|8s{@HN($!(P65WX}UvY@Xw9QU2X4v?Idz3Wxwe*|MAX z?F6WDFJ2#*>7oN352pCC9!Uv2@|`E%aQx7H%-%wk1}3fzL~X~1Z#OgX0IZ&UG25W1 zBgB|~PxiMnn@?|XjWdvwd^p`gO}4BlfCgZUgSNz#CFiQk3xv*1PZt+kERbyK-@d5= zH|U!QH4X^LE7?c`tZC$JtN9?OZqH)IOEHhH)n@5R2icg)MRWe>Ux_MGtNtF)T(&rjFQ+miV&Z{@D-RnLU|ZPu3E?U+1&!NDxv}m`&$$SX;wZ`E8GHX!5g>@Ogs|A z1q^ta#`A%fnp`c6x0eA|78*FARp|<|S(GDgi!5%F9(fjybB`OY#AN~#my1X%7JOg!)z$kZ#&U{%kslrDXSwMYy?i! z^{4z!m+K>RPtJDOi_5yrZ0TlH^&A=MVnkYw8ba&~Y_xW;HmofSPwT=T)~^On{$g%o zOT20(^j`tDe?0tNlU#5)pD3N^nX*}r38_h@3Y6}#3WVy0S0syl2_jR0rm22XF=m10 zqu>cUwClM^zbh16S{Tn`k9$!`vuow7eik~Rk3P-9@MP-@zcj~XG4}D@Lja=p${IW^ z6PNIi4#t$c_9kD9#&G~}O>oVf;IP>23hLI^RhuoKib^l`M{|hrIN4Ax-5z}}R{G>! z$o%bFwg+SnD9;sT}4t8IQqJ(th@8G@NNB?K86wDhrmw^-1BJs|#=k7Z78)5dwHQM@hH57AtY zBnMhx8RF3_vD1|Y_bG@S1G|g~Xq^LNoYsCypH>D;Ahja^ga|#+>hEW3>WU<1Zj=)1 zohU(L1mg7pj+LxzU0I^0bSmXSGcWY&9_z>ooil@{p%V3+mDX7t#};iH#d5G-5aB%=dsG!SAq}p_mA5 z#b0O21#|Djpqts4+cZius4?%3O}GbsqjaI#a}?dllcX(nJ^+4tsMe$A8Q~^qB0-VT z6J|bVPU6X!vh9i0t)fx_zuq3r*~)NM?&ekGnA7TBMmP`(NZpA{pEkc!uEhVcE27#! zk{rzBfEXw`ldBR;HBHDHN!i?Hth09Gz{=6J*a=?Vqz{>UL8ou_B)UA?7)29{DE~NA zp%Px8&*br42W2YB@GeV*&}@l#Yuqzxep^-8Rd!nh%if(Hg!Y{DlWK;gymWf)HA<+N zGM*sAf*!Aaz3Vym!e=1ac^+o5irdczylt>GcZa>Y zL?Z5`dHymZ1BvPg7jM{C>CcP1JXcC{WMoy7{5Ee!x`5$m)~TPa&NTp~nKoNLtUxiC zkNH76e?ytQ_aNY!Epa~gZMclINQp|mQ|<;(rFnApV=*%{t1XCgA-UPSJsZ-~u2`a` zuQ9edc9JY~CsHimIzcYrTQeS$qPd!ko|mUwlvN`!KRN9ef|IPb`1ML=PCo0BPfmyK zTvkbax{(5BcxlS@%0h*K1iXt5QEHvwZbDBVvg2dZ;3$;6F9TJnTm@gnPk)Vn{(A}J zoC}R(rdffvcd*12>>V!Ot%l%szI=N;HHd_I`!m+!8-O3|u7BMQAL)ryC(V53`sQJE z=1v*v<}q=NhnpI~nHD4D)-OR6f1THwNQ*OWtKQLPkf88GLUU66kCNgDt-!G_;wQb#@7gm_8%3W4D*vnEvv;2>6=Cr0^yUV@0F zVT~Gw>sO>twRGD_(w!&q`YDc1Jzd9`Bw|0$x<0YdDHlqPbeJ#fCCXHtY3fMQ$a%Y@b-dBt(Ovk!PznW&3E^siyc_jE1E#i|(e#XtP$w zh%Hw#(c*aTBBs(3`%kaSSLx6@=u@kxwZ`Z|Pn}YH!;xK}<||qX z!yLdSdvNXu=yz!QQ_P2Be z6;XiQP@%6v zPGXQdu^<`?T2xUkUx_NKo~<4`k2a|fttjP_eN?Tia%OB}f>Ejv8&_Z1VGG@hPHka$ zIsv8pMna#r$zL>zxkh$R^!f@zwVax}!o>zCjE%F;mpZ-I4QVf-&<$T$b)HpzBg4XJ zzv~BQEqFtr?U=#QlDfV|9o1UhUjLj-;AGZ_w2>8WCkvjcLOff_nm`&0qnTox9m?Xc z?fl=@LH&C@9v$J=*WHIxp@k=^FG~Nxz6@txDt^DNA%0i4!adk_=2%M(g!(^Ulu-m;&kM>f(JMtlVJOS+DC)3+h{q9xqA$6P}Hzt9$mn5|Hn z!?7g{WpwMU*f^1zwXu%@PR$FGjSbp0hEWl_O!M}t5C%YnIVoJ9rMM+6$7P3iGHMps@=VkQH@ZN0TTaRvGF?Zp-C)-NZh>IM2DPYeelD1iFh zqzHrls;?=wn70nC3`g+mh^3$7&dY+FM2g*W7Sj^4DM^>9ZQ4}F#w@m%hD>fQHuu9i zvrAAZb3%Hv$kpK_K70dOu89yep6b8-Q!OeA*VONv$sflcoij4$r<|OY+LCLP?rQCz zAF3tf4FBBpZneXUJF8fL_3;h_t@fRcm;~(6hIiFwkBqY?ja_*NxAP4!5_@Qybbgd3 zKIif0!<%K?(>3Ggw&s#W+ZY+d)6HiZh4wF-6Xb!bPypE!;>JzT8{<%2Nw{*3ibjbL zJv(AqG-*sZIvgk*aI5wVzwXiYgA*Z5NJ{sCD@MP)QtZCB{Q{2;P36RO3=%&t1gXo1%eTs#eq5t@qAsS8Ul5c8Ozh zr7x0=AWxxza=g!@l-_qf13##Ixp&p!f7z>T!8`gtT+#{`=vVn~8(%dzmBjTgl~k9^ zq0?w^*u@`ea4KU_TP!t_6kf>X#!T(Y&R?oBEARw;iBQ4)iEZ8kN>k1pS6R=e~=32=WtS-&3#Y0l13ZWsQRFhno;n zo!_j(mgnyce4OFgfqY7fqh14@Av_A;CTTsDKr>~Ag^(RAIa^8Y&4u#g*V^xCx$rK# zoGA-*dWnh?^XG~6h*X#`@6>h^ODyh<2chyIdLwwOvy>6@yV27`?1FsUW~y-qJujnc z?FXW_uJH|uHf3#`LCxmwEL+7NXwG*d?~S*k91@{8k+HAw25)vxLQeN|p0Ol7`O*s` zf+_YvxH^(&6qA>)15f*YYrEuoH`r?tsrdKK94a{XQlATWOmJEV*D0zt;4W?Y~ob zjNq+g(JO+p_gjL5BUu>{z~f$zJjc?n;qS5&Jy|iHr%yfj>L-uy-R?QGVq!mBOk@m(Z@r9QkUSV>N!)ZhuVFl}D=r%L-95j0BXGRD zu(k4>b}e9bCc$_L>@xLoJK)#Xba2?v z{l9Gn_o-weez#ySx5wTmuCit<3{1G8+nUW_P(pN+H~jg@K1};J&5NfGI?(k{*ZHrd z#$6kX(}huip&y0RJ-f2p5Hv~(iiFKRbeIs>Zv~@TouYgR4c>#BOZM{DLH|h3y|im< z5XNUTnO_Dqar*W zYXUAc#cRM$gML9@?0>c(R!bJevDj;Rq8lA!Jo-tt*zyy?`?D`cM-?uq`L)t1k*?uT z0unh<*JYNmwlsGwMF9F9m#55T-D?JR}9J@R4WTo zadPRezyFGOyxU7o`MMhOd_-g*{9J|WpyT8#mDSo#mro-M9uJ`y)K7bBDG3|-9U7C# z{IIdEyB=zmfCNd9#%n{O#~?2f_u#rV9;~OTNo$H^^pbRoi;P(QVV~kuARDu|GfiUa zNB-gcd+fL4V9XjR3d`_8#g=>aULsU737AVi*{JDzDNQeMqu$!2QyD#1_uDk{b|%8o zQkm$LDVHfPkcsAYa4j<&E@&GRq^N#TgS zz{h!B@oqB_!Y0P{&K}`V46}5t4$HDa1@L^AcVGZP;p;IQFAv6~1X?G)?)AT-ejkEp z!8#O?&gh2HzEvLQBMwIqe)zLu<2hJR+jm2nFaE6QN%C{+L4qpj)vcVO-3J(=Tr>l_ zmf#W+sPJStprFR=BHA~In=91cmtZo($*>3qMh$xq;~4ZHU*&Tngv}4X_UZ?o?C{Py z6oZc+w83krzhFFwNOsoeHkQl;aU9tyk+l{d6co=;S+$HSO7216c5{*B`x7lW`WmDx zm8)ifu1dUfrILG#ULthr{lbupuUO7+$8d=Et{gSZB6$WT!~zHpH_AfqxU&7jgI8Y= z!*LYfruNus$!Mr8ez$ZE+axP`jr_vqFsK)HAdP8NX6P9I{ttkd3=4dhow@7%T&nlgyI+j|CV30N1Sh_#&eJ zK04}-DNt)6DbOk99V92^z{5NX5}96+i8=9NtM**TIG{& z6msXp%h6iwDd7aTVO?-6+PY+EDJ7g%Uf=RB@4&v# zExq~EW*fg;b}58oO&NHAg~NkX^n56e5qQq^XgQh-dedf{{yn#BK{$B*P5j~8sUZrh zdPvV)cbE$EsIGbxVUo^YbxibiGZ4{ z+=jKY6SBiOdfUT0UIIyILZtrrWzas9d}ceet78lyGUE-WPGC2@FjMv8)g5^ zZqUOP$iBOncM7ZA@_Aoz$KH%Rxr4P_%P{OiWF2Z}-IJIy<4TC^rJOyl)*YkjJpJi6 zK9T=$rQSlAZ4Z6Sr%Gifh@#;&?2ekhEBRYYN%roG*8)9#unHIPw%G^8~r zk7BQ##yF2UiZWtgKoZcGX9s)nbUIn~4-D*kWCR+xWTy9Gw03-cPiB^V2OGht$8+o! zoou0s^023&y%mi)`KAW`%vAQVfT4sN#j>BlAqtc^)IiSkg4@=H+gOoxw;>4euq`*2 z49`RaZz$j0a*2R#b_ez7H5R6GG}@1kZid*Y>P=0Aohn%%V6~$nxna~OivLL_N-d2S z#1nV*Md&}N8NPM-ihnwutOJS9UWN!}Sj1EgH>F9$iqljx%WOWLP|~a!P$1MloI9L- z6$}ZovBE^*i_fvhWlJmr42b+45tnyK|O(JXzRBt1-BCy^?r7k;zd6 zs8hyN8+f#NHbpEv*^h!-nZyhXQWIeIxHSXlw(p^Y7%K(0@Tc=|v|~CE4v#-8ylHdz z=;PC%w57l#eHx~2t6P6=Y@=$GAxnM_XN{ei$|7gT_z+wa?-cR}s5)Gm$W#u|vrc)L zebDT!Uu5jSC0f56VHCZ$thqZ7&`xO4SNxhKJVya*; zGZt`9FX(~15lW+eY3`kFq+r0VLfe<$Vv4H zJyn|cz;))=rTH$i;W^f|8(G?pCX@CIUynu7Id3d;wXu%fCh|>r21ATx6MHukyuR_< zJJ8v^X123>`4W)iq=Cr`9TOb2913i>5sqX4o9;fhi%Xk@aG~-EepJ5fgJmg#5GuPD+7-f+}RT z%ns3%2(sX<)@yHUo4e!hugd`dDnhuQ^I!ZE`(OMs*c=4+U1+uh2g&#O9r)f<%#Cq> zX#DHIMs*oaV^Yzhv0U&AMcIc{W$@Y7gg47ov5F5S>@M1_*0Q3avZHsA;83_HPv>is z%u;`u7*GKxST*31{iid%?0rDje)~e;4>(hf2jGp%ut10!ws8NVMpjRQvPj7-qaQ5p zGRW~!w7t~3dtby4!GctQbgCUHeO?Y`wfcr=o-FK$39GBB$&m>3mgX@~i&X$&k{xM> zAoW7@4yR{7?0WH1xBum;%Ona(kk|h$3kS41UTT3pj}}JCs?oY4;Giu^0)K$5;xazd z*kSlgynyL}4bhwrP&ht1b_%9(B4)DQ3&H^$D3+=jYe?I6Gjf#wz|IrhZT1&{v!U4r zsv5F9k?v)->)jp>3k9B>mB!)-MYxB;p@pN%@&_3qR9im~?32B~adsR9^X|xOqkfp! z)-G+iZ@AZ+#zTGr)67v9d%R%vpMY9PV<{RCT}y0$4r5yoUr$P>qm?y-6moMoU$~|a zATvh1<&eJe;m290uph5d`(cM3pg83BjI}Qp87wL&BSR=TUi_%Ew!}(1^*yvILvL>7 z2xSoC*lT!`938btBL$NbD&ZQ#o1nSGzlI1_c=(d~4iehdn3x*r&*5Ndpo4vVq%2)y z`0)?6c~j+fAPl|$C7wHm=&v|%Z;nx7m2d;s|BA3*R46_8qA}vIo`y8;LCQ}JL>25_ z7YlhN-E4OL%ah(ibVa3F&569L!mG1*e6Dn}PG*nS z5lgeR8tu?BXt#lG7Nxw@Ghw-s)3MY{UnLtg*Q_?Lx5CoG9+~pOU+rHp@`XDbh&@e& z%RVD92nqAkH!@=P_GlDiHhK14;%N(}&*FYBGa(9HSzNwe zJY$*g2(mVZs8GDiAw#X@GW*RFfhS@8prMIO0AwdFb498NJKsnA<g!^$abGrgTp;$eERHu^j$q4$(*&_+$mWH zvU<+pX}W~dye#K!xx@+_*BNQ)zYW}^p+_WSN?tr@OK8lVGHVg2r*h@Y$*pyN6h*lBcw zS}Yfisjb5ZbfH%wIZ&!~fsc4Rrq$qVr`Z|??dS&tmC9+xw7-3jT`w$Kpe23I z*Jg@eyD!^d;$ZnSF??_%laY5Lt4}rv!C6cY+P*uU;ocIHUAHE$J>7VZO7i8mGU~<( zV^%C)jf-!EyvpX)VY$YygK3v(|LYB6`qLXk1EhJUxT+*6EzQ1P7)%6$`r~@yvUg|pHp&kRy&LV_yb7MdR!cmUDh(ebx?SQXY0YJKbGaIR+_eQEHRiaT zewWH;Rhu)Dz07rPC{52gXSEZzPaK-O!J*YL|0tlcLJo$;5N(Xnc3nWt0hxr1V9bNU zp)Xi%$&T9e-xU^<(%P3dWy#Xbfz0cyBhgeGacbY3)cWBqO@&*um5Zvu-{_kd?Kgdb zW_+&cS}Hb#p0fbFlc(0kV)0e;2_9WsQdahljl?YPqoo#ec^FI~!OUi8xw{0+!g2K? z8>u#4tf9P~LJP2fpdZI_-6yiBG>`zyxIDI9vl{VLw%~7d+?HCHQ`VwvgDf$s0bhl{ z?V(uLT4x$?QgCM|rd42Hea??rb69^O7==iiC0cicVBD!g*C~*nlz%K3X)p=t0}gra z+13WX5eJQI_&eWy_dVowk>|wm9?TQ&KzuYQ#YaL-QAoeg!qxejD53OO;l8w$qA%2A z+2S9ih5lr%9l{I*i;2agq)1y>l(bP$b;m@d`8=XAQ!yU*FPlgLTfeq;4B?vIkMB-gwZ4Zo z8E;Who>P2Ei)G)$4K#=$u8c2zHv6trg1a`--jUncEYlJJgSVy$%3({~9vC^)(aII} zvL$*k{HWMvb$-jS_)%et^}VN-!dE_PglZ>6JOD-y^r63Xq%HO6yg-%4^MX4Y%=qbLzLY&>12q)mre%SadS>Ir~Wr8$v4 zN^X=gyndJ!@zbhO!gSfdlF@P)MX8LIyV>+TB2j;bWw_WmSFC=ToVS)s#&w1ru~}MC zS&wW8=Go3h?+v|y&jEoHKCxRQMA;8YAYjSiF{`bEJuOFA&cIj7DSFs=$ z;e8)P8M^llE8&9sTMy@V=ad|qX}V~B{SZ_of-6IW#j{!ikOufd+dbL}ZA#8q{IZ6; zYbo>ZAo%*Zz7mY2b9X`_-9DJEw`zfTx$;deMohaVntNvB514z@?7Q-Zrv`5v@YdIH z=Mls`(4o-poDyURC%bxM=@U+sxqKr)UmG$yWnhi_Hf}$&G1SOS!R1FyeT2VK@&;Bg zlXOySZAY%dBdX4*O`FNz<{U9{iEj73oXd7$P(lL}+dHEx-@}kCL6EQo^|BBpD+tNB zkEMJiKeh(9&jJ_u7zHT&4tcl7aSKh{h zIo8X=SYf+PnbA}JUrBFem#?HgQ^;q{6y=}*g-oTF#^{x-=LI?MjiRq=TCK+er#tcB z7x1d*J#$!zrz-N`vtN!*GD+|G4n5altblb)rcS&;mbhyadR%OPPeXGP;%3sf^}};M z_1onW)b|oO4`o}sUU{+41ym3Y$Sz1U3ThWDa@7u?M1av5sKMqQN<^x<0yHAn6MXz?dHd1w_wmmDP|i!9$##IPgKg7 zk_N(MjkRQJb69Bm?4EQVX*X#dxa)PC!P_4$X8hT0v_0)+^_jbinp(k3HdZP~-a5PU z?6-d*-rQrBUkTNUPmjrATiz!`s~}vnU_1=EgZ=k~-#PWa|e z6W8+7GV5VS8ohUG_ZFT%OTKT&Ms~G1;=iaj3E~7CeIJ=oi)OtzBw%;FHY(oqm}guu9f{YR&9|&p2qV?`XiS7spPtAVIp{h&??xRk}#4Z z795#dLa3ZbH`}^@_56*$`ie2;-`-iiumAMUVvwf)TBzQguQkVm3&(yBC$c>#Am49q z4Jf7XIsY8OWB%>Y5jB-B2fA&%u-+yzl57v0rA~=`yY6o_T20f|A)^0pL zyE$ZSyPe14!j}vTpZcQ)p!|i%p&0G(ZX=Tot27&sf%oJq@7{*L8#WWH3 zA(+~5Jz4%Q&L4|5K9OSvB790_3H2FP@e^T0pm>So6>b=}6vZnu_Da=;Hrv0tG*q*N zvqwEvphR^yPV-9(8^6bWUwqxCJnu+2Q{Pidq+go_@fr3V;gVk1mg+dXY?FBVk7P)a zJ#^FLalzPNB@@Y`=AKBSjM!bSroj6OW0g?Qxx&ba!^5_q_x%!DQFd@^TY!xIfqc7{ zc2OO%O#1}-{L<3qcTlWCHt%F343!9XZOiDani!+TH4~hYG7?f(TWE2ChMOw-S#Q#V z%ED=TxyxZwJOn6@0wP5n*9Ow2Z8Jmu**hg4{ZqZ;F$=V^}d#YlBo}%*luK< z`G=p06j~)OFg?XV!tvPkZ4z0|EY;J6zwHaK=X?7sjhpoy>(Vu9?-E%V|1#=DL z2x5!Kp!raE8>Z10xi<5~zjrJ}R%Uf}b+R7R`Aw>Vcv%AQM?hQI8l5}lEjr68O7X$H z<~W+os@dJ?Z5_Qg*rNk*@;NSW)SN@peI{os5NKo}XT!290w6nGrK`ItkvIp{=0vQh zFUMKshg0rcyjO9u7T>mWWHDV$*R4YjBj&-OI*F4+l>S-}Pb?YsacF@<$7$ zlIhJvB#y+X9ZTeYyG3@>H6QNu!`!M#IPZ}u)XV}{iiPRsR0=vd-N04fx)$v>S5~V* z?^=oX+6NMqycY}v97WN)SAOYlehKiFGXcJ^iI=jDM(&esKH~ z03tDWKL1HC+Yyb9YhU`(8+{{DzardMo9p4jfzVv0`@9EL0J~$Ji(j+d_e$aw>BXt~ zA^D@LXCdq*7F4sjBwWj87L$7gSy$=-1*Cs?mM7V$e^CQ>tH+1?L;p91U>`;JqJF2v zLovAC6$r1Bj-#a0!Yyr{kKA@!NGB(%K@q_?jxO5ojDEM10cmdG5~&7+33IXy>L4wB z3;MVtRIpcY8^9Q|p4aUxY7N%Fk|z#JZyd5tYZLmfBFqQ3d%5{Q^r87uSH|3#m9H$M5zu~Fwf2XwKf(i zquJ>~B{6Km62=jeMbl3)H~02zLg{757vgPgNyIUlQ?`4+9g+`Q61r?bIrRGnV-|`3 zm;l&r4Ui`Mp^M7KQFi)hOFb;dh|J><>Y|MCj0imBQx#5`V@YiVQYm^u&sK{PhJvXK z7VZ3Ca4#EP)Cb%z$`sq^AJAoH>vQW0@n?Y&rri5~5n5A4J!?@tVY0t^lM3nQZ)NrZ zwDnW=&U2P-gvz{wIHWqG_l+Onc>)+og4`fiS&vWl+&E|Pve$lMV#b%%+8-=bQ#beY zQzu^h6=DER!Izg!pKB_`zr?N3UcFS{mX{Vz*}s*NLu@gTlVJ*0RjstVsCW2CXW<1* zDCj(%+0H=Y4cPP%a&Qx5+Sw; zyF>{bpK(cj9L!1{G)}?*YC$p2m!qljcGPH#Pv@+KFKrJKn}^_2Kbp}&P}`M`3yBz@ zcfL| zb2A}rLoS3KD^5-|aI?|7%QQa#HGqzc?~nqswHw}I!3ydv=9mXT`(tAp5TIY>WTGn zT<8iiK}AUTHMv9tWU|}_!n$?cf6RN)n!wFX)1^I1J3{B{}?+Pl@)eztO{DoZh|R8xQI?7)KMsl29>+or<4&n-Va6_^~{ z`}Ml5&HHo}8TDxX4T_Y0v!8a!usQq&z;MG0VnsQ zP0B?qRQ^`B!OysD+3P>*4DVlLDt5EFsyaB7>!=}vp)8^OvNIVMzE;P-Gqik@du}b+ z7WCQX_m|cfIFtFeJUCP}1ZlsX%nS`&@>$kYE%ao-jMc*!!`<<7J46jJ$+36#m-ySbNTU>*33>5Axk~+GxUUe?F0E|miW0*lg|&pajCnF^~<*LLTrc&;c?2Rqo)lb zN9_|fh|62rKI}7p&iIn~FP$WA=bso}O)Lvb*a)!>L^Om(Hph5jOwI|)Fst_S}cs=No1myoH zWAq4H=N)88dpOMbadY*Naq-9mC{S*{?X$rqM#QYuJ;N9M_npP09tq|{KOw1ZI^HHv zA4Z__N@GcPQ8i|9)SLXE>rOWD;LG?Dz^9|1I9?whAB@)@jh*bVo$MR& zMDB)W`^RZ3={%nIMvL{oRa$l=K-Ejy{@zncWC7o=?L-_>GHGM5l$4KE+pSLEMDk^V zad?V^u9Q629A+ToFfFk@6sbAlfk;42o#w@wk5=Q?487iLT(8v06`%_yA zTb>Z2OH3V181s*K;i^-#6D{_dZ`M#TV}-HiJCx*H(A@BoaYXT1T&DG*rQN6k^vV8s z(&z`t$(S!a6OifRxkyWMxo;$}xuf$`BvJl9QkD20QneF`MHvjKv%rU|Ksx8<=Ki48 zV`Fmvpw=Nsz>#5$>!4Nib^1?wxovwu)hNQs(6BQs1JM*Jz5|9vg2thsilAs0faN5mf)=6W%5-XpY0xq5kp5QTBtHm`IRvTGsYp${@%2PAyZ|D+OW5sKqe;__aoF>hp_#CE z7X6j=S6Uk_Ks))rr{{k<8@m7V{tmtl`(tm=?F#r~Z-6hVlW=>(^WhTH{oJ?zD0*hd zUyAtQKjL5S>tHmK3gdm5S3E!E+xSZR?%(3gpU)d;{x3@{w=69!?ZHon-=LhCStp*s9Yv6}Gi zZt~p$Q@gCO%n(N~&aNNbi_e`J?PviObEX8`ID)cBp;|LwWug?j5y3P=Y`N%IqyB2I zW}(;oe~g$MntwI;3dJ)Ier*cbqBT}4NpK+!+xK68{TVQWj*oC5e*2#|!RtT14}Jnb z?Mnf9{g3xi_uQbH2ZMg#uiGEsH5M1QAysn=Dm!#DKC)nWpz`c03kmEJt>6B z<=x_seG}jO?9hc*MJAg)|0|jfKGyzsaH7N$JZA-;-{mu0vi>K>&&$gTm4IFRGzET7 zss8fAMJqPjWD`Axue?h_-sXhmIVsEctZrtdK2p zMs_wT!j$IRd!I#}CKQ}w=4dw{8w|dHfJ2$+BmBNYT22Iagk0!MlOVTRlZBJwp;z19 zCouDW4LQ-wa458OGGgsD<;OS< zOnB`EUHC~yoL3hEGkP>TLhy_1c%;FD4B1qlx5ZlU7Jq_pnXToUXA{2+9uuG4OytB+ zPJ=vK-mWEVc=?OHl)y3VE;@7eQ(N_b!9{y-^Nl~c!l8+062|8gqG8G*$JlnrCMyGy_kPP3sWuSNl9Ko=2^+R76 z7qbSjo}XoobTXdJ&cC~~FTvhB@R-0e1FSkQn(9)z6Ch=_%u3J2dWyv4Z5fs)eF;LX z`;BM(vO@T$6nWQUrg3|6y#TdMq`(Kc<(qsfu+zB+8yKYG6Z5!Pz14<4c0uxgeXIXj4iHh52&0L~wt)wGt#E^h z2wWDjAhf;%!b2TKK=z#;83tlfQWUla8mxEUsS68i@95Zdw5*Lo(? z@7aC?!O-S~XBu;#E_UCVN7zsDd2>%BsMb>>YKP!CN0#az7ReAbVTyh?Qs`^X-(!_u zgY@j2aM0Z3TUS)_jr2^nWW}5aZ~5zNZA^#ED>Dwo3)EM2v2ClS!bF4G_xIt!My^Az zy|ii~eXXKe+~R-=urS2CwAJo_)48gJb3hv~8G2vM85%|nKcL>R4gEa&e%J==qRl!9@CMR(Q9Pc%0wIv;xbAyk%rk&t%ra9hkq z`JvppT!TW)J%GSt!tOoFN_DUceH#W6#6Sx!pAb}0ruk1kktC8gcsEpbUI9}Nt0Xu$ zmJ4E0NzWwP?2xTl=^KCk zi#{|+u;500Z1iPT`KdtwBF7)8xmb=3=+w4N)E}I~nXi1l(sg%kzo*#mR*}XbP^_>$^1c`y5FtvGRt+N?#IGTF75L- zv82+Lp^*lt5?K5i=pqJnQ?1Xb+1J8t5W_To+AAerOgMsuCTr$b7szQJ%yH$`g@>Qx zXJZo%7k|suFlAd@wAOQOIHH*UUC_+y*&}(?Xj?nphWWDuy1Ex_^FnMaXov$!#H5aI!e6miq_*m>U z{|$aocgW~*4xKjnJ~lkG;Md9sAY+dHJN0X&rF?)~(rD+23&TQhBn3eYkMsGRZB5Y3 z3tY^hdD?6YSrfs0{EnE+2bIW$s$@#fl^(f~Mypw3;-@96gWBF2p%Lh>Kv_cT(|1!g z-!f_0bPn8Oj#Agzm>GgZrIW?Rh{={cjT3vJootV)FUE$04p=wPGm=oGB8suhn2&C1QB?YX=;H{aI6>FF8WyzHs`84t@iOboF-UHdPHTe|d2h zgjunG+;#x4D#C3)fV^a1QMc;qZzEw{FZ_50i@x( zLV4%a@Ky;fGI(8MEeCy@0k2|ylQsG-c-mG@$E#6|Rb{B0N8j?cxx z(eOZNvHC(e+7#|n|LFLUGqnkPvnv7kcWt}y3PN)KB=p3$&5$(jYe37#u}mzJcN+@q ztabz#1+!ig!z&hdtuawZ>KpL$qSICB=p3o)Ml=3sP|Nl6pP%@T{lm~1X2$+v%(EzM zzn)`qT8;&1Ij3jGTtB`O_S3ccd^>w(0N#{L2wUtA(QLG{I#8-o=p)rNh7qtoH?Ue7 zYmGmisF%=n?R%c{wnc=4tc_MANT1ex_fZ!cikDw187)gBFLlZJM2V0nuKd%bsy`i* z2(CKw?5B3dIBYJp)7Na#-he72WI)!KH@9BQM=;4Na=;FuC{S5R6v*Fw8ZHK$A9vh` zx>E=<@l1%#&&avX#^F8pq$*_z!p@}=ZbiWu1y3#w)<`RKUeb-cPGO*A$up?{;2x%j zYfI)^bO`j980pV--?83t=NTE2?Uo#sb37aM$pGuY*q*Gz+y959vy5u1>)LLGwzN=a zihBtZceg?*2_7i!?(S|a8iKpKySo*4cXxLW{^hyf?j?uR9@qcx zhO~9d2t0B_^tkWn664?M-wy+iPpDX$iTW;*w3l*pJ|T>$zu%2~Ltt{gT!4K`P6MIe zbSVVM4Sh_<^NYVPD=zgMqd!g78JCHIZa)`@Jxv(eKR+`NGv3Lnke~hreHr#hd;t$WSH`(ZXyM}-zpRA)WP?0K~k35M;ypQ$bTd8b-Zp=|p$EMF;4 zZeYR_;cHk;6M1?VbVGCod3%WrPt)-?RE(r%u~OAN2+T|ntt0zvL~&$k(sTLk8A5n0 zN_w(GqsT@d5MsjFXyxA55*Iu^irU~iIE621elA@opFg|3j+%Z?58b-ffoWyljSv5uJiBwU47Xbe1G`upFW9JRc+! zQ$qYX3m_ksn~6Bw#*k>Y5xUN3tS$u=ecGbBqL?yW)9MDiY>Mv@@$ppREd3@b`hlA$ z!cY#zq~t5*uTOQAjZTn**t+b^4wPh6335_uzw9f*%FAlMR?&PJ0~nX2Y-v$6dE}Md zO$dnq*!{JPVuF(5pAm(unf&o>gYZ;@zAaiD#wD0TE_7D}+RY!QIxoVwmBhG}5*^dx zW#*2lHorCtSUb1?5y^ryt{lFCy~6lF*C9~1z?&Vzp76aoziSUOZH=B}$IBFMf>^qR zq(|6It8XUAH|`#oQoUt#BkLYPkAJn~QSFkCmDVk=(Zkq+yIM(6LSbRlS%S2owU6?b zBPh8V6q$N2Wa9Rzzo22O)jrYkbsH52<64|ANQd?Om_-`z{@c9|4`mWvxAgrk?98q4 z%&px`e=AbsEUAq_X$st|wT8RxI?q@V@KdFqpArIxObNUY${+~UV#DJwUVfqTl&?h} z(QC_d!$=i*>Fqb7`4z$LhsRljROZB7K5vfc!y2)nI61h-6hjwZeV5tZ z9o>+09bA$lf;DD4Q=HwXuND<5>)k2(n<8zAao5A<SJ?kx zlAUb;Yh&KmH$WlS3DgTQYC%mA?hCFfW?&&1~@t=4ouT zxOO3F-0%8st=jD_%F4|1E-0Gi0D=jLQL<|d+EilwnT#+gg>tnPsB_F;rSLekYF)mV| zJ@LbYxQ5sqzP5>eQE}%JykwfxcE&>~D+(a)Q>s@B=lKK5-fusib*>p-L+lylxwJKS zR`IXffwle+M2S!)LT7a<%i~s4Ii@1pW!A5_F-~~N?!#^b!pO3%Auc;piN5UF>eB|N zIrk3Jg1eF5E95$JVDg_8K!3+w%t$DEvic*P6AoilB*~U9QzzWF!i)N49ldY^QgWzs z21E6?A_Dkar!V0lzc&>5c0D0WJ1>wSz^LLjdZi+tNEHYb=J=h$D3bd5_YbF3_~K>J zLlX#iC-nb;|EFr8Ia1AA+-{`vMEf@mSC%Y~hT*PGU4vkxO~tVPiO}PSg`tP<9W9qf zIE(~3bX(4x7XG0}_2}|0V5_OQ^)RXry4F!5{dnpJN!*i(EOCSxj+7g^Yh2rjdtALk zSXMKiwAF+m$%9?PrO95=GHVj)aNw8qfd+-kcxFR3z37+}i(VaGJ=&sC|Fi5hLdR?Uv1%=j^O$uObkJ5sF-;(()h-C3ZpZZ*V+SM7dA-5eVB+^E z+=FuOcMtC8O0mzl~lmU2JXw_Y*sIX?Fn6c~|7khhdg1k`uBU~GZfuHpv^PIHW zNVU+4dXUG=+*QD?^)g@NJWw%-rWK$M!v%{^)8*&Zu?vkNr}oha4nV(r!3Uj&wRu^J5xl{~sLT-`ZtXJI`7SKFi? z{C?cX#p0Hd$e!JU&%B{$$O3@KGX7g7DDwI2*@8ewcT{(kVppqIvj;Juel7fAaqW1i~$~XVc%y z)2;+a4VKxGks-HT(y9p9_*O8|j%Fkby=?O_L=@uOcOuLp+g2gY#5j*?tiq2a0MD0g z^Sw(iGfk09O8%m@3?CD2agG$k#(M-gu7K<_TIP9&+bzgd;W<(2?M|h6FOb4hDTF8F zVZzMlm8W#?6^h<|$C>(U7;~&a{ZJw z<#obn5KV!mD};Kg%&PHszr zm&=ChXcGUI!uZp|-f(6_Tgd;AF%+%gDw7L^G}8+ZgO$XXM>exB%LLPTr7_<*Y6gBc zxPC6Y)Dy7G z?qU3qpdXOZWun5kFwK#p>%uyOI75fcLLJWH%TE6IAg;j(G-&#x$R_6 z#2&Sc!0FUzV9*_W&h4ErQxB0O?eV}KY>dsUR50R^QfY7eA8}<|-ft5xXHGMQp$~ikAl z?1lmjQXtaAvrY9>V0;?jwHq}t4RZTWa(o|kQ?+h5QRKxvnum;F4cTGc-YHhsvcYvv zRM&$Ne6Cyb^-Kb5#QxJh*Sr=$*5U(b!DAGWBdyk*tXX_`rgB^pq^Y0BSK;~kE&~dj zz11>qiIN=fj9CpQ-%;OG9>>9~}N3h-ks%rntq7DcK zIy8x5o9{|a8i*{_lAW(4(-0Y*c*qfH>Y2jy+;4<`n$=?+_dD4d%Xf{BHkWM4uv2a} zS0ZVuYf?I;k!&RAgP)5XZO$K3q1FO=Q#9GDH8Bi1 zN;8K9@EA}dDj_7J-G$|&)q3W)7(ECqM9cRbHjD~6gMSP+{C!mAXPM<{x=85KR=UT? zW(%`Lz6m)ol~vqhpNW>ZPVTk&lGM`YUU+SyEs$ z)?^kWoD~_+578i6C#wkvsf@yTE-QU?KmU^2EzuLrbBt~pXXbUW&rvhk0bZO^`UyA! zYzP+{p+AJU$+6NX$Sja=w5xXs=H$jZYK?@IW^`>i5i20TI>5ijvanA($9r_T+T9z1 z_9s`LDIgSM9$kE%)=XIrQTWk^jgd8+pv;1onfa4dLUJ;goMz$Q9YkfGemV4TYWVOJ?D?sY>k66m4jR++kLHf8e+^&;D|s(gXA>RhZDABn^jv(EQA&ApVZvqRx+N3XmY zhm0(D-%rsfCE*)77h zWc+*yF?~t59eBT&V!A-1-M6PDmvwdj^-6(@RedR#<0I!xMXtnmz=K6W-4R7y^bheD zB6$;_Wm#Z7(a4+?Eo@iALb4=!PVPRIo5EnIyd1Z~mxw_XbnpFgn@^TnqTst4bBZef zdnSI$MOQ>*<}3f<+%fzA_a^=M!Jq7%6^a}+a9r=I9WWvQDO@gjt7-i zGI)Fb1tWG2|BtKW9K_52;&n6frnQjlX?1zkwJx*<93%{-bhe?#4A?mNvb3D>dqH+d zBS_*8?#Wl_KUC+wzV(_e&vqj%e{uhw)HW?Xjb7fNaxS^)@1)!gCEU6h?nF}omo^5D z7OEewh*s|G9B4Qahw9Tp?MCL`DaA?D6RWis3Ifl{6yHYuJ)FCu@*y7&9Pj{0*6*s6 z5-0ZfVk?0DDf{>f&6GbH88I|!bPls7uYtD7=eIysP752-d?Gd?W*o!v<~tHNeAH{(iehz4cZJw7)n+?#@Q39)sFZ;! z%{We8WpOue^z)|MW5uJAJGbjwwNQ<&;cl$Bpa8B*4e7?&r)czI-f^cQ#@ncv-(ye; z-!TaUrfCKfCFrI))&0-0k-D`_!@qe8)`Y2ngSj+N& zIYVb_uPCz4q2dCQl?Y3_I_rP^D$$F0MmlvtAH4J-R;-Eg&!~rJRVoMA;NPj^)heL0 zq>joR*zikx8pLhf{aMp7)pkAeP{R^V86KZN?Hyi1NURws?uD@p4??ElVbGs%zf}Ly z>*T=So%1wlbEF++@Q!t%`ir1@XFHn}YY?}Z*N$&h71bf$$Z^t8d~B|K=|VEcC4(); z6c<>Kv9tx(s99>rXsekdq4Jq9j}iCcbi*~WQy|zdeNWzN-j>I11dNeb5Z}926bD|0 ze04CoDQH(xLe^^e=02@~^h8>)F%|*jO1OUKU@E^gX}LJJpJaN4qf>{#{4LX!FcmBZ zo>Xz#jqOKrm7$CPM{&@~wwtVmjMZ~kI8t^irq~~+quQ3_5xRQp=SQ@h=h3wyh;NxC zf9h`02kzTt&Z~UAv+3tW_lBhCQ6-6AX=1K(0JN~X$Xu@%0)qkhJnyGhJfpl}mzzkD zEOwf#-M<8p?3tyKlV7lohy2>=(gw4K<9tb=EGfMIc5Ez6$lh38MyRQ{QOTt_ zN#SwEg>%u7A#b(otvOGo?*VX39AP$VIED`_p^+kCHLfXc1bDLYL;{Hs-qdjSZ zA9Rzt;a#-hmATyL9GVt)tyd2*8In|+bOG=CV-p66H+RQ<9N~ypgLG~nml#)>fPhu^CDqE6^ zTXabIlPT(CE%9zVRZ!5}>b%NPn*si1YiV!;viBj6rFM~$e?|$0aS#B2>WG+F3OCF` z-CzX;>zY-^Uw301drcS@yIOKf@^2UP5VYpA-RimmktdW1ch2%$iOWdQ&8*Td;@0oVy`o1(eGLBI6$p0*g{j8z-KBCzHCL@^kPEhaV538p3c9NQme(ptK}GIgdJ$t&G|`-k_npFV1_opzr+Y4Ty-jhZED z2Ju5FdwUQfBh>AZhY34rrq|u{xo~0M(T5{LyD)4vcy(xfo}}LT^JL*_p@YZy8WEp;OINg_L3hj64~#-bwT|E)yYz3DHm;f9v9Sha zb@nu8Tz0|>Qh9yI%ZAMfHva_f$4wD<#M@;YQ~}>|6C*v&rE<*FMjxELU0n?(8-`oN9k8Q+7F~(y$kb1*q96%a# z*Xfg`-`r7#xSa*}Qrm|ttlE_>rEI?q!5xU_BYc}6h=n+O`MYX%`rOoYbLaIp+2O8M zctwkGo!QM;wN=s;oLyYST1aOVBX-J@2QT>-BYDx5t)P-P_!~$7sVEmm>HC_2=E0`z zrb)fO1e~9O7eBY_$uauNy9ZQyIj1=lg?vfrO;R7#!nSyY-u3_^rXaa6NqQ&gWaK$(r+_$^ql%p`M3e)q_glmM~sNju+f(JF^00Jm1hXnqi|T*>RJ_EW|{^1 z!!+t0d$ThoyCOgmZb;?S!3YLN0sWIX#GBdqWTSz9ozRty^vOj*9)kg4Jolp z547`BgX%3DYV>V?MH;{I}XAW6|blMl$oN+&WJR+@RAHS_suWTtQ(T;yaz6{Rp4zAD_}$kxEvcG|p*$>fJiBr28QCWe{REDn=}2bT zK0aNRncN>+lw!rRW{N~%g!C@|PKD=XxSS)OzV+E#{vBPk&P73l)_;pXt!^Kt7^J-v z9VQ8GP+V#kN*2z$-noCIuxC`mKIH$P{4!VH01I78rm}g|CVn7KcUxA)yBqHgchvi6 z$1}C#BU_U{-^{rhj5iu@QiniWU3i z4Oo;ENFM(%n|98}uo{2bg+WM6vCv3!bM-hL!0VR;D^_MBwN!6AZRZ}J!EB~I5as8K zPTs;2!QB+v>`&GAk1G=@9@9=N||`+DDv`2yVa$wNb)MO~6O zs$ZT->o8F9#zfTD5t4{GT7-id?G9Jf$fFS_wJF98LT^(Bcy?Ew+cQY5@pl{M%yl<6 zte;(ynAkB>(+W_8PdYFRnT*WtuvZW>mQs4ztjc;01X5m|eKD+kM!F=HNH~n`47z%i ziFTW5^#g_9q7e#?+eB?G2?7eiJC_WBqtmV|rfGdJkdi=-0Z9!Nd7gxB<=jVTE&(BKymH2~Q9-c^;`D*8B z|FQ^i)qHr^1u{+3YKj{pGWn6I04bEIZtusMR835$?eqs4kbZq~a9csNV=abEl4sbm zOmbA^OUNE?c7JQ4jr5V7zn^WhkcgupL1`oEEx!aH;Vu6raZ5T3I@(jd4|}|hie*!` zPeAcg44cZ~@0gtHh09+t=MtlkJsNZ$^n27NUbhTWE2tIR7V(J>7^xv{Bmx2dNx6V8 zF+lG<#B&`zv+idw3%*X#I_n8j;#o_R!V!sg#wy}Jon8we8!}Yy zxK>$tk7wM8UT*QzVtl+h>u}&uou=H?0iW@t%*diwJbwC6>aZm2oUR$u;e?Dm-CTVh z|MEnjf{ah@^PJqW(WOPvZT_PeLY`~0o4Y5EdG;GZV}oN<*_^Yd@2M}Y(W{pXox&u1 zpGp8ZTM^8RQizqcFx+&e@h8t&!WTFx-j^g3u@By&% zg-XPKR{pTVJ(smq=gys+lJIo+DSoCWcxDpZ0^b=;3O!o8Om-{=lSv@xnvV&3VXQEc zg~C8`*-V73$47zcyYNq5MS;^_08GML(BG6K3-*y3 ze(3gh!57$1d#yJB>8X5G@)kvlGE{}HV#T`(mW@pt2afM%$pp?O(+ibnE7OJBS_rR3 z2_WI$ONDfz{&py}mFF$O%(zgrhEL@XL>`0Gcl1X?`P|wh0dG*b2R`!!Od_%3tHHi` zZOM3gM#@lWvqTcKPyPVTVL8&$A8{z!$1AizlEj-U(-RMhb~=>8aIO_fHi~@w%3`zR z7w3b20K{}FVlMHc!5^c%1ML%gH~wB%ls&zhmS`K)dQnUnO&T>E?+@S$869#OLEShp z*Vd>jRA$?gTBMgob}op<>u;6**R#S_sQ=wN`}zn~=0^Pcum=TgVjJzi1k4eo)P}NV zEYmoXj`YEQeeU;MMz?wo;pfr1Qopmf`a@^;*}qbdMH#m%>QKC6$tC)6gp1v~q5MS? z?QVPig%5`!eqv&Vn70=r8Fhrww)I!NpQs66TUBZrk5Y!?6LIw-wy)E=tx4B)^Ev^( zVtG$-FU8G|$p{MX+(FiZ$)_h4wv)Ov`Y?xgPcrGVFk9G_qOqP>TSKr*ilp;tOW0kx zF1=*2d3kMZ$HKs;qBs4j?pA+eOu#hmRHaX*4*QKa3=A&7U$y1C>oP;eivHpuJuL2C z-*nzFA|xFwPhr;f_1v-8pP7lg{z?GwbrQYU$bX8x1F!B1`QaBN~Cx^TI+QcgZQ@i^a1 zeG~)WPqDy+dd$0QCs|*s+}Jx%t-17gW9B-qxEa*0cGpg3b@hw5V9&#AV==VW z{RWJ4|544Ah9LU^qrvNyQ1R++3k_ti{)S%(Bbbc;A`1dspRkX0pzGa@eY@8%(m59! z`)33tZ29e;S`{iN?`(eRaFPX3%VUFXdQK%!UZu!LJ zpr)eoi$`$aE*D9%p0S*+m94{HtP%lwk!^okWe>7ZOBelcYbzo%Uc3ifwZ}6C_t4}A z=Rn6|69qNXTjjx-UhemT5{Sx(^nXcFbe~rqbj<`4z!6lfkzE3$Mldq6piD7cZk?j8 z`B3E0gGS_p)~LQ4C4_Ix2He?*ypYE_h8VXqtfSs1Ynf>HMk4+IK^nKQGC6-Y?P{)* zXC)pX1?6~z?JX@%42^grxI#8u->hsZ^sC#OJ_r3(sLi?j>NL_#wG4cBUd9lfmx;kV zv?V0jMmS0yx622?5ELDt^^%lu>3Y(5yQjFWCrJ?0{6kW1)gfh_$0sI5TxQ;t>522< zi{{)9yQn~i#DPdO5}B0)0#~aWiv02&;2W4P3aj!$1=}_OYToLI_J&=Ta9|!c(@>=U zHpG}`HX)5{LQD)o0Unlv!Ff~b^A?pCYu+0gn8QuGvDBxGnNo_4n&uZqgB!8v_v^Rb zO989eL=UJDR+>ZIR^&|3E9H`2L&w1UQfn=(%OQ=Dpxm3-Dcs7m&Sw+Gw_F~MU(h+O z3~gxv){yz(9ue0~9^_B`Kx6gpfkuOJwtew93sOFYS|OvKyA6Mdo-Fd!D<~~?8!knM zML7a@^D3)_RA^Mub=DNUfKw%x8AC2N^Bt{%H&ay8so1O<^{JZm7hQ$}96s~~Dvk8? zMw(l~>vNKf-kxQjkMMLMHKRO}wy~_7TBWStLi2{d^Rj#Yvm3l?b<;=;{5I6FKumyw zAxZP>b2~88S^UBuinKLcBu&973O5xnSm#k|q-z;+k#V|{E(&U9II{WzFh%A1_Nd-4 z0#>%x`&@Jw*Ex`lqEY)k!&8IKwVL>Fj^RkLz+HNQzS%qAqK3i`WB~EKA^D_r{M~&z zAid+wUxt)joV=>5Ll*ZHZCnoodTofwd?zjfLrA^+Lzp^vKF?FEsL*RY%!?MR5^+nq zs@b*eva;~49qExTHe!cFZ^fA~ilJpqrSKy6^JWco>3DRui1R7o&$v${It!q!}4p(vxa6l{O% zr|c(K>@GD#tO6Mlr_6%l=X+pbw6*Ei!9?awTcJToEPg)|IARzZ8aH+vVG?c##=D9E zU8{BaVIhG!0-U01u>6<1WdBA5Y_=Vhj&04&EUC)8tW-O=f&mpupvd$4 z&B%7^9hsJ>7TLuC+CepqijHq;g|g?-MW zR3O(^>ks#1d9~lSk8!Fl43h<;gBp86_y9V4GNJFOCgxawNe3JF*3ZVXJ7V4@`u@62 zBtNhF;N*0Z=hhv@WWp12#~B&undFK!Yc+HyHe~gPE*^Ix+8cxJ40Kn=vHSa0h<9wI zn3k;0#agYt$k=AR`(0?Td6&}m;e^w)218I;Wv7&F`}kM2qTG1t);_=HaSeT#+klMY z=R!yeY=4Tr(nM#fkOdgPKf@I;HB6qYOd_5>$HIZg=|g{S=+h@(inrBWudn6=F41SDjj3 z_0&aJ>Gl9h+j6_>dR^HxSgr+mX~D;G$5Gz69(HO)Ao3E(v3~!H)<&AGySS`=bvr~# z7VsT$Wd9@U;TPUKm$VQ4E^429dCM#-3pVoH{n@BQTI9*i^)mB$${;i^H!_gSd zy$760mu_MVeWG1D7XJ#!1ovt*h|Sid&xHE`_h=sHq^>eL%4|If=u3_v`P4jb-8?Q8 z1EpMQGV6gr+_$Vgl!0FC#BdT^L91~<0leYIXV*}j{7oc^P^Yf(@o)+rPodEsto*A0 zr~El%K0C`C40>4dHjj^0Q(VqP92su8hW$^J+e9qD`hR>sk#7Giyy}OK5q@q|iT0he zHH|Tuw#)5TEBDcJ$&xYxALg06&<@cDWQshU8iV8iWc5utvrBIx#MDSx_g-R8(yQy6 zw?$*-;|3!ILR6Fep0xoMcOYL~-kI+*k}5$5EAP>#D&t_~HL( zJoa$B_75r?@4nzOGs$R8-!z871_qtYQ}FDEra)Sv3ej-!uytYCe#x?e@9=B|bH@cPL#VutXgWcV(preWf7U z2P*cYU%rdLodl22l=*M|guz=T71DpPKp#82b~c7alw*&DqXLZ@GLwHIkuoOdR#w}o zOe=jjbrA>Ykp7D5w?m-S_h{T}Mt-_lodMx#0DvZthGHq9C?JoeK*>V#`HVlO6}Rh; z2S2EIQW~%!_}6JGf?p5j^`xbi*~Csg`opow{`R1!Hz64kN)%jm;<< zW@g7T*c6SO@}z@0w=WF>xIx`1HUBx-@Z!f+rdytd90jqA*kN0EpQe7ae_DDSz%i(D z_;f&hCGnyJ_7wth$sdt)Ps)V`7ios>(C?IANHx;1v|=BVjn9OnOGCyT<*V~#&_!ez z)(P$g*j?16UAB3e7MQ)l;lm^vPE&O|9p)q5(aeBN4Po$Q_U5S!PX_{=h#qIedU`xmvDX68Qt5rit zvKV5tMeNlvoq`Dv1mGRYWywn~4B2A6wphPu7cE53*l3+zEk=t$6tu5gtJgo;>HyX& zHdMmEOx!Tfjx<^iOUe^=Jv`YpP1exBP1k~3{G1h9&;368I(^`$RVA2Enpo{D&kX{g z6ocNHJ(4YoI^Afo*O~G{Nj-1gm+<(5YQ(1_9ahU} zcn3T?{u!m0Gzscv;X|>1f7h={6=ATn`HA#iV}EX`A*IuSn$;j;2#u`F z6*EnsYuY}|Nkdyc9b$v!*7yG>6DdIN4+ojBaf0p;tD?OG*{_CSp_Y*A6I;D1Ha=@io6^PYgf?C9ul+~D5uhHr#a z>?m=EPYCJ7Ab&y|_o>zuL$$st4~8tKyi|aSbr|;Lb%}tE-`lDswp6Xeb{4>ye4#*e z>*Cu$Igsz1&=D?!_fT7#biybk-#|}^NqR;+6~tdsY&?}gB8UE9J<8-6Q(V3(3;N=a zfh2=g^VtD#W*RL>+@KTJ&?vh9Gf9s{oAbd#t3+F?68Z(w6~jGLe8*jDD1__EmFcUk ze1z$RUFX+Q@lZ?|(wp)-Ef){uThNiZoj;{r-}p+~c)bJX3xFpO?GQY^K0+^#_StpS z;)p1?Nbxvix(|r9|q!|_}8>zyh{V@uz0Sc@*I_PIEv2lK@rL4(@{+}HhRNFUPS(lt75{Q2$K(&hi)}gwvxakONpfoHj0O-jS+hPV zM@>&*kS%lB6J6+InR78abX_F%qPmNSbsS8nulBOQ)>l`aX-iK7?4a(YsD9}SeoyA9 z2=<+=Y9l4&C{24%>6*U0I$wOckp1p#Fc4MQ z2_tMwe!}*W<&FYCnl$x?H965(yor&2OKy>&TIFQu;|tQ)uTjqDe33>*6czOnD&sda z{EQ1m*JFsF;fIZeQ{FWyj%9YM6zFVwK4Tq~%`RQ{xPh(_TOkwr#onCm$uu_Os3|Sb z4KnUpS6QoY%3h0hy~pDbrFuHLDh&FqnoI74NZ15BKRJ{iwZv&SwbZv+eS0!L&L7+3 z^{mHv5!aspeQmbl3Joc|R7q+Ws<*~s+`SvBDhmxcw(d!WZp82>(;YQO(fb_!eqcP6 zsm-LO;JDdnRqoS@F`Jx#F}4x^ix!fuFFQ)x2g5xhK3q1+S7`JMBt>AVGW-+8Mo_5< z2^YduNgT50w=V13WI&?WhR>l2pRvXp2$nfM=&HMJ&@;o3F)l#9Sx4B%BI|~y-xI%7 zGN80sOvMiDTq+|F?}$~3ThJuw1NT-`@~Bdm7QXa&FD^LE6tSx{Yn!=Z0U{BavU|OV zcaK}^=n#CJD)eZ^_zjVzx{3T}n2&hj2M8`jARZYilFX()f_%S0zWESf{v5UU*)_SF zB*l3Slqr;La|5R08Ku>lA$SRL5$YuDG$U33tXFc~s9oEN?^u8km-aGlZS;qWcR4P` zsd#UcI=$_H*29cIq*FsV5>^G!UgZ%CKfdLPJOusugFnLcNo}g))%lMkh3ml9&urk) zK}pZHsUzmlsbP2B@1=@sqw31|8b4L*cdBD-1`PT6!2J8 zx37WTvxYZl*zLjzrPcBKBSIP+_w_-91bPyeqXV*er>e19fn-cxEtIRh4-bviWk!Vz zBXz5sY0xj^?lonV_bv1qeq}T$_S>UMeF1Dqbu&xe_7!kI(@OIOF^BlYb3S1Ie!VCLY`x-iSw;%P6}#N(mtNk3 zCvY3k#Z_Hs7VixOeS6u%eLqVRQUH;*vC!OtUMgJUTMssIXmr=O9CO_Ab=Tk#izJs< zDXKdSJRW>c5f7|H1@NzlC|BG~g`dNb@+hV@B*tCJI4|*cJ10aN>!3A4L-|uSud_Tu z>CWuioB^a?+I)QW)Q-u_RY$bPL*&={zo%C_eDE)7&n~cFd|%emrL#Mz-oLs-wcTh* zH(RBwJK=lULg$U#Ik*tI}d9Klo&0vdymlAiWPm(3vV+oAA{;)JS^&rCi?!kxvWzK#>y|-6PND0 z(*b8&Tly4p%>glBH`lV3?mMHqS$2TnR!GC+SP@+e0jh!rzdXHrDq_h2Kg~XOThgdB zkNS`UQz#K#2Pk@CW-9Tn=p9`PKu`H!6%?ATE-CHeYLE2RG`3^Q;TB(M{lh?u@Rd`v zYuMlzmik#0`PHbiqYWBHiDdqyJ;UbA%TQ`V$ljxZo~g9WhC6iOC;nJYl!Mdf!-v^C z)#;V1B(^k&z*Sa)g3wW8sZNwM_NdnV@51`LBON<0l%s)}^z|_k_|2AsI=FRNYiE(D zZg9iXewR2k?CnR$5QWCPKzGpC51&1wlb_!gztgp0X;`1H$LVKWE0}8rn5Nlh-dzQ$ zOUz<6)M0|84cAnXDH12=I^G9G^l|~{7PL0Ytc2$j;U$yNhW7A!9tVFyOwS^(7U;J} zjvb@*x|wUR2BZG|v?#*db722Ir_@Z3$C=~<3KaQG3FC97)nwg0WxTRS=O2<$+o5Bc zS;pP@kzwUir}~FJp=!N~uH3`b)|KyH`%lsS+o}RR^NIlZzH;&z;CH%CQGbpg01Yq# zB{%Mfz#v?)LJ=K+P9Y*{)4D{2kCWqm^q@3%1;WL#oQF90FvwRwVphZa$iftPC{~NU z-nNoI5sG4$AXA3A1La_Sdxap3&zDgHr!a^@ETo}W?KF76^n@Ac|GIOW zi!o&1g}>hch|Cb)JS_}D8fxiXOFL$--g^spSRgVtx!bY6S?{O0gu3+ZI`oDYQ?aLC zTj8z-q_nNi-j#+zdpDhLv!1G;N;4pMT@doJG4ti8R9BraBe(gnV-$1#I-I{jIJcMA z%UJdiaW-itLVB$0MNhZ3Kj+5Qc>1^ApXlq6tQR4~5Ege>3aN+iqNDEv$Q^gsEyV?+geIF)%#yuAGdUHH|X528!A0T@+RaTrJ=}~ zKExGeC~phpv(={)hS~rS81k)dG7fXuc%CwcTI5(r7Ku#C$} z+I6O2*oYpaZ9S2Iu^OW7Tyx9O@T%`S)wew13|#e6^{X2y5b^+%h|~C+3?Q4?0m0 zUmx=X2)LM`Apa8Q{bJ_|v{Q@TW_9bV#_1f?W$8W^Re$g?2mf3Q?vYEeR#*wmcvghM z)t1!elMNBE%@N(eMhZ2@Hp5E_brOmW1|;6-=Cj{*fH_m^rbW-IugO*|jC z$I7sWd8&IY`7|Uf4rQp{XjP)VXAU5CHO9pFJ zZZEYs3Cm*IJPOYAm_R&--Flls=kMuM{h1+itl^%9hS7D2Badbk-4Bh%5^_tsK{w4j zIm7;ej{Q-28;Krrhndn|;_!K$U`yGE(cuSH-BXNIOj9dFE$w8qlf;dwubPgXr&PD# zY_Y>kqm}&meO(-T2I41JN?p|?Yd4bt<$YtmnVHNi!T}I%;)=7&Bvf*16I>sCo;Z$+ zxCXu8{I_24_3ji4PzysF;j!6VH2wlWK&F@%$9WX_btSiD`V}I z-9v)j#Y)XY61hi4Z5EeTRAyb&lM$lO3OkdGMy!XRFLzoe+CP0bcE0ZBv1gSOP_z46=w63_gmyLT zh4n^)wBZ8eK^JQ<)>bp%$1qt)H8#NEehfy^zt z^F@S?Te+H;KxLtYnq%klKCcO;#^P{wk2*#fK!xM-TIg|KhWLpy3ay26_^RTy)Ez)|Cxt z6`|`*jlbGl^2{k&9IWN9DQC2h3iy6&&6xfbY0cwjbpaNCy72Nx$+pOZQ}#4fn-Xpt zOG^}01)5=znqDS%>E}AuqqQ^9@!Dt_={rLdV55Mc*SXdMYCqpDkGux;e4^`hMbUb|uWyn`o4LQdk(#eUw5!@x$75 z`!oO@+9f6L68_4_(KnqNVQa@NaQ%=h&hED=#nXA0mjDLeCR=xm4C!i4(oB8vT=cvo zBkmzM5GHX58T^izC$RW{NIJ*odU4(2G1|MQnl8kR^;(QthiO&+_kczWr$qr7pyvk= zl8u_An{j;4mvgd%==bavzi?VphyHwTc4i9gY7&~>N2Mm#6T7q>q6FfujGZk8BBwf^ z5`k6^NOYFXKLwTUG^>A+Rv8-dXvKq+n90_hA}kBpnETdd9ZU6eJhzD7$&{Q*-Q4fA zu>Z6-oJis3ewJ8>D-i1he3(0kkuuHQtKKn26?$JK6v(sP*OzN>*JNVWSk^Rnj9aod z1d}oq=9%Zt;B(pQs`U%tcK#Q{RpXSk+3>a4@e%q74FMPKk6P<6L|lrhqLk;J$@ptX zB-2V-!K->Hh^oNXW{)R88ZT=4ECu5xZ7!&nW)IiMa4JjDVVwCCL3eSI3zWpVQ@n^t z5tZ%mU^wC*YV5{o*nC*34^N0q1{sY=nuD5Tr}H_FUM;#$xI{!iYU`ctz`I)^N)bI6 zX+Pdhug}jw^2*P|h4}&NiO9Mk4&z2RZdxO|Uf@zy9Bej#gG|dR!wr_QGBfnUp({&; z3nWo$soVdJmC=_y&G4g3B7v)#^bI$PXsgz6@Gc2PD)4|*;v<`_Xh?l;3nXRVO7?GJ ztRAk{0?8`sreJjfh?e8!9z#c3=aQZu(>0!sC4#}*H{@vFN@5y)angRkWhp8+WhIX4 zKktKWdSj#U1~-Ed78%glQvddqTPr-D43gJitwk9cY5R7U8e;rt2^Oz;O6^wC6B8X3 zj{5%Q-(u1{Z!>mn&htN#XJwqI=MV5ZlhnRQAByd-l$6L?^lCxxJN?RB^P)2E3l)FV zG04t&mEu8)QD-|=_y8g}(v73|o<~OD?l8%_<~v>NRJ1h&JvLUCbDb5od}6tmzc36! z>c^0}TaUA-Rzsj9cPXmUea;kkyOo}h>7_uw-4$FGp`AZnEv{UBpy`j;5cu(?`F;(| zftJCBk=YMN1p$F0UAUuTVd-|jw^N%kVq8dU>rI33Twa^n=t(fOMlzFy;}}seWzOd{ zD>Z%oF}u7eY@a*F7*srDzm87IcW$pc=q*IZzbBMj8AXwRM7dsfEP!c%N9F$Smc7hE z?n`RIN$2+T|6}bfqvG0@M(rIVI5h6kcyMz}9` zEV$QM?WCifU7IlDWm}4iWE3kiR#CG&GK@x^$q0B3V<10>#TAex5HIOqoLNGhFMuE57CRc;xyo=XVplQyzP`83AY#6RJm21$7`p+ZU2sNSIBk z2OCjq_6LJJuJ&7I4?9FxT@Ar=JK#rviKIN`UNE)v zndM>6K#x{Z|sD((p|PwJbVV+b#En)+Ru&aR$g zRs}+WXC$X0u4wmCoTSfi?FW9`*)0fg<8S*Lkox??5BfTkTHd}xn&9{ce)t}CN-n_;|YjvjN)$(&n) zzq+#~JUuVx$ua?)+e2RT`q~nd>y#C#21;&TIcL7xZI!xS_gxPL0Zu@l>T}J8AT&=im-65Vli&6TtiTw z2BT;oobiL~7i!?gaR4Dav^C&UXC8Dcd4iDtQ0Y`&rHnO6({_n5o8%Y>`OVS}M4l7) zDU)1befLES1nb=I+>gDe{*+Op+fXIqw2b&J`yAJsi*#VW>X8;fraWzX(u9qSYQpRY zN@eFCLmik7!#Uw`<+w95FH2LgolK;Bp=6y`)b!T+sJ-nuX{W&0g0wP_#5y6NlCMW! zT{OVl*hl>EtBxvjUI1A9HIN3?PxE?6an$-&e4YIvc>K5>j^X+AI74M?Jj%r7N)Y_} zCv*>7l29{}%!2@~R)p!|OUjVS59}+Eg&XEQN7v~6ClP zP;Sh`xpi5E-7d^|01%PVmO`__xP8r4pMq>i$`*aTJTEfa_ole!L&vJi3Oj}l$Ya=M zsfe@OpU!No=Fk2bBW^oLp<}AjC1nLkXO`EE34dB6VPCm(qgzbM*>UDiu82I-C8E?x%!6k&4wykoU%d^dku;dL_|uS?%e1JR0|C zYdaP8^0ib>s^h(1A5QYU#ResRp3)UtP>h$|AN4-Sthl3_0X7f%>c1N`RN2f;%vl)> zNI!-9)&{OI*cd!a%CT`&7n~+%9tc_zY-6^Snm9f;mWb8|XIe1-inTuq+cWAj zgC4l~h%Dr`E_zVv=$p@$`g2=;J`H4$&R?_;@f-nsa^X zTvw7b4`{eF8kk^y$-$%FZ?XSE`F2ZV9N1#-F-HE#Q5g^!3VYg#JA5FSH-@(G=boAD za3hyn_P8-`|G?&?6=0@Ar$m}E(CBOEP*&+wz7o%zKTxu({A}#BVRx`tPGb`?ZnBj6 zR~BVQDRw4o3z^)wL8AF_NAVg#x*Qn}x2VN&r6Vao!jZ^9ZQlx4H|d9p0hn9Fd;f_yog}41?Mvr3MMUg{GYx0a zmkSvj&bW7DCl>cX^z@%?zFpPhL@=LEqm#Y7sAzE4b6KmWy57NeT&0I+b zrIQ@BOZ6~(I%7viyi2R>xvhP0;<8_Ir|;3u3nx9?)7j&A19!HQc|E*PvS}X-S778* ztN$Q~dqJ*kl-3+gu-Pb)NZk})I*Gq2n&HCh$&Op=u{Z=M)X5S6F=Lcr*o9l{pao90#H86D-&B{u#q#{oZdH z)xR$rEk(*do5{K%YxuQ?XK~IFl&+V@hfW24Dlbm1&c~gE=H~eDorJZKFY0~GvoDC$ zC`>wq>HufmEcsSDqhvEB<^=`hN2rNoX)#)e-b$e)YZ^Lq`XLqqm$yzx*a^5U^nshFg&4Y*RuhtU}(3pHzG$v8&xV#H@dJ@oCkGx|=Y*cm-ETrC2j+0r~xD()iWWkCCKcU#EopDCvsy+4dvu6#2yE26|N zTV^|2%$9t5Y0CWO1}y)W8p^p)V^n(Z4OwrrZQDiDUq)E&g1ZhE?fX<;clI$C#}NVL;@Uh<;480!Jm`+el4ah{5M%@@_>8}-q| zZrRUc;J8!!vnsl{B)QmZuDj~1iM@uMft~rFz5-P!!Ey0G{r1=2Mp5>;Z$a61T}^z~ z-9Kw2;GB9a^vqy5nR>dkW&@On8#or1>$^Liz9eP(NXfJ`{C;rOBwt7Mdr6pgQh;*k zn+7L!oW~s}?K7~D3#`J2BJ@1tLqxIU&^Zu!{ARYgob1>WnTI*JgY+*_B5x0wpLhMKret~glRZU*0p?#eL>W82XB!A99NF*e85Uv0W_1p2H$EP6bz#()Od zG0(4b!&h4jKA$o5ZOpIdAomXa_AVab6=-d4Ek(rnk2eL!UM3sQw-dGLwEO$61`=e_ zCqbQyi(g!7`<5#ykonbWpJ$cxYT!R%cB><~SV=w!b=wvNLa>O~^T#kc9^!u#5~K04|`(R4TMc8(`! zR1ScNQdEAzQ2%mR@Si6Z`_9je+4$Z<38F*$P`LfQ)Q;o&&^JT)aMvI>f#~DQTPGW} zWVLP1nmOrsJA-ERVw>2lx6&7+Kci)1y$_Dr=r3Or8W+@^&~{ZX&C4jQ@VxndNItcR z;>RUp0~9)%BF}uFd}w?_1BwRL<-X+F2j-D9YFU(LOZ; zH!!H*N8#^xVBVHkMOQ#k5L_;q$k5{Z9$KqQrNPQN8u)6UEnpU^hy*+NT0&}SQI;whNhya6B;1I*9; z+W4jga+H8`h0x3RM$Ifu!s5be zUcLRgn+>|p{CrfuK9cdOfZ%Bxb=T)QxB@p@lkJ44S$k9tR2PLy8!NISnbl|>*|pyJ zkP;v)2N9`k9s52ubLSnC2ck~T?N#eyeOIgi(viY|mc>XPb2*+;<12ZgU2{Nk6E`Ny z?n-{!dv<>RAL!B=OJi9{TWQKGaQQZg4gJeC@0{^vjFXDa7n-ux zx%|{fOtqs9Dc$hn>L~?#Z|==Uy37;dhS`3BtuD2nm7aLVkIo3w;9H?<5hB8ruMn3T zChUbOQvEH0Ew4x(B#fI=`lA>9DnDoop)Sea?A!#2EHD$4NnIcJN=Uu02nt_-+W4TN zLF8_AkzTEfJD6*LVC)`i_#%ElXghaGZ!4Lk57Q$OlzAA&<;c@Asc+8{aPVwQ8Hl#E z?e`Y{J#YFNlBKX;5R11vV&qHgC5$G4N*LLll`|oUxpIHeJE6WtSv|h`b`Z$6D{#rxG3gO!-tVye7 zmS-3T`r0lu-I2%PDAtQwk%SN^>UD}QG@pEFX!rWSskolgOE618DAlWh4P9RlYGSD; z_wLtht73${@pUO(a1Mm&F$1HXf#@mp5nlBOsP6~*ok@fZx<^;c-UR-_fbsTrsTmBr z?ma6+IF;frHgWCm`$L(`pBGAfYhPBa_n!ZPZMm(=Hs4xg&k;@d`NADzFdl5I6pkbM zEXbM_s8Ag#9y3_BDCVX5ofa?&w#h160dG^Uz&heI06Ia~L~vC*1WwbAXOC4B;Q=bF_J<8KV69w^8Kengp7Qg0yNEjy?4`_wI@{ zgBUJXorjdqTobli%8P%(%n$*6vPtURsuv>p5O~2+nv;<35jL7`;)s=E0e$22Zu3dw zUR3mRaL57!g8t}!kNbl|$M~4|1ek^eTR^b+AV~I^2v)mkcVi)vwvoTLKJ~#8>93nK z79H0xl#hZF9*zQz@e*OE@8VmMg?1t4 z2-Cp6dg|L7I8rvn`^byrEr7`w)`E2v%B!BwN70|Lbjw-(3xTmRQw;9<%HD4#0;0Oy zv=4|AYW+4C!n2xb=jf2u)y|`&32}_K&LQ^A##o5%O5fr8j5>2>mT;D}jc`Jc7-Zg1u+!bMJ2| zGq%&T&bD67SCycnA!q-LhJev}Av(=*LIE(F+uKIZw~c)Z3&~LOdTFAv3TP4*g82Ym zhnrA?s&~)NW^Vuvz}pxsA7Lkji5OhxsPY3x`7LDb4ri#Vuf5PXgcGQ@G;U8uQCTLfVX z`rX&YTq-=jCAXz${x5?=Cp4@>eKU8_K!P3eAC#Z2JBM2a|JT*g!2JF9|Htsq_@BJ| ze^vxq^Q-s|!})(K3Lv06?cY_v|5wWZ|NrwxZAL;34=k*#sy#F`?Cdw3((e0%!^27w z+H@X-2M&GWQE3Xwm7Bcnm+hN&y&DjDJR`IL;V_>6xw}h_f6kurc5bHf#jRJHVlipe zieZ$eOI6E!ZW3IrclpveY?LO-W@vZs*8wbh5mQ40S&=n)`&@H@J{GWdfq=EaVJi>+- z`GsT_qMxl+p*7X&YWH}3c$H4Edq3=+a7DAPI^44ihc8q1bf)<~Y=6xk98RPyRifrSN%@{W@7pQY-K_uD zc1ifRRds1;iB7vAV!lGV)?@^0PC-hEU~fUreL&6nXNKLw-iL^CxK0 z1yN9f>s{!;R39M)uXX#qB|}Npw&V?tblRO8)W#5h2!XPPULDx{Da{#{e?w&tSa}G# zB-7T{)x4xs!*1XIKkixz6@p{&>&H7wiWgo5f;`{1*CQUdzHr!%^Ji*uaDvl2?=4&h zGMAVOH#m!RWy!15ufY@K+X*mGvXRjEjHbE&9**co(XR^A1ltmSKR*BWo`zOPL<2WM z!8s?nGnRAg?-NGfrVCDr3iLfr`2a$2M|K+>HqcuXtyb^!d08g`68Ja0#JHiwWlU1> z*TQPZWeM_$4D5^t$}OIUnDqn5&Og z;2HEg$_r`LE8Cov8eAP6p>YhK&mB*~(sEgQpR^O4ld!$vw-sRrHA;xA>VXA~QfAp7=cgrfQZbv{@-$>zbWw@QliJ1o z-{tH?r2#%e`Q*De>JZ)i-(3MGD~<9mbQw`Z+}(%D1Kd8(`-Z-P-+%vTISY+1f(Fhq z@7BrNPJIxUxdhyRDip%!ni28iQ-ON~<(lVv=yMX04}f-2azn>GQlU)*IimaZLEa)q zie)lpT5^tCS`Aq`+mJYYTv;HTUSm_eGo|$7Y_4tQ@@zwG&-gl#C;O72W-Sc6KyAU= zqU;IW$ZoT}`p_F5p2IXS^x9_-y^{&3~YYQgH%Ax;1;6O6z`ofwQBs_!>?et(nVnZ`$jh)aG+umk?vpjh>56srSq% z4K?+yo|KV~el{qqp>ZNV{@vL==mp?&UQ|GLxA0P@Z#EBmu7rXOIVD3-d@|AZCxhQs z(ZraT6j8PMNL6~S8Qsqepui^Y;I~e$XpTLm!wyGDccwTtMsb$sgilySF*j~_-125I z_*~&SH}puu!0?$VQM)&1(T`{JC+cFrgj1Q35;>iCV7J{@f+js3CgB#N z+P?VFDo8xrSd2q5q=&EEZKoT*cr``BF07zmgb*LMK%7DL8z%1)^QeP76)5Z<@1X>F zC!7-K9!iX#$l_NnBB!>(H#RXT*`OI1^v%#l$(nQ=ji%FfjXNRe`RlQJg?d1-kUfE1 z3}f%_twbUaIfJK{A&T!9;6_l)YKcg@`cz`RXk(zM<}Mhv z--P8M5^8%tlK_2pb){luReq5xn!#OQXCgShq!(O9(&@@j4H+6``M5rOCZ*J%3X6pF zLW~AT0Km5P?fc}XG5l4`WIc6-XXzENc{UqJLaB_&SvzUaTJ?xYL zP432(br_K7-eg9M($zSC_>&J9Jg%FUc8ohb$b>vRC{vg4V(~A^^zOe#UAjbVMUmak zwJme5HTjB}a%dWE1LbcJ^2cbtuO~n4Sq{yC9ryOY6ODtNY6-klA=cH|x3Un0L0I74 zDv00@-F@3LQ!t_T=r-qx5{sc(WK}J-xQEB91N8&Ioz+$q^`d?J90ob^5(aq}U(uD@ zuv5k!aV}~LZxjnN#@DxReredweSZjTpL%{=G#WDcumHO;sB$|Zy+yzsG_J_UV}D9l z6F#d7XEIA`hpV`L0vs&7PHU)=#=*w zv_UP9zbC14+`N=}u=qNg9 zeKZ%lBUN`WNvw0OZ7Jp7x7gbTG_bw_0Gp5Pf3-wEW>Hv0cOtgE-H8V3ZaHQv%AjV4 z7D0n1*_bQV5K1sM8lW&HU&aFZQY(530{T-X6pgRkTR;i7(YRwN)kZkH_JA25hyCg8 z>jk>;Vv+crp_ht{8joj<{wURH9I>dBKL7fGCJek^0mnsLH)}91*=Q?$hwubcoELD> z(Y_-|sYdn$tie-8y{|_7%r5C6=O7LTl1nVLO&xcPk@Mxs7_KKTPIKI3YZ^siTGgvIgk|e?5CPw{)*;8rH<*Y#8w;Q+Jkp41-k)wb>W_WA19=ZQ+QIb-quD7>B&=BSA5_OvDO z_9jdt#I&oyFy&}p>la&&Q{UeF1ad>+%K??GO{RJo@CP&g2>%FOXGrZwKZ+h>hO*_(ggm!${ z@&_W#rsI&Tq1MQ6!S+Q!;~31-@#btS<^jc_D|7qP(1^_1OyY^pS9D`dss0S<5x=B$ zxS#n2Pn|bw-jodk7{6aWHOt`Bj~CtVLe)JRhuuNn#zq>g50tY2N6&=3SUw^fYK61U z2X+Y+=F)2nWH@Z5K(geM-z(C&fkil0is%#Jp7>mse{d)x@vW}i6|rZMS-sC>b%a^g zNj&~*Ci^@7q5)P{*M^2!z_3Bh`wxLc`3qHEFZLImhGZPViS?MTW}v_isI4F(Fe78i}QMTMb4!FF}s-%?IkpTtj!;<4O6G-k%*7#anrQaD=wA^iTm zYG8g(S_?XbRxsy?yHQUnD^Mo;68m{+FP}n$Klq-CDs6CO<=!6TxU8jVU}wd6i}|#& z&_6mI3}0c&Vjn_9I>ZA{*Htn?!rvdVA_y_IU1(wB7K*ln5fDhxO$l2Vo7&YHe&-CB{gTU!Eap(AXrqwVp-AaxwF^jA5H7NhFCYSD*{!OgA89Y3^eCrT?`s|OZ~A|4asU9Ch77=Lz-ITdG@)OqI1kPhJzU`|l4YRz+*1=|qH4EKVj@=V+mTyadalP+*(?6xTTC;x7 zX1R}ATZQiuZ)|3|cIFI&MXax;<4TA~u=5x%4tl-%>F#5Pj>o_E4~b^Xe8S$(C(z*x zdk6esvkLtp$Hf8nm!b9?&GvFzZ5xyG(@9~G;>^}J06AXn?UNJo+qJHw_G28rT@p_$ z`kh`k*3r_0T%85Xa_@vta6CdD3h=y_D|o>p84t@F*MkHRlCag^ybldveTL_Hq^D|l{4F1kI%r~b?qP@-f{{ilm5)q{iC{NjsqJFO3~@m`*8^5Q??ku}=v zKj--)h6_5IYnD1Q#m~;8}9AFk^T!u>Tr|u zfGV-0bH|U7DHAW=-Y`pct8YB!gz5aCmk#TBmcdB=iIPu$4!=Pyk;slIZM$gLLEem6 z>jRVn4Ry{{J%-n6^J~)VVC)vQEe07A_bWk#BYEFl`Q5&HCQ~wed3f#6=N2x)Ulz{t zEpu-f@&ql+-$StP;(C3!OUOgk`;U**T*j@X%ixKXMjEgKe7Q!1HfONy+`jX&W$q+U z3s2A)DpGwWIC9M$u(r?4Y9_HJJ$jmEXgJZ3>kNHbbfX5J_*-WF`?Ib96`Iv%f?>sx ziTCCsk3s$9_RI8OVwZK3wRKNxfqR95&!cbaiE?BvOiulZ7cbryYh=*Z=r5Gk(;Cs| zKe*=^lT}PnFJ2(soQuCjKLLw2sI}4se}X6W#V0|hBy*k~aKP?5btwPPxJM!|Lu0$^ zP1PqCoFh**=7_*6wxT>z@a{&8cYo#+Fm0uFkK&An5MjyI-Eh+3Ku?5e5RdL}@N1;11f(*Li=e z&k5w3wpYstV9PJAG+)pG?h420R5FvLAzK`PcGRu{Qk)Grb7*TTxgvGJKsBELR0oVHxL4x9CTZA%( z0o)^bijeD&^u^g`I(EzXqSH3oCQ)3~q=ceCVuC^NW}=g8aY_0qN^1s%)J9AOL82M=w5u9(8RLn9 z1zxP;VqBt^vs^pE_-`@z;U|YGr-ZN9RIH^p>l3CMGJ2^rQRlVsxT^d70@cSt`?^B+ zMR-0_?QY<^%6Hc`#==3t+bK@eF-457qhGJSW8!x*Z&uPoqhURO6AWHL(<_Ifv?ryi12Dy$S#`D!JV$}wYanYJ!UKb{qrV({?H$-&{lWH zLmP;0J!LgsrV$(CAGsHmlhN_=Bb||-Hdxg2h~OVx{Is7+(xEI6GR8&m+5x_bRPYz^ z=eB=7IP)bJZb>$H6dqOUNeIRfh34ZIAyXi0vOZ59#t5Kr+Jf7385CohdW++`gG!pqoYP z51tG5hsHu_P3AHcq1g8DV~sw33_%!o6y?YI$$0dptk(LI=^Mw8t1hdvua9$dLAqs! zbRAj3D!F-WaNcSdxgp}L`I@+2IPnI+FG75@bR@+GgRoq~6J+#N4b~A4AV5M0&VslE z0*Uq6Uocu~xfx4L{REd}Io~O$1h&>|cZrURi<`RKdfdwp$soSegg?B6jUEI;J&0w^GF+G!mT95$ z(Nv#9n5#^23A82*mnsOVorydglx=^rH4EsjGma#C-_;E1>wgam^B?SZl|}HB`uCg! zx@|q7rzAZ++)f8EJSsdaJXmKxs2MiAM(0-Kn{G(JA?pSwTuza4J@YI+o9`Gld`3S& z6e`!;fei@1_g+Z4foLGnC;RhXK9zdyQgU*Bsi%GQG1LIGa`luS`gj|y2pJX|Q!A8=PgSWYe#$|QYSI!bS(^!LZIap5@}0({KU8$TjK zuB!sPtF5Q!z^Z2|IVUy~votL_^QLE|xh{-myz>PCD>N z+ZLd`gfmbmVh_1~&t6Hh%~s2C+4xg_M_;!m;-l0CyE;D;^Cq@&`LgB~mv}bw;!f%R z{JO`X(x5+BW2K0J2McU)7apu6x~{Ykb}wtDYsXgpJ=7#s!%6DtIRotg4MUdJaA%#b zl1&rbgfcHDRukZ%l%IVpp@gBoT_TB3`nEEb+UDk5bo*|gJ}%Hjwx37# zEwI2&P)X4oN3Cv5CU0V{|Fmr0b4u|Ij_;ZX^^TQM^5D?yD>eA{h$C+6?_((tNC8WY z&-;6CdixE1T?*vcXNg=+I?X>MW!gx0Bp`}g)RT$KJXU} zdnWQe`e1+J%N}=60ThPUG-zGon8X@^QhjRm z14G&A?s2fU?J#aNh)n*lg-CGBQKSTA z7__0;rqsloiZ`(U^IUXG7wJtN63u|H44_~j8)9CzJO39gMuUex#d#|Q_oy!4a6XJ3 zDGV73NLPxY6?s7je51KK+`UVeeMd@-VoJ=;@@4bN!6Ky3#m6Gel)Ev~zUyqZm8ZfKnlZkOdhoSM_wP z)SEhHqvmf-XYt&A1jtWMT?Gz6nIxTJxL?$(iWH;m5tY`}NT0R5kAv=g{4Wvu_56mCPdA>?#^?8kGJ1{?gm=n=o_+!U&4rEsP8m=EKp=277Pd$( zb8D%VDN8V#jFLx5c4FITP(pU6ZG@f&MR%w?(GxBjRy`=N&1TCmzt1I1@$AhG3~K@H zV?od3#4Th2h02?-2}6M`i`L|Qj_{$b!7RSIfsiLK1KV(Tr9mx7!F+zU1=a8hSUMTm+ z4^i-$2OuPG3q92}ZO9crOq*2~{g?^M8+5kYe|cR+=GgHZbCgJXB?>Va<-d#g9f-&R z3W&jS2^vALG1n~OpcIMvPW}}Dcn`a{lC7sI(3N|`r?x)s6R!A|)^#(AefC09*PPXq z{Uh$Jcv!|^HdH67IXff2x&G)xQ!WJQ~SfZmU70JyYql_KdNSS8W4#FevA+ zSqB7qnLjFls9g#=g>7MRld+ka6}7*lPndKio~sLWd;!kphOMC`=^~Fb68Xm>`U>A& z7eP`#U{+vPU#qE1*(iCzt_h~RGfW>=L(uS8Ym(K1j=@JWo+Q;?S~3HJ`~}cowh0M{ z)KKD4ItvdA!dKN0OTu7f4~ta!8WR-M!C{eLRCy*u=FQmCEVYM zpFUvt<&ZQ_FgV(T(pL}!o+0z}<`#vy^6w4BRwEW`COMq>%9*fw(uLpGUcvzI366Xv z8&g-7o>aucsHIz=loeM7(V$0>!_KkjDkvC%!5+J?w%kgybQWK@lU@%}sL>_~Vv0lG z4_$~7kU6%l?5OB2HFY0OtIOH@ZFBM+g^E&Dxgg`efzcmYH+Q831_lKI@bSx{h+ zTdzr&nd9EzXBl1Fqpe8OAx-hJ!~|0*3A4_HX5nQQ^Nn7-gR zFcEYQa!J}Op+iiCkJK-^6I}1$o_rgN+XpkYgU;Yx^=>_e;-a|C z$OTttbNz`3tpF7JMg5a}-|lVi4~M!pWaZl9rb89wjTurgV!anrbmod_S{0_uo6iV_ z*&72^B2asWt=|#`_W0-aOvW$9pLp#J;<)wa8@j#jCkRj;D1@@J2oxvwsW^Z349u0V zUX!$D?dgAmpr*d-CHfDZL8VIP7aCxvtm|1C(B=2VC0tW015DBYx3m`BQFyCTr!^Rt z-Uo&qS`R$M2l+aBe$i$$Ub->wxqyP%oQn-RBQO`p^jOhI5r}BX04K$_QwwaE4Q*vn zpr+{K2&je@M6>;_;USsHgp4;PC7%q(STp)kEnMS>$TYf_5)$^^@oLl4UyvMg z=$Lq7ew)M97F&`Nov5fN$>Nc;`Kzm3=?>a4TjWpOVI@%j9+b%xrw>}>P4Ni>Pg({S zmyH^Vel%eVU>M4d5l?RZ2ja-m9KfEPh{<8y9zkK2g_a-7;{Q+3laz$=f26$J-d?@g zQ{LpscUPrOs6_(}q0FL$L&Pv}4vxfwoFp^zQ~{;ne&7tdmRD^G9D)lf-fcuduiMSt z_t?C=yjgDyvNyX35VR)o2ep2k2~P+B0QQ-k$gxe#$Dc5#?n5vEh!A%+Fs$PwjI20z z1FH9>s{ILP#mOCI7y#fP%4GLkPom|py~fR3FHljs&}$IPI}k3D#u#O6c=kGYM2X1+ zSxw`hCH_v8%jG+a*}y%z4oFG?f1CDN1h_oXzH`L;XtP^Xsajp~`|HL{bhEa()DMA2 zc!rq@b7L+1c%jc+TM#}pIg)-Gf!d?Qu7WO97=m!p9eSfTg0q_wTpP)sc=|K8o6K@L zt9@w#NERz5@DUN6OF#?_WYXh+RR{()eT2K}?NH=5R1SZ>X$_X()qaHHkN$Q{++Q}5z_f`k~ z9lCKUbX}o{_rw8ZMv{etyKxzk%s^S0V|A2;ZBGUWN3sG@SB_)H;1Z-5_JTd{-uT)kuaA+tg4UHswTpSu&R(w{{Xg#l< zj9y)Owo4`z4^QxH0`^0Lq{7wa=4KZ(bMtw#Gn4Q%&*-ljheB2CG@yGWh0t8smt@HZ zIB^DLKuIX^!-vBL_hGUhSrPe?0SqKQ$PC}+y*wYg;rY@eWk_TZ;`Z!NW?%T^0}%Oe z#Eh9W2QhB2330@gEGuDm>Wl-kHb>p?kG$0Urs;&9}Z0(h&z}ARnF^roS9K)-8F)12%7R1UyRGtjY zxj-x$&@{BsOP7DLG1#ssFf1h9i9vnx@4c6)b2pJhiyZ0StYfbKXu|oHN z+mf@$s1Ab{f4kl|C(?OqHAAhgQY%)f!t8g`O#0_o?%>~zTyZ__7dnd)O-hxNiL>b= z8XIShU*^q)dL+%7P!n{W>cAXHW@dX#5PQth`KMr)bmFa8s`-LPv>Nq~Z&=Rv-5unB zT)~%7f?{LcI51PnyD%Jsd@!s#8DSP`wcTGL*3uX2`xO?PXYaA|YY;*ed9J6%byC&? zIqEGh`eKmEJD|j{7DbMsM)h;$w@WX@+E0=F*}XJetq0~GZO8%pW~@c_CZ(Y)4I4*Y zFB$=4hlaKeCVq(qJUu_4aAjUC?%95)UjoopchE=uq z&GAT-FIhCA5L}NU`$Ch5;hfC{9XaW-xFelsZ2Lvni5*gg*BYCn4=2oO2AnS64o?@9P%gI-I6twMBD#|An*z+`_WTCD;rXxn3cW>SC30 zh9z0P$SHe*?``yzQp@RPCyB4 zGwIf-fm@$V@N zAK$uKAE(Qb*mvo%s|M-o4rXqh^!;6Lx6+T)5?Ip*y7BuWC?#%z#`1z53w2wLSMGEj zcowi;Gw(wMxWI~$uV0RG=zdy7eLLw-=aZ1x3sUNsWzz$#Zr?`hPZjl>sjw6GHL<=@ z*UIU|`NVtjcIFyI!h317e6TUi+Ej{}5}+yRMnMNRb)-eMmm27n66r_r|LQuRQ;JOf z!ElLp>L_brtr_s8-L-mwu^tD|6-f&X%a+g}sB#)mv1lTbvi7{}?qSyUuXc_HRHX+KsXAB&;5_?(AL@}IqeMY z>l(Dz2-we zDw94~k6FiGm1-ZBZ*WF&4E8TdD-zkFa&=p#*6Wx*6x!@awDmVNe1*r&Rp)wo!Fc3! z_*G~sqIHKiTr7#++mT0SB*u~>!kRX3B^u4V!u@^i{-}>Hjt_QuIWcP2>bwh^HPxFY zP-9!3QSy$|+>wgMM=R5nR@Urx4xG0_&JQ&A8h zp2*-$78XqjY;i>yL4U;Svf?e+$xg(saJi8+{AxjHIUi|~DFf@)Pf)M9)2?_cg@wVA zjyH`zzlXBGlp98{T-=KA0?r7)twT3sFSyHvSgQEWg%3Y2B2>p|EB!8_)(&{9cy&Wg z3`UkD&=ND9XnM18$I1)O&Qao_qqI=8h9M~MKsi5kZ7bUA+p@Ct)xq2f?jVr%nXhtY zWqPQF0~7DMU}dr-LbD~gzVR7W)@g4RUfg5$^y?WzKoC-58?`fk+Pgp6Q+YPnFg~6U ztODJ3k>UyeW<(g#(0*v6wON&^eGEyss<(I=TH5f01PmJB4iy<0IY8N^cWCbAA(<7~DYib&rSV<4i;4eNhMJ~SIzNt5_4S=)P9&585E78}s zrj4>QIs9P}5PSXl%4eI4-Q09Q`{<(!zg5~rj}gqsFJEm(+S7Q=>x|Q z-I*6x;H9q~7Z*|o6CxYWN5?t`e@11@!e(V)KDjvOlvFv}R6}Z_>l2Z%kYJ{4I?!!N zON=q+lR%nzAo3bW2Hh zcY~CYLw9$Blr)mkNOy;Hcjx>sy&s>o*5-R0?+&^#$Heu^Z+yRBZzPNB-}Mzc*>pRukP6yFMP&A640og7SuHRn=v*FD)>pmV zto|{c!+>&0$>My@-#o$AEyz7%`BOG>ZMWFC^vFb>wS?~;YWQ)^U`h{O8vxpBlUVlF z`Q5(V;)`7#3T?Y@+r44Fvk+h#yLPWBW6Zt3&f0&d-s7l1Av?QRL-D?+8m|y}K@Vv~ zb~XqXwN~1z-5=_DBwCbX61bcxh;=#_uamVHR`bJRzV`nH2-MSdT_%&%%?Z?E625w8 zvK;(A=gd?pRig1)jzfN5LL1+azHIM9$%Iwl!$Es2b|m~Pw_hme6TVmqOQTy#;<0diK7^zCya4Dd=-yJAkyh2jIHhFN(Dy=DoVo7acFoG9ZL*PqD z4a)S%g}ZphJxxH4j%bzOVlvQCB=~X+XS}&5dX+VUzAf13wG2lDBq>;+>fcoxu~UW@0Gl02V}n%yeqp*H&W@!Mi-)@FYw7G%8PJhaC+bkL<6jW~Zk_$z2(=FFVP2(!&-#v~*_^o@FMFIrmURh!*eP zwt;yg%#2s)`dimLZH~0ALrJNbgD(6@z<#3K9d9N2=zDZ)iu2(3x;mFGjlH$C78_i8 zV+%)E<2UgUW1f1%s$!gkuq*+6!7)<4{{;iA1klTkMjv?j6Syr)VQbn1w zJ%TAoHH$e5W~}Fg;#RRX7%za-*&IKh;D%hJZu@d&<&1(!Zn7Bo`RqP983DRlP3U5? zq4m&DD))giBR7Y(p=XUz?S8M@#2{$d9~)62$3RYD1oAT__1hW0+>FLdG`;ZL$-!Ie!?QD3HZhX{K)cC-0lK z96h)CHq zh3+eSznT9ccGTW8``4sSApbI^()bhD3xp?#_QyVXd>^CsIVQf`Du9zAA!7{RD%*GJc|t=FrdRdf2oG{b{D%>8Ba0;BHvnL$Jt$na-tQ-xntpj+Pjq{YjhL9r{`t6|;w)c--Q*!lm;gS5JtbEt7;y9uTPXQ zdVlgVR68h837~<;)fstKIksTY;pt5j6m#eGUg^U_my%zZ~4>j;gq~HQnyS z>D0vki;l#=p8ruzToL2}QErpJv6aJw-NM@Ia>DMEV>%vA8jp1JHa(m#JreO3FMvGg z>MP*V@x(4{rqW$H+3x+tlplT2j(Dw3UCFA9c>JUjKK23jV=< zNdAYAd;3$9^f%c1H+}T`>zt|n0dxM7<^Jz}BH{hMjMA>qqJy-C49Q(bKv^lx;yZ- zfA@?4Ij*;gXLl#7A{}#x`fbjTR-@oUiWh zssuI=sXw!v8f47&16Y{mz#1&mtS^wy6u8)*iEQ<{f7+AeE_ZkU$S%b;Z?DT{QE@V} z(Zc&^{MK+MfaY?OA-P?pKIIN%lNTRvp^91MO_pgZHhL*Tc7KZGkTFQfX~&TA>()#d zD+^g2%HRZ=|F&tiE}u0L&Pk;CcmDzglj6@9#!0xi)bTvewqB^Sc#02E?9cUlnx{E# z0P=r@vZ)-UA1j6VeV$zavOInaCW0v^mqvW*GX1&Cd5grtdw$t@0(f#M+te)0y-~aS z5(zLkhv$^h_eO70ewdp9#V+KG00yIin>3n;YD6!&xYJ+%YkvGi+2Tlak`0*LPV^og z9>P|h>fqqun9N2=Y8^t*L49bq5_~k{2u}8bv4o8}p6rRrBd6eSiXji*8yJALoQr`6 z!JKv|DFDJHyp@Zr4P}tQ4QG1obs+bDX5PP3Q8*YlT7VnLucycR9$O#HxLUNk>tkJC z=r2SB@zw7Vl5#-fLkxOldRVWt#Cfs-8px9huK;L&rn>(r6K#@nW&bnK%>YW$h7J;{m?+tQK`nGCnCjr*014Rd zx($Erg&6mUK}I9g@*%?KH302hf`H-9&uII{9o%s)f>w{Jljfg?xP#7^6)Yg5I*K>$ z1=Lm6B?=;0ey7@zgoSN>S+R)$uo4TgcAwP+bCb6*NGM2->>xc}Qp^Np4)2i>sjGXs z(aNEkrEd_UcMQ7zs0nrtXF3$IDJSfloL<6d?h0NP;)!!rqjn!RcZ6hA^$h|9*v2mB zP>fDx_P6wJLZ39=6w`ET=}H;Kr-*&3!_qhSyC*=-Y=KGK_5wu8sV3qigA_^RZg+cT zytuRktQ{%lU6#bqTb;Syp`q|pPTRAMpGqH;Cc?$NSz!pE)uW{*AU%G-?ny}ygpE!5 z6I1r$8Oy_V%ockflI^+~-1_s-@A9U_VBe}AIUGhrjZx}5hJXxgbdMjb1o}x9mGbP$ zyYBH@+;{1#Z>Pd&`ZNL9LG)h+xz>(tR&P*Q)$bl%u9iY5KPu1I5>svGj5x1O;=I;) zs3f3VInXN$Qv7F(9Q}TW+?2CyYe9CK>+m+s$glAPp9Ce1NO*85*XrIJfwfRxf6pJt zC2aR`iHj42n=d9Y%V=NlFO>VAbE$Zl2K{%CZ#n)f-9p?&{j>{;K#sgUddKO8&)Eh!4KEB}k|^3@Gmz7#K`OzkMTR+^i1a zvO)u`q2k4W$;q3t!g=Myemo!N6N^3K&lvQyB*Otb?yUU*k$K9yB*M0GDBAwuA-i?4 z(yrIjQ!Bz$<3rza(1<(loS3x93B_lQk%AFp*UvhT5Mg^^V*@uTSWF5g~HJLTBK%io;eZx)-G z1mu??b4*Wv#E*>^wZ`-2kD__~*bsYj{7qiyqLD48lNfz(SK7|#jU;&C?<)TZL;YRt zBmqMp5QmLEMY&7?5k0*uJf|R_`iY14)%&YY5Mb7O({h%4?FxbT-}(C-FMBOE*smM^ zc%t-{1_@P$S65dzZuuGzQ)IsBpGTw!g%?1p2!qTTVt}sjApzu6HNe)e%9#lOZ)d^q zN)k_pZ@nmgVhXt>yl3@U;4g2B$|e1KmcxAhok>}6GyM|JjV*ku7=-P+x(e;)Z%JMG ze8X2TD0p~M9`CP9l<-5~wkuZa0gg*b70$oXu=hiu9HH}SPxHE<+sS+W6+jC0b=S5) zCrtM@fd+M20T5su$rQjt3h+?8NX?Nm?{jDITl}HE@rveo2SIc}Zs_t8T?jllEUcyL zkl15gA)m#^ZJY4vPE^!li07vqtUl_QPJ@G`I4538oa#%cd|Q!71u>w|;oa^J^?3_e z(v(qX_opcM%zD?|>>z)sOvx{?8V(I#+GF7Y9szztU3rOWsW!o~4p+ zn_GT`7X;^I1Jmi`yuD0y8n@b#?%M-CX|OzKmh$H_HusC2vDw*KKuxK4Fq!rA?CgUN zKnXsufP|8#Nd$D$g#Ms;b3mQaA>(Np?2FDhgOno|-xznF$Hu;=w!T!3XwUby|2!sR zdH;iCOJhoU#Pp<@Rkt{?w@fZA3X-NFPVfm}tMhz_ok7l0XeJSWYm>D|&{_+Al2Xyd z4$`0ArZSWQ^6_$uAIA|&-dr*fH>AE;{SLN**$M|yK2bNlN>XfVM%GqcT02`{Wc}~K z{7@eKZ|Bsshys@K;2@j7QV3U;vd;4Rqk(!)b6!2}YBfSivH>(Vx;8o*c`Jni4r;)M zB4<^Q0!-cGYHzQI-CJE-+uh#&MZMajxI^euBk5a@^AsSIw^M*i{g?YA5kQwOL8L3V z9j3f(haczb4VI1X#zY1562N2@@}$gwpw}j{WvY`4;>djkN=_|QIAUY~dv#xFFXh+xV~xHB z@O%=rMGtsz7WFR~Xw8-j?_nckOHdCL8?B0YsVZw)xg+-`y8D$&u~{aefylMXWXW>G zvLL(F($Y{XZovK*p2`U!*MXsK3!hu-?#N^teHw<5PD^QJZaMx> zavxgJ&0?OrJ3MIC4HI;CRYruVEN78K@On?vnmitK%SOZM3!|W;w)jmVtdguxcP1=- z-Y&`Kg6|BD-14mqMN|CO7YR%GiG|%hjaka4V&rZ4g!aMw?Ry>&7XY{~WUjaQJFe-X zf|g}*B%_`6z1bG3tz2wM{>{ZBi*ngQa>Z+27K?u2g5%~d(n)4|Z#~^Vxsc)49T=a- zGj%8-sx@aEaM?D?TkEZ>>RUSFuglY9`|B+AXDoTlIv$Z`3t-y`Rzb8lS(9r{Oe2;f zNq09_tNNhLg8{XONxUv>>jd#E^2!5EM`_d*`oBJqLJWOeS;bW&u{Txf)cWbhFN_Cy z?GV-UZExpg{xd0l?*E6)b@ZSBV{Dc8qJIi|irCzb2>slABVL}Jt$(lr+Xs{k=8-}` z$ih9TlCrX1+ySJva2*G8)u&fi3?wAf%`MPx6HIS}Zo@D$5qifUhm=F6lmHg`7zFV@ z*U}zGzQ>a-;ymT`=DI?cUYH&2%HvI+adRLmw_~E|yP(>OBlFw$5uI`wPm8`4}CX2~kT*A#Jyx`H*hE230DcSBzIgrJOjhZ4)|M^bSm61A_ z6Om7&>k9u^cZ>d2HT1+#mQB&M{`~R8q^6RsbGV;~*TduBaFDsSX0tkh6}PR^uNPsy zJ}pKc1BB(;Q6=m}A4s&Zoir2HMJ-HALrP_@F_v0UR#vQ|6gRYtqDd$HRmC<;WhB1z zJAv?qbRx@!;N7x|H_mhzfV|aBOFa=zKBNXe_$*scqPu)L+X&FnUSv64=0K5m{I%bR zS$uQ4a?_i+vY9(#`JuA|Yd}nQ!f6`e>J@nm$S!JKM3$-2^2?O3j4i z%A~paAD`MW%f)ehLK^y~y02<#IXi2@$UMYj7>=>_AY!V&nqP;<9WE9!3)kR9r(4q-3x@6Zooy{G9a7}!;el02Z%fi%fDoW zy-(tGwW)mW+mR{?XWMxZFnfqrt(iv%&^&^Z*)>VX{i2*KN471ACVV6md1a5AjmV#FW6_VOA8s&zEOATO=^J-r? zhiOH)@@ZZD>OO=-Cbe=#^WISlmkUj&+AL@m;@Vt(z@WJrzVtpyO=@GNbz!-~;XK9g zVN!RT>ei$U^JfN4qE%3)=>ifP(6aM!K2$Zq#dF$;ty7h7bCH6xT+5|*=nJX!{#sE? zLzil`Iy0Y`_yO;eVvo}K!bE$=^MQ!-q^fS@>k>74exJ`n>uovO+8!2>%N_H)KaIW? zfLby4eXk{>VYgCGBlzb&e*2vA_K=OXws=z5`LJlo?TG9fvi@xXHPjJ3g8|y4_!7xZ zQp=C_gXz+0HV#u%DbPXsaXNF~#Pb?G~n;_L`uw{>8$&52oL^dWMORr@=E z{sYAskJ@(9_}2qKz4{BcN)w}g&(XP-L(A}HsytvD5)er5U@+`pl0luAj9a@fg1On! z8)k5xRu%_lzWEj-FQ}$rTnoNIr!OX{B`?*_tPXTbh{4_k*BV_72R^IUIs4mu; zS8dcM=iAh(Ueyz^hv_rjspzZKa@&PN)hH}ic(k?lCAx+tO<}vj2Bo})CJ{u8&}Rro zO&;ZZD`_6K<5B+ao8GNdrEg#3+ca#aaXT(Y^B%*(j2^2vr2cayI_m{g5{{uz zyR{p8o25p%k49iY?NigGj3z6do6pwb#Je5M&WXD$7O0)38AcOd?yay_toa|JEw;$iw}{fS9Qi0*)x>3|}DtY9KX<5dYl`zRd7`S4xW& zn!9NDx#++?n36v-fQp){4bpLT8r?{Gzlor{TcyQfE0LRW;Kz0Bdy$za6aW4uo}K<% zdAKMmK4k+OdXh_|X7vJ7O^AC2G|PuMO{#f8)n(z$cB33C-WR-Sa_qCK!iv!x7VWx|dm-K=UP%8U7F80&N zlVw5wXR=|`D^7e$5pBQBmldAas)$NWECme($`*oL=xoju@>KGr+fo@GsY0cEX1NIh zRSG5FML*4{*}?y0&eQedd14C^OB!pocyU+S)*GH!fD9Fz+9vUMtvnG9VN$nC*IX5a z!V`&ev2{Ut8pqxUMnXo#mbbRRh&+jIkv<7#((3_gT-aAtn>FByr7M&?-B^t{bEAO` z!&bOWm3W!cX3N>}3Wof>tK6aSg@(`zb2s1p`ggmxqPT;vi43X}d33#vViVr>`)Rh` zxOL^moa6ot&?#{#uZ0!mCLEXCInz=eL!s2q|et@N8v}WKDIK(x?Nro~y zafMTd*yS3^pw9~flbNJp_7d7P;zHZn1PgumZcBi6%~O$=qHH*XUSFXuwx+UjOcwZ$gYxuyw<&mktz{Vq7ko5tz(lK>C#`|+O&E6st<#J& zSl9wkR}3gE>|YB3EbS1dLX(ShWkk{IUXEw(uRlhDZoi^~8ue9+5qd;W9Vlr-!#+|C z&!f z}PvEZ(=1Cb6o>a=s`S1HM-3q^O@8P?v#`8SqJ zlZc4)?@F0$1yWi=)9u6i-d+z=J}s-(T@*>Rh%N1Yd*mj1`MS60c)j{NqbzO8hx%(V z7l8qCq1$BzY-d=(rZjA7pNklKm-vH9;!_IHwmeBS74;;eI2=)BX~&VH8)bc=*C@QEB4lwD~~Gv z=00_HG#~7Y?^1Yph24Nnu$<%7xBkw{TyZX~k-y%7nkCg}(LQ-BZaFhPdvo;h;G$o# z$E!I^jIK)A7X5E{kw*=X3Mf!`Qc_X^L2o2es@EOhoD(;^o~cxM`4%m>N34hT!lX-x&6uZ_9&9%bd2jm#_aC2Xx~YSOu~qACkirv&{r$m z4@1yvp35$B*Ua^QJcCWTzn#H{z@1BlGZ8hXqJyH+(S>GD^#`pqW4@LZ>buhVOKhsn zJB`~gm~>K;S$Ojkri!e2P-srNHn5dpz5piCDe`bPwQY2O8i9Sti%wZHjY^JpCb}CC zJ(E^K__(RdbqTl1bmS#V1Lg4$Th*1#Kq$l0m>35qqo4Yrjnm4}zy!Du6AEW;qbFF6 zoGyhwrnjN*@(Irci5f8b7%fsT4tQ&4&b@!fmR%N)iqENs(>u4&9JxGVAls$!ELclX3ua@@x08puVOOR&Q;E=hXqu6CcOLMWkOT*iP zm-wUM`@2|zm=m=EzKwZNgyP7PS^lWb8#JoSe4O!2VV565b*O9wipJ8749@L3iQ?ZMg22MF>{{31^@aQLn^s))+MEjzv=30-ww=C)ooW zuvquBleSaDIq7a!K3$Vk^KJ^}e^Pldf;=A}Zm%K!qoWEDguFfSg6U)|;Iz^(j8%;8 zSW014lNczYA05DSId8n#s^FISV1T3{i)T)=MgU?NNALbF*}(5T2q?4xx2(GgAak|d zC;Br_I+0;lj9R%wH9Qa*zshEbX9?eOT=%~A;u`2S zMHhlo6WU4Ic=`;@30hs9qOabW4I^Ed>DYb z&>cCbg}NV-BJtuy97~HFJ1SpR*HyMVcD_8i1y zrB8UfT70GFvCBYJj<`VHr(U12a7822dtG0g>z3Y?yh9TWgq1u|kd06)PPCe&R<-)s zw+|H0D-a|$Uax^bn^2o0sjInkzE|k6FmbB)^Szg!jwb%mn;Yk)-?9kM8al zxHeBTmtke*vnzqC=%y^@OOXek;@)>KTBiIxMt$A`JDFTCyx?vDM^}#+IxeUHv64AD zudvI0?3P12u)^S~-*4>!?L&;g`EYPV2*!5zP664$N*jz51j2~heS?C6!b6(<>2j~e zW=VsJoPfs(8r*@PRKQ5x#59<}k1sDjG86H>Z?hIG4EUHH1VF9tijh{=lyJk*ywFto zRAZJ3W9()~zzx_Kpx^${+(nPAqU)S5tVf^MNX|eOZR;kwO5D{UMZ9L%LB4V97x5w^ zr@ZX3iq3drRlT2F?jWGYH4-3wXP}r%@yIE#<`S|74cQ*BdnXJ*tAsl?-G;tOdU({0 zW6%wn?_coN*X{1P^~+c1Pw`^)R~Ninlf?qnCsYmA@Fh40GF?dEFotNoR$>Hm4eh

        a~Y89d#tGFMyZIAzInznnJI6n77`dyOx{=o7` z`x`n$$30FPxk&XU?wt}a4OQAGG3B?c&9>rlY1o@BEqDrvL~nL;@S_@b%EbIUPA+M` zQy3>ENEtZ)^lV{!!1))H+}Ftqth}EY;@o^W96gr{dOC4Xk|RxzS<(nM^4)Wxpd0DU z;R(a_9o=e-d_igvQA5i?QSB1l6ZbOu%JP*cBG&rqYe}GggS;p=^H-e*+C-B&eClLp zsg1GJ)ZzP~RgXCjZfMbD8n~e8zqRI1!1Rd-h8Ggbi6zF&PhHFM2kvAsZw5`;i+9mL5eOVlDMWm87WwRx8=UK+RfFVY~{ zvOFhETod&tkZ@)Vdq10ljoMMaCr$=A6vu21Ag?d(TEdlE69Mq53QcUGxolFUdIn$b zpjYuWL4mfH3w*DJ#Zz}^*PhBm{nH8FOlIj;For5$w^$wOpq_7u+x{%V+koo1RTk42)zjnyv8gCP_K+gvpr}GkVerXj(9m1-iqt@ymGEg&0RlN^; zm=n0;-H{kZ`FZg&6&Fu4igOu&0|jD{f{XZ1x!HW5rUX0tN{K}{bvFEC-CBJ|JT7@S zAtHNQ_+oA$foaVWHD+rqryfq2YTFZ9Tx{V8D<2iESS>B;HHXhaTOk;{7b1V7Msc9~ z<@lF`|IUutlB*OnER2MLCSoGdX0+hgfRbTWL{EV!7@@LpofPaJ6trJ{TP6I3^(*`(rjpVn{cFEOBcoXeKD99$fb_d}c@e&kw%RH)_bRy|*4$Z1BT5U{yJK%Z6 zGxcE9N?}qnIY&jgqV%O7W6r{Rn2dBuKt@?_7CQ@U;+fuA%C^ZK@lh+}O=c&4=Nkw! zsSS4qcjzClNJ2H2CX@(n?ir`fSl2uR!u(g$y9;@P_Q#|4?xqqa7RBPay zh%1n~i;sqvcN7Pc#~#*4mOY9JDA(oPJE*0torS`8q_mpe>RYJ{4&f`>rm(6BBYxV% z`@nZyU83}kR?V_xC7qO0FccGn0fw*490+?wQM};5XP6dqsl@924o~p;$gq)Eu7>A{ zJ{_J6zn^26&GDQ6UUUI@8aHu(8h6-$-yTjU1Axm!#SrQ&|Aq#f@eeT#-q#39i3EBR zt)UQzSWH@;pg8UqG;Hib>E89;NN1pE%-ac6m#L}A-ZJPk_l;(Ym`@ah+r05RE4AhM zeUr!>KAB|-*N+7TvZ_-!i6vjZ-p*}m=e+)}%SMD|Qoj}^&2!U79Wd2t5((l~%vA7~!8{Rnt zRJTSi>c>IYkVk%a5z7-skk0&?J)U%9LXPlyCDI%=N!m0)blUpCt`cEvq{W!ik?g^_ z#~rsmoOW8T@0D@!$MKkX5fsO@ImVCZzw-~YY?HDG?k&(P(#u=i)3Ah(DH;lMS6qU3 zcqlCpEXnrDE-@2$kAhfC2dK7}g@U{!EDfJ)L$^)ASi+}?rSW10*TFw_#8K3rtx5#7 zS_A|V;LM*`+t(Uyv-%0er+xF^0^&|>gh$vxs4K|PHR_a<>nb4FSoQ=g!aw^!@mjnm~FLNbg-Dk zXKG>+O?T6hFcS%J%ggLRyK3>q@CAeYZAA#1gTqWiCEd6(8a&9Hz`|9j?~3IQfD-c^ zA)YrUi1dt)0kJLH2A9s_Vxi~DXHT%No%WPu;&-N6GF2b%$m=H?sZiWPF5-0S*)v6; zWuyFT!k_YjMk&$zT$>Bu91YafHrGnkz*GWaFGxVfRu={R<< zUjcCpHuYIoe0*HkK+??_mNhciA906GeDY+rqgq)(B9qce%xW4A!bTZLo+-dHhEa}R z9$Nr6*S6jfu<*uh@E~k&C9V!f45rNpuYy9M+v#oLnDSK3mszLV`FzH%!^yq}Wba6K zFQ(l4zzSN?EiGpL#YDBD4CIP_Tn6YWHq~%X-CLR3{@4c`n;RMJ1!WCn2F5)<7V`6R zF7~kVWpFK>cL)C(ndse~6?Mm?9zik@<+QjEt&;2xE3Q`yx;g_ap38E9~Eppe5Tt0!C{f19P@*!uLu z!`X=*tTK*{{dwf}CB3b72JLb1jUepRc>w2k{QOV?>mo$8?V0@V=CWUr7e}(GUW&pA zss6KS+RIueO7o;xg1p4BxZ#rYw(YD`>ZJRA`DNXRVE^h1oi0-vC1yUm2ECC8>ua|? z^x~3=MhA3!v98)~D1bu|+t9`-bz&10S z!Jmpf47FSBa0jx`KgQa1I1fo-_7v1BG)iC;BAzZoPEO^ooT(QN(m=uVJH{#r8QHp8 zIB-D)>Z{ghjYJ(B`~Gm&H>y=S^i-#(WNfy!P=2Y^sfG< z?U35^<-1(PH~m3vqO_C_e}=6%21D60tQR=U(+LRchu_j!f@sdSnG7v#8gV!p1m`bKHZ+{dqF4aNV=(@!Tg*K+xOLxcoEjG)FmU09;dm>Cb$a#BY zYxLb#t~{+D2wrk}1{L>kK zA)l5d4TH84-h9Ywi<9tq8T}-pBN$4e;SB%Gv~9DgLbk|w{!Ix(E-v?}X2F5e=D4Hc z(@(6e?-Bd1OFLs(aGRyA+1;OihGFg|n{mQ51&iP;e}5r6&@yr#uc2UhrBWV*3r2O> zIvb?@I72O-Ow=^Huj&sak@Dx+qP(t0H88rzQ#PCZZ3Y-}W8Hl|4;_tt61fZ6<{!MO z)+a9+7bQ^Ru9{6CVsFdSoyl(0Cg`EN75s$p$Xl1cnaGdZ_@RbzSu#)Z91IPW(>=F=~lKxFr^!N zb?QcT0&DZRx3Cf#t=ZlU%2rxU#@S4`ep}%8+esu6-*Al}ex^24`AyR@WsPE_>)X)nyGnoc`Q&@~Hld)}%VTe?e{ z_H}IBDTc2VsD;0L|IQ&WZ%E}HQ)iGmlPxsc$QGa@8-@{Hl#Iz^+-{TgK2HgAt>?@W#g@Dix^Ek_jE#u-9xtl!S@BDQ z1b9b_Ts#o9}qqh+_7UNpMqpNWQ;+eW>y82F#n+z7INT12-6ityB! zvD1*h66{=ALWJ3!*1K&8f6ou5>Vbhc%XwB0fRF+{A|irI`+Lu$sXipcGQ{Z>Yc9Nx zLy%@-yd^<5`&wg(4d02pvdLX+ESdzg>9za|gJ3x|Rb@2zrVa9tv-Nu%&f|X`3|ad6 zrK`E9SYwz#+t#M`KE^@+Y|}M-3S7lcm9)5U^wo7+qge};Rm1j<5T=f3F%Z$^TSDT% z;Pg08`ze&V6M6k;sRi1#AFK{XXQ(GWr{`EVR;1Fsv(;8T(3fZvx4F}ONP7zN6?v#u zpu7I$^a9&-vvFU`9p?(^_d)I?Vl;dL%X8mR15NtPAk9WFPdC z43DMnlMJ_nO*k_Wy*7`fpGYt#vke=qw`XiqHvOC)6L=D2RxJeFMond;2GR+k4e6(JHdTpAl75RP!K} zFtWXmrjz!G0jSkO~k>)L>WbX!Q=6)@$DVUhLg-Qt2q>BP4rFa6YdQ7{Kj}*3SRyOU0}J zrGB7qvX&b00>L%i2o$p{tZIVZ7k5%aKN({ zSw658P9y?&zt^2nq_&LI*Gfm4%Ad}B-L9UkrFpkxU(bvdmfV!M--LK$B3bp{ekABo?;e~5?zQDT1gzIw|8ClEs@d_ln- z@lcCL`?AiTH~Rf&H4@umYWzBAd0cf8xH_GQi~o5qJ%b$BSXel_C+WWp4QH=&CDH#h z`~B1eJ`IKl_HAohMf^7mj1j~^#shc);FFfY{|h4c*%XQa`uzpV{*2py9)0s~FW}!V zrTzc-(hkcpGd3er)7a$X+i711!Od1tvV%euMBcAX&$Ja_jXz3`{{6Na>A=AL{xPb5 zOm{*=C4Zal%vKpA4kR+p;2vBf0SjYt$#j3ZjL-X_0iIMSl!F(~d5ymc%n$?eju?a@ z8i~%u5^lbitI1_3GDuVC=E;p{qVK?DJ5?JaZ^)8#0``Rvj@=aa`q8|$_a%~?UGM%p zr;T)x|NF`LA9e}uey6aqMP9!`A?V8z^7F3G>Z({2|GrXZz2J21gHVQNox;gY+9YwE zEMK)i9zzsP);*ME+v(33L zT&*(Jp$(YuQStG{62Z@m_k>fZQi?i@gzKVCJ(+*naFFv8$o1z&=LrzW&ZFax^IQGA zs3RLN1<%P-#h!c8(yrhZJ(%QNWrkDgCBUFqh05ucmh&DHhhYG+VmF){%8dIvy%y{x3VAYFail}^QLgt|MD5VOY}uN)b? z7AI-sCQo+0JEDZA?7af~ydWOEXDRO~21W7n!+!HbFmmoO@|RlMtKkD&+>2}TOYena zs`{7-o>oX-%jRG|MKZ4Md14k095vi`N9R4+YO^Ve%2~ka>&Ty6y&)lCNR|2Cx@#NA zK^G8bN1So*wu*};?J4$!M*l6~@1mM6{9(t@bBXU1A&iP+9j5=&;Q#!l1TBz|{a*aG z8~$RGt9(6&@F}>%9?FemZ%WcmWZlgFwa?J#u7YC7lE<9L#mG&Ta>A5HeZ(Xto)@p( zmdFD3vgpNDE<%!@DrfpCCk6;|Hwh#M3-d#K6C}kVROh7Eut|nhO{3B?ge^2);m%o1 zx`WKdimLjg!fKTiY5hT zs?6=?6+#;`(BwU}2<%^qcs>s{=QhGGziUzG{q(E0ka&V;=0|@GbHQ|Ma^oe+5pK=_ z&hYIqIK!-7+iL%j;>9QLfo4Py+*4w?_17t=C)VXVeu{Lq)vyw_HpPWU-kgwzkxs%# z9Nuq$i>cPH7~8L{$R9E&l;YG+o8mI!&vkF;bNDA}Z9Ar=?i0=#>TTzY3MpbvzPgZd z%g%Vit`iG5g+ggBLG`V~og1p!xXnA@!bf(amcyXfKloF#${)(e;Px1>#t9iQY&1tE z=YiU(J7uB9K3!-&Ho|AbUMS%q<$@eMm2sEhp7)!S4W#f zQTBcyYRxl;{;cB&t9JixjbqCC1sAZKJ`;k|hoN`ouo+SDoKJAkX|$-tXtcOgk7>&` z{=0Md05@3)Q1(Y}TL3Figh1ecK)z8%(ajJnxj~%`kS~<>J8t{oI+P))mfj#tyfOWu7X-P^%%QC*jFI&hMhe|Nr~2LA7qe@DFvd}; zCu%dp<5MF;PM)c{JcH_~(pEeOMB~*i?%YOEd^D+r@~$G})@=<&9|y&_WOPD`?L*-1 zSRN~5@_{Kysj+qRb-Y28mZm@Vr76IwEuN@i)Hcod1mMWbz z`wc0xMa}ojxuEhPg_3v&mN-Hy7RjgJ6TmDO3Sks#X zKh&xrC9*$+<}ERB&j9XT2`fqv1*`Rqjjk%=f!S6sUcf!6@i@K~8why$NVk$sL{V^n zCdyBWq(6zAFHjrHh?R)wz#VWbXYalxof}|%ZKgr)zk{zHg&YW_UgC$qgAyCQSG{wV zeiStt@_4BIfFF3^)8WVYX#!99+c}sL&!aw*X*yEQGIVxfyyYg$#fc1Lz7ES!MM z+62D!{xxgQo#WG#6GNRKMU)ZO)ru^eJ|`CIO5Sr-=hw_PdT8=6Adjb*xL$sC(x-sO zUOt%lbVd~4W;S?Yef>S7l=n_oT5eQD3tN4(07%#(@eeXrAf1-!KxU^75x;tA`1SKY z2}1ngz(=;GrYnreY@goo5|N`PuS5YFn6=n1XuSrh;$My5r@sX`DCG064Ri4JB;gp| ziAwWCXtZm1h##EKzZ?_e%ILivrB{{P7fBC(owSK2vd7B^M+f$$yP8-S%{O|7hr&B3 z$N29d1p}H6qQJtH4?19BDXBL=@CG0q3IG(j)DaE{uOrgY!h9V6B{~37E`mp{aYpL{ z5!O4f(YEYwzZ~4Q7AV?gU;6RAV%t|cKFIPzuGCA5A?{9{OwN-lbOuKcSJV`o_;Ca@ z^zzdquzSLS6Jzto^{X^odT^RaK42!-FOspKfQ8Wkb99HmS83TMkVVq?60 z%{%vL7`(_&o${L&jr$RU1^99A^;a>$cwwCJk`){`wb5}r$GNL9M z);6}pLs@}a%H?zMHe}b17cOaL&q9DE@ofgHdY?Y|3sbt@F4@7mZlantXCZ0(Ts(C_vCM%qA&pN(n=pH($j)mBO*(sjT}Eg?{73m9TPQ zwq>fN$k!*EP+S?cu)&Mi`jYMpl~LzoR263FahlXLS(um#e8@^~DwU7ct@b zfb%XHblp&2`Ob^>G5D>nQ_g)I)gp%6xz9t43gH*n7okBbTSySMDHp~Ce%Gz41bFYt z0Be%&8bChGMom6BTBp9JIL6&~aw4Ir11l~%lo#*r+DrS2r-!OI zc?Dx7YriTq3d_&iGz>gKk*Y#K7d30H^sKz%Z4GO%_hjX=tzXVBRGk34LG?l1KNc8$I7 zd(AcHH48&6KH51fjpZ_m@9-Or;c&D6fM9&pQ%lsdl=)UFPK^&Td7Wv)!dfxp`EO8x<)j+<~usW#TbuqQCz{o6}s!-58tXJuEog ztC?3TOUjIIbb@b>rpZ$S0n9l1zuAZ6XEG{$Q1{%FCFRG+TK>XQv@4p$P^R-=Z|U8m zux2|PdW_7bfwj zsR}|Jkp`H3k~zB5c{M2p+;0pVNU7?|rB7J4uO;()q@PR^k6W#Sg%QC&aV#& zlZU^ewjzB_Ps2gy^;(7twOG-yq=x@B zS^9$&Z<7&%I3R2V3N??jXRg0^Qqjr=Us^dJ*9=S)y0Hf^x^6fF-c#~0MTO+v#ut^$ zN9F>5hhEY*cMbw>Uh8K|7V&0SC3pyny!(D7Nxxz3$;Q^T3QW?_-$4Y%^hs5wdmX?I zP7Avdp5)6sYW0IXvL@UJZ!XEF9Mf2Y;O2tfs6>Y0l4~81z&zB?>a|Lc_lAB?)0_x# z_%jW{pDkc#ZfpKiINRdMt!frUeq1m;emFiAr+JkM&`o-p$-{P%t|itSigc^=VfkVi z-`RS`vELG~l~6cqc4Z~qHls^!m3<0OvU;IfrpM6N@~x*)iY=?vr~^q8sCMTs0hk@R zm8U6=TgcWzg6@^+Q05A`tcr?MtoTeje4fIC3b_QEi!;loTha(|E3P5xdMmellQ43`&z%oXfT&y3}u!Ven;XyY} z2<>y4?^oRzZ7$?1>d;r2F{~r0_K=xUXGcaQf4Cl0ssE}E@BjQ4fY5iX9f}aTm6n#~ z^w}>&vIQFa+VFlUvw`swzj1KcyMvxtfNqSf$_vbl;P37o@9gIc#g}5a?qgI(TQq6l zzx%u)ju*7XkFt~}OODkU2TYYbgmoK^92hOVV(megU(On{bJ1mbXG=+dC8CFa|!bI zg!5A^2(@krMh-^s{j?gt*sdKtqqdh#hKn`*l68W%zH&K646A z(7KiJ#`M+B{vM6S`_+s@D8;=rW#X3A2=s*h#BG9#bg$nFtFJp zV!(72NHw7|@t#ty(^i!Zn&-68GD8=G%3o}Q$e0%E-=_u0xW_OZE!G{Ca(O!ls8jD} zaU&YjmwWTc6PoNlFuGh^YTTAMf+F>MpzHf9@Ce;0dRu5Jy0R_vFZYHDR*NRTiwbds zV8-aqnhmykZ^q+?#GY?T34s+q6H95LS110s-w4$cxrenpvO-Y*^cs$Fv=iIr&=2ec zqEL?~4m_BVT=GaI{A0+8i2GWys}B+DgE4XL+wJugd-BC3O==O5Gqr&g_Cw2%`Y!`9dE%l2(^wo^Y)Ntso*0}KZ=Vlo-xLr!;uDs`)Eg{?PCJ!(zL$Z3!foBWdmp(gZ z;(cDgG!#B7sN0-VsF*eV6MtI>&F*T)C%U(BEa5Y~373Hihb88=OG!960Bhv9oz28U zDX%>-^+s(1%ulClB)!+lAmSRUBm)|=9cwE*VF%6|@5^21+Yx6aYJ98ekMHnILV&>$ zj08+b5}yT5Jw)FAS`P;C38|nESLC3>Y=OwoR@*C$gxeVvQlHxW-b7Bl|Bz{GL7t2v zO!L2q=*xc*MOY&xK$yJELe=7g)Q@dNaeS=QZWfPwtF(VJd*d>=aWU?}cK^g$6U0q4 z&J=c|{XJ%l=?x~A^0pFNjzN5$La+q^(VqyMqAX?H4b<9TQK&0S-p~j&r`N-9>f9%t z!uh##AcuygLX_L3#A1ZrptuNV((nXkAi>2HC`TW}7`5gXc13sLSq$ct&r)xXs3eX-{{RJf9#(W^^rtYZF}1e(S6oLrWC$!=>E1!DM+MuE@=a`kHB zLtX>qEc?&I_?gLxq-A@#zDTMi)o|E*I+eInk$N#cad4^0gzna50j&okO#&##eq-$Z zNSCETH|jd$)jv}BJ@y;6rSeQEE7e=VlDtCT) z5~ov(ywPSl^<%5^UXMN*;IGv67^u|xgBE+;Rwm_0UPne9zkDiFDd1B9h~aQ9wt4Tj zN=f(+u%!^G2$FE=7Yjdv;KJsTf-n%67=#;baS^LBJ zrVNHL>euDIi4Hp#N47Kob0v_@fVCWMbNw@%N=nA#Rnjja#-(@R>m75W_TO`9OqLmTzg?FX`efHlnKM?{~)o&`LbTopQ7|Qff1-(Tu>u4P(B=f58SU zHoGV~2Xi@bZq~n1`8o|Jax<*6ah$kE{Z|GwSPN2M8N-VqY=G(CHdM!!D8(t9nZSo| z2J~>Hcj7`49+g+YdOp5o8e5G z`OKJ>mk6@o<17Ush#nc206jUITHda5zLeUAVo=&WW@4Kw0lO8y;zl!Pews$rb}Fe- z^W%&ps&{u<41MBC-6uv%LPNT34etTDW6o^32SZt%H%4c{94WOpa-K$LwSC^MG z6woBL9`N$t#GY=$4Mx8H7tmtPN7&mZwM8LiEQ~FYPZ(VubeakUC;1$Qpa9LnxBpnn z?ZkFJXaV|808tHw0Dn_ckHnrx8wVpVeK@>1T=^a5|`(pa=FQbijD0GL{5sQ2P?S!6HVZ2f0|TLY;0g6VBSS;Nnn`RmL%5lwp} zekWqp&S~#>j$Nm*F^KkN;a7_+&rmz9u}((calOxePRDzk58hq=TLb)}$N5){a-q!# z7cACcbJ%a-2j1R@_A?8uJfV2q{3^Q-%~UAI7rGBTona8X;G%$OAsZq6_K)y++gipCCxWJd4viU;n7XUX{yv;%AiO+JV&# zp{OY*#v-*AcENp{J@A`Jxh}SaLz8b$6-w!uN-$2`h{3uA(@1&HiH6-mXbTlQ#-kjguNBA26SsuRa=fGE z89Mg%_S>)HNwPL(VO4fK9;e>jIp$GY#W2b}UX3T70gUyGhc@aYHRm%)m19vi8s~On z>@XhzL>Mjv$L8?kjIYTRVJ8N!cSKY+PTfPGSj1p|tGYAEf#>cJ!UmPt5n!7G8PRp2 zjEd&`v!L|rli0iZyQNmd%4q#eM59hiM9Gd4ljlM(2}=9s2F@B@?MMoIi1axA-Z`_rFyL^eg3EG>jj;GooydV-ZF)XPsN4r41 z?N`5w$KrCy8x6qNb`z7Xec#>ir~2@V!361KYv-yh=j`<!VmL$(pEHi@AQ&tCnL z+pM|PFGM^pNhRfID0`Z3$*)6{zK1P@ON;eXD5KBQUN7tx)(YD;cdO;V5z zc0VbQ?3aHp90Q)U`;+I;sa(BvT(1jT8ca{c$(E>b=`l_vK!y z&D(KfH{R9-ZVJbZ6x~{hKN(yMXvahD2k(k8nW%B9OeF>B)GNrW>I2ixmwMaPL6T(DyDTm6 zvwg*?x>{rQ`@xFV=`rPE^dvu$)}zU+{zd~t>543la?Om7@+k_D#Sm+c-UXIs!`GdF zPu4Gtm=h8)KP7>eJ-Vqg`b%vEZw-s-;T%?Iw95f3@T&?FW}~ktvP-+*oDn%2ut1Z; z3vvNhxWSJ#cMfa*n5KgsM7CF*g8(SDr-05{*e6oh%Y67i5Qp7*0+xtrqjT>ZDIJuL z^pXeR>P^3ayi88bhDwhO91jPz)f7%>lyCldLl!1Z9T|-PC7xEX0%gPYVU~3w*%)yx#X}PXD=EZR$!bNGLfuc^?r0wt!{# z02=B^h6j@R4eEAVZ2Xs-lC*61P3@2*TF~^b0Xl|qhU_F%`h{i>-HS^hENQ6+!|IXj zN-y#tOs4WNrdrRB3gB)D0Kjk-s<~%6OXwY4)1?Fy)){&=|Y~{iW8bxHz9|>*gnSp)Ki5SgqgtLU8AG7nJyzZKREeR>XehV?PKjW1dp5;VMBBL_TDCLE zmHnamIry!EW1^Q^cLVoM~ZI|O27gMOI>BfHcffGeM z*WXiC*=~q}7?e;ICb$N2br^*%Dx(7%fZlD!iLSqZZu%?b1alvZsS!ar_?{eC`u^4V z(vCehod$3m*b#a?RkFM!VEy$rP*Q7)^kN$mWnj#bO&?0^8WQKS<2KWTp z;2-TpQGO?UL%pER=OAzk*kNV^g%3+Oqk9j4R>$5&VMii7+uq4skg_@ewGOjwnJd=cJ*8!CB4Anz@I7< z3%K$6AUpV63p*c#{^a!whFw-T=TAzLY!iCS1U?$|<|>c)g3|HYXZ4nYR)%i#8sH6Y zIHmNG86)`kOMNLNt3 z`pLsCw6vUEQVs)RD$VTvm1v0tu_)d#*D@KoFLxDp?{qnXDzWJ>_@8$ zios9+>)6BUuq0GaI8afX9@*G9Cp7lBKGp&^2N~ekXmm<0x|+(fhcjl>^SxRiJI$U* zIfRPy#E5g}t9;h;yfUVJN($t7s%h85^HIuU6jyi8N<>g_O(8ZMW08ZoXCSV5%6ku` zypJFPf0Amo-$aSoUG0(jB7rSCe+}*QK^Yeh>J5c@)u5h{|Fh_)l?Gnk-Wo#@WUA#l zNziQTajKW_RwfP>ES4CQy%K9p6o-K@On~69KROlugT{uS7aA{u2Nk#$9KM{*K@f*y zgA$DjMO~s#S>Nse-T#gBi(%GdTR%Hs*mjYuREX@B$O8|9-174AAgHfNg;s3asXUgJ zA}7Oh=B#({5&L75xCaG#2lMkHj%@Ft@}iz$GpMH-kzlE;N? z_G$Uyd6;iHvpe8F1?o5sDkkV>91s(0;aueqXU9~Jz!cbrQcQa| zBEo@Eu57W5*?6U3Pei6aogty6X4E{q)m&6ggeoKF-y)iawvPfD8BCPgBF$BE=zH$r zx0EVpnA7#sau@;%R<+6bc5!*l%z!oSrg)J;Lx@{sIL$y2V!scvsVZxobmcNrL-KTP zz6-ZHXy9;b@siK+h%YgUT6E|x>v~e?pzjI;xk&T#iL=8`cWT{6^o{_1T7baXM99?s z?DOc?nXKSPGAamiIJ3=33+rU{*SVl`L){)x{=VYf$qJa z0M|o~rV0D;{d(uR!4whLOwKudJd}%6`Mu`eQO7QP1;0Xzr_z<9i@NdAT06|rF?VP- zqmfSFA!BDMGo+>4%>+y2&b>DMpfd^lS>9-v-47MbxN#}?wd5BPUzyLpmaY4H4p_BE z6g=a`paf; zJ8Ra;nf3nTcfR91_X!?;t5lC~U`b67fBsTMIx*6C(#F=$0V#4mp@3SPZB%l$<-SJq z4}YL}4;gVX12i0BRy5sy1cXs=#2lMtg&`*H8J*vL$=?BK?>-FI)4Uu>$ww5+3GPtg z$?*h>f#0Q|OYp|3#Z=~zH-F~Qezqsa&WW5x&lCy^`LY&NtWpnT!$P3a% zpsmZ@zJ^qZUg}?Vq9m5c3)uhTi~A7x--;ZXKzmvMDzY8k9?jgItt1@JmCO_>kFS+Q3BY5|tyYFvBJ_ z@h$C56j7Gq`QD|}{F0Zdu4Tq6fm9E6qi`=voZ94XjH48fAQeZM0dS;AKJ}|oOx`Km-z;ReajZSzh+f>5#mO9;{*08HJ7tYj z%v;vqGq0|#d1#p0bGdiDZ&q%lRE!f#w>w8gS7Ds*vCU)FiMxM)*ad~AjykeUg9`LL zP4fkJhtfqHOBDV1%FJp`S!wuJ3iQ*5s>d@F*K^Ul8r(NE6o)WS?Mka{L=Ti>Ed`Rh zS~4(m=!F&R-s;KQhBdmZF7>#Y+J+0Sde?Qk1!Afb=ZQx%d&mUT;)%ciYbLzN(tJ-n zYhg12^YU}+-(sb`Jk6>R^3{9fEVI1mS!+rn`KW!osC15lB8Cgq=<9qj{MM1+zuW9P z*oBgInw`x;d$hLmk>i#&TT$^MrumHxjXtL8Tu1gKtMBEQZE_sL)MdFt8Y0`De$sEt$GOkm) zfnV&K;gfX&HQ-PJfV}>sYQ}H9Z=?fynXj<|$-#K}VgeK#lEe~&eOLxx9 zwm~GMlc1kT_(}!c60bF?Uw)$s45Be3?~yGAo*<2x8(9I%gkE^gwGCKxrwD+nIz7ex zdsQswppCU`IVPH8{KnQ?R7|IVz7)p6?uQ@xwEKmT0SR8jAuem?k)l6yr zPqho#1Sl#>B{kpC_MF*LM*l{6mc%C@TyGcw7DM9RiAmP_jsU|D%isAWRNfhN$^L*x zU^X?vqzno|rqT$YRw^aUGK9lCZpig4E?<2r6eKumzzxTeZ67h8iiOZfaU>jBUosRUU`ezCrcDUJK9Db$_!Nw z)4Qrk@@OkcH7YN74WY40Cpdd~cFn0ainwDmv(EVf;1Lmtk_~nJW{Seer17cLz0gdW zE=(10Rj(fq^Y!Nf@#tm`+2bMfq;8cD%lDa^C{&#H>u(!i{nJfB6Qrg=-&$Uh$N*-_y1n6cgYA`oB{r?H_dfD91*LYKs7wzoDY+CqJ(ly$${ z7lk2Lc&CZ0rO**j!t@OUTNcaXfNc)Ub_TPRWpbidL3!>;^6 z)dW4&+o2SmV`a-ldwExSe8PwgH-4+)_ihLbaL@9ToY#iS5NcQSTUBqYGuFqprQQUII%Ji z=Bm~D1oDUN6n!8a2TQ#hv6U^O$%)RuLLhZ&pa;DG%eT?z8imNLKF1>@nIrbUlhFV9 zZ0xB4{QQ1N!ovp(kYzzpXQkQ=5n{opM=&s!mX>Q+a3;8L%*++s-_Wt3e6vOJ=T~je z0CWmEvBLDZKu2Brq)Mi(PY#e}4+AFpFJEYLc+X71G5$!|rQ2qjzw`bAY~RPkI7VIW z%lcmSewKO9`z}0cthyFddswCCSPcmA_WqmpMYghVJ^G!H)L#4cu1*@4qbCkY1zPf( zb!85Bc8{5M%2Az-T3x3hcbrg@|1eCbBR6<3iv=nNPu5{!gUq}(ozXt)Q34QxD~s$9 z;v!z?cV=N?POJa5kXu&Kb6h>pLt$(6n#&v-`hI`T6(MWW$sI1o!d)U2o?Q3T*k=r9 z+c>n-iKXm>h6@6p2$(L=MS|A0kcCNuaH|k9zf#*Q2>E0=iSg}BHaFL zu;}aF5MXq@#+z)1)KiR*_!&p#%O5AgbmRppeX(u9C%D+|dQrk`2{Yn36AH%zEt4(i|2 zlJ=>^CAiqJ7INpp5w)5X+Ky= zeH6cxbgeAi0d@}VB$NeE0HR)W$3(J@E+^7G`+P#2r0BZb)UPnGs_0h|v2#uf#223_1cuR#K=zC_76BCxW zufH+6;v9Cc?TgE4G@wMZIO`}rFxCRBto5o$Eyy9shdcwE83sh>Dq^(yGt1xfS8gtA z!Cu!~TASXmp$nepG)l)a4Tsg7jbxLp19}5f>$cjonHL`Qb~{!OnWgRJpD<{070)Y0 zUB3xKrzF!9alJSkKtBnMJ*@XzlDDV8{f5!Y+XBblY(Xh>(H?7&kbT#Iq=_NG|Ep&e z=Ob6#B&y*}gYDwi_X(rhx4*!R5}mm{58~g*%M(#Ll+YG zrbf0wpwYW*43nb}u%)sq3B$-s%Wa=Nm!AHAI|z~gH)vo{L+Kj*wG9mmh=^1GLAhj( zENBdm4@!qigAN!yDPIx3_CXM`&Ek%!_=UxFS{S4{x1$I|>74CFsF zoj#@UbG)9}bnE}oboS4eGrtM7(;sa71P*@Ze@5Vcp6_nvlD6E%rAVYg4(GACoxLnkBJHOxn$F%pOjTo6MVb&8;-JtVPd zsMy}F^%uP1n`t#=6e^nvF26}@EcUQYrSMFpWME+mZaP16L>Geg`T?b1(d>uoDeHtU zL{4bC_lue$=Am-VdT`KjKKsu$Yz#6?wMR|)@P>SmrqFJYrJje#Sf`1=10p&r{#lq3 z=He;GM{)IZ=dI9czmGU*6?-X+$v_yi5!@kCLT}2RcNr=b( zYEc$hucu@|TaAX7)Nn7bbz7zFy7rzK&xPE>ToiL{=)$R}LwH_}7><;c8^+cn{wlH`py) zYW8+RvEQns;b-$RI*nVQGI~NZB1>euU%7Qq?Hxs^mlK|1uhn<(Jg8Dzb)}(f8g#h1 zx@^BCK>S9;Z1^y37(w`fGb)PhkML++bHSddljhbDYz!cuv~$jy6}3%11nNq}`msuX zIEfB7Ta}r5BpSaSA<8|o7Y+=-gu~c^orplqff}z^EZHF-ZWU09GLd&Hk6>I#JgJfC zeBh^)3kO!oTI-;kW(;obgR1-lZ^C8Y7BBSRJDM4M?i2r_R55RVOzac-?m<=pyu5V~97g=9)MMeKytJJKq}{C~{9tx&AtAoe%$FuW|nsLLg@j3ZzG zEE3LPx(2OrM*ue_#{G{+Q%4no?s_n^M)~C$81NG+5(Z&4K*?)3*>cTP+wUev3}J%{ z0vK6UB0$B1viyqDUuX42@Ef(Koo4xKM>ld#e77eukh}+blrcuk&@Ug*M`9=!fMBm6 zH_gZ-Ybn}7FvnWOKjgcB4e!LK1TC-!InF~}ZM|jHdY9&2%;K{ze#yG(RlDw5zOWzH z7)~iIGRf1cgR#|VE>#y&*Ci8bM8^hOnPcX`Zb!+U=B$t>d9v=Ospx%&zh1h-Mw$gE zWf}sT@>A;x-~F)?U>QD&+47FVG7laiUDF$~GlN_oz6e)@D8_;_-TfBcyKYPLK94{Z zCI%wvH3Do~*-sc-nTNR$a|abgFtTm>#f4l4-`->CJo=Wo>lM(k-zi6aTbGCVy4*j? zuGNg!UZC4=bR6eNn_+vDr zaZ95eajaiv5@PuW15!!*h~a9A{N=ZI|G`}l+od7`v!kC9vIvwRz1GOlU)Ik$E#y1M zE#&~E`ggOwC;(y94zbH8Y{fBio>fm>!eT!4StBM%zrJBJnBUTxjMU{G`K7Fev8AQ~ zPMz#n{7>fhkxb+QET^&~a6mXi2?sUVDo)aK#8MUE=Z7WMaK9(gi12Mh?k2RR9G5}R z@g%PqA=~zktsA}8d{wUJ!Wz+~^jrt5Pfj3qr2VQ)Q63^tM|1Erh_YzToaT$XIF{a* z9m-YL))r<#`nb;HlR&FmjImJ+D}yD>N4&`MHLux2Q}gDQeav#FJGQRIlu_&$5!%Kz7parS(;MP4JjkN zHBl6;r&CCt_A8SK?P~PbM;i2r=c#~n5dr-}`FZCOKes;d+l|{q4_KRWhR!2_GA6n3 z<3nITPLm3+9z7rz-N{9;L_4-XelNmN=k70mvmr6;kSMWpn19Z(;jO0AaRkq>UK9U+ z`s-dNpfMy`0MI(N8aEp;Oz2~n~}g5Xypr?3twEG6Y|((WsftCf{QoD#EEq{|MY5I)Pn zU2(@(TiC(UEu8}kb`D_k$+CaxDimv1?rBfwAE_GZ=0#crmF zcJv?=pR4GCuj@B>*(kx|lR{g#cR)sUcx~ z?N)FmToE?k=2GB9!rxiIwgWZfUM0h-gThEF00-#;; zWShIL`P_7U199#7d!7>Iy*QqUuG1u^P-lFzD&3XKyRl%hh=l0X!V{;~v|j37LCF43 zFoy;K_4KL6V9Yn;Z@74G4#{e?K>b(fdl+ZV?p)KRfqksyEmc$3jY02@DoVm@cOl7VT;W_Jn!dFMSi5z7o?wfp znTf4Ht_livi*Tb0kBBe*XHQeM3cZ8c1peG$sUbJ|@{jkylVdp^HB~{hbZLjcwj>0l{vz)fLU~ z`nNSndJypP`%jne{<(xQi#&yZxa&GlU|;}(==jM>HbMCF<=%X-+X_dqf5o3O7Yq!T z<$qp@_gO2{)PB$Z2G!sf@Lsa`7G{T*+dapm6;u`O6vVRO12@jHOX&_QRHT}q`It2s z#o~MDwt8P^ojJT$8t}Blbbre|a7!BZXx4I(=mo;S2>3$klxW>%`Rm?7P;1noi|pe* z_1Hl4^q{g*PIK7DRAkIIm?z0cF5njkhVkg#jF-EMsH8fMX37R%CQU4a_9srvs@(=} z?7Qj3O~E(LB2$M@f4$>YYyAy^|6OqZPrTh0+S=0F-+%0EtmtfG=ioq2o|E}-W!maZ z(M|qFfRIHPfY#E7ULP`kW6GA!NVc`*x_uEoDQ70>Ttj&mq6_`nb%^y`kOROr7PD?s zz83-ZnwG!sHpYGbacW0(Lp{zNNzGWsu#B?3c0aDZ&%vt+CX0^A(rrF{Gc8o3XnpqH$m+ z{OoYPkYuje*7zpPyvNRbO6mSF;_l0_(vyB2?S|(kqzOTCo<2L_z2(Z6)s@w_uDTJG z8Dk>M3Bf*<)yo5dywmZ@NUtv?H+up1F%sOU2 z+a3bFUoy4}mQYxW_0osiG^&qmz8P9HU4esmp$%xLL}oVtk8{`lLt-=EYO3xXIl)Rx z^}v1Sm&I4fw`=)NNA1wwlHNvj{mTlzv!lABPuze&l$&Y1PNWCOX`)Z6k%Zu#XeeFC zB1Glqda^HJduPIl5Vb3)F8<=*TapT>#<+y(T zuY}v4;;!u@h>77){AJ>UF1ftpG660J&y@meW3_4i$Q$^^;akNheBi%)cGz}A#+@@Q zHI`x8AakliGwrz>A~bfa`in{S+tE`jGedAF2gLmf2?$g6468RVz&hLr)6Zy?xSc4u zSrR;bICM>Ud+RE$xv*uFgApcphm|HCb01c@BZjxI>m~GPMk`b-5M-ZXdqcxI_t!fQ zd1L21Umm$s%~#8GC&{&+@M5)UqdQ97jd(LyN__V1b>j8tBD`?Jh#Ecvh@N8UUkl8( zfw(Ue5X9#ZOs?LuNPGspKI19E>TMl+8fhiYWjAjV(a{Uj0oOa7Y>2fI5hQFoKcNb; z*2?1h0>7rL)H6@Km=GvB917L1MNpA(F6_Sxc)5oQzS#bedu4&w$GDqr24p0h0c+wO z8lzG=rbq;q=Yy;6KDvT0-cmZ$YK&&R6+~}<0g`^H2W%~R_(~UWY`dAH>4@9VK=*~J z7RRwwHfTwkVmYsRzUQ!GEbSj?7^+^Xy}w7->oMOHR;X}NZ2^Z@DDtI=p`ahr%R^B6 zS-meiw{pnU5c4C$IvUdvKjEo+h)XTqi!@jO@(rWh{!ZJFbVf^+u&`mmGUYQdf$CM{ zl`un(H5cRJq&M%W?C7a)G?T2`NwG5*eR)Q(sRap$iw?@xx4q^r>O}=62EdgIa=y&Dz%r3y-XJo43WS0 zqO$`bi}kO59kI2!&zoyjP1s2lLeJkE-C#HBD@2-vLpEv^fI7~?l^ZJm1B`S;{EzO@ z0R$?h%V40!Udqh>pc#ZtvMZnh%Ql3RK!rx^G6YTL_?Sm?fc=9whK~=06xzVwQ&X|y zn5$e5d5ReiHmCzO^K>%PofRoAqq=e1k)t^f+lL&3Y#TY@pf+zTHqmNO2|;MIywA(Ra_-+_@r_A`f9_=*HV}^gu5FCs|vD_;lZfK%e2T=dZdu$@TcMiyF{umvsYLC{z&4!e{Hp9 zvZL(ot(@%-)j90lsE~J$&cbCaR>GN3+*wU)QFhLHo$Bku@D~$owHmfZFdQ_Uw`eD} z9omqmD911Nns%JkBM$*Y&_RmhWOS3YURJTZE~T?kr0uC$Q%uW=Xy7!w!Ih|jiA7jT zY_*5@^z;grQOh}hfkc=D%e^EO=iB5!V6jr81b*;XkU5O*LQO{=Tzb^$9e0zPg`7CS#`Md4^+PJ1G@me& z3jF0=ZQ@)aeB-NR+ic@~ef|0yR;}2M!76Fyd7}AxMlDvXL#KeBI;>HmWr_DeMr*cg zpn$V|_r%wz?=8R!8a}fh|7^;P{|&}3>(c`(g*vgf?7kECHa9=8OZeBq77ym&84&Vy9R4=Sua%?f_ zr0XG;{5E-NeUZO!q$Ef+R-(%}w>t=Kl09FDZpKcT%nY=1wC;zvQ=eO`Kt34-O<9%; z7LWu)1GbxLyb*Ne#-6$*cQ5{l>TuqE$_F11aVLH%D=}1l&UkHmW_h;piMHiX;wlos zZQ_&Bzo6qJ{1Lf@3604??wFJUsLY~{zc1(AXM2^bXy}(;Ba<%!K1N<^P1(L^&knRY zW451it{P}y^hcO>E=X(7#_MG>@-Zv}rZ{%97I&{li+^fpqWMn*ZiN$t9L%vQ$y`J`*5#Rj)c_$ULX zrYYJ2Aqn~ zV|FZNAJtlY%|H)J@;+ttWdG{c{8dQUp)pjULn&HuXE6dTDLU``2XlFZ)M2t;E96-6 zf^YJn9#ITMPR!}b^`{VCG(c;K{$EU}y#z2q2llWRlruqs@L#Z^|D>Ed2ALJRMLK&( z^OQn>Q12QEaJwywLKwN=4{k<9s4T5s`{)1FZhawe+ZhyLmIh9}K?mtiR1*oJxfeB9r*eYiJ z*}wSa14Sx+t);_wgS(fvRVdh!NpxAp#qbhR-OUx+zn`~|{k{0FDNg*)W9Pxi3eydz zXXkt2G4wQb#-#`DDj#?4cBSnnrCycM6m4r$n28A{BPV9dWldU-NNpo)>%cnDmt#&s zkqX#*9YlHN&CvnOJ^R?TFZ@$$qePY_CLViyR~9yNzCm8|Rma(+N}%VH?kc2azqePt zFmtWQXPo)wgUb5)&go)76nC$IY6oU8!?kr)eC`2mQ)4D|Ou@KOlo#HFPrAZ2dom20 zzSnd_D{A`Fwq7o+X|wKD zDKyq(X<9fF((xqdkzap6NGWLchUilykL}Nu65x@t#9vRl!GSq`NflLZWlaWO!!lg{ z>3nrVAbl#lJ@@M87LVZ6-qwj0V$flSMkC^qSg{x-+$c{WG?_JX852U2btV9_GDlFA|DlBRqRC?si%DU%WvY zMk-!UDpocY;x|m)`@wCEIW3yab_~S49lx-=V%O*yV%;sI-p0xC9^2UA@5@XcZkdlb z-IJJ@0k<#c$4Udyl*eo1NoyAKlga|Y=4ik+LN|_o53YF4SL^NUOyQ^68Rrs8KI3PN zAs;*`$bhs}Gw!o>+GcS$iD{Ps@Z~taAzxQ|*M-X}!RT*^5_~T-2Rhr)wjwXBh;-4f zX-$olxa28FDZBL^O(L=S4l_8lCv~wGy8f5AA+ARx7GywP27^AZDMzubZ&IH53&W_z ziY)~@D*qqX1A_R7WBCJ3k40Ddh}2ccoHvZV=0Nv4u{qN*B(I5vUQTPqblVw+sI_;= z$v;V`nzSv>42>f;craLCo%4r2364&u(D$6bYuAb$-!HET_8)#ru(Q9}P|nAPvsfGU zbl%-J!szYvmrISFE<&~-O!ndeKcoDPE<*l)j{4K~OK7KkPeTWDB#Gd32o7{rp?og( zNQLl(`W72BX5PaEMUcJX}^|RmN8(ea{O0t>PTP1R^54%KwY2w+?Hg z?e=ir8ihiE;1nx?;_gm?;O-8E;vU?oAi>?;p}2b}?(SaP-Th48@9b}%eg5MDawVBe zX4bQw^}BD}wp|*R79c<9{)s;+=S%x}&pA(-q@zs-Nt4~g+zXFS0&hJ)WtdkC#C$0I zbcUa7u(_#M*OC?%o7Q}@B?4NaaGF;3rF`=g$pt4)hdDnP;kVxWPp_zl5ShD86Itsbv--rt)3%d%_X+G*E@`>~*^9n8j z!A<#~LVEQp@ZlQT;YK!^h19*DuHDiAK@=XYt-!)4Yt4Y_L^uXV6ZJ#|^S8tM9gwwo zd4ikIkv{3D_&tPYO~Fiq&p!3`yid=-%Ysl~@ne$_IQ?KuyDqiYj0s$HoDY6zvfl>@ zRO|{O>waM84s7$~SMK*Gfsf%E;nERktIY5Qsws zPx;~xbQ?SwBYwxwvHfygOK(_TXXv+(aR#l4bI^z+rJm=`32jWM>L#&z%T=jKRu$kj zveEALxq7(`i*WItdcSU10t9`ge8|!s=bQyuA$fj*mPd>0c^*tpQf_jW6gMXd2-D^e z)uP-%JNctvmNiGo804;_uu`3dt>ARmBVoB@Ibe{Y%|Nz5^%rjHmi~r&ir@(G z((lc+Pa^zwSeJiDubbB-sf6jqj6MZ&^kR~XPy!e`jQFN65_0eQGKu-vJxOTcj28vm zft?&@=$E%mte?w9KkbRe=^y|6oxE~U|IjVw>H2PhlWzo z4y)UpBCh)ttn@_+ybikCI>Hr^u`$LRNzSSYyjkY-uLoP5Vff$J!fs+6sX1DA9uk_e zhGZ}=*|jILe~TZv-gje^REzo#EdT%7Q$d)mhF$NLegvkarTN?X=r=bvJ6*c?BS&*2)8e+8R8tn&&`b5-r$VoogIBL z#gH9{OS<|CFug5=N0j3}HdVJ$+HM`{e;KN4q6Q$LSq9#B7`C4~ zg@CIN0BdC?y-hpom-Go^VHX0uaTIdv$Z9@Ugb$Eh^f;~_wsHdW$7jnNDsa030)e*j zm=&qCjo8LQ%b)kX*dTw-EVaJU>eSud(8-x*(l`n7|M&HT{AVpo6B`70Psi(_U*~Hq z#h;%Z|5ZMo*P%9?(p)PZ)mblaEIlG;hKTh_Vi7sJzGgWn%Dt7~mV*;MC+Pq+qv%E>&TI#6~Tdj7xJ_^`22;8Uvpd`0+e};*Q#iU7TY%7HV~p#69(0p%D^4H&OPPHp$+^XZLP^i>QPz^5c<0uM zMVePf2{MO-*L{+tg9FA|4ppo;mbRdcT47~T5_Kb0}?Vy`3uKNeT?8|Y9xv_VkVU}P zBcM@@`cKqC^gjez)n7Y4Y{vgD$QA+rX{W8DV^rubM!4_qJ#pC>WH3Uk(WvrYKCO`d ztcJ*2$-h+5R!YD%0+>Di$361*jr||q?0^1X3#8Tl6B`D~{lAaH=p!KgyW0c&^xub` zi2ur`%k$IN!~|ZGu_)hQJBD~~J_Rm75xUi;Ke)3W^Kb0$ z8*JpCO2)bdo>ROs66cK|TBky#Z9`IBG@d+FhtvmAEWeTcL7N2mq$85-_+IwRnr)YH z)Pe;CD*eCjA&2Wfm`cS$6`laNWHiNJ<}#pcV=){3xU_9c6yy391uvsXe!V-?37{eG z8Ba!Rh0-|UnhTsuI44VtXG3%NYDuTOUYZj}OI#;OHD0r^qz`@Ezoo0xA0+L$)>e5s zSA0YFnW!F7b`(6>HlWy(B9@H#6{h{)LncAq_3x3zl2%j00Vq}ZUwgtDFKGSUPyT#A z`tSEPKSV;|=ozE`!jDb9S}{Pu&x&;Y7UM7C)tf6N27p(1@g=ccLvuW4qjs&u<3=Er z>2eg?w<;>|3B}u?&xe8pvcKuro~lO0j(#2>ifsJvrwFG0i+lwjkyw=8oBgpUL_ApX z^74OcC_Ozr6nqv)JU76C-Cag^(efo3g`|_ynz5QMuSBicxo5!14ck=14;SJ#V@IxOPw^0vd5K0rd%o z>&;1~jm6JOG2t=r58Tc)tku`#I>H1lVJV~hMts`BzqVDz`6z;vDI!<-+2sKRAzQ%% zT=Y;7&FLGETsL5tr!po7*x65%ePQ6XV;;0p?)4qJXiJw@h;sep3w9d+J>C!Yz_%z2 zFp#rLnNV9|Q3a|CAp55ff`V@Jd}Mrvid^`plKw9tR_uQWv8SdN!om-qR6sqw7uwQE zGmhhY2fZgL!g(W(l_-{EJAk@=NaV2fAE)1*Y%d&8fYAyOkWi6O(O=eA@`06si!ml* zM<%COws30nr&8S0f*P|k@MzFZ?AJ99P=yqstII|~T?kLKug3xx$J7soA-Y1-@tQL1GkYPo{6_Y2InR0gSP4@2(^*a9mZ)bUio zg?jnid~nQE*$}ho8o@{FI40XzvQnY7gw<;OP>MHBC+ww!+8uT0>Q$~2*ePigk>*?v z6dS%vYh$Omo~@1yD?|-HEMY+^iSf@qW*8Fnb+PM36ij2&{?OXmS(>(Pgk(w9#Hxir z>F*!jRf|QbXUMwuPoz&*n4ddOb0MsksqmalA&lrI%ehKgg*YN}QAF z%-ArR)SA_C?#^4EYM`qMZyt~-hxGTtMz}r&V6oHO&8?l@q zieaN8262Wr#>$g$p*>&R8@;#X(4s{;p54DZmj$l&tW5z&-sIfJ8{huRO}p{eCl z?Uz>7*KNwB{B*#rAnGM>Ya>Dj#c-ACwziFZ?cwsgVG<7~-b}dR_4%vf5KMiHoDh6c z*h#R5W5ig>r*jVk<1&uILVPfv?nQmG@6fNanPOP?c1R?A8o#MrLjgE2Ffi9RhS&i9 z;T?})Z2j8!{}N~W1Dp2YSwdYtXUi*l3c2?Pr~+Z19z!d2MEqMZw|fZ2vN}B;vJFLe zioL!mS7&AypRS+AEu;K86L>CWiO|ztI(?SE3xCf3mpH5J(l}X>Wq7Vy?2JUNv-3a_UD?-_XGgWCa*^hNeA`_# zk;!D9$-O)N`$f!UAR-dEd)zDUoX2)AQyq#eV_tW~5bx)3?|_*gspk1{`FgnA_EbTP zqb?_~;ZvMigPZwxr&Rk%rn+v&y>Kg^9F9qKkVp*K^|VutfoLShn2kDyIqwP8)%!Q% z?7MK(l;n@|hf&9;-d%Uq`VP4HR3c4}82Cn_0zHR=3>;w=68U0NOjS%dBaLuGiiE&3 zwQO^Fo?-rx3f?h@DV#8vXAcza>};x_?eO91IgJ1MtG6E$jTQEG_{ihLfi~D`sy!;t zgmIz&m$REif|dc;s%AZMZ)l$5Z{_d+$VdM=7kvHvpl2J@!>PPI=i4JlNJykiObWPv zomZq(RIopPJ}#LaT{mn~3Ek?s^#Wtn(EVxp)ECRX&vKwPWxEI<(0qXFcs4eF2D7MB@9c)W6{wcUs3b(`TAz}*C;t75fhG_G}0D=?N+&L6`$i#3- zIi~0x-l}fi6Y(hTnqbJ4tMLP=u^A>wk$wiRziJsbsn&CgmySf(R-pu67%FUr-;|I4 z<8JNLq0f`{W;E*Rf;?Yrrn_E_HH1RHOJLTHD%=%Ja%^O}QkKYa=iw|ML$()x5#i9@ z+sqNJsUJVKdFtUqEt*QYKets#aa5zq`^q|mY}=%!YtIW>QV-vVXT6zbPqj;ox5c&Q z;f}o0(c$^VxUZ?umGjoi#CE&)lLuicA=J*Xvu~FT7gheNg*vT8j5*}cnO4J@`WqGX za?49aShS8?xi{AkZEa`H3PtTLIYwDXK)A!&^e>J{`Vw1$m9n|-KqIIj{Q+Sund6&6 zkDp9AO4~OAPIZ1I%MS>DYoJ?z80PB&D2-qLV~q8kg`JeQX~!imlDRL% z$-OhR#~bY35&s4e4Q-|?TgIAdBc=6+iwK14b;a6qAg+Qq5vA^2;p(c!cp5Nk>#c`t zP>RUv?Exa~|IWJ)@OSNvpC0nBZ^So)CQ}^z`2}qMz~}Zq{PWNAg(O5sC6|KhFO2sC zLF~Ab(STZ^{L1^gNW{jlN{&dgIv`@?K(z0y_a{Z0EwHuo_E98*w9T5t<4!f-Ao<9% zY9iomyEo(dNbp29zUtPohQ>V8xjhDHs{{n`)Bg0ktxK!kmFJ5WKKFk{JkK@}?^0oZ zcK1_IRk;e$;wxPfs7btU05sRKe)$1&xN+S$QY^S#o7^wvTe`2vOzc&SNXexvvP zx5wa=_TdB`bf17&x*ZF@v4A{0C(VvM?S2Bo4rt#<0j5MVN4oW^;(`e)f%Pz7u&4QV zszv6o#e29Q4mQp1eD`&cdhYZf>%o~?wC;g?RzV6hY;k@pRqPUL^+-O3-d6JX`1lW& zCHhA;B=QxFK7V-ZZLvRlja9hA2C&DtOPTaV>80P#XQpopZF2~x!a4Nw-#zy4w`&%j zi&efSRmoM&XrH@p^DQS5@HS16TWqd(EtjArT7dCqw+7xxIBJ{Y=ENnx}Te z!@0w_-Wq-I4e{J~4RUqEc4*R6T3<1l+^bH)p2>pw>~_*&49kE0+Um|mR26$$dYT1k zCAAnE!>ql7`(R5=7BgBosm#&@2$x}FX}?)o%Q7sAuv%)Q|F@jp00XBI1j1#%0kfg^ z9hC7JQ4J*X;j23m%$}*gqyzM3#a3P}8GpFj+S(djW7sjCTp+$=g7TIU_1}2T@XYlb zB)z%(Cn=qCJY+cz#+gzNwpshGQf0%^!5@LFYm*O9O*%?uGe8}N6vpsNMsPn#DOM@I z7dU{!PAMM(`-WEv>Aq1UvdtXN@-C-*pdY;1SRXOd>I(u{9@|NBwcR~sA9S@KSv*Il ze9(-y;rC}f%6ENucNr#v_yolgDf0PY3?zI`B_0QGvIH})=w?=!rP~O$332aP0k5Kh7DN>Z^ml#I@j_R z-lc)~Eq&Gd34@7O#61N;g$5O!e2bm_wKat|ZnPG1JU!gcYv*_20XRS_txoN#Cr?tO zk%6n@^!H+|v`RakhfN9o4=2$vjyO8eOR=e&f}WRFVYiryUwWUU3!)|AjZwPJTPn6T zH1pjUY-K9?)uEi_BiNvEFW34~UVh8Cb^Vp%FL4epsk@BA&YB8_wdoad6si~MM4PPX z*B-MVlE58sy~76C>Cidm2FcxNPf5Z_v&%-Cb<8ID9Jn?mtJa!yCMD|xvE<0=l*l%8 zXO}GPDAi*5lyF2a*70u`s6ep=!gf58XXi5+Vx{YH8kg{g@3+HJ6ws;Np}wrhO=IPS zL_gJ5y2T&hJICsL^C$*ImrJ|GDq-O~C13I!_^8X86*NC8*%levOZ;7;{Huxvr1wGR zWyR*eL^3}9U2a^AE>6tgz~OTJ;?-IaDQ!a29T$G0dyh7EDd48Uk1>BA1mrHvT(5!J z3cW?&lb8dB)Gzm5a2H2S<}yiSyaTX!hU4bbX!8S(Un9X}p;`mBAM^T1t>G{`ug#Bp z>Xu?ZyGwQ^%HF5X90^wiQZ`@}k}lb84Zy;*wlHlN_dD={EfTJdrO(BtFAC?sRTSCS z2|0>6JbqaU+Sc4{BxpY1*9S|8o@@)~A4*swn`F}!B zj}cSSqDb7$(xVVqYg-n&DA9X)K0T4>1B@6z*HSvMqF7WAt8nDynDA%fnb(tRRf@(_ z(!3VN3q)z9I1~C8k>OZL{E_1C#$4*&^<;3AEUh=PwFqDpi`hqr4NRFlUuBrQdnmI6(jrJ71;?7xeAvNmdhdIU-&o7D~7 zT>}v@8}*`*+1MGbbXu?(t3-WE%22Ab!jt?Z6R~p$CiAZu#__~mk&Ox{3JdEhnKEx) z8q#k@pQiXrlyKJIa`wai2vQF&%sh%Qy8`X&gzAJ06oW$8atJhGEp+BjUG z2N{h3@ND}%>Q&y?n%pk+_Hk&VMmjXYr=;~l? z42F`xO*>vt>Krdq{u#D`>+^&{*VU_T{=5PZA&$xGHf!ESJOlX)AJ(eJO8)RWFS-=Z z-r|MlsK=XI$JAf#$i&H#1ccU4cZ=!Jj5xKFEEv-WQ-ss|L(Rr)Ut-n`e=+Q6ys+hr%`K&VjlIWb8iDT_ zi%fvS(qofS-lkz?O<~AtingMULS9`k#Z%L6b6sa|82diDhv2Ng8?|Y7Ai;YFXZXb~ zBX3my=vGrd&8f4Df-_h_&4h$jAfLft*kIM_bzbWRdI5%~+f|2D?FeCqFVtTb#j2at zd)mSz&9i-|7mQs0nd_&dylc57_DU%3ty%8~Gnr}Smkw&epXsM3-I~LtbAwM+M|>gE zSj^2l-?qb==D2iooKlqHIv*+NjJCvZQ_}NWRtx?)WugHp5410K4cE6BYj*xe-dFzn ziikaI7l1jQz)&fRng~~~n^Z4BfjdVEd^HxHvQ!hN+EcnpKCUdWGfs~2_?g?3zbIV4 zr;oG7E=l#p4bKtA2-kO{b^#9Xh&9EaslTgOKJKl!fLU*d`;YrXS*vC0y&B65s=7DU zWuIv8kZkh1xOq{_JJ?~rbAD{Y9Q|Pca#^6NClvdZ`iR>GTOSI)yiHLSg_QR=ncEf@ab$Ke@s4qXWr|>94r&Fl*zulX??;hGV>%{; z^0($hDpDeNwyIQz>NBfw?UBXntO}>JJtfLR7iN>abD!Jqu{}mDlPTp_G(>^u=1kmG zCVbomjbMZjC=_ugwyGQtogtCt(!vCuzOw$#O|52irW>^j(mGu6ys4x;>6FQLEaeBS zH>SCfAzUXvgjtJ&$N?8#m8l(>j5J5)`ojQ^(Cv0slF-KEl9i3M?6YlNc`y5m=b5Ks zhW!(N23ZEs=( z6M~3ZTfl@^2I<~XB8%bwqLaCUbAawMv})>bG$VQZ4{L0(=^gd^JKYZ^*;mP76o&b( zy(>zP`revP{1v~(ejr3ommdX$(plSzA!nyKYTx^6Gy5$f=)UDzJ9zES@eo9#U;1UJ zWSvlZIT6HOf?o+tt>RBznpSf|bkI>vfheCDTgnqJ-x+;zfmkxJNbgVNgY<=X0kxX) zQcM5bSZuYpOD5JLp+E!?vzA57x>34G&aKKkbvK%1FVVWOD$N>KswKEhSi>c{J6*l6 zv_ca6Rk0lD@;ZgwO6c!W5z)QmnT|;%%`WXuO9QDAfEhdDN)>(8WKT;&B%0nU8XYU6 zbb?uGU1cyo6Wdke#9UX7waeT+*^H3RNi0?6R=SAP`%Ek&E9Z$gGIDG@fM^M~QIJfb zJu(Y_4r9>uH{Ab}syBVCBwIlS!rOZ*`;HIV~2$b?A=ws)SZW-S*Hz%igNW@X? z{mRks#K?ue$4DaUcB;!(+O>!Huj%YGV^%tZ5`*83>nS>%5jC&&zGxQFr9W#UI z)ijcl6k60+W!%e**AG8~&xxN@jVQ(c`0S&5P|N{o0#0eV*i;0%eWisgkg>;8=Qwhv z(I#FF#G1&ZY45Z1}*N7SJ^I0YbQKHLGnCnzZjr|(T zG3PHo^u-)+u@;JdO;RnE?_lnkeN;-d702A1*_rX3W&CQMPJyRhD6jia-33>ecx#(k|z$1RSQR*Sc{G*73bgMs!)eR^=2c}^rzd6P6TRQ z3mm)^hf#i8UVrvqP|1>+*&J;CAS%52Tjp>i_;4)&L6v&N3%jaRbOTcg@?w1D59JY5 zvaEYj{b+0wL0elnWIs`1$O;`;-2Rbs&C{D4i~0jicqM|uRBaPFhk<+Kk8`BWM&80V z_$0K3SHz(~*F-<>^wdigd+{52QD-5%EL65YaS2N~S2r17xk^o$&b`c_qvcEICu#9w z+A^2xET3>24O#f0=JA6E0*qHx3`}<%s5+E4E4TC;&9tt3i-1<^!&TM-j|*`p_W8bT zBkrmxC3B9X>7L_LSm<>))YI71f2z`;R|%xjvvV(2b5rW|M8JgW^Qp> z-mE@B!veiMVs`2R=m$Wc7@kpzrH!?XEw)E-SsKTMewXklQP0|?)7cg5!JO+m--pNG1%1{bmKO`LJ-3A2g~vM$gB z+#W?9EwcC;pW2iz&`eaANg#rXY1(UB_V;gPcXVy&D{@L=Z@hQD^sH@GC9v;Wet&@pxTei$G@FJgN(CIbP{cSZ;ymLv$X({j*UCG%bquwwe=XG_?pW@zg$ zo3gc|u*5on9Fge&bBE5Pt?8bqFO%2SGfkGB6Id9H&Z73W=Nc$Xz~^^M=p(+uOq{zl zXVooq^{~F$=q@lIQxaUj^8DdEcLs`Rzi|{)h7U}(3IVZ~a%4=+$tMv3)?NAVAsaz7 zTkIE7^%H=3{;PDXyLAO#LnM8V?VpVu*w06|QoTpOa>v00t$C{lV4WA!dhVQkwxR`} z16!vLrJMW$W_|iV9sxaz*C>=y`3U3~$4)RJuZ7Y2M*6rVlZu1iZ)~_`gV!N&P6nvO z)JL&IpRh~=-o~=#?kSknBa`9#KHD+}V?`HtHY>=_WniHFgoX3)5b9XpyGbj^6Euu#L~n86a$T@8vlT@DOSQ9j!c&dM zZ@;bq%RA~%czTa6!$Dd{%9X15WWjr)Eh3X1H`4PnO(vnBLIMMceAbb>?yV5@E~gN6$_Ff^@Hg<<_7V&H!k5 zF`P{o6HDleFTaf`ZZOY%Bz|(4-D*-xufFEv6Cb6|haPlR)}-3xjx1V(o6X0VgfOYs z;p%bM8L5$=O?q)wvrF?*YTB`29w)oz-rJwZi4)T(UyY6LTUGPt6TTi`w7Kb(lY44w zK6)F7i^$0Ej(OiPU+F0IyQdB`ZL^f5GIv`eOgPl>jx0A>3%^Sw6`vEFe4WfFW5zxb z$x5o#G6E;Dp4aB9^&DV2r%^e$B0^4u2$p$9?2ZhS@ZV0Ke0?fA^rX-Wq7s9+2H)oq zUvNI9pz+eRA1U38fQ4&G+BoBx>RL#(0mc7mzh;0_0%N^J+wp4&{*#HvAtIjvYM!Lp4fdEo>z1X6 z2uiCax#t0ox@ePgvo}mPn)jrp=1n)IbJePWVcIk#F3Sk z0EE2}ak9xkv4xsqJ>0(ck{OK?%}9Y?d#`q}b88#w=f7^*=jxG$jEUV=$f{NZ@xif+ z=9T7U0XnR&F2U_19G-q7e)ux1cRxP(Jo+;3v2_%0yA;=-Bzq)O0$8@Rw@NfFNzH zNdy=Sp%o9TC8XK2k3g!`*BW(ilN}B&OMdAkf@J15(!4mG9*Gls`|I9fYZ*q$Uia=z zQu*8F+2v?rk$_RN%U3B6=f#RFiQKhGHY#$nd#vz+C6s95m5PT4+LwMMN>WKlF^BTy zKi7&beaoD2;O@RlxR>xo2l$C9S%?-|*1a<)-=)ZAJ3M(B>DGxuCS-`8zT`KRjLl$tYMC(BC4!Si&rQ7oMB^5Pr|aKOV)D~fL ze@$|oUGw$3+ha@;iJ;Q0W!}->GyuxRpi`dud%&%X+vA?^J)Y0)i2Dc-hes)?r7!9{!O7k48E5&r3^5+5V) z%t80@Kq8ob4yEy-61k0&PTayHlZqk%X}r<>GkHKNV}?TtiKR^0G8w)P z_ls6A+Rs&AJ;D*Hjx)9gcl;G(7n;ldt#=JzVQm69Q`+wvW$)J%d|S&dsb;4Qq|=Yi zcH|n#@^l#25hoD@tWBd0{_lryQ@5>jP*(db&fXVIsDeN`QAm^V%F!n&xNrT(TP6A7 z7A%40ln*!D915A<@VG;-_qT)Pg4Qzv?IIA)q~iER-SL!V{g@uB-=JFfI7z99h_f2r zQTU_lC0K7(`62!m>)wriNA;AJ4uQl#{QG)M`PWYzf<)p^K_uQ9B|}V{*(SpDxoW_c7>_*AXspUgX6$ZE3%7l_y>w zMq3HpCRV}=mFU8v2^A2ct?9^Xg1sqAscfX4db|t`75O{@0YRs{pMGzQd2KfWn!v6z zJ}P{YMmLA1+rQn}icRE531QS!;dNYkJF?C8;WKOz|>vA6&1}pNI{+CO-A< zpozgf9%;l8H3Wg$(s6m;GFL*KXfAZRQuYI++i%}Q0Vs;-6VUfXPTnX6`oPax@_ z0Y5UqWKZLzQQk5#>BlPp7t=Zu33h1&ItO5@X40pW_q`@`nQ!I(Rq{P&hP5&1qqjn2 zCC3VjRX0!EQA2Q*zF6iHL`X*k1X6SCky)|TM+~FTn*Cya&NGSic$JW?=XZDLDts_g zH9L)1gcF@$&xzhT8IZMNGXVP#hoa>jEX~{xH8*;DV65%4YFlG<Y`Yv@|1%kRk5i`{4X%Y40!6!i*+!XP0LlVbI-5(Kt~Ikjmo zd|)@;tj>_uI5$ezOi98K`%v-5f+)2tZOzbIe+c~$>Ok32X7goY{k5)O0k+WnPwXv6 z+H1-u#k^P3v^w<|X%14TnXl8++o%@8saFaFTf!06HUFsjo{EyJpLwY#C9q}JEFszW zT8IuAN9{F4>jJvl=TTpTEFZ4peAn!>;_c?SNzn_mxW*@g^+zgQ{jyN6{>NNE=y)$K z@X$;YDtg~Qarffys6Y%cHTXde;;T$4e|FMlt#>b8X|VFuf0%0|;Wj?8euKtYx{TFo z+Knfi50Z}5gWtOIE;>%i}y2ZKy`hHR)-b%I;iSFqM#11;2Zo`~3rKn8ccY?to{ixWI$bb=C~ zS%OFRBgIhEmsnq+WK06#_-atIlaV*+PxQLx>=rVLmb`I$-)FCn`iM~OP!_mKs#we; zp<3-N?3eNU1oS)Wbu{v`J@L=yQ=~y`H#JL+KxXk}44vWu*x6mm+N7C?%syxL?;{#c zr#2Y`(qURnlLzL|y^AlMZJ+h9lqo_hxpIyIwO)tXmf81}G7QNKG2^==Me7xIJqs7V zYdb!nqTnc%X_$7v_i0ZrXl||{_aNHbu_J4AA{i{eY-^?~cm47CK4_*#oVhcDkmGQx z;!KDJ^v33ie*+g3BF1{OLGUB+)6E{CiI!)OW|g80M(h=jOPoJP5P3L>#$5jU+PDb~ z=qE(uj~=rn?4G8|vXo#t2gzy1-UPA5^%AQ+#aHV9^Ra%Pp79;3E@;LltY;d|R%rEI zapjQvhhP6s?J9z?`*nLZB1hlUvT9LpZqbsyLZ43(GOZn()SzZdm8dtX9RhVINb#^=z-_!l4I~RXr{cIEGS}pNy_yGE>yWMXj zl9Z_Vh3AQoQa^Y5#{R{4FA86O+iG4yeBsaC9n6Ev$&JDM5zoHt<0j_cl?XNd#|ACh zTAAk)3a#^Vr+%& zrn>R0w5_m==9SMkMx3WlH7+uyv!r3>Dxr+-r6yrq>O#qTeUDDMJEoe!A3B`Nm)Tns zA`*X0J7BIjRcs7=Xu)$IC9plU@gI?tLoJi`O0LytR)%m5es5dD+ppDNXbq4qKlA1Z z1P00~EZO%s4@B=%%Ul&*G2E|Mb?Pp&-JDjxwg5u8qUviHE6p1JRj?)gXm$@%cRDKd zR(z_I<3sl zi;|SGo26V_e($~DAnEn&_%{70RWLFfo>8S*x7CfO$|&yF>eHXzs$%7ovcGK5X|%V{ zY^It7aak?W^(&jkf;UFLZ&yclPu(eQ=GgbDp%g)D-paMNpQIh}3T&)p#&8m%rlw!IUGTP`GQFQd~v3o;xn z&<%jZHrJNp`)BCOI6mkbHA99Z+2yjmH=*(8L%FI%JB{YD#nQVM>Za938Hn}>@#NqG zchQ2gFYynA+qc&ET1CXErn(y!_x=Mx`(nE3U1!6_1r`D+Z43H17({H~Ue6!r?N=9t zDyp2<9!0Ka?xtyddN+rAvbJOnG#nZ|{@bTKk>qphO!w~7S*NC(Oh-)V#+=J**~NG1 z;3Hn%>o&G{U^J`vYv>_v!t}o6NQ><$9mbpOETMaQf_sEyNbl#Y=-+?k+6aQzURVEsjcSUcXMdDUQ>lH6~5*vGs<-umhd&MQ$`#k zdhqAWr(o$WKOjGj z*}qb#TJc^tPG>92hfcAt{|JBXPXE$j?47!M*ShR0Jk>`L3w2x3na%imLaM!wnmR?j zrwy?4NpQUs>egYd>ceQ$i;_VZCic4a#d?OzU!I*k`fS~Hz0AYSV~=Wb2hpL$winoO zmmU)?BiejHL}#Q7ao)HAZY8&QGDKG5#HMwyD5w2>@s!nGM9dGWrQ*SFu2SAfeqyF( z?jg>ym6Zwt?_Jt>@0ovoWTd+>@jD+0Cc=>hCqBKMV;@Cd=r?iHcS^VHdYyGlPLDp4 z`pSt6wck;<%?iq#n*3x4GI;M`L!;=-@vESU5Rc)gA_zo}qqi<&*I3VZYFvD;BnPJc z6vdUkWVNeG&{3J^sC5q0&icJuCJ%M@t+!3CO=y*el$!@k^#?4D4=uj?c=GUCZ2A$a z!^BypDts%n;Mxc}L`Wiy<E{6(lh2$rF6kTo!7Cxn3La>gOJ_)rk=f_ovgm z-)H={qQ3rk@8^dq%7I2@A0&miquJTGV96Z^GyEQu+a$*kSQme?Zbr7}m>95B!4z{) ziFpilvp`0O`v~5MkW)LL)oWVWT!!z`Jv4&#pB`-=YOK6ITx<1rFOc4BC(^1zcD`#) z`QxE2_4L_AmPuVKP>KWOBm7@=DSbK0Sw7RL(L((###V&7@-fz^nBf~R471~4?+`5^lj(@mQY*HrUsvY35bedXkia~qyfQ>n&qChPHnNtx^PhS-!bp~;qzb#P;p2jM6DPE}K6V?95+9JH zo-<;^X9OXbWOo519@LLNxpm=9p}}iRk!Wt!iwV=+{*wfDzL)}jv0DFzPtbt65EbGZ z5rG~?A~@V7jT;CVrH}_;~FSPku%wnx0)*O3` z^C%Y2v~N)f{{Yjct+pUiQT)JieZJ3DxI*1Fh{~O>Pd_+8I$ahd?bC%G)X33=4_;Ty+hVefsspf@&T(oz7F`SfRr5J^p#T5&6*Lnmbh zWuIqhM_>er^AlX=eC_mC?FB2N_@kuw+(98WJM~#_;}G^K6Hj@PC=$5c3@8hy9^Y?SRl~ii2z5O5JFa1k;X)E8BqtNoIzzOk+W11 zUtnSM-FTU~@vn#7S2Uc-{mmZuzUHEzuciYn2mF~9Z@z}Smo;bmLP(ZBXt34oaNr_K z!^I+$ER{0D&cI00%M>hMXlo?eVcWxMKd+M)w0_-48Ld)~+>h$vyWcleoX+d(z2cm$ zeZ3m;Av>loEKtN(e<5a_7UVlc0u8Ey2mPePaCX5D4*B&(SD(-Wj8|ruKE+<3bY$ls zr|llYo)M`Bkx&LLZKjUVKUvSHXRAjd0gUj(8qEeSNkI`j=vgEw_){h%m3!K?4u9iE0dF*C+A$wQA z%Hy~>u|+?{9`uS>kr)Qf3BogM)|W5vXy;+|;<{c7vIhOt6(I!RqlzE);WcJeXQWqP zgn<+Ou0(xuFyC674PpbXH)YRws~q<)waP4LI#LMMOk$FYtbuxy?e0P|i|X@7&*EK( z2`_mxuSl+|N@xAyL`@UYSJTs_4!Q^AMIRyHjLy&{M3KaOO#OI)w~fn|EyTYn;&9;P zl})k#9!Ji!3OW**_f^5+YUZtCb?Mr52j~^{%l~VLzGgUplTliZMlwV5u z*J5!iQZ(hR^qMbnmb3>Z$1p{kc)Q!S$8v|8G<-|ik8O>6_J|!zX{|2bex(y5HVQ|q ztn#g4=|HWNKAj4uRj8A+bq`BTE8`FHmO7nk8*(~4tqQjsH|fGGr4D9ta8=FYfDmDwE~!N==3zeDy+#@d!UUNByFRxC zD-4ixXPo(OU1pdzn;VaeqNV}YVC^M?f+?y1QuRrMp<4L&p{MsAw#Py34g(%KR0^a)KpKtLma#! z3(&_~_*7$Su$|!_Ghnbkzi<0WcFr0=vOQ^AzmqY}CSONwRQe{$@+dSc^KJ3I{kX=p z`3i&r`*OL;5hho&ne2bb%vvZrH1Bj9fav|!wlQ2>q4FudM&gGpy-{hKy2d0)Tkm?? zO$-yp_kv%^K8gX{=9?XCY< znI3zwd+}EOcHzc>KmIu?s15rV7(fBHv4-8>74TxI4`~x$VB1<5TITu=31jLx#f&YWzGL`(I3!0G_ zE+(B!C=+vWyXo4ER>xIU4>jxr>oMqd*Wf0t{Hwvae4%D8#S~n(Z*kzojaV0EI=cKp zaxxb^dwysrvwugJ!y=_P1hKU)rK?-Df*pT&C%VlQ2N;+0YhCIw(DQKL7xmS31Gkf2 zg;{-mZ1obpE!$I^X@BQ{41K;m$b48>9Q;9%iopChi%i_JYjI0tHfqARxf~?tc`k|n zWW%0bh%0)c^ee9nBy=D*v`Kuvl-^J;xcbT@FOO}XB}6lS`40m_ z(w0NWy2yK`O7noOpoK-owayPweBpKynw*(J3opUKzjp&KIH}}sTfHP>@4$%4p1;av zMJub#KZk2B%&n)%K?w#PWR4_!8&L=hdklM`#KAz6`g;bOV$aJ%ZBMxo<6=oNt)S0t z0j6A$Wxlcq312nq=zrGnt!9=28zt^PCKz!+SZwA-gIuO{7D$lUNz+FDzsV@@IZ**=iaagUTA4ywP5pLOxgqb@W#@)SaP>c6`Nz$(VzR=V_ zcU0ZUo9vEOnKj7?8}2?Hzb&PXzB(uZ`kJuog>%Rt<7{NzSTM~ z+G$;jVnCXsiL$k-Gle^x9!@^8h}V;Sw`zTL@WCc{Ogzh{zzFso?$b*f&VaOnbIiWW zCs9o#uhZp{%JCp@9iKQluSGoq3Ui}~A2t1(@%$U9J@NPuXm<+!{{1^dEa)38mqvVh zM~4I~e5?J^!;!erUy~MXjRal7%1ULKIWse}(IF=J;V~F-Em9HK+wa2asNI6S4T7Q9 z>hdA}KV-dSRGUrLuzi)%0!4#6B}j31EfCzbP^`E^afcRnhvM$;F2#zwySuvv-m~|0 zKi~Jt4^~#PvRKK?WMt3Y$8joxRqGFFH~@bi!2(f6XX|P)cU!ovq97N~4Wb|;+SR*G z2g5Uf&(Jesq<$B0Vk7sD0{oMGk6jxqdl?8yQz{Odmb+3$6^U z)Cs|Mn>92(>wxrXT`Jvah0oYPT*SuWf^SP{0kGSTHY~8y7bC-~?SA_T2K#^w zYx6Z9n%M{)Q`;)yqqd21J1CE@am5nZGh;6F6IKzZ8&R7ne{N?MGzxy-OlX6b*mcg5 zw0bL0wh~D!eQb-M#cjlUQSxWKX ztO*nBb4Z~R7{IImtSh5>3u)Wlijec)$~NDv4r$YE_QyV2NMC$!PO5wI-tKvJVzU&0 zOpg%pZQ2!R_pG1Qredl2i^8I|MuzK2tX$%Ly)~NulagBLypd2t77_8d?GUQzOmfkq zO-Mi}X;=(zcr*9qR5#^0;A3RVa)&4JQ#Whk;y_r4uDW8&7QULcmk30UQ{GJ^lO^uq zRLIsrI^9B4HI-vi-R5dlQSFzjq;uIL1FkNb!oj1RQa zvF=^(h)fM6ys8s=iRd1R&28Qvd;GEAXy%zRfnBe&|EJrMR=NI(#&|7=wCX!|ZKumA zaaUpM0a6I_BqB^gKM?J^OeHlgiknT_~fs=LQE?A@1k*gr;xK4-Z& z;#_RGC}Oi#RqCXNyshW_rjj=TfAl7>4xGy2S8U*bw0WaWe0yJ!@o$&Q!kM+bH9L*egF~69Ka-ykh z^C)Y*Yo(kFNnl|&i$X}iGM{ppr&Pi&+VBpB4-c0DTGzsaD*jLW1BwaWf~_&z+9%E*Z&aRR8+%`y=|M zfkOsdC?VM4<&yk5K&vK#=dAH?Q><4(5ne_QqbKk zf`2fE2aTIz`Z|ZMYx9Mep`Y3r8DlKY6!|X1)ezp!8C_emnL%j4!VQ>CA*-JB~b54>8=jk{`@MsM6^a#rGhtO9mIB z+5*+dL+DT6HWgzJ9fP1NG@(Cg=&jn_|K#}4+U$t%C9diWE{?KO*|4SR2ny^uu6q5z z-&{t0X{8hfILnBwC@6UyU~p~5&}GX2W^jj8HZ16kBTUhqT8$&bo+kOWw_X$@;Fi5t z|Jrz0JMaiW#tcvEYajcwiL)l|Hjo3kk+S<3iaul}z5r>K$iqs`^EWLCc{1`YA- zUgE@bKW=xHIQNAV0xGM7OMCE{riZ^`9g2hcRh;;{LokkF@_8&FzCnm$(jsmoPp1GQ zh>1o|%!l=t2}iyNAbL&(r0CuQxJ{;_Sn2Cs*N^J2bu5nUtH0$17S2$`Fo+u2YuJ(7 ztJkMS1uv$yOrea~KEv?Okr6%RuC6q-DSdHQSv@!d=k(Tso;-m4G#L8`BcE&z$)YQV6Qj8)EqRW)0a~}x5^>I2DDk^KJU%Y8> zv;adeHX0?SZMnnzBg1Rt=OPIozw|GpZKS4=dcs|s^aN*aI-3BEy1gim<%l{q(zZ|Y z_=hFihH!l3$1N0Y+-(Nfm9GFrR+u2z)g^9$MvnI+^|=eVh+ILXjs{jCAdnp=+<4DQ zpOrEy53LdFkAqcbCh49pdDA*@)Y{{0R7>_NpEJAdXO=1NXe#!L0zMmQgRPEbF=OPv#IFp1I@0kL zB!nmX{d!-KLAx2^;=*-tanT(8PAVikn396~=Mw5lQoE&K%B?O19iK2R^Il?5kc7Uz zzQYcHw>AK}_ zd2%}P_^@qEed|$U(MacDfJ%>l;rylARRXJc&Pu)p52xv{AmcTS#0r=6*IrenE4w-S zzVuU>ylto=F)*};B*@u#e5YZ$ld-^(EzCbB>g(>uzp-tN-S0b5j{j*14!qfQs4E@) z1!PW~#WDUAU1lRt?LjUdvlbQaZk{Ht3%^0#yc)sq$_V;6?zUxb$@R7bxQm-wp!1Bn z9fG-ufxz}24m5mU5r`2}J-Xa`ePU%Nm_NUvbRT^mG`UCgMFIl!^0;R{Y4;r;PJz0< znYAo^OKd8Z{D?olauOx_17%p{I;0x%seC3M9V0^~uJMcGM#0rSYnKjkkNMrkcPQ z#slO}YzZU!QpRl8q_jbYnO`i}1uPrV{ZXp8e@Z*S+C+w%h?UTIEPB9nN3>B?OBj|? z(5o%yG&J^Y)2;BEcb#51q`_wn7b{dv@o)&v(ThH?UX0nUaE5_q+Sku^c=W0^1)RI% zXwCaS0NHPn#_EY0ik{i$RSnHE2p_;6bc>vEmA_pk5s$OJ@)iGHTGm{NA|-nqH<^R1|zW^j01?p4RpUsdfBn6M5p2mENQdKDG*D**?o2H({clj}pf z{XF$0CB4NpWnK_>x7t zBom11bM;sc44|Kjkx>MQNo(2obw~C27pYf-Zt0&Lsy+nm^X3q5R9mnZ$jBBM2_&!b zu3X4ax#{9>{37Ok9Jjb=hu%rC|9OX&g{~l^gNBc2fZH;(pk4JuF<1+9Q9o6 z>Kgw>-er3=#<*?omyXR?Yz$o6XL^t*LlFi0*cbbJ`64M=FqLDpONNQ2*u-kTPr}M0 zlij6yGX72WULsWM!w}s$QLd`fA!sLQwwfiQ4tH!kr`->8N-+1}DbO!BwaZ-OZ2eza z(*ppp>N+zd@2Uc57S5-HFE1|;2xMQ3oQj%@D`pej+_Qy`F1H1 zA%OrapVTBUU`-5y7AXq))l}C?OR2k{WCQ3u9``UnJ#S-pCW41*+B+Y81&<%NgGoNX((F{tW(OQXsDo;>Q9FEoBdpdhBM-z0_COH?gk zDqFU_yQXbzGS3?8MJJD!2wQ6---fOz30ydg_CVPOy7*4E^f>oBTkCDIEMFJsq9+4m zJT$PSf#GCl&YtJw$JzdDWA0yqyT7K-$pXt*FvJ?^;T3)JOm^*Gw>Bw(o zi*BPyRlm|1Ent!O#3&66qW#ng2-zO*<6E5tEFbaAOn75)p#m=0E@)~_Ci7!2LXP+O z%7Ouems_sUxN6@911GLj49{kl#j(2&^U!}|sn`+J4yGf@vT=}W$H%>bRP6!_y^5ziLA zB97=k6UE?Hrqj49EF3x->}|FRe~(gQLBlxV@HB8i!RTqTThqx8Aon31E2& z$)uODDk%pww*-`RTPXJx3$Apy2RSGAix7HWEy~^=dkvP%O>DaKwl6gEgg18tSczCD zc4w2Uba;mpzz^1%Iag)O#9(_@$TU@We;X)+&sJvf8&L{!sZ4|B9DP$gjeOo13oqo| zrZUkf*yf8fc?8+oeu(|5w(V<&J&oTQN`FTtA*1R+6@EO;*@aS~F+KZZ(EI)eYCBW* z>a;!KrAn-FS@y_%+U_P_v`yKd%2`XmNF+LfbB3sUAEpqn38&GZ*4wLX& zf2;D06NpmEy5%33SwJq*-l8qO)&6wK{1Z)YO(qY8byFh9bNEK&(|qeT52|kO-m*cn zAi`V$bDkr&K>1XNwIKgS`KmmNlCO)WEp^F~*UwIpmti`silomFJSetB4ND#i`bYPx!MHcv(_g3B-hrG}@)dGD$#bxv$2ZXu*Mi2F!d(;D&$7m? zWH`sklNB*|&;+jU8nss8Twmg!2@BXY)$dN6^+YkdC(4w=Ydoc$g}tF{zC#R~DsMBv4<9vfb2) zno27!JGjJkB8J%XFg($6zjIjHf^I33qG&3LW@s}pT(`|nX~*|warl%$2NWq_%F%} z)Jj75SBK>J564Sh`li_|1_F(*aGMSgUhw?Oq9`5%l~XgULWRmI3Mn7qjC#aOLnZ}t zcWT#QCj<$H4@ijJ5B*!tTN>%ufTV{^DtRU5+jt-dB`FCYikyLDRdI3qok1)VV!lEQ zbOzn_(v-!h6b7wEDww(Ys2z!s_6XpMEN@Ma(^!DFgW;9?&y&>@Am`d2iC5#< zK?%=pVBz_9gnJEHk9}euGgcS?{r_EHrZF74gCSw8Rr~hX&7X1iP|kPWfXN&dZZx7U zbE%Krfz~Gjgqj0np3Xm9(3xJD2yh%q&&gWf?_zWFhH=exZ)Uw}E`D87sy+%;tUZ?X}zCJ$plM zS0zaIj%dKIC^m`D^+Rl5q~5oJ*;>>2g!V0G+j}8Q!B?)M$T4488Jj8Jat=>iPA70| zLD1FlF)n8zNt$NE=20}Fy5j;|#=Mp;=BI*=op2~hJHbMHg5z+d)na_7!6#;;YP*r5 zFp}k8af|S?TRxV8xTOW5=Ls54I?REBbKt8I7wmJKW+!1MPQsMk> zYp|138!lHVD!(|9{#-nK4BLSzi;bIlA%nw6SIY?Pa?Ca8!^sya+w7PWWx{c zvp43#C&e7Nb;LdW2(d{#Rw3tsl3~Yl2{vIbT{szdN=;(|DDISpXJ3}3hu;ztW(*cG zV5^ib{?k1xg3GJe^ov?1Ss)`x8i&bw_j7w)QGihIV`3!lXgW@DhOf9Pt|DqfrF|>l zH<(x0OR+^F%&0Nw-5wyr6>O*Fe?Qu7-D^PnK+(p_MePIpKnnQy>OwRC(`}`#^rAEV zuwSrL`{3betp8fLzLqzECCzg*D&|H-7<`O#2f0Fq$QzYt2t0x3TnFVJ${VI*wwO+g z{1CoBtVWC9|3n^(*jz2DFe)bq*6NOi4S@uIsV*Blcb8e>oA{TNAv^Mh8)fS2rmaO9 z9?zFMkTCrU9y+_^Vv@C4a+p9}?Kbjsb_3$~SWBbaUfHEmf<}p^Hr=?ZdGAKrA9+dC zY=p|*F>t}{zFen;^Bkf?0taJDlh1X3_{{`dcrYAjm*g>xPRTq<1>3}k^!j=~XR}J{ z&4hh{q^A7NG)^m=H>VX0{^wz@T=p5u5uwkutngNmpT==%SgvDQ7!fG|&Bc;X*^2gR zZgFeB=7FM_g78uy7SB1BHD~zX(pI*4xM|cMcY;1f(kc7xr$EPoZj!^v%#nuc41svb z5bvPe>712Dp|IC{ypu)8{FP(bQrpWt)m4SJ8*m$Yw#jSB=C6f)UsgD4o~+aWFVe?F zkMjxJ`2}DLJ*xg_c|kL6gXo^W6za7UW1SJ?q9o5`=$YI6*Cbe_0<_nc+`- zWrPd^o*@PIcVQFSxA^r3(%usRS7)Z*ICW}&MvRy;TFw~HV$bsIHpG9%5=u3V6hzRi ztE!uMI9&H==dn)REU`}{_qfrhwC*5fd*S?^s{FR(Ykc9jJSwqKP@Ta61Pu$L|`uCFH%5C&`C8>#pJ1jrYM%WVX? z41wMv<-v;BcY?|hf^OGA_s?t%HfyAO;Oc3k`!P&VdeApdMA+Al>Aal4jBF~>5cOz> z6739!X4^tih5A1B+yz&1Of2e{Cq(6rIky8>Jbw?iy7fe%Eji@y25GwDr04A@VQsJ+ z_-y&xZHDMP+bwaqy9smU5d0&9z}U=p*-khkigkC#WLn<*35yv7j^zjn_PZvXz^{B^ z0(+y8Tk6xUXrWFmcH(&1kY<);zM@>6PJt&i1vsr+e>3!|H%fYuo-7S??Wj&{dXdY#MsRnLk$P zk(I0_E#h!lX;poF&tlj6t$ecmx@{gguK`1Bmk*(2gIiQBa1PmlMclIq3F;b}dR9i% zqc(vj4T6=oA&k+z&zBXdMp4^)JvX9lxD)fZnuxS?y`Ji!7Mel!R&EsrGZeaDC3_s| z;mCws&M%GCK<#)wqv691lMYVM`)kup3HPQ*?V6UU9yN`TCG6PK8ocJQw`b4Y)1e}; zp?G6Jfn^VA?O9tG)|{uSX5&Z6uKYP{R_9)+_s6%t>-xDKV7t*T(iVnW9ay4Z_3lP48xvG$9Za#HlU)&IO3PFAA#j)ZbW)K?ts|_Y+=}(1WiLL(N^gELlc-vpLp4=D~ABFC@2C z)9B2rD1b=kPol2L*3-D)^4_X7K>0UvIpb6E&-lYhyJ5-OM^i+(G)2+ajrKsI>~>30 z4ImVPsj033zh*w4NL=Go*~cz@udEnJg{Rk6s)Fu$(p25ZNtW{U8=0kX(UofNST8$7 zgPxwAiM3cPyqdl0fF<^wc*Xb8)pQHzW!LpzpJTkpBRSZkf>MUmS&ON|E$JL@@@qRd zpyDh?=dvg#&*@k>?h{6<0xQ`b@7xF-2_=bJ7C34M>N&Dk>Ee%$mMR+itXUgsmgxNx zpJ@q01f+MI-|ZoL?$3zT(&x3)_wWO?j;}l5C_(!q&#OQdhiyo}vEz=}&!&$wY!{KP zwhs7j+s%Bkg8kdWL!LM}voz*NWq6N!ebsN=u~nyY!odd@#t9AwenmHI3Ck`bg)d|~ zU&;A?JB}f}cfc206Wwb<0|LdyFWfnUfLVhrWm%X~vygI_0ei4E$NL&BZ)yU{4xrYEisi(vI_bN-AGtFz1+9 zL+}p0>lla^ZNpog#v};!Fq)ZZm>dgkW-FGv8MFAdV)h;}LTh(f*4=s;1a<$+A~{&6 zYID)fmLiEw>2O*fQ&wKApZ|y{MqL1hilxb3pB1f7yOS){wg=oUM5^kFl{NL>1UV={ zC@>E|GtA^bO7PFoFZQEf2CXR`{j6E*tNQ4ZxIBSG33=Cc3$(4k>%6PIqAJ-(4wLJ5yIg0`<=S)9}uV?b*w)iC_32%q3uZ0 z+)%;#Yk~Coqe%JOZ)ILjZ9?scL~C6Nf}%=;;8RFl`2C*AUsgjn3^Aw~_du>TT+w%d z7>X!*|LlWU0O=q3f4?TiBZHds6UJ>(B!536( z+qr=^aM0ofxlw1AM;aB*xv$ibl+@bot>gm{IlT_%`4~1W5kb;MwC*lXu4>T;XT?ltxKhJ0lZqx(2`8 z^R*0>wa)zUrw7Vk1?~3g8m-gu*r;>iGhCtPC=F@$Cwb(bQcqnsh{+Gty$eySJ`9iw zw6;5k@{Y)rPnN8v*QKI$^I z!srJ}Gv?D9iGofa{KOmLj)E0zNqjJPKy@fZy_HtL=t5zMiNk2QeiU5bt=@UU zVGp{)Jvz(h<*XnCqkh8KAr?)+@=_s>n#_*@?eq@yHP}5vw8kbLu*aUkkk=SV;eCP) zgNpNDw9dV;t+Sg#g-`F-={<%uxaGZN;UQgOnf;I7!prlArwG63*r)v37ySXO9Rv#lbmkA+kzps zL8lRHMdaeG8zVJO%g)sEYun@(t5(jfkUquQ3UqENXnnh7`U`WmWph0GhnOXs&}#pX zYAlc-JMfB^CUwevi$uzp{QD#!YnN55my&x49d0adWhV@mA5#Z6rKexN+-r&!BYLw| z)%Qx>F9ng=*!xY4PibkbzFW%gK4=+yH@B_y2xt)FzU!3~pst$H_Gz91hv~h2d1~ys zb5%i4_hDz$=G%Loy%x#_uR4tZ@<7*%Ma_G!&#C()A=4g0n6`AJLH|^U^If6chSBFo z(ub9Mf8Wx3IU~@1{n-8#_agMVQb5M*pUWh#L%nn1E$;o7(Hw*R?^f&nH5k38Lc1kF zuRGx4GSAv9Z;cS3eFvZr6_=!DgMEVFl|{L`?u5o42}w!s-Q#XR)xsz-=pJ&g%D*H~ zTZF~#u~^8;W3XJ)jtdD2vu&~?s&EG0$fo8ME8}9pUngv6mI_Fdd)+Jy`9v(HDxTq@olxmT+d;+l#a|!A{9Dgpijn{Sg$8 zlZG6(oLLwB+NG_()Jz9`a;FXb&A+?@`46GkoAxh;UO1Qvk*QpxCIB!q9G(g_0nYNDmyZ?&%N|&~)N{(^nt=At zYpFlP&yN?)7T$;R^Y3axX3_)Zud?}-74U*yW-%~6kjoek^`^pi@xQo_XgfOpX7*j40nBwJ z2o=cau)E%B$#k)nnuy0?yi7GyhFw9&`y?)g)n;%D;8=1+>HycDa8l#8L@PTilr&%ieLUl^b29q3KJd z@{j@p3w@vhxRlEcQUFV7XlrXb3j46Id}f}vNs24N7<2?E{>3fjV#;0J1w6<~ZKRv< zu;n;!LJHxr7A8&Wc%MUCfs|!;BtUmfstoL z@t;N%|J#Tzj8d*x;)?kkR8xpvN4Z+!cyAPGc+IB43a-c#zeo?7?i&a>X``R_qJ-6e zcu*O!Bnbg+DScU0Rn^2NX}YkKiSjx0c4wsZI;jY<#|q&bbf^o51`YSh))!IQ#UvHlL_znrFjp92qh08b8h@&9`c zgy?PaqBXMaRB4#`qZi0x;rqadDH1jp1G2?oI;sq(QLt} zkFQ{$ZcGTe$=NiV=Rb0WsgP5&@gOIm!3^|FznC> z8ngk?yiydtO~^*j3gG$9o}6fJsygx5`gaKaxA~RO|DBHvjg70#XK4P~Vt^6@#{i|t zt-eU_o46F9@OH-yfaX)u(n{;1^ABSBP5&|_Ly0A7^}n7QlC(?vJUO*NE=VF7a%8Hs z(iaT?tsTZB4PE3ZhfHV|DvUGTSP|pTET?VuvM(|M|JX1r_Cuqv%Ez?+xBjR2Pxr?K zfx*BJApn^mprD}OWn~SUk&zLY{|5nGjN=^R4=^~_Rp^*Ih&Pn-5HsngW{)PKq*I1W z^%6u$M}~65p66h7(A00iH3y_(gOh!$>9^=jo&19WJR(legj(Hoo%FxkHOT*C*FabF zap{#12|(Ids4;nT_SQ@n^d4RB^mRNU$7BS%2oF;SVNq}JEH+9T1|CzK%zRMN87AM^ z!JO2Qo02zEfcSA6wj~7~p1`yPWx~Ttea$2Z1~Q*trC7*$=Vc`xpNTOCNrk^sb$s6=y8+l!!t998%dQfQ0UW3J#X(z!tt%e| z(nSvuc_(${$hzIJlPc`Q$PAxoazNNwx0*hS-pu%~52j>ZRv;l?wH)ERL2S8vF;y4s z{>hK0iaCSmdnF1MwGX!uXx;$sCB9X4v+lP^42&sDuzPFT7AxJs>@+$?jgAMaDaj|k z9LaH#OUA63pkjsSw0KElH=cv+GTIY<&O8(2oJSK{@r(wk=?*FSmxTD#$mQF3Q8nZD zcn9xJ(i0d~hp;)ONVL%=bo{L1Z)4+ChnpVb(n&8F!be0krwgwIq7_}cwfE9g}5uEy?Pz24B&%|7$3t7V9GnN;mVO>Au3CN@mbw#9W zPZp`SX6pj0c!erHF;13+W`@rrYGgeQzp6so@*hEu>+mg{rTP~kzLp)k;@@JZ?9C)2 z$sZ>eMqjuxR0(ds-wWY-6*Z^!zM==&@sI5g9cgqx(Q&lMB=1ciA+Ju;2)SDgV%f;HS9qh|lglB2t6>xH<)X=!rwfYTZ_8u!MOLF&oPBZfakt@8V-jIm6;fnE8@ zCpp8(T35Q|qu=45+26@B(iH|%p3cZJSZQ}(F0dvt8?nTGf@;|~ImITjnXxD*Jon2p zbha`Sow5}fB9eUPt_xNj+GTeBgSqiG_Hu_}lKkRqKv|>xj^_47gM6T#=05{&yW_7N z2b2ZzvH+2Cb0@8@f9vY%y2Msgp~<-hcU7fgx~qKx7v_w{?AG{UHeBSkCki*uAwf<3 zfRmY!07&n&f)NZ^yxI?}FjF`od%2AU&A31JbnY?dA!)JaJ_Ua?QSwaw1&xX>$xI?@Se#NT&n?AQ3Yb`dbVpX4TMhFd(kf5Zd zh?S`mn~n)7oo4FdOTSvAjfx^?_irsVtQHw)ZHV#b2QZ_Ng9`c0q+)8b>YB6zA1rF{ zag&nuSCKaPl#wv(jO>}{VgI^(7m%(ypSPJ&95TPmgaGLHW^>CzIxIQJ2>GC4C1m*B~P2J zMluZ9d|%{`NNj}(;hkyy{dDaRFjv;~>-9dS_z!mCUV2FdFKu+7ZMPWPen-qhOIj0j z7_MXURGCQba%G2Z|Ld;(#KygFYb4DT=34j#z*O#`=Ky zpXESjYT!J*C}lDVYRpjFN{u`S4z(ZmI}=TLpbdcs%{4aE)87nv|Ar&+_?=PQV6^|n zIi2zVl{)$(3{e8h%(e0h!zeVf6|ZboVDl>k==2mY_&Kd(Mgaor{A~D537)=4pn!{g z5pC;nggN!JEBqT&+_eXE;qj^E(OG|SKK$4%L3o<+AzmE|(tHI&$yqXzG02wFJ4|$J z_x;br0Ny7PIO{b)PA8gXW}u#7hkUZ%GW7QBep2VNh|iwT?QIbxT;BXr73ej$2a6zh znp%yqMrb!Kwj*9o_KJKH#*?(DA6Hj;ke6j<`YxAiJtqNaa*;1$q7averB&POG8Gd0r79U- zha|)Xn~mfBpq!Z0R0!}D+dXLv@Y#PCCmcSjb!)7s{)1lf$YWKn9c~@+oVA!ecYGdh%cIjsa!S2B_ z4t9M9o3WY3`7e42T3_2xJe^3&g|lV5S8Rl}p>?N#olwcwhp7T)ACXEp5Y?e{1fb9a zVpXPth6LuCGI}f|ah6>_&Wan7ooFJ+{6bY&Ln)*epC7Mzjet`zLaBH8-Jv=;bmNio#nT_uy&y0YJw{5&GPRqCvt~!=H@KF%#psypZGRD|tEo%h z<$-2|n|Dc=P{oL)OOlj>wb4GruXoteO18_n(!iF52@@cI^ zR;kr7lbq9!;A>1Zt?WqUqT}ym!zM`m(3mWSnzLyf7{b3wV@Y0g*Va0$M7+^3 z_f#kzS=kX95RcQ06*Ug9(|UiP!QCQ^2_cio5HgOQIq!8nTVbtgv`36D;Hq6HWSP1w zbIVA!*9j<2OhfG6gjp)$Au|GCb1Paj>O^UBBpm9ty zP_{*Ur%+xn7zQ3OVbpvi(9>LrIUPy^IFR!yTAa$F^-2lOSz2G>m|0iiP2k?Mj(@IN zLc-=2L;G0%WZeR#6}UpVg!qZ!qOSJpd57zK>=&;m&~bm7s9D@gtkwQ~8EEErB=Eft z3ZT|%vy@-02(NK;J(};$VD1i&QyD-HKAHHG+vTB>%El)pbnMUrJZPEgtwb{ zmF@^?asSSx4;8@42#7XB>ncMOuoZ`~&}3v~9bvk<{1F{F6n!?eRy%k_%7ZF(TZv~w z5jNRRVT#YYb6rNsE*AEM!Cgqzanyi<;Cz=88>9wEWQAD2qGa^9?iiRV&*0XmU1{7> z1&`~O2;ixXGuPjoN^~#kPI-6J7|Y)WfE@9ejCZUU_JZN@l{{?h_Ih|YPMi7{OcZ;M zN25fO&m2=ZL)Pc5VYVn`4701vp}9bI0DsSIAhTaV=sLsrPj?fq%>v)sWw&eCjzISZ z+Z(z+OJyd#Sp|*ad3%UKwWir;8%_=!B_{IvtqfxbGMG19dYf*uryirB>NC7=sjPam zmm|lFZb}hk(DrD|vZ=@@!N2S$DbTq346KOj`H-&K}oM0z}IWo)p!|-eqn!^#Donks}Hn^5Y5x<#=UG z08SnTyyD_&zY)#j6s> zNt!0nm-3OJywAAGxW0Wf{xOBh!+6q7?M%T#>^|#dUg=5)B($Bl6LPmI;Guo>S~zRR zbCo&;KjC?cCdYwM+TwGi*tHci=emUUG`9NzLk?oh%xq17-E|i!{ zJBHvfvFKwC#Rd^yYboD5Bo=^Pddh%&rO=V)PwCOnH~lrd=Ae@=*E6Ib%E!%JnVlt$|~ zIwy-6;*%pXA7Xgi!)9#|b$wCFdPBs?zg3kDE4sQn zKx4tPh^y2AHQc4o7$IztW3!${Ia(F0?xao_AAefbHIa5FFgQf!?Ww|flzgj*+SD=~ za;pZAB^*(P>YsoAdDp$aQp=27N>^2;>(3K#Q^adZL~HGb9#almXO5nJy4zD4;80g4 z96u(wozvmbvloA;)HnU%YInty;|aDUqX&nznGDXcloMDKm@7=^hb`i^YWP|-zM0RU zm8{z1+Wvl9v8;QbD%sQSLhfPArrcgGOlF}>cl8i9@x?eX89rlSs|VU&3nOr)15^Zg zB?}AxXbg7wlwN8n39Zghd`ZFbxZ@KM)TVIe5it{m6&f}mF0<~L+o4tL)u*sH3)tDt z3kOQaziKFse#hJzL)4v4`>U%3!WWlo{|&451_KTlJQr8ji}lX8IvrlxY~zf6`sd3a z_}$%Ibq$Rj1o#j%#l*W%ct*Q?M#!mukT3WI}vw7fDO`Nq+z zXwC^Sg;+ecRFLNvQU{_|5*>`uRRy!A8}idf@zc`#8NLAv@fev(ICyb4~bplZE}pRzePMHGvtxfbFkwsKHo3MXE!g|oN3o$pKbB@)_?3Jo_^ z%|XZ3#;IQ9CiK=mPJV;%((2gJ{h$qIveESq2w$AET@|X&u;1Pl*{E0*f^BOaD{*gG z;Oro?qVe_t7|a3ITw_&75%X*ITUoj=l1XP~84nOY=knmFQ{UIlpGbvYBFB&mn4XM3 zf(D}i*kF^hJHEo1Jp>wSf!(fX3cP6$nWZmW}r!9fL)&P8i z?395i|K=A7kS;!xxm0QBUAQD73iR{+QQAz6=R-J_j~q~@Jsd#w?L6& zAN03Mz%=w7Sa?!;_4Gu<+xJn0U1OMK@3X^^0|2C^2P&E=jF8_mAFnGfV*o-ROx^59 z#wkBPa`f0K$uXslsrvthUOUA94L}Ysf~mxm&Tnpv9xiu~2)PvQlE750N9mV{@W#f* z&CscMYNSDM$Qe%oP!gmEQaBC>f`U&5T*JA8X&e{_7>$2@1P?!IK+eN8}({d%T0Bm8(06G7b?h+&w$yHa0v&`GQB()|MSS%^RQ z+iL@#C#I~h!w1_2oSLkawZi8>mN=WHxFVDZe{3AgpI^q`l~>r1!Q4JhTXST*!+}Ad zBRrv4*?MVqa;SL3i%*s}oZtE8<6zG?3Exr^!HztruQwjL>MnfFps*4Q``ETKu<}hm z`#Q*Hs&-P$TQDRe{dB-8Z%Nn~$)IT$?0i+ktYr3KiAV*jJ2p^NcCS93@*hR?m~9-+e>sAT6|E@CsZ^1cy6>SyKXb?1l*)Ge%Z24V!7H29GQo35`u zEv%*nK%P`cuXc%2i#6xsSi8T7L^DIwbO8VQ3yX4dJe2J9zLY2d*d-^j>H&J+aVzWp z!5g6Lg+s>w2<&axX*Scq^t|HfGo8b?v`$@G5#frQ*WraVJn$OPxlI|ZS+rhNc;LFH zcax2n>eRe}dO2)a4=n03`(55{y8OY9FW8t1)!0kWfuIc`@r})#Esi%gpC?gXB{>WH z^V+5Pk$icl^RDbb?Z$wnuF_z8=G(KBW`cx~a{zJkt&zYZ6V3;f)bBpHCaJRynQfBv zhd>-v_ZM4Lm6iP|U74vF-pGDktzRG#H~mTNXjRg% zSc6osqB3X|6Q30Pk0}p&EjIz&N=Tof(#;Xr@R2H%b`<<{qoo3H-Mm=e%I>QHaNNW+5W>N3K4teuBjWw`%Oy>Od|Nm4#P>k|5?Q-1 zeG*EOGRjJ5T&Mq?J@hUJJ{^|&%tRE!L!S?EN#%Fu4I5?phmW}u>!spFU{%1lWUoH6 zOQJ%*lwN_uWhapWr_Xj_xG_@Dlp!p@a!*vV#w* z0ywf-5o5LGpOH6Mb5Pq!bLWloNT6hD4(X!R=jNses3to2C@(cJ<;7m@O9HOTyuzu+D=Z zmP`dT3xw{Z4Jpic;QH3Lkr#gcQ2`3%>on7Ie^e>u_2i)mo?(;JA~!8T348>`(e+cG&ujc@_FGFkm)EdhUO*_Etf4bY0u-lR$z7 zSh$lc+}+*X-Q6t&_u%gC?(Po3-QC^YEwJ{=llT4puj;RTu&ee_j=Dm_?AfEo9M^UG z!1L}zY5M4?;}&>@JZ^8pmnx!{vDB%%af*X19m$6gh<7(6&>!gbs=Qy*8I(`;&A@}G zS9Wl4ieo332FCMoA5LX|oG8OjKT`q$u=ztQkJfz$aX(M(pHt zpPrqHrNx2Ca>Z3QQWC5YTCw*QM6|L<+^xz|E-Z~rtY?m z*W^Fuk*6l~{9Y0R%>#*#-;@19qQsKX>znp|M8a#HC)QpUzkELa)NbLilnb$d%lLxX^Ufsyf3&%hv86Jpy_5%We7tPAG#zvN?0;CEGCUwdE^RFz(7kbDxva&R1cnrjo*y8@e=zzSioIMWGi6u2vqAVcv;4zo`)R4$@i zKVaX<{1zz#7R8PH5yeGK=jU17D49HjaWUB18;eMOR;kmw;uQ9uhDY~tf>bx^*V()J zF3I6#Jo@YMVkf>BE@dME2-HgJzscM$Sy9@nJ0Od($3Z?@{Q6n zz}pZZ&RX+Yx#JU6JDyayi)PwY;-V_cwddwbeYyPSyhQFJ78_WU!z$D1V+^jy;Y&Du z$aRgr_SS@&a$a8msqgi~@^u}ika*98ou>`!80B4Iz`84LY~6kLALA7Cx7`ca183%K z0%Lf3tHrDjPKwD~%Q8tMQX0QvBNm(S5=(Rmc1-8^Y1VX1_*Xv<%;C8O6K;?TpS{Qc zzTNORCnnFVEWr25ld=;}P=|BuAv~&ROmD12b3i=)n4)AJboR0be1o%2gh(Q3%D+9l zH)ps&ef4lKMT_EyUc#xXR`eM7o^zG*RYEy^C~Zx16Cw?Jo=mX`%{pj_-ekmxWObR| zd`GEpV!clXiq|)E?vR%p*yp}g*FeZUE>*H|LCV4#I4cLvx}QsB3r;W z-b*xq0=SSQ@VA{z89^e^NtlL~hm!wfOE~QL*)B>X`pN@$_yU}!l)?`5z4Vv^AGy17 z;#mJO09ZAj))EY}mU&N3T3S*FRLH*1d{ zoGh0Ijd0uq-esBad$+i~fL9X4j5l9bU$FHwmjgR3FL$Vbc?u!W+#`w&*JPhBJ^1;+ zwss#lMU8_HXsC^&Q90aHzF06~Stkxfv6wOGQRML%zw zH6I&&wrw2@i&mO(2#6pO0s!E_0_~VVKM8a|Zq-(EK7oqvL&0;tcT;e59ZAoa6N`tu zGZ`TQ&mc9s@*;kGe0r>eo5*$8@qP$2%RN1&M|7{wpM?PKD7EX_J^>;Rsl}cd!9tHV zN-FcBU}(Pw`ytMAUPYlPf27OyVDr#Pu=1(mmqIA?vy&-iz4nta1AU3xDrs1Js(4~+ zbJ;s1(D!o#2#scGK8N3vF?=v%H(XX@g4_Jo`dZDIjZpTei2c9kOo-qK8FFB}m^jea z*I?{)vFenEm4#)YB4(=5T66vGld*%q1!|z~k4fS%XyA~H-Dt`HQX{n}mz++oQ}92A zUC_T8V~<$;mVyYyTndAs;~Y+b;Bw1kuOf^NXWkO*(+yx><=}0MKA~Bfj8r+yIO1PiC7()idCnGR;?J)6PF`EOqn*YRjmLVbvqQwH5O_6rMl9J zziHmtE_5+rZyh}Fus))w4CVoXpguXNqkc%@P$n0&Y)xR!?mpT*Q%#JR^49PVXZ6p* z?}b(bm*&(4!{^by_WR28L@&HM&)V+kHWzxAJv2;Z*1w7xItyNR(%4Q96o`<#Y{CA+ z&c60{y+C|8kv>Z>y;1od#Lijs>3-xfd;gBIIltH|CHT7;CIlKF=NvcjO#$$2vnLeo zBuc-By~`JlGLa9=ZCLwvXG7rLNWJ$11#nJZ=5XAS^LEyH9CHym`!n_v*`E=4errrLw))iFaC_K{z1);H#Z0y3dqAfi`ujjs#tyA(6EGo_TZXfXTUn?PQd*>jiHm zTy?J=QxV3o`VVLkN!4dI!8Ugz?!%gDHRL9F2=+4RO0A`@q(YDpv_2Sxj2pRB2@&qo z?nSJV_M($!J>KX5_&~ayU<_Je{*7gk{~lt6{W}09vF8c&6|k@`GJ z&(qYh8jd9{$n1&EdW;eR536t^H4>XL`2vCdp^HPFz<*W+a#tM;Hpqc{R=3H7Kq|gB zCzjM-1!gF=VeOK?-#Sr)U#Y$V&vw55)Sv|hHxpj)*rd5n7Z{697I8S>PDP=Y zWqzjwdt)e+{y3|^SP^T+HnTp^e}-sdcVvvDzDyCSZn%j3tZMXV-E3BfDv=O)gl4I6sTL7JszoyZXDl<=R%jWx68aB58$C-DGlF^B14Ju~H*OjEK2ktzWALLX(t9?B_37u7{&{V3d^D_b)p>tX) zI=tF6K^}9WJ(Wa~dazlL{J$e_Ai}>ddIf9%KR^A+e3`1FB2K*d7yHAB{@z}}L%pte zaAR!}ECFIU42B*-fCEd(YA}?4i6E~RBHyY300XgSDr!PQ>RR#zs|VLj$N;y{uSGBe zg0P{`X1U^auQ3T7D_7T0S+~m=1p4eh&>7G2phs|8vnYY}26B#)fvDh?TRESjF?J74 zRr)$sZ5}iieP&7p#dXcOUaOVcKph)#I*pi{1ageNxlw3qXbXE<0yi4H0g+!=@V`cp zN0n;V@5ZIr^?AeLl3Iu(BTX54G%@~KDT6&G%EimswC7FS{nR2YKS+*KhJ^-<<8+8P z!hxe+Ktn5w>qU+{Oy?ES!=&FXtZOXHMPsBqt<`rVaUm>;LLR z91(Z!6@jQseJuogTXcf0PB=uqZ3aS+6|6jif%MfQq{%F4y|qDD1+Qpa7#+cMWf|a; z(;&tZj4FaQ>Z$>q5?*w7cLCiq<%gO?h+kP{^N!KTxf}jfXg23w^RMw z0P=Meo?kgilvoG3TEkG2hP_x?=Za&g;|9ZTa{?bc(CvCmy^whnwXai3Fq*N`)x)z< z`IqKhspLEgx0@W+-f>kkCgVS51W%!qVMox*uOxL9LVo+o>juyVF$K<@^C21^#*Mxr$4C=FGzw29^2#wZ=lxY(eQ_Q;|-QP4Wcs2xj_pke5 z9ju`aZl?P9iw0A*wmTd2SNRZc{xL*GD`gsR%Ion93S=rXx@_8vOYD2gl{6%hZ~_Ls zrJoyP>EAHgzJJRKM)GpS9&PgwAwJEyTYdlNz3#eP{3fH{l}#@)-?@i~Zg|{qPe19q zD=saA{)HkoIk`xy<%eHK&?Yi&G+*c}m5S3_IBiAXlx-QO7gm6$LKw?F!sMfuq^aMC zhgu2c`GNMqz^T|y92!W5gq|jJ3JPawp^4+b*vgDy8(Q?Eg4kle-?yh{jym@ulqA|$ zWIVho%Owf-U_>w9(?X{^Gb5=AeBRn)exnH`1nZB(nWxKBo5`i#Ws(IZl4@@KI3Ts_ zPVlFfLNJ_bUvGsrmX%z{%D`@l$1$3Y`Eygz9MWlH)*FQ7^mUpomd8-kp)jg1oo@y@ z-C*&@gZm)5vn$KB-1vKV1@Q@`94}q2GFYHAWVE7Y>aBVOKRox|L|D&(J5(tjsTMlU z>`XZV^UL}EuTcXbe?E+Ldg`%L1^1~BkuG2rWw862hMAZ>BZS2luA%KDabaH-bH#ZhK*WDzT2?=V9sR*7Oe%gSh%dqFi?3J-jnQ*;N$MNCYxJ-#iX*RQqz@ zzk=Nq-Gmb9S?MAYg;&<{nARtFnHSHAG>)ZL(@EO?lUjQ#r_eib@h^%VBn*S5ofSUn zDW91#9Kv_I&GQo!1i$XUPUL!~co<8szpt`y6+M3fo5$={O$UErkDG6vl0LWyBay6# z=3b1-ZrTpI@49=U-L^7iA0#bcI;s!1;@Cn0H_QM3=SprVPxokj?D0o+5rMhM?#R+M=T7R<=?iSnG6UbzFl0KAtxNe zgH!`Et{A>6j}pL}txo&Mnu8l>-UMFz**1oCLM!%$sWwgG`l_9o?@ zw0SFKn%E=LVP4gRpgDOXKUu%`4F-B1zr^7HUvX=D#lLg*Z0v8&EUYAAf8LyO--0ZZ zP3bXe+YZOt44^SoWjNLQ`XS~xe|5E{d7a={l>0Bo9t;iJ69l2v+^)|7k+!O*Q}s>v z5o_3=Jgz2<>IRQD^}}X;uB%_;T}E{pVN`C&=;#1J78Eaihcs*J%ALvDQiznwL|vWX z?_Zq`7W1(Pgy^*=CzLva`+?Kg^;lj{9A`#vLzVUAhN0GRH1OD*VAb?_HOeD{S2SCb zIfRB2?qK^kqFoqm`_G)fWYfP4yM|NFBED`WI#y$rwA+;VaD_wp3w1JFrJ!K`e-s(NBd~O zp2*YWe6Q%Vhafb~GzW%cLmz#&!s43$`QmQl^`kR*OZ|6^J`?1C#Wq|?DDFrg{W5B29qLNYRjj zTQy@V2uu;8BLU`$88hun!2@wl_`iCzE7wAlHG)%#Rjr;-~Au&^ue zGrQ|9&5qb{6~fU*27x6l>?Xi1#wHuSB&^lt(+nBkV06aJ-+k{X)=wtILxyKim$)B(X>R~uA;)8AlV7I;p(e`s*X*pLR(VE zf?85slt<=1pYnj2-dX~A_0(LSBn^j;wi(Tx#ZbN2*aqgM>1A58LTi$ij@$Yg~`bp`g7Kw{T|%5@E-9$ zNTG=z)Mfl;^P)R~6)z*qy!Kf9X8`d;Iw~Nk`6Q{dYBftVY-M|bprd_r+{J|WGaqeP+AylVT<~Gg<>oK}Y+LO9hs=y0(AJdI^NHp~l{U;r@ z;Z~i4dO)WE$%*bYmc9PrOGMzb_EUJAErYA1dOWQBucgDo!dkoNg`MpunN(3z5g{SUHTf8@0*Xc+(S6e#}E94L^=>=nlm0=b6?)V4}|L z;xixlI^W-k`8{WFP~X2;3sRTUxyHH%lx$Y$*4yTyyW0ro|{fVFdkfOloE zdQ$>O+=G~vRCR>_e#Rs<>BN*ycsPCXpT2qkccCTGeZGHlp0ZF7gLM`BS%mljuwyG< zo-SB#L>hp+eb_y!$`9F>PgqMUq4kdsBAARE1~;Td*HKYO58Jrh@g(BuvXGn1V}*Ha z?Qe(4c(Q&Q`J=qu;76rrI6Sj+a0Ks#?{X8Y3D$+GqsmGb^*zLA7iY)U`DaL7Lvr&i?qVl6<1$93XturfMUUfG?_*jbXb9%h_k#!HER6 zv7#Jx$F)uDV1rRgkZ+Ms2vNr*<_cB)za(XMFJp9e^BppJELAWIrSMY_qOC{!6>Kmu zO-FHXtb2G>R1=%Xnq=#SpVH3TciWA2eVc5Rc| z82YM7?#=Dc1H3eCcOR+^n!f5cxwGG&T=6YYXJfXJ^X$4t4K~3(k9l4?KS_}fO_=L$ zNW8+ztt9Q37ZCf6^&x%i&~kMGu{itFVq8gTw~l%)e(l-hM4`lKxbm4=?15_k7?5Qg zT?zURz_Hhb_uq3Ee=s?>y}w`J{n*sMx|+7#8w74`Ap!JHB%wEx2!W6x`8Y9GDC*r% z;xHVd5<|o@y)oUH{uf07Lq=6#=^4185iC()u-a(NWV4q1 zaK3uFKp|I%{aZzRSQmg4e`*cpa8%`m<-iogpkOVI5T4&pW29yh(~AEM3;j0v_w(tp ze|}z>l&D<2PQ;Xsm^=*seTAIW))*|P;@)p1zPQPj31T7$=7ROv6l{lU1wj4h7XSS7 zEd4)h(MV%NNeNiO^~M?d=ekSbyz-bU>|9#Go7?mfnE(44FOXU7H%b|oy4tm_`ilQ` zdn*6_Q2*LE+`FyFe z)pD({^LlRM44(>9slTX^zb-N19WZ5Ebtt@DL}kyhHqRy+&ok}}(_M)kq1X^levmz6 zFPvoKleB=$49S{6oC|^U3Qml1E068pHTdtZFy8;~J~(3b(|WaWy4lX~554sB0|X|M z84?5(!teRG*s56XHm7s5x#F0MR$)=X;;BNn7`*m0rON=K7U^%-&urHmKB&%|3c6Cn ze*hvK#^I|J;e#?T){`mQcq#CQGkK=vKkq`7{>3ooQzkE(C76a+F{$}~!%Jc&CWSVT z0)vrwj{B+!e{!G4U9R zeO*Oy+Zmk5`uNM8aB|Po0{dN>`V=?#_$!48w zzFEsJ2w-x#e1`%0lJ;f#V#Xj>=0tQzsSM%I=u~{&-w($HblY1@#DBhA2D53DGagEv zaPnQ+{wuaH*xoT84k@>_7NS0rs{s&YWru`R~Bm)o! ztA^)8g3p_NbIMibl}AFy;Z`3y;dDJKz*W2_zJikMf4b~s0l>!>C>t5mEEoD_YtxeSE2N4wv~sMjxo@8n?A zmO)XNG*;qAYp7Jj`&;akNo-1{)Q{5Qrn9w|xmR&F>=N=}BH{ywU#U&u0W)#I`QQpSfU+K0-mwN^og+^{KowMb`9^$@r;s}o@ot z&mR9)w4kuR&kcxI$bT@3AW1=pE&dkU9eu}^&zG?DD(??o*l+mJoc1mca0f?a(v?z# z0sw;v^Y39(Pm_W;IpIRk^Z$-zG0#U$1&Jxg*OZxZFD% zXenQ-4(dhhxt5&w7WpV|gV9oJ&wc6)jsmkp4Y@IIB`bwg;HLe)R0*dobuv?~>HS$s zZ8-PxtObpXPb6VwbQn4xigt4QiToI%7G6{?BycBvVk*to^=3t{STr#I2h2oFV_%sq}gPlF~ zu}#kmO8y-Gy^FfZzRj+`si)o_7iJZS{{r|8dVbBuB z{(*tW006&=O5z1~0mC0WZU_L#joK#?76Zd^c#eroS;YCx5v2G1Ml-h+5z&M|GD|{m zi^zUjHO9^h9qE6+@2BU!A!@tQwkpY;Gy;xhghW!ur-$zK5ai*_d zi`K#wyiQTfJnYt2(z@q)c4tc=jvD&E@M86&@uS>gMvZeH8<+|27jD)}Oh-*U5ly2r z4o$si%|5^-J8}n_2@8q+*y)yCuPIdt?DEnIp$IHY)=<;SAz~Diil9)ebLHir z?Hb04Qp<(a`kGO$rprZ;zPnZ19d2eJB524cH8xJq+JrO=AI5=JYz`i7EGb&LVG0XZ z_@phK4@F?Sd4!())&aj?im9h(6VejEj_&Fj_9GQXZ>g1F{V?NTsUfKOb00FLUn_`D z$*5rOsii9F>elE>O2M^##M4G=T{r=Umq}!qIPM{xhng{MgL-!z zNi`d7b$6I;*q<`8n=G&%{aX>doByq=o~eZ)`&k|y9$J|(P+uWGe?HkzUC<#@7jl7_ z2A?bWxdFDtB8#KHe{q~Mzm{uD-aFjA34vxD_FzssW3`vxmo`@;o55w;cJCKFsUic% zV()IOu*}guejxC;`ruu|s@Gs_EZGcmShY><4@2dmesii>x>6M>O>n=Ds05SQ#cZrjw%%JNeo7 z1R_-1vd(pudKiUKn?o0e>i&r%h_&)v+#@O14J9{CUDxWb#vYGM3C%kzVyV0_7$S@{ zJ~Nx1Ls=&i`XgA^I(CB=I@|UhY<`q)1PNb)=vliAyV{#02hTL@+X`uJ3{@Tu_v`+xFovr_|L)aY3BlP)wZN}Z>1+T^P0jV5h?Zww zurbHEVmWp)tt#eHIp+=62iGKEPpI==_l6EriK+}KpHjKL zWEVl!5jZAiVu1p2?69TX6YsQ9ccN^WRNS>yYwS9#?`2BO%Z4gDrasB%@pp0ml zIPm!byYa4S;;^BjnDrWRaKkM0U7{R;h<=M^G4sWaR!p5&5abm?6usjdUGdgBHDN|| zJNb&756b@vBgD(r+kLHlq;e0@S#BV3n*t^nC^>B30I{Hd>N}s(@duBpc=|@%aP9FJ zT{KGrsQj}^+gy=T&LDVxcY#CT>aO9RjsZNv z=ptaBeK_|7<;wKUs6?`(?x<{LN#8LqHNcpo_tsu(r7`ldQTrfQQ>ybA-s>q7ueVqt zms&HV@$3q2wf5ioI@bGNT>_Zig#+-H{39wVIuJ!rh0|$mY}~)rVt;*g1qRi^g`SMT zv{VIu`+%+ho?W=oxezSbIF}#;LPwd*+zlMOGq$BlPENT=IM|6~W?>NYLfQ4Uzoe2aZ|+n;&)t z)Yx7xsw2x|dfnq>UJnd_=|QbQV`b;^Qq~@$Bb~?qQWFmaeE!zLy@uFk&oFZk9&AI$MpC+esl9PH>U-&Ac7dgy_i z74fa#GnP$BU5nmSLU5sM+348G9DL66+yy??K5Xk|DxQa56{$E{?fQZi(K>B#LS7kE zCO%7`j`U^4ffc{=GMUNE=>AxK8QzYhOj~G}g;z9EG!mCDbGJi)a4!R0(`U?{)ftI9 zl2rIZelb43l5=b0Gm9goVBJB+al?4Z>W7z9`5^ipj| z{+jg&3dq5rocaB%+>vvypR>EAiZ6bTE@kg*1L?5ct7c@j;5;G&y#UsyYBfb3O_wyy z?vyWCVjn>M0YU>IM|m%+e&}+VK`i7mF^udG>UryNn+y znv>=>qlkNjo_qt1Tj@ROz91^)=q~V>^MiZxz3{i*sKmCXXk%S~2VeH%lkvlspNR;t z(&Aph@j|h+_c=>!9fUtic#C6GsicD-!9CeS}f$GB!dK#rC zStne_Z?YMZP}Qwz1>RQCg(LZwb>R%hUsW%cVhqu^gcGDMe_r2dIDAhpAF+C2V{~f@ zH=6ad$bMhwu6I+x9y~c!<#$XJoPSGCMV2)f)5fyhhQ7%iJji={ zl(a|IGa+T|7niGT+rHvQE;roju4>O5Pef>o_I%gqDXqs5AF9WFth_G4QUl;6}mP1Q(;|wVc9TW*-@n zAIYB=#sC-`a;2bC5Ry%)6U8_6S)f270UknsCSP16Bj04@^fbuXbc&?M39Z^zDr*EO zdmQo}+b!B?lUit1`s-yYfM_h{ON4!Zb+{GjC}PSjfb&;2UB6dnheXTMiLj-UwR*=a?2 zD=y0^tx3YQPyfBVGu<>ExFd%`SCb|yGyD3pvnw`A`SL@&#Ah00-PNX zL<{|q9Zk{Ny6}gFas=mG@7U+B1;Lr4J30?*(BFFE=e`oBE3sP2SS5>hAw-zTz2JqS zQ3|JsWSB2H!~0>JnY?d=X{|gmyB{{>iN-O+dz^0WQ5%WRt9Tx>n-Te$RG3bivvTGA zu*yFae;~eE!yRDu$Y{Sz$ldwLedh3`f6|zO6e+QAGt0Kx@`Fj zzsil@WbVWDW3}dD=A`8BwA_0UaK<$Dhhcm+YEUcOUD3TJl|4GI?Roh#M%i4Nj0Wd~RAB%)@bm5R=0dViV7~ zpYgUD8I5R=L(^V=k=3K=o(dzY8EMZcR4}ZF?xF012sZ*gyN@}}g6wKQiK=^yXmgY?Tot06nrTrbtwjT zQpwkHk|YEDsbTJ2hQ|wxS}K#kN1PLNCev^?bZV0e8uv55-Qb7LU-KQC)ef`bk?eiQ z==%|i`@~i$8;Ld%^Bv`t^s@Y(w2zDz``stl7-jCulpM3ng{{|pZrq~-Urd{)3rh(i zlDnUbG1zX|I3#&x!yE?RW++&!*TxPEAMKhr3s&^e^MWD`hweJgI?rW=Zo*d7kidJv z`%`epSCSq{*O-v#^mHqw+zY;zZxj?GbV!{qCuK#1NF*}p!4(zO=n(vI?kM_#FJzE! z*x5RQ4`t0ZDAP{6A}7!Q9K!=JC<$B>_zMyk}8F-cVW20bby)ID_)jRb?VI`xdt7F1-Ni50<&20 zkca;B1AP{mW3eC#<6@0&+_I5`5-VkZeVD>t$#h1b{dx7Z%-8)9B6QD`EZ{-bOeshR zee8t))Wor-c*d`BR_1&6dVQ9V1SJ0>t(^tGZJ?KezeS>nQmuk3_H(M@0mS`fC^uHk zb~<24*!TpYUF5w z{`Sz;u9^>TOvO8pJIcjDy)=CBDI;aE1U0dLb2r2LJp~rS^}d`s5c~>=OUw5z_x`6ATase-U))@ zz%!{mYuu>jX-R4GtS_ggjx_gFwqz`1@``Y1%EImL0x+_=p#ybiK zGM9?8ThJ00leR^X{=vqNNMmoIPml+it7hocx+lof)ksz3$SQq><;JW5PvR(pLcmra z@d)6|?Kf4YaZ`h|QYI?h50r507*sX2RMIeE8mMR0slrJe!A@)4KArnymdpR#VkI^2 z-D{Z$t(0b0ONtXp_m@!6-80Us=X2X=y3ee)0|Um}W=)S-snR*)-L7_F zl89}0ui-V_Q(jq`TE6RH={}l^&z34zS1U|1-R{KGC?`6fM&)d}%|{6+)Xr-&0V<)` zS(+fm$HvIyXOJZw(+fCELv|eLUw`m~O}1^PT@OhrJZ=ozjoG~O2#;${d5j6DR3`To z)8Z&DY9*C$B}nWQ=#8^@yx+Uhxa7-*h{H7QZV%XmTPi2s2ygCZc)w*VD)Ub2)*_=( zTk0*C;A*q*^wAt0_Y#`!q|ezOQ+Af7XL zC)P!}FR@6i@1i@>W&QB6&%}BzibnN{G$gdRes=FKnYKm5At*|5VhSO>nqxa?c>igD zo;BSHB0?X#5I?1z3S%cc8)XylfKS>)(SWQrj`^!1}= zzV)aNFtX0{;`bdR{l|$+jTFMmB!Vd%lIx~|Jb5AsflB5LKV1j4VPdVn{##4X|E(o{ zFaW?!bGz@~w_ff~xm<7jo14q)TI%vBwPf|Dx_%!qBRTxT;d--&`vr0wF%7!$coyU1 zf)9wK;QqL(+g^OY+s!+l0X_n=v^l1*uMS4{QUQM&^scxamUQW6s;U_f z9GxxYucGF0M}Gj(RP(msNaMX4GhtjRUpTGM*@c!&t)_H;{3AL~uvBjOHzSov`d0X$ zdga(l{6>GpQLb;!7>Vy@4!@N7jqOIsQpkd&_4nc6I0fx%cFrW2@lwTnEtK*XD*gS7 zS*;eAnA<}{yWda9BC@Z6-)@z@?;=aD6@*Y({YKn)8RUI(Zh2tJXibn7y*qhzZr(=X ztG=Ff#mqs_RGZI%Y2YoD*;m<3Zh1ypz?dv^z+gA^^yjv3ou0h$98oosIAteg!;dyf zJxrH~A0>~JH5WcTVJ=y4;$mbW=zdvqrO{#Q3yIsLGkIx(Pj`!fio}9=o)rt}n5;}aqHrl4?Np-Nj@ok$%_|d!^7*os(pSw%DRkglF}YqrP5o- z8GPy^O7m^c>XBsx#9FIXx3pmyZ#;(w5=Q>e5jHs9HpJ9_&{UhPfpO$1E%dFbDMc)P zxBu1wO6RS3nLMk!Yw(D=*-x8tnh=+PG`S;?hBtpFWoM~_h#04c>)QCo&ATH=aiJ73 zgSU6N4oAIi+tMw3ee^(4Mu=-|D6%quT&a+Qn6%X1Wls;tr8fD}NT8rr@NBlGPV1~C{k}qtQti(bdiMa!3EkGA z{#j1;nqorTg`r7Km5SrWjYQ4TsC*(3z`i3+o28{X@3tZ~hTH1VA$L-`-r;drdWZg~ z_538Ems!_fJ(9t>>Wy`pLNZ3VKv`9lJw@M9$4Q-#z@+R!nv*cOf;F^ulgsv=a|)%d zCOAtv9J#}}c9mykXaLi5yCdR@_J|_4tT0cSQ^>AQYmg-}3>$l*>zDU|RnYGuH}JNW zDV!E{^7=;8lqrOSj2E(5(=D|y$z4}julWY4dJkGq>uTd_sZAVz!G`M;Cm%%^=x9GY z?!XnV=MhiEsVpj@e`Zv^JQz3QFyTCnIyuZ`7F~!mHBw|8!*(n>Ux8X;9!es4WH@&{ICjdv*WsksGN)zz!4n_HQhhmU|>~Qz3B#MZOLt!+X z$OlgY514{G#kB1t+RJW`z8eAEV`FC}KG_)Z9@Auj1WW(}E9qIx1z(T|u{BBYV)i(_{OMrT~UI>@$O66!l&VW$3M zeY1!qG-;^gf(?+P;z`1wt9s#7EB^U1>ZrrU^=0C|6@FX9)kf!=ki(sFF%)Cs2GV!^1^b3_B@^ zIdP4iEd?=6y%jaWmLfLq#CCxE%iim%zfr?=2>Z199Xqa}OonUn48UCGd19&^LcD8M zW8EKUZ+j%haEYH_o%XJS_enM=WaF-c3T{d8M)U1}k)}(Js0Y2#fm)nBf#g)oU)06w zQfAYl>h=r27ixO}m_iV2S5)=b(?KjNwzX#5xup8o-@oM`02^j~cTmV1h&s=sT9Y{weXuW~NAJQpiceCwX;~7}Y;)S*SLj-@Aq+J7|ISoc#`OlKIH6uKMn;t<3MSeiKhI6X>;y>ss6zAwO0R`EgQ4U!L%u z>IFOvGp^T{!Y9DMs{MoMT~w4VPZ%Fof*@Po+ z_~IIQ=tiK%5B|h?+9f3MO@^i=t_#V=;GHv@&GrVpd)!Tn&K1l11;AnK?CjjE6@TOo z;J0MqwL)7~ul)0eP> z?2Y0#E9Xhfk+K<4-JO*Y8>Xr!tnru2Z6!TyyS4qXqZbG2*tih7RQ8G+g?tg)*76$J zO~!T?ILCpWrsKd+w|u!>q=+Fcn0@`za6 zu#!rNDQb!C95FyB4u$9FFLz-E|Z#9>~ zlV;V7QfWy>X+BJ$=fE+R^2yp>X_eEZt>TD$ zrXJfW1L4)EVzoSGX;toSp3`a+30?+)3G;(*f_IU#n=v zEM~N?o(xfQa{15O?IlpU^S^&S@}`YV`E3Z9C@G{8Mmaweh^DkFSu^;wu*NcC$+r*< z2Myx1F=ns4?p5$c^0#$_Ou6QBZLjz~z?bKJJSTr$Djkv3Ae(-~pg*4-L8aZu^jgK= z$-WKt_?3r7ZLZ$Q5O6}Zx60W)xxgqM!I~*-kMs6;Tz91La4u3G^4*GvQS+ccE~3*x z^Duc>$i?@zlE;DdVn1Z86<;v>7)9D*OwfkLLfmvTifqI13)}^csiI^=HjIMY3**H0QJ6Jkq1qOhjSc;hSKG~vQ+sF8(epiQF$$6@8 zLVA_aiF|viP*JGz;S_t&klyQ^_Fun{e(Lxj#EolE9)@Jf>kDpW7UE&wwf_0qz!xnY zadMsFNWkzF;{lV%i`59Z1f%8(a=9tJN-Kn3R#53X5{}2{aWGg~=tm@%I z!boG`y@n~iNqC?af^uijsQPAqdTzkV?eHAjTI9Ie5`6+)+PKwmW+$iMq_qv#5W^T> zfkaKOouzDRya!@gpkay^Ir8S3=*qI#SMs6M-C2#*DHwk%Z`)1D%O-1Q?9Ft znwhy_--#b@t13$54?G~3GCE-jH3J>tPooJH#a23ivYC0aC0E#4nI$`3rTL`ep~Dbj znkhgK=OKHS7n5SDC*KCBeS%kcO1I!&YKlf3O*~ zYK62v@l-Kwrjt*9ObPV-&VP`BR0}YUx=n2?1*zTWN7z11kSKj}3xU+t8Dn*XovC-S z4a9@}bzYFck%Bo`VRd$+C=IE()>!PG)BZ`As)+Hh)w>YznIxBByYX6*Bc4L^Ls-dJ z=gF&w9+r8~>%oIVrJhW8sczktQ?v!A_ZlL+sa(Kg@zph7U>0mIHx12cCE>JljrL+d z;-}35tM%)#PN;7}D9$pUmc}=7`TCt4)UJ^Z&kh7NaQR8+I@YLYKUqGierSZy!3s>Z zfOxIwIM(2xO~5H(N-%fRYezSa!qIo9v`Q37K~wSKV0i)B|X- zn%`Mi!x2&i47OmL9x8fGKb6k9UZc^JILC2E{xFbp9UDJUFj*3paW|$AvPd8CrUJ(s zOUm0TgDB54X?I7Z{88QUZO?_16i#$(m?oN&-ZGt*Fk{;vYZ{uc8ekK0F8XHAu7gQQ zMiB_U`SWV@$1ar0?lt5uFJiQ0PZGF6YQ}GJldW%=8LuwX>a#czleZJN?s-d2Wf{z zAG2l+u@r>wvuYWWz1CIN8GV}ZuqUb&p3RobxNdFxiaXyKz{S0oKRikfc7OQ+9Z2G! z1fC=pZ_auxg9gn)PN*Qoo!zk6i$n=~^1S0%rxG@RV#4IXk$3)`hV2qd>@oJli&80N zMT zoub9v-CLlzy9al7r?|VjTX2V9=jnd;x6hAr#>n6g$zxerbFF*M`%az_ zjK8TBsipj{ouTU@q;`l(q$vD~aP>R_sg)?I^Ryx9f*~iWXsWb-aBibC<*X5%8PT+O zXk+f>i=N;1ZlUw2A!*!Mb3z#rjR3QNyYDc7d8SwMbGJ&U>|_4|*A(NQ4?n*B)2depP&JhnbrfE+UO66}%-GqGe&Y{{=pWhDdcI-e{`x~{bey6k@ zX1llzR1au02iv;30>2&2h^1$jnv38fB<^U4(9Z9ou;SS`Un5GEi`K`QpN#a;QK=;h z0@?3J%~e=bXBbtQ>1<{RW$(@^E+=SH)N?A|xay{L^-RH5(XEHB@wUmYFYEsN)D>xG zZ0=DiVA4iy-cy6A|@)K8VMw5{Fm{5>dbCZFWnt2yo2sdDOX z^opqy|9W_eH2Y=VjQc3P>w|=};xqr6dLx^FP+g~-yEJ($noDA8D9_ZX-&3nXBX+v# zTJK>X)+Fow2TEZLoKp`dYxP|b+cbls2F&dx=c{wZ| z(yl$#Ptdwk{BxvNSq>5O{LLLzmO;eYrNI)b#RCcJpcH*$9=|6LSv;o}g)a z(pG+0t>(Y-O6PI$mYU z$Jui9b}!=~_3>7>3XC1dfT{ztDHo6guTR<@XcEEv*Ectx{w!Qg!d1;UzL2TeCOKH0(c}p&<8VygI$?IqVU_`J4$5yJNug9 z-2($$4Yd8Q3GrgW3GpZkY_1Lj;%m=CY0g#>nN5^ijG0mADrfm;*5a*O-uk{Z>>(^ACQqCOSz%&rhpTYu%6`Sb8(&yJ|hs z*4jWL4%F)08e?ez2YdGK0%@rB+4wRFo) zI{QCT2&5~!ctBm=-f?hzDR{;=QYv9HJ%-Sf{iL>vT|1?iqN9X0S%X0kYqxpQs|A~p zNT{@Zti{S`{ZDh;;B*KSkW-nV{YmikT*W`DYB*5w!i}K2V13fuVsD2yrPvZh`m=S{ z`D|jpJJ<_y86ymr+PSXMd92$2Lv8ho{b=#a z=e$z$@4tL)JY}CJsT%RpQ=fcFgHb9@J93T*vmu#ZQHLD0hg~?gr}xvSv{-Jyippm- zu{V)n@9Zf%aXY-84~$g9k!i+^PCxoMH8frrirF;ByTT#Pin3NbO*CT;f|hOczU`w? zqHp4@YFKC=zSN;*w+&+W-L!XtUmghyd(oF_|(7<8Ui1`H(Y{^abkp>)} zjydV|pfM?5k9R1KY$|-XN($JJ)YQ|KoB21uN-xr|LDTi>h#ZX-%)i0DVN&xtDpXpj z5s1MP85!-RJ5r3@>gApGx^`4$Je1b1Nl9veCScw|h6AXJgpARJ1VdF#e6Xm!2SD=k zrb+PO{mkE1hsUM;;n7wbD)TKwN-q;KozIL$1YHwi3*;Q2W^G^&=f_6d2Ru&Vg>8&n zwQPC04}xvIIk+E7hm@L^v6%m=oG>K#|Eiq8aVHKC_}wna+dS?#@;O@X);#(c`KI$_ zSg{nInBV(Sx=?nxpKIs)CaD}6`x1qtR7M+)8-e(69=a)g*Rnc|(5M*cRQXA?Q1MY~TIUSlxagshg zM0`z*KgC+#@J3p?>-PIXOi<*md(B3kTfevs-DID{c<>D_Y-rE+Bd5R*BHJyjgnyz~ z>n$F1HP#L%B}*6~q_NvFAmF^t_W){_EPgf5q#KRa$rH9)%zPU$W?%Qd#3F7}Nn!z7 z{+`(FIenC-^kqiN;@NE}HLme^a?td7A($enFc#a_kGoeR1l;ESPRfez#O~C|GX6wi zE6}Jwh@vhIU+?l(Z4+5K4aSaFeEXTGCXq3cik$ss#;G8t@~hbkJ1e7TN98MuW4LCG z`GuXCgMeibWGJa0EjaQ9iE@5OEE#Y0uy#3dMCs6hbnOAfql4yGp3%pVzKqQ|Q)Qj@`Fv@1#Gzh9<$+BzY(;drrcnWpu_Z5zA+-{R0Ju46Ry!mO$-u zf5V#cs*K+GzGbxdRB|`Ve%fxNEy4dz&b@~M^~DyBw{x!#L))A6pxlpaWCpK2Rkl?>te0XlsevBjv2J>J0*apT^XPc*vTX=z_T(d%! zl`{EDdlflI1i!;}%(_gB?K)#{DN`Kk-) za;2oL+2u*cUP8>;BMv!o1_6ZEDDti9CxnU*pC{cvKNlx#+)O>=G``wFo%|QiHy)eW z8fb>#>Zn+(D_C{LMcRvUVbivHlHA#-H3MS2)T+)!8_gvBDdXjVE&HiL!XAC|1T7Uh z$!N3~ulr=vxu$Y4f5PGXHW>N6uH=_V7woEoX*7&`7q?3njc%7a(rTDPv*=qs^$Tik z0Vwa;-gBC&)TzU>8GcFEd*FwP86SFB$7*junj4csAW|sykH8q@;W9guXBN5OMEg+b zrK0sw2T^0ZsdJUfsq}Cg+kgd?ha*Sgp(4q3V^Qm_v^4>XhO(U zCuCOfjk7WE$lnAKLS7i440}#}Oh*9_=ln=-I_ix1rnW+kG9HYbkC^J3?aAPXvV!UZ zXO{1Y8S?BI=Kb5x(+9f6?}>fnlS1lBu8gM-uUB_|>U!2+;!}2U?G>6RFn7ZMMLA3% z-^(r)8jS^;O^AY{ZiA>GI;YuZyFA-TS*N=|BPGhmjd~9hvLoz`lji5c`q|%^1lImN z1MqKGg@Ym_#<@n-B0+_qoFU9F)7sL1MBbzJk5x7FxPOE0$Bc`qT*tygGRySSSR8=r7?6@Cl!95o39q@ zM37FdzX+Ra=XC^h&dZaAtJ^vn7~e9jmj~^#B8U|)UM4D~n$P#FLVhT56VzaA>$SQA z`Ys87_;^G0<$yyhGX2L17Iy0jSr8AW1}v4$)h`v!CB}wM_D5_NFZ$@jrjGV^qmr0g z>#!-4rd_DA0tlZM29&7PVSmnJ*R*OYjI5VPo^&oR?qSK4PPVn#*$MQgsF-lsFC_o` z2lF3@fim%j+xE`3GrXy4QP_}%mxw&hx8k}lpMAw!MCcB+qDd{nlDo|lUZG?z&)x8$K>s$`*;lFT-!tSlKkd2y{L)L9d758t)pUgacFVhYou+^$ zmDVrod{^~ntIox3TA!|4S^hNN7sCJ?x`CdSdclo(rKwQ;jKI;j+XoW=O!D+;uBO9i zEs=J?VGgz7oN2p#`UX$GHW*HbGqJkS!4APw{wJwb;>9SelT}m5&#qwS)qyF-)JwZ6 zStJdY_+^sfv2QXDfd?G&CujEl-&lDj3Z=ha#y`c>vqsvku@B+Ae?fAJS4eCsfXZD> z{l4#bt2<%3LL$rcJ~wgtO9}DXJa(1z4OkM`1>siv5uP&3T}gyGQQjZG2XN3296glC z7anP}cN~1nRQRM#WI{j;)|*`#P7^2)?svt!2jdS;xSw5uw{A>tPejV^i=fP7yF)oS zN=ZtLg2Zk4r)|gr{hkmbYvbc*;s=y@8SMl4YP1JhX`?=o@%;ih(Bfuu*1Hoa<*j$= zd%h;X1Wj+9%2VPwGN9&+HeCTN*hfDTUWnGat^h~A##u-&=W#ae;F}jCdf5P-gFBg3 zrI$Kyt?FSQVhZ;D5K6M-+e7@Fx&zUEmD|RBpx%wR^Ll)p)MuB-Q7bFsgWO{_Cy@yy zYx`DUQsS9pWSQ*B2l;)($d^v<7Xm#R+x59$0^u*6x;n44ukK}B;qGNdfnq6oF@_ZX zbl|Tujkdz%sc64GuWmh+EH+3Bl$~B3=Vx-D0=t57Hb7{Q){O415l@8|3t+jqY8W(` zjg>7SwDo|976~|dqiqlGcT2Ahug_Qqfw)kcpx>y!SC#=^$`DiBXN=t8=Q z9G`#;nfDaDKa#x(X{qvhbmGr(mTqzJD{Ud5ty9+-GS$7Rps@7~b3Q8{D{27h853zq z@CIKn#y)dyd-ZS3S@uW5ot2&d438Xw2TkvBp81_p-D>pJiz1|8ia6|cv zky~^(4q_%9%QRt!S=jG$t>mD{gd-cB-*8qskO>7#B&p@fmwl=|C(EG8Ess4EVe%Rvd(mm%;n(I_1>U0W~suD=!My`G74y124sx$w2&CaYN zO8OzIU~#gHJ6xAm;s$DU$fW<}ok}`h$tb?nRI)dCKHqMe(Uj%I154|CL&BfI%^IF+ z&WeAyy;SnB11l3W%2A8Q752+d<^iAg!?pg`!~{pnwSaLCIm7ciY_9EW&g+q2c>R@e zhhyGZABc*|a{(T>_Ha^7b9JNMh z@lErD&z~OwNJImfzpM@>8W78<2n_l$t-eu2p*j9WMAVqfHwQAt4{`3=fvjI|(zA+J zz6Chvs9p8VP@nrewU}B-h70!ZhV?R$&a~Cmf26-m+!>ARV?9jkziJTz@%I=xA*T4K z`@TZhO!zX0%TUbxhL`4Oz*|oR=cbfe=c;<;qU`Py^yQ@x(X;$KYMm0;kIe@h(@xA^ zXRS1OoGipj)>75IdO~frktH@^h;Rq)-77BK4;jsxX0RF@15a_?&8M<{Nt>Rl-AJ3t z4WAJiYBVxMsE?zk5x*8e_Kh(LUnt6y1&Ns)_;ta~-TYf(d}lG9LCrkrxZ!I%;3fYD zk9T~r1;@C8tT<1~Fo;EHq7Or+zoqVWsns>JAM5j1^kVjY)_s?4!I)jrx zG&6-d$%^3H90Q-(SH}*bmGqZq!2*$j3#5!PXbJ$9Ox*K`X3as=Q{fYI(KOdjA+kHG8KBiOnJ^jMEz3uA8^ND2ft}=nc(Rw<(Ybs?pyDI-sjl&&)|yx8Tc9Qc z&prMTzi%S%JL8fZ|G~Yxk@e$lmwvUDpZ34^YuefY%bD$*5Sbaw||l zf?|?i?40qx^Oj@Q6{jc-wjy9^L}Wd_*CYUQlPro;T<_u4BiC=mLR6Jc>wn_Tb-MPa z2zW;rPOZqBx}lxf+gzzPv!4|~2j4`Lym!^(kdshho_|+f zfzx|l9A9Kqel(@b8Q_?zuGj=gyw30lQ}TxBne(u?^u*w}rfgq5PG*T>(j0NHET>SV$kNV3$U$}M!(d}G@_y)+BU{@mo2r`z4)A&|XoU!tnWXKtdMJPDETjyt zo%!+Bvc9H%7`v8Dt-olS-f2y-*>iCq1R=h(va%2q zuR%PmwwebMcEEnzc{1;mwQf{u^(BzW!;SxH9w#~u8+*LsL?3ag5a@0W>?ZQ zbRAXa^}Fev=tYsGBPfrdccu8VLE|2U)r5}Sj2=JJQ=&4A9Su_MGDc_KG29!K55%F| ztStAW*p(F->*b%WLXzr;#1cOuS0O@~$6HJd@Fp*~AxkAQ{l&d+_lh6y7NPIHOMLX` z@nc`bUCSky6*wH(u!>mu$jRT&VnFly{%=wt#r-RPXtj%f9M{c?W;P^?TK77wyY^c# z5ev5V`tU6TuRrBR|(uNYi%ukZ!2yc8i&>n-O&{=EZdE<{yJ7l zclswC<0KF~`q3IJm@`$f9af#Tcb#0K)p%A=z8c3Sh9-Vq)%h}nJ9Zd<9Bv?o+pnYC z@7~6=H78^N-&tPIXJ_9@PyTCxz<@&K2j&mh=C%F4Jk~UYeJ;1&fK+Q#kieaT*?Tkc zfW|E|hhM4lHuhJ+j5^E^PsWm#9dZ3s6qHN`u-Ll8gwxR;T!3 z>@j=Q28a5mvhmfeI^ozsLfnWh+(aUxoG?ID|Q9|X_&%SY#KZo(q z-ZXu8>&Amm^_la?IuoD*FY0+*wJLbGA^P4dBCgoqc2m)0Fr85W@{50)9JvCnReCl= zYBjdJ{?o$3;|6|wHQc!i(DVI06^c*9O=+gUgD>7E{ zIDIfL*{s8;(=ooi(P)yN<4#0T^f)trNQ6A&1;NW5d)13GcgHX3hBC$q15L*H=QHmu$?#?b6~P^eHboXA_KXGos5|cCg>cUVk`*pD z#TnrZ;KG+8Jl1XZDYTrR>#FVOHhN@jzYoE~?J^~Q6{)8tRCFO}|HN#+`-iLj=^7I` z0s;c*vzKZv9v(bIHprEL4QXM;4zu${!<$wt-+j{QApbM*>ow`xc_IDQNVI*AFqn>Q zawr&ZQj<&kDv`&F2DXCWIjHdItARQuj%nl7`&Z_{O9>e~gK3CXR&|mj`$LK~A&PqW6K7vAn zxKyy3M2xf~%uR88z8F)|3x_DHVd4v+I^VyC|IZozmD)sHqA+Py-6JgtQ6m>yj-QFs)=Ck5m`KD>?N|3o&Sc!~KWWr+UwVqt__cmGZG zPa1ihZ~W3DA4%mLFRawnfbuPUovW_aQ9znAd80{~(Q=HL1Azqj=FeNF$l2=Azw8D%td^x(+I*V)|h zg7H+=;+H8!WqwNhF8LujbVi=Q|9vKk@b6W*Qa6|0ovs=Hjf_UpdFO$rsCczM&N)`2 z--~d%-U0TDjuO?-|4hBvAb!p(n|6k}^&An6VjI)*Q;8flgCmZ>P{#foS5bJ3CY_A^ zny*L?Tl{0kSB-m-DN+V%Z8G+`;My5=rM3UvYuE699%drYxYrWq`fu9IY&zfZaO!ut zcFT+Y)Wgx$!Bv@7(-fBv7QoO6wfj71L0=W26zs{A7Uc0R$ek(3G&QSdA>#9#H-_D< zL68q$fxhEZm#>t=UxXQY9TlYDFhZHhW|avR-}LL+Fj!p z5$^dQ6&PpU_8IDwV|RU2qAJ?noN@iIH<~IYEbLoEPI*1^8;4i%T|H0_lGaGY3S2}~ zP)l1-^L*gJ<8zQ3SCsm)P!BH>Nv9o7FaX!THpCblGmvn`6$?3nQC#h#4JVuR$!QiB zRNDLh+<&&8D}QgMSR~N`Kz&<#HUbPROk)N3RAT5PbEv|fzMN38+ad>_4$o*R1y$op z&iMTTEq|hz(<8r#$dPd6OX#6O7q`yHhzpPFrHN z*=c($oj2db=lkhen}xKMdgYH!L}?fg__g%%N^}(aI8en+k3fb@?dq3otH2`i?qCNT znWr2RCA=7I%GfQQ-xv*Mxy=?br1W1SLHFoM@McBiBCgx}Pd@`AP8(r+qd!|nBK-GO z&&g2HH(m5e4`AOrW!;Ry+S%ESpBP8sAO6(hYz+A_%{mH;OX>Rwa^v)bx6jnxxkWkJ?&E z!YNfeg*kl_GX=iblUl;Arw>#Tk-tPkeIhnfFPbMCOvcO+a*)Keg{CCohMA#cPp3EE zZm=5k-gD0Dz0xPH?Zl|zFclve8P#VhhJd667_=BAu(py0LXpG;#62e{44#aS%|9wi z8bJj)et{fKW>A;HtZ0y&s;Ah2wzs51NmoSVS&=*j2VGYE7OH^oQE5EXRJ)=$L#7D! z-yig5Lr4;Q$2)W(Muvm4Gn?ZW+s!Um;A=2xHJ%rVwTDU*JKR82GWgttm6aXK-z~4# z2Um);owDV#qj*am(hYhq2YIn^duhY8Y#u7%N#~%(q}`bMk5G2OOg-sdI0l$vw^rEb z-E1XGr?p2LQKi{MDjSW_SN(!nQy*;aHArqUrPnNf*g`WF(+9pifSb?>*9pRzEQiXK;vY08j9v)oOD*z=yls363=bbs=A+a-hC#_&V_^@8nQaxCdA9?H&4~DbFNw zJKzt;vHO&h5g{sWpYlW6Y@&rNw^4=}OHKMp7dcoUf5eBOSo^uGsp&we7|T1o<5?Fs zq~R%H^v-v1l`@99r$ybtP@WsI;}-skQ7kkq(!fn<>VE`0I@7muVfua8HWzyFr;b`i zp&nYIg352a9shX~d2H)&*~Lf`KH`TlwWZbAQTmY(v2E-~glEz@UNSLPP{HfVKni|n zs=@aI?UzgNTMTNOUn09h%JtPSI`;J(<%%W zR~O@J3#zJXC}&>>iZIof_Xo8(uPCfO7Nj4Ii)f@kiGN3$lWDGsMhoVI{~J~OiGlPT zFiJa@mjhQ@?re7kP}9=V&Mz;!y1Tcz-Q3;r+$T+VxYnzULYYZPsF__l5MMcDV0bZG zPyPRlQljfwG#8=R#l-#b>YIyHxC3g_;~J$A=_t9wsQ}ya`!<0tSHPkln{bXG1Ji-7 zmA)Qy>GslRQPI}79?F*cm>;+j%tGNtO|!wr>Zgafwxrb?tH>0xZ~`)0gKtQ z2^I9Ql>D_E9?Q(LJG=6+qY7WNwI#4?3z)ceh?F*^`pe~aq90NU^YUPNhjNBGWuKUP ztc0KDpurODcFhFD0W6&}W&D9kdND5hTO^axvZ{K4p2M;n+|`w|Y>^{{{4=bCb%b$! z`6tKP;L2zxs}T9?bp0KRnp@0dcc<_2NB>*M9u?$ zccZ~79j5ZauG~40kWJ^#fr!pWvKPo@{J3gtmp+|~NESP_rFg-_5%qC(#9!Tb8VPO7E76wMlVF60SX{9A|#uo_&gQFue zmd>?oU*38XQ~GAiW$JWCMx#}Rsy|AAR!0{>;+{Nz&5H)QZNVtEDfsKoxezgthhd9~ ziwgbUU-&OR;}bZbZuzJ0LYp~eXkz=BK41DM$A4PSiv+nEQ3?;=QEQQPgP6Pm5I;S( zXX|FYb`Mn(Z;z30#T@#Z4Q|2+aE(;WhJLTzgApSRK+*He$c4O+CmORAD0VI--7F5i zFl|RkH*Qv!^QKF6bX)vhx;%WM$F~#pi(dOSc)Pbc>`t(T}hCk-3oY;f~{sAl+ zJ5S`ugI3FxKO-ES-t8Tngt#=a8_Seo?sN_+%jLs%68th)#sZ#SG-O>i`-BS3u0e2; z!!O(k6{v>;wXNn{xyEQwMsM*<8j_ZJ{HF9pFnB9#Yh;I9j8P`K=CYn+7{1lIX8iu! zZ6kW=+aBzCPYn#_M67B(TM9`}t>A_=&%h-Sn(6&i{4}JeDj~~HhRmq$lTLM3l<1xB z?%wH6wp@ECTeC&DxlF@zdc{OQzCnbdW74F77R5zHxS=A&h(k=M2r2~tYryg*L`l!p zSlPW{m4HA2^NKHz*`gz^PIk~gMd10c5G}W;Rmm|~c~OyN=-NR-;rZ~NW%q;}4R6*Z zI@f``l~EDqEXim{$YT{V5`(Hg-|ywg`^VIk%Sa!Is1gAQ2~r9b?f#OcAVIF;GQYd( zCJ%0NtlG@cY)!49rNjSD8@edWsNQfuAb+`8dcQvo=5#imI9SDV+{P6O-FkBJ5IE#W z4AwmZGSB?yb6|_ZT0H)2U~FPD>O8$mg6FMHhKI0U!vjH1*BV$VU}@L>Iv-AkPuz3K z)41SKF8dzoOo$&-Vd(%tTJM&4oxv^*k18Je(H-7&a%l6N;7XS8zEKo&2^hX_bagk? zzXk+n`WEbf(6&`FGonC>vZw_d;fjta_t$K=yjVMIXe6pP;9T`BQb3SW0?Nw=Lshy_ zrFpUaElkN#6{}@Dz|(*juNpMxv(DK z=@g&XB@byxa0%q?c)U?X>M0%7EIn#`0|6t1q5PaF4ldTFpa4- zj2AP^w=dbw-kPyvEE85you%4V5p;EKYi?x*^-@J=4#i`XEFE09CpgiG)n%*Jrg;VA ztfBggBrSd6_OMZSl?_*$2Xo756KMw)kLt>2T)WFZ9J-6Eu*a7|^_8J+qz35W9<-0i z{|=iMBme^g$BbIO;tpD_XxE!_c?=#mCe6*u^O1TnNQPfl`O~h@X07t;IRAP+>Kpl^ zHN}$mTU3`vJWAoPRa<>RQM7%o5dVGyanBeaFA1Zl)fWY6P}Sa{pd=W~Tl^N@MB@)PZm2K)#+@w2fX zATSNvm_BK#agOFEO5rYkqSB+UHHxodlkVS=Ow)tJZVP#Kc#vJf4b~b-kOt>7KVB`jObp_Y=U0@G(>v9YIw}xh_#2H+HUDNTvwKLoF7n?a=YZc{XtGQ39t+ zzH{k+`S$*!@kC}861XWYKGD;5)YfS#Cdk`9M(PNTwaCRwfZ>7RVa*k+KdW&iGERbo z!y2o1#9;rVFf%NMNd6nmUY}q(6>GmO#P6Vea}aTfuc7eg&8hh<9nMftryp)9#BgBa z7ZM&{M3vHA&8zdll@hsPY><;ccOJi#dNY7UA>u_pa1QZXm)1)gGMM;7f<(mr%Pe)w zp^rcQx=MypaVuD%UuWftaNUNtKaZ*$rU|UtFKZ0Cg{2YaysUgZ7R6vDiAM* z8#Cdkv<#!UixNVb<5fUP9rHKB=03tmwU*rh`Eu&?W7jxueGNFQSKK9JamDGT^y&8} zoac5lCr;!<`my%&{S5sL1959~U}SNfvK3p>o1A=R_Y)CWzKAhnWq))x6NUAAm3F`WQ75`o-V}juEM|uzZOeDt z|J~_t$^`?loD6+)rOAX+*x6dpc5C=eXi|e^2QwWH70aCJJrHP);yL`*@)bG)2tF^m zuuj%*!*?tP4m`dKcH?66V(Y5V2e1PlxyJIoTNP?$Gt7$784tFfCC~PxHRml)*hha< zd*@)9dM|cQh$kEg0V^EGHqkZLr)oQ-PPZrH}6(2=frRaR8L2pDy^Kbeh|N4z#{!Rl~25mqt4O2rC#rbRua74ev?4MoA}H2 zZy9p=EU&U?awQ}bX`fSv)fta_qbOmE%oQ>a_JBOd7nNf1qE^fz`F6N&jzT`qoZvBK zuR)^yMy}Pg_X$SSvrg#Cgfc?u<3ze<{JOYcidP~cs}lgMfywmnO2I?eg?xl9%sX&fEfl|REL@=`v~(KpVqNu;)G0B zH&&XN`>+%;mrAHHj)Z7(j0BQ>|HZk6N??MgY90!v3ZW_sG?ClbXh`YFOC@j>yXG`M zwfNhtx2PUQ(ZxM6@o?H4vEoWLw^c{Vz*F+7>6Mv`q}r)yD0M;O0WRQw{g2w@BiRGG zZv&z|;8ySH>xs_IPD*M7>FdV^Nr_YH9B#>o8IX64*xaF`5}LGPqbGtKElH~`+}m%6 z&B%S}VXTziJo22c=hg~5v%3-x3g8D%QFf(UQu=m(K_d!h&S%U07t~?Jg6b)g{Hmqg z0z?TZI>F-5hfFKW7MFBdDV~WYX_X;1jiEbEzaWmhvCnHaC}M%ieUh-A@y2OAOILJi z#$J+VTdI!9-iOJ-QIL`6GmWXLE#9Y^3-b4bmmX`NAiGXuGpVISkJt|Oq@E}P+?@A7 z%@OxnvyAgUI4&R?^mRzFpjNoE{ZMi6?HD*sUh7r(o+Wux21 zK9=tysIP4PhHj2s5}*<~DZTCqe-ygU?V^+ZdaZCfax6`J3i8zQ$5PMSOegKu4iBm7#e8b`YvQy;5VH43G}9!uYT z>IK?)Lo@t;H5x|=`83zzCJpsw6Ee(bj08BYZkvF|EltY?z`Ow zm(-jUJ~o|Ql{otcN%@v}{k>EE{=?Au#`_7xyGrs|(W2ZQfsNbZ&1+g4iR8;sGhQ=T zUfB%xOFoxPv;u(ZpciOALk}eZ`nuye9o*J_LjOyp;=WPge>&-SD$#<&lU^PP_+~O& z<@mgK%(LBTUHu2abV!3C_Cf0EMn%>QrN9mGXWRcX^ zWcE6bd*pKWWm&`Q0;GM6*$>aQ42CEQ7hYU$zmojt43Fr^eLFQBaRcIlU!l zSlA}!bzA6~XV2{TN2bIr*LYrX0$ZV02FogkAU?3Wj6?eaZj)%p{Qt2Pk4^1qgu;9I%9XQM)woRsG zewH~M@y`cOjtOjD>2G}=5MLSALO+!pSB-np!V;U@{a~fRq85+#)>OY>5@KZ` z8{aGQBD^{OGT0$`oxh6bLBOI5+Mxb~#F-vpgc@aCNYS|Ekj?qde1H1}S+L-=)k15idRPqM zgWcLn%jVE_fBs7Lr&_ay| zHfOnR*C2fq1-|vP!w3mfhNo-eupgIaI~RHL3)<$X(k>IW zM|0$YcZxxBE!~UEH;1Y{Ti7h9)ixLRNn$OJ(hl%mvM?_jB5)c{9KF zAm*Lj>ILRD{$7^&iO}^b#NQ-Bn?49n>rzNjK{f1TBF=I)6} zDog)}wqm!q;`gF*b!EL;g|xE$yF-CJ*gp;2H7}!6aNe?8#Pfsd(G#sE0!89xdk|`U zUGYG2=Eak|8R#`#kd+HU^)yDi!g~()wJ9=yJ23(mr_#yfL^!Qxk7<%Io_VnZlfXR( zPkGTTW*i}EPE10`LhiJ>pIU$^AI1;I37J9f6dTJ^zLb8o0iYnP$z1UDE}|Nln(F=D z-2f=55+lx9JVovo(m5ns;|Ph4Z9Z;1UuP#^=yQSbzq!Br8WLc{ z{s951s{Z^~y1FK~tDh4{od~3L+y)`e19^Z5);mjn^@eS<(MQkmi9_D7abVxDy%kQC z)&UuqU1o4~h1)(j_!B|6+~jzO7970j(>$EKo)5qVV2@J&*u*2?%ookiNUMJSr~439=2mh5agaYPzM)$2x3lyN2Tky}_JyJ3v)nLrTN z=}8Ga>pf<3nMq;?f>_M+#o}tJUHIj>g5M+((1(mDx1bNj%ZYORmj2t|ct4A23Fn*U z?~3IPp33|@C7ZWPyK`J?@9DQ!K&5=c zD^{*4EFxX8YM$gSjdFeAPoqKenKQ0rYAP$&OoSLBg5n=c0E2*%eG_01FdsE%>^k?s zaigF7JX)%+rMKw}obA|4ZOJ-(Q?c(>K31En;Edi`ODWtPLh)r*?;}33C?EDf0aSZ; zDo%2yrda%fXnEnLhYiygK4yiZCf~xX7@MPDwzPym%_@nP>~nzne0V8DIl=rlof-RC zvEJ96(*-2qi;nsrSoTW;opN@o`4;`hE_%vsi8}3}C0S#PvGs)fX$E^v4P6nmO%qC{ zhDBZs=CiMldC0ayMDYbZsIJO&W>=m&6|>+|0I3&=A`$T!bhdTTyNtnRAs2{Q-)I=w zKCS;jplFJ1{M#EROHP%(3G!JIVdR>+L|k^n#GIG7>EjzolJ93ISs8v+RWw0zNF*z6 z^iso}=HGR7H)RXl8#M_g-Q~87=Fnx?%sb+((Or zAwZ`18te@{3272dWkWygyJo(-$APmRHv_?i^2On|rk|bMz{AFiZ5c&`7r)Y`z&kHk z1IW0M#yEeIy@9(tGSt$hs!G_s-v}3?Re*VY4*b#`zyzx36BIvtdrog5%d?$95hO#& zy+;=qFqgB)OM`OU5jZN#SoCb@(xto@s9GlXGKHRO--~Q8=RY4R?JuP@MJdegFm$up zYaO`X;4FUCG8T^;Z>rdYM8RwGqsAc4OrcFYW~HH$qZ^duH3~29U;;yqa@L>*JC!iw z)j=BGpRtu0GUDK3`QEz`4DQ>p|6N719xBk{WjoRy)Tg9Oc7M7(vS6(2S%K*kK(wdd zD4>akTF}qh;G`2Wb1HY|6mf6J`Bri30}nSPzs#(T<9DmT7H{2Dc*yg2`YXjkRUdat z&zSBiJAd^^1D&Hg>TKw@eRer`*$@RUA6^R&b;ZMQ&$#j%in7O#1_$zO(*bkx0UyuC zf0h#~vA(Xm9+k1MrMrYmO)@tU5Oy9^yA{scqFveap_uZFhDva{s~Q15Fh*NN!t2u4 z`%N!1gl(z){%TJ-psIdzP)Zu+>65*=u++#^UDj#TH!ZdROLA0aON<&#pRdt8#h>PR z_bTa&{fV6xfJ z!q91)?hLw?KwGlo@64L#e#H^34vQmB=M?d9UOjbj8o;GStib@Z2t?dajN z(KJWq9{CNREK2w=Cauao`j%>b!4dswJ-rB^pw#Qk8tQIc5AIl{VP@xGZ>o+6EQbyV#afpA_TWg%1w`8aLmuLf@8#HSDunF|Ao&|K$2f;+-XHND zgv7|)10vhefYnR+8KY=%zL5BC#p&(8bxVSLKze5k0PG0}fBl-t+$%IZJ{}oV`QuZ1 z>k#&;$`5W2bn8_gLJ=y}T$2*?ai&|R0Ewwn76im7?j!tV&;Q^42*$GK#H>Ro5zgI8LhB=aaFqm ziiq%1xzIZ)rLsr_0b-L+Z);G`{9o5zu8Wn^kpch7-p$uA>T^LuQswfm$wZn9P^PD* z*1BL@yOiXr4B?{k)Ww8FknM689%iQM<0PdoX(w?c|2te=-C32g&g<3FfHQ~iYnHd? ztz5B(d%r7b*26QFm7|`!qTw$#s)L_(XR~G=>5Diab+JPytkU0QK%WaJeRV)ege`L<(@VINwZWMUzh)lrDSgpNBxn@=FwD7>fOcCc zidG*z_J|w*0EKQ`F1K_hAB#H1b@wjoQdb;oyXfg6c3{K^I9v)GE*h9^xH53nvK`Dw zE!~5IQG(89lcmd}h!Furs=?#p9>~G*3>hIl!p-Jbw$HKQIHg%6%fPhB+#<+ zbSF)1)M!bh!sCNe;5&guKe!OCi5WFN7R&AsGZmg)hEh0W5F`%{(BAKy;_y_cpgvPI zmw9BAoT&YOT6?RgI+`Y2H~|8i1b6oU!QCam#@*c^xVr~;3n92$@Zjz)L4yZ(_W&FF zC$E41Iv3~S%nfU8rh9sNs=BMI>Uqi-?qIC_yXa|@Ko0Z~b_$4;%jUT68|3abdk7pt zaJJnU-kp@lMF~vY*z3aW%rj%XZnoL;phRTdrP#Hlu|NIav-`m)=a-ze|vX4s4orMfU~o1Nt~m5Eq@{TfZeVY%P`d`E>&#XmxKw(44vZ(;Kc zJI{@4ey~|h^s7=1Y4pzOy4KhIyxlO0g9nojeoDzVQrFqv8<5?t)2aO@rZ-bAt&%}A z_Yxp$zWV=W}hN3vm=#%EH=x=7^Zp`!j|lov~+Np9!_=8&9>vC7}dJ%Ir(eJ zs}V0cL*iSp@81b^gTJ$D5`r<^j^+&k(vK}64Go-^FJFcT2Ly)2yxyI1!515w@4dl~ zSwGyBHvxO%`T6lDlFpm|ghM9!22eJvKA#{=-pE>!dS}gm&-BGV-J|`+7HPZ*NZK!mrwW_zi>zPrv2RoqFeQW!&)}~)dNPmMN$&- zuwNI|n+oHkZS@m#GV9r@iacD*C%rH~&fCuKy!TU&d2Y;=te7;|H$a>ZIerZh{G0Bco6R1 z?lrT$(+$~ZORCxX;@OC+%N4VxyeT8}#Ardb#XJk%t6n4`&J%>$sCObE$H&;ofI#oJ zKf-hOoxmIB-159aLru)Lq>biE3M3%Xf|q7xy#VTSTv+7r5hFdy`0rc&s0jE-hd9p7({%IhcTck z1prYko_Az-_e&Be=$epH;!i@oamO-rgG2W$Z2+>=FSo1_6<4 zxDWUH*SLJ_u@saX1}mIt0lzeFHU7QEe$wgg2&zV|N7i9K1JR*hw3=Dk z=t6KyC1a-*R`NAd!FTdGSU}Nv3@a*3h0^3|#W* zgynHZLoHE(3YCbB49@Bq(jIW*VBb5;uU2}gXu6zLeUwz_>nzxmN$fH7vlisq1S~Q^ z;2AM9F1}WztTy#ecs@XIBBx|&p34aRlcdzpa$6df?Z_s*&;HUk96KL{jOwg0v$6Pr zTX1Rxy~w0uBk}6!`6-YZUP#W-oTCgJd-X>*#y((pk zU;ymJ>hAX;1g^cLAd^K}xp z2hGRNwcshEF$Z&VLV{LFuxYcZkjW_+*+BwPFe|NDf?9E+cv|Xp9j)=#{%G= z$MRc1Hme|kOxZHi2BBEonK=c(o?udRPSLX0hdB^;z*WtoXV6wDr3_{&$1hbCTSsJ+9PjdQxmH?gd^UUs{NCr-e zp{9r3m_m3BbxiiF{N(dzQoqYnjeRs5ttC=UAQ{Cqre`%OUwWBF<4gIF*|8_9!JYvu zGEw(hC1mO@681;=N*E(tnc<-erp55FcVXLpox!%y^VZe~b>nC>nDe-5r#G_ms#vT%WhyaN`g@qPF*0!yDPR0Ma9Khr8jTDr7M$m^a?kOt!Lea#roh}wNO8BYk@@cYmI$Y_H{^NkyJLy(kH=hF)4$U9 z8r+T;DHOYl7WA4cf>1-kK zdA)wTfnXdsG>1ZvNa!L#F`o}txa5#)ifpU{3SFqqYEbp0oLF}ELz}taH3^l^OtcZ? z$NN`Q#j(E}t!F@sqboz4*dpP+2Po!BDxbV`G%qlfQ(ZnBXkEK~t;b?P-4yNI#~nS@ z4y933(>O>xr3dOvRZwl#XBjS~ijE#ke;OaC*uBSJ@7*huizI*O2XJo7$&8+3Mh7pk zy;)C@Q_#S}J<(;jt05(c^h^z9A*yNNSMw(!%I19GH%V0%GUx)QIWhcOFnJ zz02`Mi^jbsY%gBMK%SECp7--9Z_l^Rtg*Z`gZmR_u2qVK6KN8QbB7hGTp1VT_=hx+ z32{EWT{uO$nRPYHe*JYx4nU>383)Q>#;xo=;XV4owWs?Apvx(ar-6hxerhkr`|B=E zdX@-qFeu|)tIyk5yTufa?6Na)HgqbzI#(SyF`6l#xFX@0qd?oY{C-|szOULsrg|Oo zs{gv6w7OaE&E*%i)A}#Ru0s1Qa(r)7sBc&avSwpeT`oT; zy^#(2y0q4U(TbH?$VNy0eb+1Zm=eXlj_T!{Cz@xeAgUW2ii>_Mcw!otMU2cOb?i4= zfEf@{l;B5O#{|QNuY)0cT_^4Q$huJQivFHo*3>zDgh8l64D+6Fo0##!2Q_=D@nTw* z6ziD)4D4H9pZH@r!(9^*`etx!k17Lxp1hpH!PdL6)y7z3dpgptr(3@Ib^ioTBGjQm z{V`?9n6uuSA^wx4mJKu)L!*Bfkoy*DeL8@GqlAnIo6e{eskGtE-N?-D+B)@6zIaZS=?D@O)os~@ zK4Q#bUhL)C`5`H%slUZ9%TUU=wphdyuLn*-ni z?qrhz?^9OH$Un%%;e|Jo1eI~>IJB3wzb)V*RkxoK`O|yL1_zyc#im3scyVQG40oEj zAE*t~=!!k?QDd4c2e&sKV<+k{L%Jk->Ts*fl00dmx6I~q;lb*qfGZHf-?4Zst=7dyW> zjnnLBqr?2-Vnq0v7Ypi@{ilENe%4&V0HlyZPrr`kVg?wLc9Wy&*qiqUlOV};6jSJz zyq!LO&1~_FV^LWgd&B+XNyzp#e+P- z0bddl5>S(G_9lCn2y54~V^ersN|@1v27&?ipxneCFhSIb!{Mnz3_6|0Gwg&heW3c_ z?)0vYg>FHw@F@A&DiYBf(xU(x`(Kz-|9%a1QCk@p!Z%h4@8!eis&s*Zm(lD!J{M8kdlzRcQw1^2iPH(C9mu;mhB;_zKHvm7UBnR zlX+-H86OMMO>t(_AYyS#G>Uy66!Pl{`02F2@K+?D?$Y0% z4(W)s-rCv4g}rd-Q1=%2PKeMp1bfAZp1UCk#-zsLApqPDf8el_-x#kaa_sGYaf=UP zL($=Jq>mo`v(cW*fl(H37U?FeHY_gRS4PfN8H@LTaRhz&%*N80WnTJZMiCM?4)coq zeY*IK@aeYuOl(YMzW+i$mU3diRK{k4muYVjw8%He7c7Ji;weX(zjlDQ|1Ubyx9C9w zos>LUZ;8Yhn1ni^)5YJP85IOzJKxY-vXWe4gdBNnQ~Vclxz0Hp%Z|#DKm9?*#vOnN zp@to@qlv{3gxA&8#f$BhBl;63R3`re0tAR8@V9r90X-WST9o)!SH~W39tejlKZyF%*r?{KrG`gn-7rG+vp1?nIMGyO%|xj z#>U2?Q&agQ{P6!GG&>aag2S^5p#3uB`!PbYXaJQB+`BkROTT~F)|mO@-r}9q z5aoV{vI?Y3%1`imd&&d;pU>H}p_&5H61;Jz2U;5MRSUSEbjozPmlNcg$M5iSr1kv{quuX$-17o&ILllZ+PX5IwcE~DPS`whvL|WNX;bS`OT== zub=?XrX=EAGgzzltrB@<0^T85%QF3)-9In4ZrUn^zOE_(U|?}PXJiN`=E^hyG;r!f zfi$);KGGwkq~P-SXH$&>k&l3n-m-$Gq(2TEkU@dA$rU^Z*Av!wgQ<7}hi1e28E0v| zcQKY?))3=7b|CJ|gfCnUUD7dArut9?fHB5za0IHv;^w=Ly?wj)!a`E0u=Ott-G30u zq@?};LK#^2vT(NNFkN=X2sf`)Y033{fQR#w31tbs@q`FR5n8;|mi(n9_cK8g%#S0n zwX6qTJ{Gxp^zEHTAenVVIY$zauqP1P$U~*z#}%!<#QCJ#4?sHnRXEGf^Y83}!2f5= z<{zN!JaOcsqod!TYyi7C-R9+%=ims`>>(uC`Zy(^1bq{?RuzR4Is{%oU`7ZwU&^5w zlGq>+M}IaiW5y#L@*o?kNRV_$6OOodR^l&=KM;to{fHR1XEm(z_kt(nj{7G&f-_1b zZLxNPZNG%SKC}-JpbM4paW&xv$X#BaT}9^Mr-WnTw%Rfq2WrCV@kOJKnG#L796Y50 zfq28ekWEe-67xS1n?SNytRz~vV*Bmb%Gjh!pPS)ZH8|V@eax-m8w>8-i(Thk(-)W9u{s+$xi2=;tZ?{gBZ9E;- zsVi+adE4=MWmz8Xjwj}!Ck1pkTYfL83{~r~c1mo3aSK$C(`j-2?*7Q!?0H?Hh(u*( zW~9>O7)5X@9^`hqQlQ)7+V7FInj!RRY)GEO5j)7vA9RgZM{Fc7^phL3 zA{Q|Y^Xce5{=%H8SgxnbgQ778_NHo$8?}`(@P^{;_2~p6&BzPomCBD`w}%Ql!~NFq zC<5+Jig{xE(}So{1gx3iw8%B%0;%6jrkR^4BjQ@TxNg6*75X@R6o3ZI1#>iIC(gjTn3@kL*^Pr1InV9UjvgNN#AM+ZMuBN+>_Ml7~b`z)l z&=9ska_~Oa_z*=j6gKK()XOwOj8%2pcz~QkQ@kIyit%nTXl3>Llc;h^v$>!baZpK7 z#Gk>~SaG-?%*@RF$nO>!4xj4^{OIN?aSsn4No9fn2?gw@b{xV9z!E`6Lo;f9iW3$Q zIls8rm?{{tUTjS%kWRwWs<+mxD46!US#~SaY5D{WhiqhKC$FF|f&4`%YY7P3*|pz= z2nE6xv*@tI4B0IBm9bpR?&5OUlSqG|V;*}x@`kX-8DuTN@Sal4TSR&;XEMzB1i7bE z40J z2`+Ig;c?;_>oeuQ&6V?rz<4J$nVX`L&lDV)l%sRVjIg{u=o1Sf>v0@D^a%c14??Qm z-hp&QSsMA9ZlWUS`Jpd$DhT`K{JMRlX(J8}5$NyoWN^aMoUFAKgte{S4iU#e&EY0Y zkSrnW39xf;Tcrq@ZOHdtC&L)}8AFNrPAMq&3!*un2eG#8EA;&FG-cmh!64zDZqP5M zwb`9X8A}zYQX^67^d@->n)iyOA#ADn_acDHB?YArq9o_>$cTZ4CHJk8u;B-*iMxo? zD1MB=U_bBt-K$bB;Y?DpcnJ!$aL3Bd&iAbV%b=SZ=hpiAxnN>!EOKUMrcR@MS6I_r zrT+5(PIxw>$@Reu;H-%32}R!30(^Swo&M0)0N6IMRE?h<_6wu_Q{HEXQ6ANp%JPT0g0&C!hj0tfCwkD0087Uu5E?l`20=0-?0^q$kfeHHe)c`{#?fcu+j zo9#~LNg}~~-RHoTFDbR@fi3Fx5?13{5AkjI3(eM8 z2?Mde9ggEx^B^%f?al{wulc6uFw52Si(#P>VgiBM$Ya{wDuWI4ewl|<4_dcxhjGK? zMOS31jQ8^`HkhS5-**l@Rxg%A+KzbQT6hE<-QjrW=#8F&n4?CE30c`bkR@PM8ehkx zU!p!bm|Ud=dd*i^zKoSYQ+x3XQqK=5h=X}bqe#Y1bXb|=<4iquQ zixjst>a{GQ_f@ShR~c2O{3rGBponl>83)+MgY+&y|WD%XC`e>9ti+ znw_Y4-Hw=KP(^T`S6clMOOtB6EszE}R7#%976wD;mloPhq4DR+3_N1?!TVbM7m0@& z4W^}*vC$>%Dv$Id?{wv~x*}!{7rwc8dA1yn{)h>=^5R{n(%o+J#k5k}`W(6!TX6dM zioenSTHE#8@*ea!B*>w|>?(A7wT5kg?I%h)W1U0~0!?4VQfAm;APNsqyPBz2L9WpZDCv^hW)yncFO zH=%i+G=|{jW+idwqlSZje_#lq)IcoH&TJ(Q>^MQfv(BR>5aKRY>VSoT!Es`{@(4{?OyU{{4jDsY;H*a#flJ`b*^g{NtO2hA#A< zUdR+HC@2H|r(YdO8JPce1#bG3{J)(zzGX)Jdl-LoyDbHnApiYkI1z}r{xekIp3k&^ zdHe6+$>OQi{~r&eBaBQmcQxDbpcLr*=HJe*q%bQm2yum^bSNy&$tLZj&za-p?=60{ z-z#HcVv5ShAXHUV^_NOqb$mIAahK;AiCwE{6bsAi==KCc2@46QJ9WN32vQ{r9t0g4fq6(MjJ$ zOe1xDeqKzOgDhPvDtJ9Hcl-O5lAP$1O+LT(Q++(Gds#w^g(%6QtU6bB#l2u{rf(v`7E(ut|D8&QrmaXzrH~DK@h9%7b8Ob%uL0ED4Drtnjq~!@cZvjeRMf_=?e7n5k0c?Y z3&s8>;Q337uF`%0-3wzjURM?U%pK6Fy(XcbikvrK>{c^}d>#)cnd<+?2M{wNZ_bR2XusNOFX5jlZNSzWFSxgn`ezZE zJQV}{GN59{Uyu=>v0+jlIY?J+%EjpUr65q_?zVXNhnu5P%)o$UNe?>J}wW){D>0Jt+EspjE1*o^`q^HZ;rB$_&qQ>oD@i0 z197{5PEgSH55dH4VGz<)&$#yWc9ikc`-=;;n}lWt^?U7~O^y-M*cDFKUFbS|Z9mL9 z9#P@{cTUz#r(TA=K2rU-Ulc0t<*~ND6H;1grPkE6d9okfKqOWk@G^@SB-Yki-BC1M zN+OXp0&-XJJ+WnqMZe!npsjB6WOkqIoBG~bEU$urJl?~SH9O5@|=jZ9w-?8v8D9L$n+-LK}1*hd;#&aat>QD zMN*rxA5Txu)i1IDNpqw^Mz-^Y>V^-GqUhd+nsbvg9adNtY)OTf0VHWpCo7Tdfo3dj zZR}PU^sY2(SR7#ribcc*`oSQr?x+}(0 zBbBWExiJ4E3zN3+M*i9@#YpsBY6IJK^Y`_%!^}28rI?8}A|EhpG88D}DnffQY(#gATZI4rX;^UIx<|%Y&+s@&A48T*(jy_pn-WCW+@BDYPf5|;1yi_VjSC#*pBZ}B+R}g zVCk2TGe_xn-o6kflR4EBaA?VzIOB_5@z0Nna$^rsJbh1NOWSzU){8|Ts~&)3E7iYUG@fL&%$GuTS42WJ zI}CUdv}TPv2PNs+54!lX6rfc7fb{8@yXTXuQE+2JF>zj6ySz|oOl_uHs+AELU*iA1 zboB`SssZK$+|SMR3V0b?txROWuM#5Pt& zSMD7;#&|LUov1C;0m9^kki1fyXjPJQ^c4Gp~AkHCI*;=t*hJ+Tz?^Q}-s=YIh z8jq2WBh#D-dFOjf~SRVM8O zGJaq>38N?8AHrG-kmc#mAL5*;ql6+_XvX! zK%`T$X&~}_)jZ}`v{6P^?b`E{qUZ;HaQ7K`xLPfs;0p~!mo>`SpI1GMBynf&^;@5r zIgW#hA-jH3K+>U1Ke2CEOKjFbmj7)E#5CmLN8Nrgdo!a2 z>%o58(Q#y!g?Q+XoNgbfU9!})cZuRBdZ3)GHaq< zak)G@Hw`Z%w(V(E&=F(o$%xMgGVVR$;)2cVpNa$h+89D({S2CO45HpognZPy5qVBM zjR{SAQ^CN{h{JNskt=wkI8ZE*Oypf^tfJ3pvKZbwFkkqCup!D=ciG-ap0Nli!sTNY zyS@6|-R=7BVPNI!TmGLqvb$^KOw|BHPEQ@5hbe0Di4G<`YX>F&P1 ziTz%}8)Zygt-97jh)znwklmeg$<7NM2Ujv`H@avV_qC>+S+|3>b(?FIm9?tn6FZ~F z$W`H7KdsLBFLH@W%F~P|E9+lQkGK?+!ebXo{)PG)OhgTCRdy1XG)W4NHQP#R`aYjl z1nd0cA_a_L?u2|B7xlLuhR;XwClWJtTP8(|wdYQpiJ9VG(#kuWwNvHzw+F%AZX9EW zg+8)Z9Hoxr21jbtJ|d`}rf-eTa?2b{C!FXuPt|E7d&Z^?r7t%$K5!+Y_z^>0*ND98 z?Kg^R7YgbRLf>-DC_SWP^)qnubUrMMnch7Xx_L6jxj265s^b$?r2e9-ixeEf*LB^` zz#&6Cwq~oVqUDlV(YD9oPRh!mxBaDtv&--aCIq~;xlc*iE&cD=Y%dY;s3YtfPPfB| zH5$2jzSQ^A`mD5lXvF`u(z4h(&a8ka)bd$Hw zB5Kk+j!~=KM!OYEo0adF_?HCS78k~)S+~5TnR{=Qd`z1U1iSgeJ+yQvf{D9!+-r9Q zZz+Z4q@J$@xwe>*W5*1|rn@od^^r&5Lsg!yNGMgV)#RA_EAnpWSfQfBI3FoYjCnR&U1r&5t3zpGhHhy(Pg|DJazpBvnWClnJs@H-cl?F0oU>qw`BNJukQ zgfvxPKI@61f>h)6Fr2Ge>Rm`Nu<@19(4bxl!;^ra;NQZ-lZFKSNEyv&nwG{>`myV^ zDj9$S_x<2~Rp~2X#zQn2GgIeE>qOMIdWIiapwz;sw6@fu^&PB!g-XRj+Q+3_tzF7GZ z4=$>AqGMq55CO9f%ja$nQ~pp-yfmqS2y=kT^bL|v^^0)^cSP2e#i%ozmMXh(xufVi zsKeFNFvXWI_s%CSH5!?5!|ymSl0FNi;RJ_aFXqVicz(SZP%~d~q72a2k45CYF&JOT z2-9r9sf;-ny;Lh-Xa7at>ZK5S$%9=c#!66VOKeHlx{Y$9IO*B{ER6bS zsSdHl)hF!c=@%K`$&2prO^2yrMy?oD@Mf+Qd^%c2Iwneq+&>jF7+6`JM{jz4DsvJl z*nk{#ntyW!$wc@XqtrMWEV0am9*Ill-izWN23(fFbib~aRK}bi9YDER0Ek>IgXDAz z*Y3WjaK)Pi%Cgl%@HtXgz)bI%c@3LUB9%#vnHO95Q)|;ggB6Fkoc6UpAB?|WXvc7Z z{ngp##vyb`*^uK~I%Y25N-rQg(W#^c6DfrHeavO9W=;_Sl}{n+1f{E(`(qDrbpJQC zn;e^6gV9BIA}YtSZ}{5}uV&``M1z&S`g7C678waw`95nB47Wr{uWl~-_3dka^N^8t zwpfDC_z+6Yrs;n<^%kQLOm1oD#pmkB|L_!RGx?#>dyUdW+pv* zws%`ga6jr%4*Oo4_d^xd>j|F17AMxMnWOhumPn*>n-?X;RAiw~`gYwBw?bz&mxK}Z z{#SZu)h!)0?!ANawmHJ_6c(~`MoOP$Z~KBV9`smu$2zz=~A(_0>|6!AbV}hy55Yd;Lu>`y@NTTbU=E ztbv_QlbT2|1u8rtZt}Jwn;(S0+ zY)3_4c*ITy$>9lm!C+KU>>!64Y_}S7+;T&1y}LfDU_kY@_;_$uOV}mX2u1HNMGnmM041zG5PFOFLQ_V0GGQe9S0|E4<)W@tdauz0^rN-|d2^FGh##PN$U2MY7ukwq zdGVb6Z}t*T!bK5t?|x*2ch}#w?;T%~Xd(L$6Zh+V6l)D>#monaU9Hjib8w?A?LczH zt1tE1*GL0BA-ySv@?{B0hmK-q19X>dr)7KkZpI5C`H=8k?$oA+> z6*{gG_~-Jaj*trEr99A@?RcJew@&gHqA z^vN9!*}rFBFr2g+Io&^X(C+X7gcRkvSp7OzU=!s=lPS|?86=buz-(1xK6q(uA7-qU zfg;4Lk;9oBpVf#CC!iUy%^204ATJOz02kAvj9$3jw3{h@*4X9VDgw=BI}0zcsc!7! z&G2JHJzILk-{$ghqBKviHB&3p#Q{6JadhJ}aEw3VeO;nZS}pVv_Fayh7h^3EZotey zwPD-mupq>)Qzk1#9%9bdiUEeyhF; zIS!f1Cv@5aLwcUrn#oEd&4CbedvUYcG}MUWVmu7YG&}bt(K~;AGX+DMFRQ(_BJ(nK zS6Ao3H_F5S%IWHBbZ zhV{6H7~d1+T5V@+W?ljFJSoCR^+YES%i8iBV5*x+GO-KKcfP_*FvgZUXlp-L^q{u7 z2|3wyQTWcWcRB6gd~7nh?~AR)ZWWBx^Tlu_$t=#j3lzHSAD|o$(#QF@Lg>B5?}|Cw zs|t_GbK7lY4N~*Vc$G17)NU2tMM(BpIIR&n{>|eA)gXTPKw00SG4}?0NB?9TGtT6O zfV2DUE4rm(@#@)ErCM)q<46N;pGic5=GoDib8Vp6zCOQ5tvdvDWXFIIUV{w`NT7l` zvq^5og$P>=&Mr@lwwbZpC$)Yiv9=EW&%{1R=zTJ9o{#gQ!N3n}o4gwfG5>jO+KQDB za}+73F-oJtEu3Agm=GJFRum!D_j;Qt{rjbt?hoZX^Uu-nNJZv4bwzQ+ zRVd0{{2@C+j7Iw>Y$m!6WH)Q}^0Bo-dJg?!*tc$-pK|m~^N5;(EBpcE!QJzM4Ou6skM~pD zFT%BNrX)@`m&vQ!L~Lbq2sW_oF`Rj2ZH1NzuNt@i;!NZngFc<8gJiLJ z7~{r90qrf3x0b)w;|#onR44O9n^~Mh4QpPj05?1|55@Qf0=VsF!wH7C`AxqfO0{+NUY#srw>iIh}&hi<RhrlcQs_u3YR<}PFV3&7~dJ8WFvyU!Rz5NO> zMEfb+panbZjM>^60`IGXv&O>LVplF4L-Y|)A0~?0kQbx0g4qWy3|cKk){Dohn7Ll~ zAA3*QZ}GZ2&2gL4F?fx9PFefB?`VMO ztAh`l-6VcslBkh%1WhW%IggQM24Li&Q-iW%hn69E@uyI9VSN6qeH=J8YV$V1Oog_h zTN^L;oK6Y9-V_P!@pwUVP<;@g#UoMGZ#bFnL|IST%jS$|R;teF^$zosIYv1BLT~SO z7>~o`22CdSfn>ET3_^#}dr<<9JAh_ef zx@h}X#nKW{t*f+Kd*L@QE0?@K?nTUMi7*4?(H*n(nj*UMC4$D!g*l%&%-JtaH9RQL z7qfyu1rzBjAz@8=dna>v^dZlPrR`%v>kS1b@mwicvVB|avS%I9i+KylH|Hl6H529t zC&zdQ0}fZ_I4h4NueHfK{Mo5qa;E`SdhETu_L2b314Iv8q?t2$uuP7GPzXc7`|YLO zxMp-*B3zuMbCpXEaZ(JZvEZ8J4yJMO(?P2n_exAW2^8!PwOu>XWq11U^{gYeVPu#Cs=eM73zE=$&U}tx)L;r>n#zY{n*JP}<+al1(Q~_xwvD%I_j#jG^l_d0JI5xUQ46I9q!!Gtz&^3FWwtsl`PFw4JUe z78PwyqMmL(J`QnF;W3HQ6=BQfbR7h63&LCETz)fAA%SXZ$$K=eG}uo%mrzAepr^rz zy@voxRSq6lcj(2i5%%{M26%Bn-5^uw$H}EtWM9lW%`xnDfsBcqX_ZlTFKnZ$+?|Lc z>e;s>7E7<`aOU6WF5Y#Hj}!X}WlT6-XeZw{L~C>yv3(F=ClJB%3I9%YX+TXcVyK1i z>(PZe6PFz(5X-u^AANzk7I(QpVCE2!NkeC%@MOTZX>^c^+58FCT8dg<4D-GOPjx?vciK12VG zo9Z_FvSK8UoSA)#$u)dCdX`KB0WUq$6CejUiWKi>=zoxpA#GAX4qWI&5iy@l#38K@}NZ7US1?y zn39m<35ce>vH8FvN6a51QZ*zoHY(aK1dHgXZG_tgY9mVxe-qB-~PD& zjoy^oG_!A)1ADXDi?R+7FvaFf4)rf1g-#CBww+x4?K~+vYjS zsu(+FWUTw3n0}&ub*i!OUG`jCQJV;#_yM`1J;h}8rcqP^ISCQZK9*pfbKV)4(h;c0 zCq5RVKJFTNoujPz3T-YjH^TQn7YIx&qKybAZ%aRLMd4BJ%9FURA_W1tx@eR)%9(D4 z^F%%<4*MIe%3J0jXbcCP3s$sv0zZ_{c7gDqnuS5k-7ghJ#D2a6R>*%!yz_`b*coka zsK?#cuUN^)Z|yOY!jL!nPLOXtJs9YbrD`Y5fbzKH9OZ(uR!jBYloQ00q>`2P_>)au zrI>zHIA65AFq)6^=$XU5SizQ)zd?6|PC&0&O(hYLH1 z$}Hz_)a&3Z$QYw;T0R2#d>KSt5^CyOrdzHSbH?1WK^GuxeYse_JL~Ca!&;xnO|}MKip;nmY;bFicuuyK=2jqX><+gChHa8(sc&C8 z;@(iF(rkTA8#bkxYdg6)`6#OwLF(uC==%2j=k@)bo?eXo#E4VjaCPE{I=A4K*A)KN zFS~N5&_9iT5l)rMV#f-*?i_7z|>5hxb|Qwc(E>zlp>f z9V&>t6Yj|A={So2!Rx=Ju~9K>?RouGZ-LdvTw%AkHKt*^u<)nLcDKEs*Y(a+z)0}_ zJk(Fp_ZWvUu|l^Ke~txHS2Gg-(Mv}NKW`wfqL$Jl3tBFj1Zj{Nt;c%^a?=dXE4)WBV|7KU z745n_e%4cJhAhyOp$j^phKzK^~J~>=_Ky$z!p9HN!pFfjzb0jKk)#d zXa7(F)v{1PYZ)m&f5u)Ruiq0NfEw8)!X+Py|4o5!^5+^^7dx#q z8tH{mh9WqSpSD~FDgQcMa(zEuVm-Rm(8eMmAtU3=sSK|3C%`nW()cOsr#RW6f13EW zABOf*gpU2|3vK;et(?YMKi|P=x$ub|eD$uGv z4P}YymPE=hPq|jhGYvPHklrE*)whIL@Uv_+Qo%4PD6vae_Ad+T88=rlA%PxkhLXrC zF{~u|Pn7|jK&o&4?E1H9jP<9q{dQZ>|0(r=;D6QnbCkawMs@D5QGudZxPQ2hfFCC1 zng5WT-|Arb*OP$OGu?kG1kk!97@ZakxD&V(>;6=n|NqTO>|l+W4~U-<68_V#2jHkX Zf5x-EwTp1K#C-u=lA?0p3SonQ{|}pE2`B&n literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index 88c45443eb..ba326373da 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -54,7 +54,7 @@ Application Guard functionality is turned off by default. However, you can quick 1. Open the **Control Panel**, click **Programs,** and then click **Turn Windows features on or off**. - ![Windows Features, turning on Microsoft Defender Application Guard](images/turn-windows-features-on.png) + ![Windows Features, turning on Microsoft Defender Application Guard](images/turn-windows-features-on-off.png) 2. Select the check box next to **Microsoft Defender Application Guard** and then click **OK**. From 21b393ec12358d73b60e85822e8f350004941db1 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 2 Jun 2020 11:46:00 -0700 Subject: [PATCH 48/99] Update faq-wd-app-guard.md --- .../windows-defender-application-guard/faq-wd-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 6fc40a60b0..3f305282d0 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -93,6 +93,6 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT"). -### Why did Application Guard stop working after I turned on hyperthreading? +### Why did Application Guard stop working after I turned off hyperthreading? If hyperthreading is disabled (either with KB or through BIOS), there may be a possibility Application Guard will no longer meet the minimum requirements. From 1da415b64d23fc04ed2df11a923ea31b6235da86 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 2 Jun 2020 12:12:46 -0700 Subject: [PATCH 49/99] Update faq-wd-app-guard.md --- .../faq-wd-app-guard.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 3f305282d0..de036bc4dd 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 12/04/2019 +ms.date: 06/02/2020 ms.reviewer: manager: dansimp ms.custom: asr @@ -83,7 +83,7 @@ To trust a subdomain, you must precede your domain with two dots, for example: ` ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? -When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). +When using Windows Pro or Windows Enterprise, you have access to using Application Guard's Standalone Mode. However, when using Windows Enterprise, you have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). ### Is there a size limit to the domain lists that I need to configure? @@ -91,8 +91,8 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca ### Why does my encryption driver break Windows Defender Application Guard? -Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT"). +Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). ### Why did Application Guard stop working after I turned off hyperthreading? -If hyperthreading is disabled (either with KB or through BIOS), there may be a possibility Application Guard will no longer meet the minimum requirements. +If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. From 06ea23a0f21c60c188c21234d5efaf214f941570 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 2 Jun 2020 12:22:31 -0700 Subject: [PATCH 50/99] spelling --- windows/deployment/upgrade/setupdiag.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index ac5f6cd93a..34baf85bf1 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -58,13 +58,13 @@ To quickly use SetupDiag on your current computer: 1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137). 2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142). 3. If your web browser asks what to do with the file, choose **Save**. By default, the file will be saved to your **Downloads** folder. You can also save it to a different location if desired by using **Save As**. -4. When SetupDiag has finished downloading, open the folder where you downloaded the file. As mentioned above, by default this is your **Downloads** folder which is displayed in File Explorer under **Quick access** in the left navigation pane. +4. When SetupDiag has finished downloading, open the folder where you downloaded the file. By default, this is your **Downloads** folder, which is displayed in File Explorer under **Quick access** in the left navigation pane. 5. Double-click the **SetupDiag** file to run it. Click **Yes** if you are asked to approve running the program. - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You will need to change directories to the location of SetupDiag to run it this way. 6. A command window will open while SetupDiag diagnoses your computer. Wait for this to finish. 7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file. 8. Use Notepad to open the log file: **SetupDiagResults.log**. -9. Review the information that is displayed. If a rule was matched this can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below. +9. Review the information that is displayed. If a rule was matched, this can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below. For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below. @@ -124,7 +124,7 @@ The following example specifies that SetupDiag is to run in offline mode, and to SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1 ``` -The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the resuts to the directory specified by the /Output parameter. +The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the results to the directory specified by the /Output parameter. ``` SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery @@ -211,7 +211,7 @@ Logs ZipFile created at: c:\setupdiag\Logs_14.zip ## Rules -When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file which is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. See [Release notes](#release-notes) for more information. +When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file which is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. See the [release notes](#release-notes) section for more information. Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS. @@ -396,7 +396,7 @@ Each rule name and its associated unique rule identifier are listed with a descr - Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. 05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center. -- A performance enhancment has been added to result in faster rule processing. +- A performance enhancement has been added to result in faster rule processing. - Rules output now includes links to support articles, if applicable. - SetupDiag now provides the path and name of files that it is processing. - You can now run SetupDiag by simply clicking on it and then examining the output log file. From 86e26afdcfb401cfca33bb0ae204fcfd07330513 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Tue, 2 Jun 2020 12:30:25 -0700 Subject: [PATCH 51/99] Update install-md-app-guard.md --- .../install-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index b94bda74d4..8aba080ae4 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -1,6 +1,6 @@ --- title: Enable hardware-based isolation for Microsoft Edge (Windows 10) -description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed) and how to install Application Guard in your enterprise. +description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From 27472d3487ed129540f9ef75d267ed05759face7 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Tue, 2 Jun 2020 16:45:44 -0700 Subject: [PATCH 52/99] Made fixes to various files for antivrus rebrand build --- windows/security/threat-protection/TOC.md | 8 ++++---- ...ension-file-exclusions-microsoft-defender-antivirus.md | 8 ++++---- ...local-policy-overrides-microsoft-defender-antivirus.md | 2 +- ...re-network-connections-microsoft-defender-antivirus.md | 2 +- ...onfigure-notifications-microsoft-defender-antivirus.md | 2 +- ...opened-file-exclusions-microsoft-defender-antivirus.md | 6 +++--- ...e-real-time-protection-microsoft-defender-antivirus.md | 4 ++-- ...gure-server-exclusions-microsoft-defender-antivirus.md | 2 +- ...entially-unwanted-apps-microsoft-defender-antivirus.md | 2 +- .../microsoft-defender-antivirus-compatibility.md | 2 +- .../microsoft-defender-offline.md | 4 ++-- .../microsoft-defender-antivirus/oldTOC.md | 4 ++-- ...changes-to-security-settings-with-tamper-protection.md | 2 +- .../run-scan-microsoft-defender-antivirus.md | 2 +- .../configure-attack-surface-reduction.md | 2 +- .../microsoft-defender-atp/evaluate-atp.md | 2 +- .../overview-attack-surface-reduction.md | 2 +- .../overview-hardware-based-isolation.md | 2 +- .../wdsc-virus-threat-protection.md | 2 +- 19 files changed, 30 insertions(+), 30 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 1174911e42..20f3c081db 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -46,12 +46,12 @@ #### [Hardware-based isolation]() ##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md) -##### [Hardware-based isolation evaluation](windows-defender-application-guard/test-scenarios-wd-app-guard.md) +##### [Hardware-based isolation evaluation](microsoft-defender-application-guard/test-scenarios-md-app-guard.md) ##### [Application isolation]() -###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md) -###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md) -###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md) +###### [Application guard overview](microsoft-defender-application-guard/md-app-guard-overview.md) +###### [System requirements](microsoft-defender-application-guard/reqs-md-app-guard.md) +###### [Install Windows Defender Application Guard](microsoft-defender-application-guard/install-md-app-guard.md) ##### [Application control](windows-defender-application-control/windows-defender-application-control.md) ###### [Audit Application control policies](windows-defender-application-control/audit-windows-defender-application-control-policies.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md index a89a602b81..db259755b0 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md @@ -58,7 +58,7 @@ To exclude files opened by a specific process, see [Configure and validate exclu The exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md). >[!IMPORTANT] ->Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). +>Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). > >Changes made in the Windows Security app **will not show** in the Group Policy lists. @@ -165,7 +165,7 @@ For more information, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.c ### Use the Windows Security app to configure file name, folder, or file extension exclusions -See [Add exclusions in the Windows Security app](windows-defender-security-center-antivirus.md#exclusions) for instructions. +See [Add exclusions in the Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions) for instructions. @@ -206,10 +206,10 @@ You can retrieve the items in the exclusion list using one of the following meth - [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) - MpCmdRun - PowerShell -- [Windows Security app](windows-defender-security-center-antivirus.md#exclusions) +- [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions) >[!IMPORTANT] ->Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). +>Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). > >Changes made in the Windows Security app **will not show** in the Group Policy lists. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md index d9ddfe765f..a7871d1232 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md @@ -31,7 +31,7 @@ For example, it may be necessary to allow certain user groups (such as security The default setting for these policies is **Disabled**. -If they are set to **Enabled**, users on endpoints can make changes to the associated setting with the [Windows Security](windows-defender-security-center-antivirus.md) app, local Group Policy settings, and PowerShell cmdlets (where appropriate). +If they are set to **Enabled**, users on endpoints can make changes to the associated setting with the [Windows Security](microsoft-defender-security-center-antivirus.md) app, local Group Policy settings, and PowerShell cmdlets (where appropriate). The following table lists each of the override policy setting and the configuration instructions for the associated feature or setting. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md index c113327bd0..2992128fc2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md @@ -112,7 +112,7 @@ You will also see a detection under **Quarantined threats** in the **Scan histor ![Screenshot of quarantined items in the Windows Security app](images/defender/wdav-quarantined-history-wdsc.png) >[!NOTE] ->Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](windows-defender-security-center-antivirus.md). +>Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md). The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-microsoft-defender-antivirus.md). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md index 37137f9b07..57a0ea6f0e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md @@ -31,7 +31,7 @@ You can also configure how standard notifications appear on endpoints, such as n ## Configure the additional notifications that appear on endpoints -You can configure the display of additional notifications, such as recent threat detection summaries, in the [Windows Security app](windows-defender-security-center-antivirus.md) and with Group Policy. +You can configure the display of additional notifications, such as recent threat detection summaries, in the [Windows Security app](microsoft-defender-security-center-antivirus.md) and with Group Policy. > [!NOTE] > In Windows 10, version 1607 the feature was called **Enhanced notifications** and could be configured under **Windows Settings** > **Update & security** > **Windows Defender**. In Group Policy settings in all versions of Windows 10, it is called **Enhanced notifications**. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 92ea102d1d..7b14f8eda8 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -38,7 +38,7 @@ When you add a process to the process exclusion list, Microsoft Defender Antivir The exclusions only apply to [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). They don't apply to scheduled or on-demand scans. -Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). However, changes made in the Windows Security app **will not show** in the Group Policy lists. +Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). However, changes made in the Windows Security app **will not show** in the Group Policy lists. You can add, remove, and review the lists for exclusions in [Group Policy](#gp), [Microsoft Endpoint Configuration Manager, Microsoft Intune, and with the Windows Security app](#man-tools), and you can [use wildcards](#wildcards) to further customize the lists. @@ -127,7 +127,7 @@ See the following for more information and allowed parameters: ### Use the Windows Security app to exclude files that have been opened by specified processes from scans -See [Add exclusions in the Windows Security app](windows-defender-security-center-antivirus.md#exclusions) for instructions. +See [Add exclusions in the Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions) for instructions. @@ -149,7 +149,7 @@ Environment variables | The defined variable will be populated as a path when th ## Review the list of exclusions -You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/intune/device-restrictions-configure), or the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). +You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/intune/device-restrictions-configure), or the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). If you use PowerShell, you can retrieve the list in two ways: diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md index f932ef43ba..a456334e1f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md @@ -38,7 +38,7 @@ To enable and configure always-on protection: 2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. ![GPEdit taskbar search result](images/gpedit-search.png) 2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus**. -![Microsoft Defender Antivirus](images/gpedit-microsoft-defender-antivirus.png) +![Microsoft Defender Antivirus](images/gpedit-windows-defender-antivirus.png) 3. Configure the Microsoft Defender Antivirus antimalware service policy settings. To do this: 1. In the **Microsoft Defender Antivirus** details pane on right, double-click the policy setting as specified in the following table: @@ -75,7 +75,7 @@ To enable and configure always-on protection: 5. Configure the Microsoft Defender Antivirus scanning policy setting. To do this: 1. From the **Microsoft Defender Antivirus** tree on left pane, click **Scan**. - ![Microsoft Defender Antivirus Scan options](images/gpedit-microsoft-defender-antivirus-scan.png) + ![Microsoft Defender Antivirus Scan options](images/gpedit-windows-defender-antivirus-scan.png) 2. In the **Scan** details pane on right, double-click the policy setting as specified in the following table: diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index 91e8c046b2..66adf9c4d6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -22,7 +22,7 @@ ms.custom: nextgen - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Microsoft Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). +Microsoft Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). > [!NOTE] > Automatic exclusions only apply to Real-time protection (RTP) scanning. Automatic exclusions are not honored during a Full/Quick or On-demand scan. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md index 1da72d8f0c..3345190e01 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md @@ -75,7 +75,7 @@ Microsoft Defender Antivirus blocks detected PUA files and any attempts to downl When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification will be prefaced with _PUA:_ to indicate its content. -The notification appears in the usual [quarantine list within the Windows Security app](windows-defender-security-center-antivirus.md#detection-history). +The notification appears in the usual [quarantine list within the Windows Security app](microsoft-defender-security-center-antivirus.md#detection-history). #### Configure PUA protection in Microsoft Defender Antivirus diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index f146d2e1e8..fb93f16ec5 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -88,7 +88,7 @@ In passive and automatic disabled mode, you can still [manage updates for Micros If you uninstall the other product, and choose to use Microsoft Defender Antivirus to provide protection to your endpoints, Microsoft Defender Antivirus will automatically return to its normal active mode. > [!WARNING] -> You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](windows-defender-security-center-antivirus.md). +> You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md). ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md index a49ae4be55..636b470f3c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md @@ -26,7 +26,7 @@ Microsoft Defender Offline is an antimalware scanning tool that lets you boot an You can use Microsoft Defender Offline if you suspect a malware infection, or you want to confirm a thorough clean of the endpoint after a malware outbreak. -In Windows 10, Microsoft Defender Offline can be run with one click directly from the [Windows Security app](windows-defender-security-center-antivirus.md). In previous versions of Windows, a user had to install Microsoft Defender Offline to bootable media, restart the endpoint, and load the bootable media. +In Windows 10, Microsoft Defender Offline can be run with one click directly from the [Windows Security app](microsoft-defender-security-center-antivirus.md). In previous versions of Windows, a user had to install Microsoft Defender Offline to bootable media, restart the endpoint, and load the bootable media. ## prerequisites and requirements @@ -132,7 +132,7 @@ See the following for more information: ## Review scan results -Microsoft Defender Offline scan results will be listed in the [Scan history section of the Windows Security app](windows-defender-security-center-antivirus.md#detection-history). +Microsoft Defender Offline scan results will be listed in the [Scan history section of the Windows Security app](microsoft-defender-security-center-antivirus.md#detection-history). ## Related articles diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md b/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md index 5c2dfc0611..6e1deba9b5 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md @@ -1,7 +1,7 @@ # [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -## [Windows Defender AV in the Microsoft Defender Security Center app](windows-defender-security-center-antivirus.md) +## [Windows Defender AV in the Microsoft Defender Security Center app](microsoft-defender-security-center-antivirus.md) ## [Windows Defender AV on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md) @@ -51,7 +51,7 @@ ### [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) ### [Configure and run scans](run-scan-microsoft-defender-antivirus.md) ### [Review scan results](review-scan-results-microsoft-defender-antivirus.md) -### [Run and review the results of a Windows Defender Offline scan](windows-defender-offline.md) +### [Run and review the results of a Windows Defender Offline scan](microsoft-defender-offline.md) ## [Review event logs and error codes to troubleshoot issues](troubleshoot-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 836aee8909..06fb8a10f3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -234,4 +234,4 @@ No. [Get an overview of Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) -[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](why-use-microsoft-antivirus.md) +[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](why-use-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md index f93cee3be9..0d9933fc95 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md @@ -61,7 +61,7 @@ See [Use the mpcmdrun.exe commandline tool to configure and manage Microsoft Def ## Use the Windows Security app to run a scan -See [Run a scan in the Windows Security app](windows-defender-security-center-antivirus.md#scan) for instructions on running a scan on individual endpoints. +See [Run a scan in the Windows Security app](microsoft-defender-security-center-antivirus.md#scan) for instructions on running a scan on individual endpoints. ## Use PowerShell cmdlets to run a scan diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md index ae36af69a0..50726aa946 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md @@ -28,7 +28,7 @@ You can configure attack surface reduction with a number of tools, including: Article | Description -|- -[Enable hardware-based isolation for Microsoft Edge](../windows-defender-application-guard/install-wd-app-guard.md) | How to prepare for and install Application Guard, including hardware and software requirements +[Enable hardware-based isolation for Microsoft Edge](../microsoft-defender-application-guard/install-md-app-guard.md) | How to prepare for and install Application Guard, including hardware and software requirements [Enable application control](../windows-defender-application-control/windows-defender-application-control.md)|How to control applications run by users and protect kernel mode processes [Exploit protection](./enable-exploit-protection.md)|How to automatically apply exploit mitigation techniques on both operating system processes and on individual apps [Network protection](./enable-network-protection.md)|How to prevent users from using any apps to access dangerous domains diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md index e43a347c09..a049e098c6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md @@ -34,7 +34,7 @@ These capabilities help prevent attacks and exploitations from infecting your or - [Evaluate exploit protection](./evaluate-exploit-protection.md) - [Evaluate network protection](./evaluate-exploit-protection.md) - [Evaluate controlled folder access](./evaluate-controlled-folder-access.md) -- [Evaluate application guard](../windows-defender-application-guard/test-scenarios-wd-app-guard.md) +- [Evaluate application guard](../windows-defender-application-guard/test-scenarios-md-app-guard.md) - [Evaluate network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) ## Evaluate next generation protection diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md index 033d8eeb8a..e949cd7986 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md @@ -34,7 +34,7 @@ Help reduce your attack surfaces, by minimizing the places where your organizati Article | Description -|- [Attack surface reduction](./attack-surface-reduction.md) | Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Microsoft Defender Antivirus). -[Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md) | Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. And, use container isolation for Microsoft Edge to help guard against malicious websites. +[Hardware-based isolation](../microsoft-defender-application-guard/md-app-guard-overview.md) | Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. And, use container isolation for Microsoft Edge to help guard against malicious websites. [Application control](../windows-defender-application-control/windows-defender-application-control.md) | Use application control so that your applications must earn trust in order to run. [Exploit protection](./exploit-protection.md) | Help protect operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions. [Network protection](./network-protection.md) | Extend protection to your network traffic and connectivity on your organization's devices. (Requires Microsoft Defender Antivirus) diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md index 344d125399..7b7ae31f81 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md @@ -25,6 +25,6 @@ Hardware-based isolation helps protect system integrity in Windows 10 and is int | Feature | Description | |------------|-------------| -| [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md) | Application Guard protects your device from advanced attacks while keeping you productive. Using a unique hardware-based isolation approach, the goal is to isolate untrusted websites and PDF documents inside a lightweight container that is separated from the operating system via the native Windows Hypervisor. If an untrusted site or PDF document turns out to be malicious, it still remains contained within Application Guard’s secure container, keeping the desktop PC protected and the attacker away from your enterprise data. | +| [Windows Defender Application Guard](../microsoft-defender-application-guard/md-app-guard-overview.md) | Application Guard protects your device from advanced attacks while keeping you productive. Using a unique hardware-based isolation approach, the goal is to isolate untrusted websites and PDF documents inside a lightweight container that is separated from the operating system via the native Windows Hypervisor. If an untrusted site or PDF document turns out to be malicious, it still remains contained within Application Guard’s secure container, keeping the desktop PC protected and the attacker away from your enterprise data. | | [Windows Defender System Guard](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) | System Guard protects and maintains the integrity of the system as it starts and after it's running, and validates system integrity by using attestation. | diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md index 62b02608f1..df2646c94e 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md @@ -30,7 +30,7 @@ In Windows 10, version 1803, this section also contains information and settings IT administrators and IT pros can get more information and documentation about configuration from the following: -- [Microsoft Defender Antivirus in the Windows Security app](../microsoft-defender-antivirus/windows-defender-security-center-antivirus.md) +- [Microsoft Defender Antivirus in the Windows Security app](../microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md) - [Microsoft Defender Antivirus documentation library](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) - [Protect important folders with Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard) - [Defend yourself from cybercrime with new Office 365 capabilities](https://blogs.office.com/en-us/2018/04/05/defend-yourself-from-cybercrime-with-new-office-365-capabilities/) From 70f6e673f32142f99b3d8183f57f99235393f723 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Tue, 2 Jun 2020 17:21:02 -0700 Subject: [PATCH 53/99] windows defender to microsoft defender --- .../threat-protection/microsoft-defender-atp/evaluate-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md index a049e098c6..bbcbd77dcc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md @@ -34,7 +34,7 @@ These capabilities help prevent attacks and exploitations from infecting your or - [Evaluate exploit protection](./evaluate-exploit-protection.md) - [Evaluate network protection](./evaluate-exploit-protection.md) - [Evaluate controlled folder access](./evaluate-controlled-folder-access.md) -- [Evaluate application guard](../windows-defender-application-guard/test-scenarios-md-app-guard.md) +- [Evaluate application guard](../microsoft-defender-application-guard/test-scenarios-md-app-guard.md) - [Evaluate network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) ## Evaluate next generation protection From 8dc251bfe5311620102e9537792a47e800ac4737 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Tue, 2 Jun 2020 17:27:01 -0700 Subject: [PATCH 54/99] update link --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index fb93f16ec5..17be0f5585 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -69,7 +69,7 @@ The following table summarizes the functionality and features that are available |--|--|--|--|--|--| |Active mode

        |Yes |No |Yes |Yes |Yes | |Passive mode |No |No |Yes |No |Yes | -|[EDR in block mode enabled](shadow-protection.md) |No |No |Yes |Yes |Yes | +|[EDR in block mode enabled](../../microsoft-defender-atp/edr-in-block-mode.md) |No |No |Yes |Yes |Yes | |Automatic disabled mode |No |Yes |No |No |No | - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself). From a25ea7155b2655ae426791127ca2d85ccfdbcdad Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Tue, 2 Jun 2020 17:32:37 -0700 Subject: [PATCH 55/99] correct TOC links --- windows/security/threat-protection/TOC.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 20f3c081db..b7bd91eda3 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -152,7 +152,7 @@ ###### [Configure scheduled scans](microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md) ###### [Configure and run scans](microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md) ###### [Review scan results](microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md) -###### [Run and review the results of an offline scan](microsoft-defender-antivirus/windows-defender-offline.md) +###### [Run and review the results of an offline scan](microsoft-defender-antivirus/microsoft-defender-offline.md) ##### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) @@ -180,7 +180,7 @@ ###### [Configure scheduled scans](microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md) ###### [Configure and run scans](microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md) ###### [Review scan results](microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md) -###### [Run and review the results of an offline scan](microsoft-defender-antivirus/windows-defender-offline.md) +###### [Run and review the results of an offline scan](microsoft-defender-antivirus/microsoft-defender-offline.md) ###### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) ##### [Manage next-generation protection in your business]() @@ -193,7 +193,7 @@ ###### [Use the mpcmdrun.exe command line tool to manage next generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) -#### [Better together: Microsoft Defender Antivirus and Microsoft Defender ATP](microsoft-defender-antivirus/why-use-microsoft-antivirus.md) +#### [Better together: Microsoft Defender Antivirus and Microsoft Defender ATP](microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md) #### [Better together: Microsoft Defender Antivirus and Office 365](microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md) From a8194f88bfd8b2f8fa684bc43da37111be2a08e7 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Tue, 2 Jun 2020 17:54:05 -0700 Subject: [PATCH 56/99] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 17be0f5585..2cb802f3b8 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -69,7 +69,7 @@ The following table summarizes the functionality and features that are available |--|--|--|--|--|--| |Active mode

        |Yes |No |Yes |Yes |Yes | |Passive mode |No |No |Yes |No |Yes | -|[EDR in block mode enabled](../../microsoft-defender-atp/edr-in-block-mode.md) |No |No |Yes |Yes |Yes | +|[EDR in block mode enabled](../microsoft-defender-atp/edr-in-block-mode.md) |No |No |Yes |Yes |Yes | |Automatic disabled mode |No |Yes |No |No |No | - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself). From 8f7fc4e4aca203a3d134109055a47aac1409ae12 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Tue, 2 Jun 2020 18:53:35 -0700 Subject: [PATCH 57/99] Delete oldTOC.md --- .../windows-defender-antivirus/oldTOC.md | 68 ------------------- 1 file changed, 68 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-antivirus/oldTOC.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md b/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md deleted file mode 100644 index 301332c5d8..0000000000 --- a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md +++ /dev/null @@ -1,68 +0,0 @@ - -# [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) - -## [Windows Defender AV in the Microsoft Defender Security Center app](windows-defender-security-center-antivirus.md) - -## [Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) - -## [Windows Defender Antivirus compatibility](windows-defender-antivirus-compatibility.md) -### [Use limited periodic scanning in Windows Defender AV](limited-periodic-scanning-windows-defender-antivirus.md) - - -## [Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md) - - -## [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) -### [Deploy and enable Windows Defender Antivirus](deploy-windows-defender-antivirus.md) -#### [Deployment guide for VDI environments](deployment-vdi-windows-defender-antivirus.md) -### [Report on Windows Defender Antivirus protection](report-monitor-windows-defender-antivirus.md) -#### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](troubleshoot-reporting.md) -### [Manage updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) -#### [Manage protection and Security intelligence updates](manage-protection-updates-windows-defender-antivirus.md) -#### [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -#### [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -#### [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -#### [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) - - -## [Configure Windows Defender Antivirus features](configure-windows-defender-antivirus-features.md) -### [Utilize Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) -#### [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) -#### [Specify the cloud-delivered protection level](specify-cloud-protection-level-windows-defender-antivirus.md) -#### [Configure and validate network connections](configure-network-connections-windows-defender-antivirus.md) -#### [Enable the Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) -#### [Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) -### [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md) -#### [Detect and block Potentially Unwanted Applications](detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) -#### [Enable and configure always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md) -### [Configure end-user interaction with Windows Defender AV](configure-end-user-interaction-windows-defender-antivirus.md) -#### [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) -#### [Prevent users from seeing or interacting with the user interface](prevent-end-user-interaction-windows-defender-antivirus.md) -#### [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) - - -## [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -### [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md) -#### [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md) -#### [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) -#### [Configure exclusions in Windows Defender AV on Windows Server 2016](configure-server-exclusions-windows-defender-antivirus.md) -### [Configure scanning options in Windows Defender AV](configure-advanced-scan-types-windows-defender-antivirus.md) -### [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md) -### [Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -### [Configure and run scans](run-scan-windows-defender-antivirus.md) -### [Review scan results](review-scan-results-windows-defender-antivirus.md) -### [Run and review the results of a Microsoft Defender Offline scan](windows-defender-offline.md) - - -## [Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md) - - - -## [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -### [Use Group Policy settings to configure and manage Windows Defender AV](use-group-policy-windows-defender-antivirus.md) -### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](use-intune-config-manager-windows-defender-antivirus.md) -### [Use PowerShell cmdlets to configure and manage Windows Defender AV](use-powershell-cmdlets-windows-defender-antivirus.md) -### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](use-wmi-windows-defender-antivirus.md) -### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](command-line-arguments-windows-defender-antivirus.md) - - From ab9d1bf8077a749698c48f50f6c99626bca0deec Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 2 Jun 2020 21:13:14 -0700 Subject: [PATCH 58/99] missing backslash --- windows/deployment/upgrade/setupdiag.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 34baf85bf1..bea5439367 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -39,7 +39,7 @@ SetupDiag works by examining Windows Setup log files. It attempts to parse these With the release of Windows 10, version 2004, SetupDiag is included with [Windows Setup](https://docs.microsoft.com/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files#windows-setup-scenario). -During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure. +During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure. When run by Windows Setup, the following [parameters](#parameters) are used: From 0ad5086beef7588eb495280fa7e0bafba440d18b Mon Sep 17 00:00:00 2001 From: Ramu Konidena Date: Tue, 2 Jun 2020 23:43:02 -0500 Subject: [PATCH 59/99] Removed TOC item --- browsers/internet-explorer/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md index ceb4d9b0f2..060f6ffb99 100644 --- a/browsers/internet-explorer/TOC.md +++ b/browsers/internet-explorer/TOC.md @@ -188,5 +188,4 @@ ### [Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md) ## KB Troubleshoot -### [Clear the Internet Explorer cache from a command line](kb-support/clear-ie-cache-from-command-line.md) ### [Internet Explorer and Microsoft Edge FAQ for IT Pros](kb-support/ie-edge-faqs.md) From 54e20894b4e9d3bc48ddc631984bdb9909e2a4b9 Mon Sep 17 00:00:00 2001 From: Steven DeQuincey <54139783+stdequin@users.noreply.github.com> Date: Wed, 3 Jun 2020 10:33:09 +0100 Subject: [PATCH 60/99] Updated faq Added in partner question on moving devices between orgs and needing to deregister a device, --- windows/deployment/windows-autopilot/autopilot-faq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md index 616f6b21ce..1cbfeeb11b 100644 --- a/windows/deployment/windows-autopilot/autopilot-faq.md +++ b/windows/deployment/windows-autopilot/autopilot-faq.md @@ -144,6 +144,7 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the | What are some common causes of registration failures? |1. Bad or missing hardware hash entries can lead to faulty registration attempts
        2. Hidden special characters in CSV files.

        To avoid this issue, after creating your CSV file, open it in Notepad to look for hidden characters or trailing spaces or other corruptions.| | Is Autopilot supported on IoT devices? | Autopilot is not supported on IoT Core devices, and there are currently no plans to add this support. Autopilot is supported on Windows 10 IoT Enterprise SAC devices. Autopilot is supported on Windows 10 Enterprise LTSC 2019 and above; it is not supported on earlier versions of LTSC.| | Is Autopilot supported in all regions/countries? | Autopilot only supports customers using global Azure. Global Azure does not include the three entities listed below:
        - Azure Germany
        - Azure China 21Vianet
        - Azure Government
        So, if a customer is set up in global Azure, there are no region restrictions. For example, if Contoso uses global Azure but has employees working in China, the Contoso employees working in China would be able to use Autopilot to deploy devices. If Contoso uses Azure China 21Vianet, the Contoso employees would not be able to use Autopilot.| +| I need to register a device that's been previously registered to another organisation. | Partners registering devices through partner center can also deregister the device if it's moving between different customer tenants. If this isn't possible, as a last resort you can raise a ticket through the Intune "Help and Support" node and our support teams will assist you. | ## Glossary From f68e8f52d91a4f515a4bb9329ba0ea33ff0832e6 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 3 Jun 2020 09:17:55 -0700 Subject: [PATCH 61/99] Resolved merge conflict --- .../troubleshoot-onboarding.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index 8d70878821..4329b7da6a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -70,13 +70,8 @@ Event ID | Error Type | Resolution steps :---|:---|:--- 5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. 10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically
        ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
        Verify that the script has been run as an administrator. -<<<<<<< HEAD 15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).

        If the device is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the device. If rebooting the device doesn't address the issue, upgrade to KB4015217 and try onboarding again. -15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) for instructions. -======= -15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).

        If the machine is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again. -15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred. You need to enable the Microsoft Defender Antivirus ELAM driver, see [Ensure that Microsoft Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy) for instructions. ->>>>>>> master +15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Microsoft Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) for instructions. 30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location
        ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.
        The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). @@ -135,13 +130,8 @@ If the deployment tools used does not indicate an error in the onboarding proces - [View agent onboarding errors in the device event log](#view-agent-onboarding-errors-in-the-device-event-log) - [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled) - [Ensure the service is set to start](#ensure-the-service-is-set-to-start) -<<<<<<< HEAD - [Ensure the device has an Internet connection](#ensure-the-device-has-an-internet-connection) -- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) -======= -- [Ensure the machine has an Internet connection](#ensure-the-machine-has-an-internet-connection) - [Ensure that Microsoft Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy) ->>>>>>> master ### View agent onboarding errors in the device event log From 4fe0ab08b6ef7653ea884d59f69ef8550bc080a7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 3 Jun 2020 09:38:10 -0700 Subject: [PATCH 62/99] machine --> device updates --- .../microsoft-defender-atp/machines-view-overview.md | 2 +- .../microsoft-defender-atp/portal-overview.md | 5 ----- .../microsoft-defender-atp/respond-machine-alerts.md | 5 ----- .../microsoft-defender-atp/web-content-filtering.md | 12 ++++++------ 4 files changed, 7 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md index 49bdd23d6a..54ac78a662 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md @@ -53,7 +53,7 @@ The risk level reflects the overall risk assessment of the device based on a com ### Exposure level -The exposure level reflects the current exposure of the machine based on the cumulative impact of its pending security recommendations. The possible levels are low, medium, and high. Low exposure means your machines are less vulnerable from exploitation. +The exposure level reflects the current exposure of the device based on the cumulative impact of its pending security recommendations. The possible levels are low, medium, and high. Low exposure means your devices are less vulnerable from exploitation. If the exposure level says "No data available," there are a few reasons why this may be the case: diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index 7e9859533e..01763b68b6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -80,13 +80,8 @@ Icon | Description ![Remediated icon](images/remediated-icon.png)| Remediated – Threat removed from the device. ![Not remediated icon](images/not-remediated-icon.png)| Not remediated – Threat not removed from the device. ![Thunderbolt icon](images/atp-thunderbolt-icon.png)| Indicates events that triggered an alert in the **Alert process tree**. -<<<<<<< HEAD ![Device icon](images/atp-machine-icon.png)| Device icon -![Windows Defender AV events icon](images/atp-windows-defender-av-events-icon.png)| Windows Defender Antivirus events -======= -![Machine icon](images/atp-machine-icon.png)| Machine icon ![Windows Defender AV events icon](images/atp-windows-defender-av-events-icon.png)| Microsoft Defender Antivirus events ->>>>>>> master ![Application Guard events icon](images/atp-Application-Guard-events-icon.png)| Windows Defender Application Guard events ![Device Guard events icon](images/atp-Device-Guard-events-icon.png)| Windows Defender Device Guard events ![Exploit Guard events icon](images/atp-Exploit-Guard-events-icon.png)| Windows Defender Exploit Guard events diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md index 616bd6c833..64d2fc5394 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md @@ -129,13 +129,8 @@ The Action center will show the scan information and the device timeline will in In addition to containing an attack by stopping malicious processes, you can also lock down a device and prevent subsequent attempts of potentially malicious programs from running. >[!IMPORTANT] -<<<<<<< HEAD -> - This action is available for devices on Windows 10, version 1709 or later. -> - This feature is available if your organization uses Windows Defender Antivirus. -======= > - This action is available for machines on Windows 10, version 1709 or later. > - This feature is available if your organization uses Microsoft Defender Antivirus. ->>>>>>> master > - This action needs to meet the Windows Defender Application Control code integrity policy formats and signing requirements. For more information, see [Code integrity policy formats and signing](https://docs.microsoft.com/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard#code-integrity-policy-formats-and-signing). To restrict an application from running, a code integrity policy is applied that only allows files to run if they are signed by a Microsoft issued certificate. This method of restriction can help prevent an attacker from controlling compromised devices and performing further malicious activities. diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index a57bc668cb..0a88bbdd1d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -110,11 +110,11 @@ To add a new policy: 1. Select **Add policy** on the **Web content filtering** page in **Settings**. 2. Specify a name. 3. Select the categories to block. Use the expand icon to fully expand each parent category and select specific web content categories. -4. Specify the policy scope. Select the device groups to specify where to apply the policy. Only machines in the selected machine groups will be prevented from accessing websites in the selected categories. -5. Review the summary and save the policy. The policy may take up to 15 minutes to apply to your selected machines. +4. Specify the policy scope. Select the device groups to specify where to apply the policy. Only devices in the selected device groups will be prevented from accessing websites in the selected categories. +5. Review the summary and save the policy. The policy may take up to 15 minutes to apply to your selected devices. >[!NOTE] ->If you are removing a policy or changing machine groups at the same time, this might cause a delay in policy deployment. +>If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment. ## Web content filtering cards and details @@ -142,7 +142,7 @@ This card displays the total number of requests for web content in all URLs. ### View card details -You can access the **Report details** for each card by selecting a table row or colored bar from the chart in the card. The report details page for each card contains extensive statistical data about web content categories, website domains, and machine groups. +You can access the **Report details** for each card by selecting a table row or colored bar from the chart in the card. The report details page for each card contains extensive statistical data about web content categories, website domains, and device groups. ![Image of web protection report details](images/web-protection-report-details.png) @@ -150,7 +150,7 @@ You can access the **Report details** for each card by selecting a table row or - **Domains**: Lists the web domains that have been accessed or blocked in your organization. Select a specific domain to view detailed information about that domain. -- **Machine groups**: Lists all the machine groups that have generated web activity in your organization +- **Device groups**: Lists all the device groups that have generated web activity in your organization Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item. @@ -162,7 +162,7 @@ You need to be logged in to an AAD account with either App administrator or Glob ### Limitations and known issues in this preview -- Unassigned machines will have incorrect data shown within the report. In the Report details > Machine groups pivot, you may see a row with a blank Machine Group field. This group contains your unassigned machines in the interim before they get put into your specified group. The report for this row may not contain an accurate count of machines or access counts. +- Unassigned devices will have incorrect data shown within the report. In the Report details > Device groups pivot, you may see a row with a blank Device Group field. This group contains your unassigned devices in the interim before they get put into your specified group. The report for this row may not contain an accurate count of devices or access counts. - The data in our reports may not be congruent with other data on the site. We currently do not support real-time data processing for this feature, so you may see inconsistencies between the data in our reports and the URL entity page. From 68282143bb219a34bcaf8f8c616ab67f319e44da Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 3 Jun 2020 09:48:37 -0700 Subject: [PATCH 63/99] Fixed build warnings --- .../microsoft-defender-atp/defender-compatibility.md | 2 +- .../microsoft-defender-atp/respond-machine-alerts.md | 2 +- .../microsoft-defender-atp/troubleshoot-onboarding.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md index 01962b10ce..977fd10236 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md @@ -35,7 +35,7 @@ The Microsoft Defender Advanced Threat Protection agent depends on Microsoft Def >[!IMPORTANT] >Microsoft Defender ATP does not adhere to the Microsoft Defender Antivirus Exclusions settings. -You must configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). +You must configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). If an onboarded device is protected by a third-party antimalware client, Microsoft Defender Antivirus on that endpoint will enter into passive mode. diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md index 64d2fc5394..34d44a804c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md @@ -129,7 +129,7 @@ The Action center will show the scan information and the device timeline will in In addition to containing an attack by stopping malicious processes, you can also lock down a device and prevent subsequent attempts of potentially malicious programs from running. >[!IMPORTANT] -> - This action is available for machines on Windows 10, version 1709 or later. +> - This action is available for devices on Windows 10, version 1709 or later. > - This feature is available if your organization uses Microsoft Defender Antivirus. > - This action needs to meet the Windows Defender Application Control code integrity policy formats and signing requirements. For more information, see [Code integrity policy formats and signing](https://docs.microsoft.com/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard#code-integrity-policy-formats-and-signing). diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index 4329b7da6a..130c392e8d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -71,7 +71,7 @@ Event ID | Error Type | Resolution steps 5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. 10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically
        ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
        Verify that the script has been run as an administrator. 15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).

        If the device is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the device. If rebooting the device doesn't address the issue, upgrade to KB4015217 and try onboarding again. -15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Microsoft Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) for instructions. +15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Microsoft Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy) for instructions. 30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location
        ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.
        The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). From a064ee8ebbdfdd47d155f79f25c9f531637ec23b Mon Sep 17 00:00:00 2001 From: Obi Eze Ajoku <62227226+linque1@users.noreply.github.com> Date: Wed, 3 Jun 2020 09:52:28 -0700 Subject: [PATCH 64/99] Added warnings and Edge Policies link Added warnings and Edge Policies link --- ...s-operating-system-components-to-microsoft-services.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 6085890428..a363c7cdb1 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -14,7 +14,7 @@ ms.author: obezeajo manager: robsize ms.collection: M365-security-compliance ms.topic: article -ms.date: 5/14/2020 +ms.date: 6/3/2020 --- # Manage connections from Windows 10 operating system components to Microsoft services @@ -37,7 +37,9 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline] > - The **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied. > [!Warning] -> If a user executes the **Reset this PC** command (Settings -> Update & Security -> Recovery) with the **Keep my files option** (or the **Remove Everything** option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order to re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline settings. +> - If a user executes the **Reset this PC** command (Settings -> Update & Security -> Recovery) with the **Keep my files option** (or the **Remove Everything** option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order to re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline settings. +> - To restrict a device effectively (first time or subsequently), it is recommended to apply the Restricted Traffic Limited Functionality Baseline settings package in offline mode. +> - During update or upgrade of Windows, egress traffic may occur. To use Microsoft Intune cloud based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm) @@ -550,7 +552,7 @@ To disable the Microsoft Account Sign-In Assistant: ### 13. Microsoft Edge -Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682). +Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682) and [Configure Microsoft Edge policy settings on Windows](https://docs.microsoft.com/en-us/DeployEdge/configure-microsoft-edge). ### 13.1 Microsoft Edge Group Policies From db3151b60b75d50d897c47a850376422052f0888 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 3 Jun 2020 10:22:12 -0700 Subject: [PATCH 65/99] pencil edit --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index a363c7cdb1..7d7448f4d5 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -552,7 +552,7 @@ To disable the Microsoft Account Sign-In Assistant: ### 13. Microsoft Edge -Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682) and [Configure Microsoft Edge policy settings on Windows](https://docs.microsoft.com/en-us/DeployEdge/configure-microsoft-edge). +Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682) and [Configure Microsoft Edge policy settings on Windows](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge). ### 13.1 Microsoft Edge Group Policies From 4c5f134d04b6b70b817e7492e7fe0134d06130a5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 12:53:22 -0700 Subject: [PATCH 66/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index a4e6e02c6d..3b1df50bb1 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -12863,7 +12863,7 @@ }, { "source_path": "windows/keep-secure/use-intune-config-manager-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus", "redirect_document_id": true }, { From 5e5fe04f3364aa6cb856b270c2d624bd822cc318 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 12:54:32 -0700 Subject: [PATCH 67/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 3b1df50bb1..fa1ce5201f 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2043,12 +2043,12 @@ }, { "source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", "redirect_document_id": false }, { From 75295d6976b5c2474d31849fc077ef22461fbc88 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 3 Jun 2020 12:57:20 -0700 Subject: [PATCH 68/99] Added DDF downloadable links --- .../mdm/assignedaccess-csp.md | 2 - .../mdm/bitlocker-ddf-file.md | 3 - ...onfiguration-service-provider-reference.md | 6 +- windows/client-management/mdm/defender-csp.md | 3 - windows/client-management/mdm/defender-ddf.md | 1 - .../mdm/devdetail-ddf-file.md | 6 +- .../mdm/dmprocessconfigxmlfiltered.md | 4 +- .../mdm/enterprisemodernappmanagement-ddf.md | 3 - windows/client-management/mdm/office-ddf.md | 3 - .../policy-configuration-service-provider.md | 3 - .../mdm/policy-csp-activexcontrols.md | 2 + .../client-management/mdm/policy-csp-audit.md | 4 - .../client-management/mdm/policy-csp-bits.md | 4 - .../mdm/policy-csp-browser.md | 2 + .../mdm/policy-csp-credentialproviders.md | 2 + .../mdm/policy-csp-deviceguard.md | 3 - .../mdm/policy-csp-deviceinstallation.md | 3 - .../mdm/policy-csp-dmaguard.md | 3 - .../mdm/policy-csp-education.md | 3 - .../mdm/policy-csp-kerberos.md | 3 - .../mdm/policy-csp-restrictedgroups.md | 2 - .../mdm/policy-csp-security.md | 3 - .../client-management/mdm/policy-csp-start.md | 3 - .../mdm/policy-csp-taskmanager.md | 3 - .../mdm/policy-csp-textinput.md | 4 - .../mdm/policy-csp-update.md | 3 - ...olicy-csp-windowsdefendersecuritycenter.md | 3 - .../client-management/mdm/policy-ddf-file.md | 5054 ++++++++++++++++- .../client-management/mdm/supl-ddf-file.md | 5 +- 29 files changed, 4879 insertions(+), 264 deletions(-) diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index b8eb37197c..3a48ac399e 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -14,8 +14,6 @@ ms.date: 09/18/2018 # AssignedAccess CSP -**Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.** - The AssignedAccess configuration service provider (CSP) is used to set the device to run in kiosk mode. Once the CSP has been executed, then the next user login that is associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration. For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](https://go.microsoft.com/fwlink/p/?LinkID=722211) diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index 19421997ba..edf7ea7a4b 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -14,9 +14,6 @@ manager: dansimp # BitLocker DDF file -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - This topic shows the OMA DM device description framework (DDF) for the **BitLocker** configuration service provider. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index f93af2f2a2..59751b300b 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -9,14 +9,11 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 05/11/2020 +ms.date: 06/03/2020 --- # Configuration service provider reference -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot. For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224). For CSP DDF files, see [CSP DDF files download](#csp-ddf-files-download). @@ -2699,6 +2696,7 @@ Additional lists: ## CSP DDF files download You can download the DDF files for various CSPs from the links below: +- [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip) - [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip) - [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip) - [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index a9993b1e63..8c398e4992 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -15,9 +15,6 @@ ms.date: 10/21/2019 # Defender CSP -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise. The following image shows the Windows Defender configuration service provider in tree format. diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index e5c1dcd59e..6ca8fc6f49 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -15,7 +15,6 @@ ms.date: 10/21/2019 # Defender DDF file - This topic shows the OMA DM device description framework (DDF) for the **Defender** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index 47df0219d5..0ab07220b6 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -9,14 +9,11 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 07/11/2018 +ms.date: 06/03/2020 --- # DevDetail DDF file -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - This topic shows the OMA DM device description framework (DDF) for the **DevDetail** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). @@ -724,4 +721,5 @@ The XML below is the current version for this CSP. + ``` diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index 25b59bccc1..6bfc9c4ef7 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -24,8 +24,8 @@ ms.date: 06/26/2017 # DMProcessConfigXMLFiltered function -> **Important**   -The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. Please see [Connectivity configuration](https://msdn.microsoft.com/library/windows/hardware/dn757424) for more information about the new process for provisioning connectivity configuration. However, this function is still supported for other OEM uses. +[!Important] +> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. Please see [Connectivity configuration](https://msdn.microsoft.com/library/windows/hardware/dn757424) for more information about the new process for provisioning connectivity configuration. However, this function is still supported for other OEM uses. Configures phone settings by using OMA Client Provisioning XML. Use of this function is strictly limited to the following scenarios. diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md index c9d550f250..aa2cdb680b 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md @@ -14,9 +14,6 @@ ms.date: 10/01/2019 # EnterpriseModernAppManagement DDF -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - This topic shows the OMA DM device description framework (DDF) for the **EnterpriseModernAppManagement** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md index 7f8b60345e..88e2b4dee5 100644 --- a/windows/client-management/mdm/office-ddf.md +++ b/windows/client-management/mdm/office-ddf.md @@ -14,9 +14,6 @@ ms.date: 08/15/2018 # Office DDF -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - This topic shows the OMA DM device description framework (DDF) for the **Office** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 047fef66ae..0a8b288709 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -15,9 +15,6 @@ ms.date: 07/18/2019 # Policy CSP -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies. The Policy configuration service provider has the following sub-categories: diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index d14be473a2..de8b3c5a94 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -109,6 +109,8 @@ Footnotes: - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. +- 7 - Added in Windows 10, version 1909. +- 8 - Added in Windows 10, version 2004. diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 96103d4ca7..378f92cb1b 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -12,10 +12,6 @@ ms.date: 09/27/2019 # Policy CSP - Audit -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - -

        diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index d7f56e3f4c..d4c64c584f 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -14,10 +14,6 @@ manager: dansimp # Policy CSP - BITS -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - - The following bandwidth policies are used together to define the bandwidth-throttling schedule and transfer rate. - BITS/BandwidthThrottlingEndTime diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 4b686d7c13..3f68b4b8cb 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -4303,5 +4303,7 @@ Footnotes: - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. +- 7 - Added in Windows 10, version 1909. +- 8 - Added in Windows 10, version 2004. diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 003b1ca8d3..d9cc3f9647 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -249,6 +249,8 @@ Footnotes: - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. +- 7 - Added in Windows 10, version 1909. +- 8 - Added in Windows 10, version 2004. diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index f34ee27dd5..00ab26dd22 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - DeviceGuard -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
        diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 4ced8ce8ab..f1c54d540a 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -14,9 +14,6 @@ ms.localizationpriority: medium # Policy CSP - DeviceInstallation -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
        diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index 08eaddf872..d553a30d50 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - DmaGuard -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
        diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 3f4beef3e9..e316fbdb3f 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - Education -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
        diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 200fde9087..f61798a6d7 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - Kerberos -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
        diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 4935d3f947..1707ca7bfc 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -14,8 +14,6 @@ manager: dansimp # Policy CSP - RestrictedGroups -> [!WARNING] -> Some information in this article relates to prereleased products, which may be substantially modified before they are commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
        diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 0a4dcd146d..46499d7701 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - Security -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
        diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index c5e74893fc..17a91ff2d8 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - Start -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
        diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index 8a69418c47..7d502e9af7 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - TaskManager -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
        diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index a116d3b084..79e47c91f8 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -16,10 +16,6 @@ manager: dansimp -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before they are commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - -
        diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 9949285fca..3942b48f24 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - Update -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - > [!NOTE] > If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 4db39b31f2..86ea14fd52 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - WindowsDefenderSecurityCenter -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
        diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index 8a9c1a34dc..7a522ee312 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 05/21/2019 +ms.date: 06/03/2020 --- # Policy DDF file @@ -20,6 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy* You can view various Policy DDF files by clicking the following links: +- [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml) - [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml) - [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml) - [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml) @@ -31,7 +32,7 @@ You can view various Policy DDF files by clicking the following links: You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is the DDF for Windows 10, version 1903. +The XML below is the DDF for Windows 10, version 2004. ```xml @@ -57,7 +58,7 @@ The XML below is the DDF for Windows 10, version 1903. - com.microsoft/9.0/MDM/Policy + com.microsoft/10.0/MDM/Policy @@ -1646,7 +1647,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. -When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and extension. +When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension. When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. @@ -1657,11 +1658,11 @@ If disabled or not configured, extensions defined as part of this policy get ign Default setting: Disabled or not configured Related policies: Allow Developer Tools Related Documents: -- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn) -- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business) -- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy) -- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business) -- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows) +- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) +- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business) +- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy) +- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows) @@ -2119,6 +2120,30 @@ Related policy: + + AllowGraphingCalculator + + + + + + + + This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, users will be able to access graphing functionality. + + + + + + + + + + + text/plain + + + DefaultPrinterName @@ -11023,7 +11048,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. -When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and extension. +When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension. When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. @@ -11034,11 +11059,11 @@ If disabled or not configured, extensions defined as part of this policy get ign Default setting: Disabled or not configured Related policies: Allow Developer Tools Related Documents: -- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn) -- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business) -- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy) -- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business) -- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows) +- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) +- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business) +- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy) +- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows) @@ -11541,6 +11566,33 @@ Related policy: + + AllowGraphingCalculator + + + + + 1 + This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, users will be able to access graphing functionality. + + + + + + + + + + + text/plain + + + Programs.admx + Programs~AT~WindowsComponents~Calculator + AllowGraphingCalculator + LowestValueMostSecure + + DefaultPrinterName @@ -19509,7 +19561,7 @@ Related policy: - com.microsoft/9.0/MDM/Policy + com.microsoft/10.0/MDM/Policy @@ -19578,6 +19630,99 @@ Related policy: + + Properties + + + + + + + Properties of Win32 App ADMX Ingestion + + + + + + + + + + + + + + + * + + + + + + + Setting Type of Win32 App. Policy Or Preference + + + + + + + + + + + + + + + * + + + + + + + Unique ID of ADMX file + + + + + + + + + + + + + + + Version + + + + + + + + Version of ADMX file + + + + + + + + + + + + + + + + + * @@ -19607,6 +19752,7 @@ Related policy: + Unique ID of ADMX file @@ -20165,6 +20311,30 @@ Related policy: + + BlockNonAdminUserInstall + + + + + + + + + + + + + + + + + + + text/plain + + + DisableStoreOriginatedApps @@ -21098,6 +21268,1785 @@ Related policy: + + Audit + + + + + + + + + + + + + + + + + + + + + AccountLogon_AuditCredentialValidation + + + + + + + + This policy setting allows you to audit events generated by validation tests on user account logon credentials. + +Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative. + + + + + + + + + + + text/plain + + + + + AccountLogon_AuditKerberosAuthenticationService + + + + + + + + This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests. + +If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits record unsuccessful requests. +If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT request. + + + + + + + + + + + text/plain + + + + + AccountLogon_AuditKerberosServiceTicketOperations + + + + + + + + This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts. + +If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audits record successful requests and Failure audits record unsuccessful requests. +If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account. + + + + + + + + + + + text/plain + + + + + AccountLogon_AuditOtherAccountLogonEvents + + + + + + + + This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets. + +Currently, there are no events in this subcategory. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditAccountLockout + + + + + + + + This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out. + +If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts. + +Logon events are essential for understanding user activity and to detect potential attacks. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditGroupMembership + + + + + + + + This policy allows you to audit the group memberhsip information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. + +When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group memberhsip information cannot fit in a single security audit event. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditIPsecExtendedMode + + + + + + + + This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. + +If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditIPsecMainMode + + + + + + + + This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. + +If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditIPsecQuickMode + + + + + + + + This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. + +If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.If + you do not configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditLogoff + + + + + + + + This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to. + +If you configure this policy setting, an audit event is generated when a logon session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions. +If you do not configure this policy setting, no audit event is generated when a logon session is closed. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditLogon + + + + + + + + This policy setting allows you to audit events generated by user account logon attempts on the computer. +Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the computer that the user account logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. The following events are included: + Successful logon attempts. + Failed logon attempts. + Logon attempts using explicit credentials. This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch logon configurations, such as scheduled tasks or when using the RUNAS command. + Security identifiers (SIDs) were filtered and not allowed to log on. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditNetworkPolicyServer + + + + + + + + This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock. +If you configure this policy setting, an audit event is generated for each IAS and NAP user access request. Success audits record successful user access requests and Failure audits record unsuccessful attempts. +If you do not configure this policy settings, IAS and NAP user access requests are not audited. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditOtherLogonLogoffEvents + + + + + + + + This policy setting allows you to audit other logon/logoff-related events that are not covered in the “Logon/Logoff” policy setting such as the following: + Terminal Services session disconnections. + New Terminal Services sessions. + Locking and unlocking a workstation. + Invoking a screen saver. + Dismissal of a screen saver. + Detection of a Kerberos replay attack, in which a Kerberos request was received twice with identical information. This condition could be caused by network misconfiguration. + Access to a wireless network granted to a user or computer account. + Access to a wired 802.1x network granted to a user or computer account. + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditSpecialLogon + + + + + + + + This policy setting allows you to audit events generated by special logons such as the following : + The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. + A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see article 947223 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=121697). + + + + + + + + + + + text/plain + + + + + AccountLogonLogoff_AuditUserDeviceClaims + + + + + + + + This policy allows you to audit user and device claims information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. + +User claims are added to a logon token when claims are included with a user's account attributes in Active Directory. Device claims are added to the logon token when claims are included with a device's computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on. + +When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event. + + + + + + + + + + + text/plain + + + + + AccountManagement_AuditApplicationGroupManagement + + + + + + + + This policy setting allows you to audit events generated by changes to application groups such as the following: + Application group is created, changed, or deleted. + Member is added or removed from an application group. + +If you configure this policy setting, an audit event is generated when an attempt to change an application group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an application group changes. + + + + + + + + + + + text/plain + + + + + AccountManagement_AuditComputerAccountManagement + + + + + + + + This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted. + +If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a computer account changes. + + + + + + + + + + + text/plain + + + + + AccountManagement_AuditDistributionGroupManagement + + + + + + + + This policy setting allows you to audit events generated by changes to distribution groups such as the following: + Distribution group is created, changed, or deleted. + Member is added or removed from a distribution group. + Distribution group type is changed. + +If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a distribution group changes. + +Note: Events in this subcategory are logged only on domain controllers. + + + + + + + + + + + text/plain + + + + + AccountManagement_AuditOtherAccountManagementEvents + + + + + + + + This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following: + The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration. + The Password Policy Checking API was called. Calls to this function can be part of an attack when a malicious application tests the policy to reduce the number of attempts during a password dictionary attack. + Changes to the Default Domain Group Policy under the following Group Policy paths: +Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy +Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy + + + + + + + + + + + text/plain + + + + + AccountManagement_AuditSecurityGroupManagement + + + + + + + + This policy setting allows you to audit events generated by changes to security groups such as the following: + Security group is created, changed, or deleted. + Member is added or removed from a security group. + Group type is changed. + +If you configure this policy setting, an audit event is generated when an attempt to change a security group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a security group changes. + + + + + + + + + + + text/plain + + + + + AccountManagement_AuditUserAccountManagement + + + + + + + + This policy setting allows you to audit changes to user accounts. Events include the following: + A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked. + A user account’s password is set or changed. + A security identifier (SID) is added to the SID History of a user account. + The Directory Services Restore Mode password is configured. + Permissions on administrative user accounts are changed. + Credential Manager credentials are backed up or restored. + +If you configure this policy setting, an audit event is generated when an attempt to change a user account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated when a user account changes. + + + + + + + + + + + text/plain + + + + + DetailedTracking_AuditDPAPIActivity + + + + + + + + This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see https://go.microsoft.com/fwlink/?LinkId=121720. + +If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests. +If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI. + + + + + + + + + + + text/plain + + + + + DetailedTracking_AuditPNPActivity + + + + + + + + This policy setting allows you to audit when plug and play detects an external device. + +If you configure this policy setting, an audit event is generated whenever plug and play detects an external device. Only Success audits are recorded for this category. +If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play. + + + + + + + + + + + text/plain + + + + + DetailedTracking_AuditProcessCreation + + + + + + + + This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited. + +If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a process is created. + + + + + + + + + + + text/plain + + + + + DetailedTracking_AuditProcessTermination + + + + + + + + This policy setting allows you to audit events generated when a process ends. + +If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a process ends. + + + + + + + + + + + text/plain + + + + + DetailedTracking_AuditRPCEvents + + + + + + + + This policy setting allows you to audit inbound remote procedure call (RPC) connections. + +If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a remote RPC connection is attempted. + + + + + + + + + + + text/plain + + + + + DetailedTracking_AuditTokenRightAdjusted + + + + + + + + This policy setting allows you to audit events generated by adjusting the privileges of a token. + + + + + + + + + + + text/plain + + + + + DSAccess_AuditDetailedDirectoryServiceReplication + + + + + + + + This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers. + + + + + + + + + + + text/plain + + + + + DSAccess_AuditDirectoryServiceAccess + + + + + + + + This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. + +Only AD DS objects with a matching system access control list (SACL) are logged. + +Events in this subcategory are similar to the Directory Service Access events available in previous versions of Windows. + + + + + + + + + + + text/plain + + + + + DSAccess_AuditDirectoryServiceChanges + + + + + + + + This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. + +When possible, events logged in this subcategory indicate the old and new values of the object’s properties. + +Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged. + +Note: Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema. + +If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded. +If you do not configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made. + + + + + + + + + + + text/plain + + + + + DSAccess_AuditDirectoryServiceReplication + + + + + + + + This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers. + +If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessful replication. +If you do not configure this policy setting, no audit event is generated during AD DS replication. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditApplicationGenerated + + + + + + + + This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function. +Events in this subcategory include: + Creation of an application client context. + Deletion of an application client context. + Initialization of an application client context. + Other application operations using the Windows Auditing APIs. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditCentralAccessPolicyStaging + + + + + + + + This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object. + +If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event will be generated as follows: +1) Success audits, when configured, records access attempts when the current central access policy grants access but the proposed policy denies access. +2) Failure audits when configured records access attempts when: + a) The current central access policy does not grant access but the proposed policy grants access. + b) A principal requests the maximum access rights they are allowed and the access rights granted by the current central access policy are different than the access rights granted by the proposed policy. + +Volume: Potentially high on a file server when the proposed policy differs significantly from the current central access policy. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditCertificationServices + + + + + + + + This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations. +AD CS operations include the following: + AD CS startup/shutdown/backup/restore. + Changes to the certificate revocation list (CRL). + New certificate requests. + Issuing of a certificate. + Revocation of a certificate. + Changes to the Certificate Manager settings for AD CS. + Changes in the configuration of AD CS. + Changes to a Certificate Services template. + Importing of a certificate. + Publishing of a certification authority certificate is to Active Directory Domain Services. + Changes to the security permissions for AD CS. + Archival of a key. + Importing of a key. + Retrieval of a key. + Starting of Online Certificate Status Protocol (OCSP) Responder Service. + Stopping of Online Certificate Status Protocol (OCSP) Responder Service. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditDetailedFileShare + + + + + + + + This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. + +If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures. + +Note: There are no system access control lists (SACLs) for shared folders. If this policy setting is enabled, access to all shared files and folders on the system is audited. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditFileShare + + + + + + + + This policy setting allows you to audit attempts to access a shared folder. + +If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures. + +Note: There are no system access control lists (SACLs) for shared folders. If this policy setting is enabled, access to all shared folders on the system is audited. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditFileSystem + + + + + + + + This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see https://go.microsoft.com/fwlink/?LinkId=122083. + +If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL. + +Note: You can set a SACL on a file system object using the Security tab in that object's Properties dialog box. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditFilteringPlatformConnection + + + + + + + + This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included: + The Windows Firewall Service blocks an application from accepting incoming connections on the network. + The WFP allows a connection. + The WFP blocks a connection. + The WFP permits a bind to a local port. + The WFP blocks a bind to a local port. + The WFP allows a connection. + The WFP blocks a connection. + The WFP permits an application or service to listen on a port for incoming connections. + The WFP blocks an application or service to listen on a port for incoming connections. + +If you configure this policy setting, an audit event is generated when connections are allowed or blocked by the WFP. Success audits record events generated when connections are allowed and Failure audits record events generated when connections are blocked. +If you do not configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditFilteringPlatformPacketDrop + + + + + + + + This policy setting allows you to audit packets that are dropped by Windows Filtering Platform (WFP). + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditHandleManipulation + + + + + + + + This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. + +If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a handle is manipulated. + +Note: Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditKernelObject + + + + + + + + This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. +Only kernel objects with a matching system access control list (SACL) generate security audit events. + +Note: The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditOtherObjectAccessEvents + + + + + + + + This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. +For scheduler jobs, the following are audited: + Job created. + Job deleted. + Job enabled. + Job disabled. + Job updated. +For COM+ objects, the following are audited: + Catalog object added. + Catalog object updated. + Catalog object deleted. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditRegistry + + + + + + + + This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. + +If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL. + +Note: You can set a SACL on a registry object using the Permissions dialog box. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditRemovableStorage + + + + + + + + This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested. + +If you configure this policy setting, an audit event is generated each time an account accesses a file system object on a removable storage. Success audits record successful attempts and Failure audits record unsuccessful attempts. + +If you do not configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage. + + + + + + + + + + + text/plain + + + + + ObjectAccess_AuditSAM + + + + + + + + This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. +SAM objects include the following: + SAM_ALIAS -- A local group. + SAM_GROUP -- A group that is not a local group. + SAM_USER – A user account. + SAM_DOMAIN – A domain. + SAM_SERVER – A computer account. +If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made. +Note: Only the System Access Control List (SACL) for SAM_SERVER can be modified. +Volume: High on domain controllers. For information about reducing the amount of events generated in this subcategory, see article 841001 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=121698). + + + + + + + + + + + text/plain + + + + + PolicyChange_AuditAuthenticationPolicyChange + + + + + + + + This policy setting allows you to audit events generated by changes to the authentication policy such as the following: + Creation of forest and domain trusts. + Modification of forest and domain trusts. + Removal of forest and domain trusts. + Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy. + Granting of any of the following user rights to a user or group: + Access This Computer From the Network. + Allow Logon Locally. + Allow Logon Through Terminal Services. + Logon as a Batch Job. + Logon a Service. + Namespace collision. For example, when a new trust has the same name as an existing namespace name. + +If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when the authentication policy is changed. + +Note: The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified. + + + + + + + + + + + text/plain + + + + + PolicyChange_AuditAuthorizationPolicyChange + + + + + + + + This policy setting allows you to audit events generated by changes to the authorization policy such as the following: + Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory. + Removal of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory. + Changes in the Encrypted File System (EFS) policy. + Changes to the Resource attributes of an object. + Changes to the Central Access Policy (CAP) applied to an object. + +If you configure this policy setting, an audit event is generated when an attempt to change the authorization policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when the authorization policy changes. + + + + + + + + + + + text/plain + + + + + PolicyChange_AuditFilteringPlatformPolicyChange + + + + + + + + This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP) such as the following: + IPsec services status. + Changes to IPsec policy settings. + Changes to Windows Firewall policy settings. + Changes to WFP providers and engine. + +If you configure this policy setting, an audit event is generated when a change to the WFP is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a change occurs to the WFP. + + + + + + + + + + + text/plain + + + + + PolicyChange_AuditMPSSVCRuleLevelPolicyChange + + + + + + + + This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following: + Reporting of active policies when Windows Firewall service starts. + Changes to Windows Firewall rules. + Changes to Windows Firewall exception list. + Changes to Windows Firewall settings. + Rules ignored or not applied by Windows Firewall Service. + Changes to Windows Firewall Group Policy settings. + +If you configure this policy setting, an audit event is generated by attempts to change policy rules used by the MPSSVC. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC. + + + + + + + + + + + text/plain + + + + + PolicyChange_AuditOtherPolicyChangeEvents + + + + + + + + This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following: + Trusted Platform Module (TPM) configuration changes. + Kernel-mode cryptographic self tests. + Cryptographic provider operations. + Cryptographic context operations or modifications. + Applied Central Access Policies (CAPs) changes. + Boot Configuration Data (BCD) modifications. + + + + + + + + + + + text/plain + + + + + PolicyChange_AuditPolicyChange + + + + + + + + This policy setting allows you to audit changes in the security audit policy settings such as the following: + Settings permissions and audit settings on the Audit Policy object. + Changes to the system audit policy. + Registration of security event sources. + De-registration of security event sources. + Changes to the per-user audit settings. + Changes to the value of CrashOnAuditFail. + Changes to the system access control list on a file system or registry object. + Changes to the Special Groups list. + +Note: System access control list (SACL) change auditing is done when a SACL for an object changes and the policy change category is enabled. Discretionary access control list (DACL) and ownership changes are audited when object access auditing is enabled and the object's SACL is configured for auditing of DACL/Owner change. + + + + + + + + + + + text/plain + + + + + PrivilegeUse_AuditNonSensitivePrivilegeUse + + + + + + + + This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights). +The following privileges are non-sensitive: + Access Credential Manager as a trusted caller. + Access this computer from the network. + Add workstations to domain. + Adjust memory quotas for a process. + Allow log on locally. + Allow log on through Terminal Services. + Bypass traverse checking. + Change the system time. + Create a pagefile. + Create global objects. + + Create permanent shared objects. + Create symbolic links. + Deny access this computer from the network. + Deny log on as a batch job. + Deny log on as a service. + Deny log on locally. + Deny log on through Terminal Services. + Force shutdown from a remote system. + Increase a process working set. + Increase scheduling priority. + Lock pages in memory. + Log on as a batch job. + Log on as a service. + Modify an object label. + Perform volume maintenance tasks. + Profile single process. + Profile system performance. + Remove computer from docking station. + Shut down the system. + Synchronize directory service data. + +If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful calls and Failure audits record unsuccessful calls. +If you do not configure this policy setting, no audit event is generated when a non-sensitive privilege is called. + + + + + + + + + + + text/plain + + + + + PrivilegeUse_AuditOtherPrivilegeUseEvents + + + + + + + + Not used. + + + + + + + + + + + text/plain + + + + + PrivilegeUse_AuditSensitivePrivilegeUse + + + + + + + + This policy setting allows you to audit events generated when sensitive privileges (user rights) are used such as the following: + A privileged service is called. + One of the following privileges are called: + Act as part of the operating system. + Back up files and directories. + Create a token object. + Debug programs. + Enable computer and user accounts to be trusted for delegation. + Generate security audits. + Impersonate a client after authentication. + Load and unload device drivers. + Manage auditing and security log. + Modify firmware environment values. + Replace a process-level token. + Restore files and directories. + Take ownership of files or other objects. + +If you configure this policy setting, an audit event is generated when sensitive privilege requests are made. Success audits record successful requests and Failure audits record unsuccessful requests. +If you do not configure this policy setting, no audit event is generated when sensitive privilege requests are made. + + + + + + + + + + + + text/plain + + + + + System_AuditIPsecDriver + + + + + + + + This policy setting allows you to audit events generated by the IPsec filter driver such as the following: + Startup and shutdown of the IPsec services. + Network packets dropped due to integrity check failure. + Network packets dropped due to replay check failure. + Network packets dropped due to being in plaintext. + Network packets received with incorrect Security Parameter Index (SPI). This may indicate that either the network card is not working correctly or the driver needs to be updated. + Inability to process IPsec filters. + +If you configure this policy setting, an audit event is generated on an IPsec filter driver operation. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated on an IPSec filter driver operation. + + + + + + + + + + + text/plain + + + + + System_AuditOtherSystemEvents + + + + + + + + This policy setting allows you to audit any of the following events: + Startup and shutdown of the Windows Firewall service and driver. + Security policy processing by the Windows Firewall Service. + Cryptography key file and migration operations. + + + + + + + + + + + text/plain + + + + + System_AuditSecurityStateChange + + + + + + + + This policy setting allows you to audit events generated by changes in the security state of the computer such as the following events: + Startup and shutdown of the computer. + Change of system time. + Recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured. + + + + + + + + + + + text/plain + + + + + System_AuditSecuritySystemExtension + + + + + + + + This policy setting allows you to audit events related to security system extensions or services such as the following: + A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM. + A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account. +If you configure this policy setting, an audit event is generated when an attempt is made to load a security system extension. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an attempt is made to load a security system extension. + + + + + + + + + + + text/plain + + + + + System_AuditSystemIntegrity + + + + + + + + This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following: + Events that could not be written to the event log because of a problem with the auditing system. + A process that uses a local procedure call (LPC) port that is not valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space. + The detection of a Remote Procedure Call (RPC) that compromises system integrity. + The detection of a hash value of an executable file that is not valid as determined by Code Integrity. + Cryptographic operations that compromise system integrity. + + + + + + + + + + + text/plain + + + + Authentication @@ -21759,6 +23708,30 @@ Related policy: + + SetMinimumEncryptionKeySize + + + + + + + + + + + + + + + + + + + text/plain + + + Browser @@ -23021,7 +24994,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. -When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and extension. +When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension. When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. @@ -23032,11 +25005,11 @@ If disabled or not configured, extensions defined as part of this policy get ign Default setting: Disabled or not configured Related policies: Allow Developer Tools Related Documents: -- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn) -- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business) -- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy) -- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business) -- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows) +- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) +- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business) +- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy) +- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows) @@ -25494,6 +27467,30 @@ Related policy: + + DOCacheHostSource + + + + + + + + + + + + + + + + + + + text/plain + + + DODelayBackgroundDownloadFromHttp @@ -25662,6 +27659,30 @@ Related policy: + + DOMaxBackgroundDownloadBandwidth + + + + + + + + + + + + + + + + + + + text/plain + + + DOMaxCacheAge @@ -25711,31 +27732,7 @@ Related policy: - DOMaxDownloadBandwidth - - - - - - - - - - - - - - - - - - - text/plain - - - - - DOMaxUploadBandwidth + DOMaxForegroundDownloadBandwidth @@ -25950,30 +27947,6 @@ Related policy: - - DOPercentageMaxDownloadBandwidth - - - - - - - - - - - - - - - - - - - text/plain - - - DOPercentageMaxForegroundBandwidth @@ -26328,6 +28301,30 @@ Related policy: + + AllowInstallationOfMatchingDeviceInstanceIDs + + + + + + + + + + + + + + + + + + + text/plain + + + AllowInstallationOfMatchingDeviceSetupClasses @@ -26424,6 +28421,30 @@ Related policy: + + PreventInstallationOfMatchingDeviceInstanceIDs + + + + + + + + + + + + + + + + + + + text/plain + + + PreventInstallationOfMatchingDeviceSetupClasses @@ -27888,6 +29909,124 @@ If you do not configure this policy setting, users will be able to choose whethe + + FactoryComposer + + + + + + + + + + + + + + + + + + + + + BackgroundImagePath + + + + + + + + + + + + + + + + + + + text/plain + + + + + OEMVersion + + + + + + + + + + + + + + + + + + + text/plain + + + + + UserToSignIn + + + + + + + + + + + + + + + + + + + text/plain + + + + + UWPLaunchOnBoot + + + + + + + + + + + + + + + + + + + text/plain + + + + FileExplorer @@ -28767,30 +30906,6 @@ If you do not configure this policy setting, users will be able to choose whethe - - DisableActiveXVersionListAutoDownload - - - - - - - - - - - - - - - - - - - text/plain - - - DisableAdobeFlash @@ -37961,6 +40076,102 @@ If the user has configured a slide show to run on the lock screen when the machi + + LetAppsAccessBackgroundSpatialPerception + + + + + + + + This policy setting specifies whether Windows apps can access the movement of the user's head, hands, motion controllers, and other tracked objects, while the apps are running in the background. + + + + + + + + + + + text/plain + + + + + LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps + + + + + + + + List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. + + + + + + + + + + + text/plain + + + + + LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps + + + + + + + + List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. + + + + + + + + + + + text/plain + + + + + LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps + + + + + + + + List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the user movements privacy setting for the listed apps. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. + + + + + + + + + + + text/plain + + + LetAppsAccessCalendar @@ -44048,6 +46259,90 @@ If you disable or do not configure this policy setting, File History can be acti + + ConfigureJapaneseIMEVersion + + + + + + + + This policy allows the IT admin to configure the Microsoft Japanese IME version in the desktop. +The following list shows the supported values: +0 (default) – The new Microsoft Japanese IME is on by default. Allow to control Microsoft Japanese IME version to use. +1 - The previous version of Microsoft Japanese IME is always selected. Not allowed to control Microsoft Japanese IME version to use. +2 - The new Microsoft Japanese IME is always selected. Not allowed to control Microsoft Japanese IME version to use. + + + + + + + + + + + text/plain + + + + + ConfigureSimplifiedChineseIMEVersion + + + + + + + + This policy allows the IT admin to configure the Microsoft Simplified Chinese IME version in the desktop. +The following list shows the supported values: +0 (default) – The new Microsoft Simplified Chinese IME is on by default. Allow to control Microsoft Simplified Chinese IME version to use. +1 - The previous version of Microsoft Simplified Chinese IME is always selected. Not allowed to control Microsoft Simplified Chinese IME version to use. +2 - The new Microsoft Simplified Chinese IME is always selected. Not allowed to control Microsoft Simplified Chinese IME version to use. + + + + + + + + + + + text/plain + + + + + ConfigureTraditionalChineseIMEVersion + + + + + + + + This policy allows the IT admin to configure the Microsoft Traditional Chinese IME version in the desktop. +The following list shows the supported values: +0 (default) – The new Microsoft Traditional Chinese IME is on by default. Allow to control Microsoft Traditional Chinese IME version to use. +1 - The previous version of Microsoft Traditional Chinese IME is always selected. Not allowed to control Microsoft Traditional Chinese IME version to use. +2 - The new Microsoft Traditional Chinese IME is always selected. Not allowed to control Microsoft Traditional Chinese IME version to use. + + + + + + + + + + + text/plain + + + EnableTouchKeyboardAutoInvokeInDesktopMode @@ -45857,6 +48152,30 @@ If you disable or do not configure this policy setting, the wake setting as spec + + TargetReleaseVersion + + + + + + + + + + + + + + + + + + + text/plain + + + UpdateNotificationLevel @@ -48510,6 +50829,33 @@ Note: The first sign-in animation will not be shown on Server, so this policy wi LastWrite + + BlockNonAdminUserInstall + + + + + 0 + + + + + + + + + + + + text/plain + + + AppxPackageManager.admx + AppxPackageManager~AT~WindowsComponents~AppxDeployment + BlockNonAdminUserInstall + LowestValueMostSecure + + DisableStoreOriginatedApps @@ -49577,6 +51923,1960 @@ Note: The first sign-in animation will not be shown on Server, so this policy wi + + Audit + + + + + + + + + + + + + + + + + + + AccountLogon_AuditCredentialValidation + + + + + 0 + This policy setting allows you to audit events generated by validation tests on user account logon credentials. + +Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Logon + Audit Credential Validation + LastWrite + + + + AccountLogon_AuditKerberosAuthenticationService + + + + + 0 + This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests. + +If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits record unsuccessful requests. +If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT request. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Logon + Audit Kerberos Authentication Service + LastWrite + + + + AccountLogon_AuditKerberosServiceTicketOperations + + + + + 0 + This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts. + +If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audits record successful requests and Failure audits record unsuccessful requests. +If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Logon + Audit Kerberos Service Ticket Operations + LastWrite + + + + AccountLogon_AuditOtherAccountLogonEvents + + + + + 0 + This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets. + +Currently, there are no events in this subcategory. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Logon + Audit Other Account Logon Events + LastWrite + + + + AccountLogonLogoff_AuditAccountLockout + + + + + 1 + This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out. + +If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts. + +Logon events are essential for understanding user activity and to detect potential attacks. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit Account Lockout + LastWrite + + + + AccountLogonLogoff_AuditGroupMembership + + + + + 0 + This policy allows you to audit the group memberhsip information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. + +When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group memberhsip information cannot fit in a single security audit event. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit Group Membership + LastWrite + + + + AccountLogonLogoff_AuditIPsecExtendedMode + + + + + 0 + This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. + +If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit IPsec Extended Mode + LastWrite + + + + AccountLogonLogoff_AuditIPsecMainMode + + + + + 0 + This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. + +If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit IPsec Main Mode + LastWrite + + + + AccountLogonLogoff_AuditIPsecQuickMode + + + + + 0 + This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. + +If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.If + you do not configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit IPsec Quick Mode + LastWrite + + + + AccountLogonLogoff_AuditLogoff + + + + + 1 + This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to. + +If you configure this policy setting, an audit event is generated when a logon session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions. +If you do not configure this policy setting, no audit event is generated when a logon session is closed. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit Logoff + LastWrite + + + + AccountLogonLogoff_AuditLogon + + + + + 1 + This policy setting allows you to audit events generated by user account logon attempts on the computer. +Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the computer that the user account logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. The following events are included: + Successful logon attempts. + Failed logon attempts. + Logon attempts using explicit credentials. This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch logon configurations, such as scheduled tasks or when using the RUNAS command. + Security identifiers (SIDs) were filtered and not allowed to log on. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit Logon + LastWrite + + + + AccountLogonLogoff_AuditNetworkPolicyServer + + + + + 3 + This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock. +If you configure this policy setting, an audit event is generated for each IAS and NAP user access request. Success audits record successful user access requests and Failure audits record unsuccessful attempts. +If you do not configure this policy settings, IAS and NAP user access requests are not audited. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit Network Policy Server + LastWrite + + + + AccountLogonLogoff_AuditOtherLogonLogoffEvents + + + + + 0 + This policy setting allows you to audit other logon/logoff-related events that are not covered in the “Logon/Logoff” policy setting such as the following: + Terminal Services session disconnections. + New Terminal Services sessions. + Locking and unlocking a workstation. + Invoking a screen saver. + Dismissal of a screen saver. + Detection of a Kerberos replay attack, in which a Kerberos request was received twice with identical information. This condition could be caused by network misconfiguration. + Access to a wireless network granted to a user or computer account. + Access to a wired 802.1x network granted to a user or computer account. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit Other Logon Logoff Events + LastWrite + + + + AccountLogonLogoff_AuditSpecialLogon + + + + + 1 + This policy setting allows you to audit events generated by special logons such as the following : + The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. + A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see article 947223 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=121697). + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit Special Logon + LastWrite + + + + AccountLogonLogoff_AuditUserDeviceClaims + + + + + 0 + This policy allows you to audit user and device claims information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. + +User claims are added to a logon token when claims are included with a user's account attributes in Active Directory. Device claims are added to the logon token when claims are included with a device's computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on. + +When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff + Audit User Device Claims + LastWrite + + + + AccountManagement_AuditApplicationGroupManagement + + + + + 0 + This policy setting allows you to audit events generated by changes to application groups such as the following: + Application group is created, changed, or deleted. + Member is added or removed from an application group. + +If you configure this policy setting, an audit event is generated when an attempt to change an application group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an application group changes. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management + Audit Application Group Management + LastWrite + + + + AccountManagement_AuditComputerAccountManagement + + + + + 0 + This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted. + +If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a computer account changes. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management + Audit Computer Account Management + LastWrite + + + + AccountManagement_AuditDistributionGroupManagement + + + + + 0 + This policy setting allows you to audit events generated by changes to distribution groups such as the following: + Distribution group is created, changed, or deleted. + Member is added or removed from a distribution group. + Distribution group type is changed. + +If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a distribution group changes. + +Note: Events in this subcategory are logged only on domain controllers. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management + Audit Distributio Group Management + LastWrite + + + + AccountManagement_AuditOtherAccountManagementEvents + + + + + 0 + This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following: + The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration. + The Password Policy Checking API was called. Calls to this function can be part of an attack when a malicious application tests the policy to reduce the number of attempts during a password dictionary attack. + Changes to the Default Domain Group Policy under the following Group Policy paths: +Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy +Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management + Audit Other Account Management Events + LastWrite + + + + AccountManagement_AuditSecurityGroupManagement + + + + + 1 + This policy setting allows you to audit events generated by changes to security groups such as the following: + Security group is created, changed, or deleted. + Member is added or removed from a security group. + Group type is changed. + +If you configure this policy setting, an audit event is generated when an attempt to change a security group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a security group changes. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management + Audit Security Group Management + LastWrite + + + + AccountManagement_AuditUserAccountManagement + + + + + 1 + This policy setting allows you to audit changes to user accounts. Events include the following: + A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked. + A user account’s password is set or changed. + A security identifier (SID) is added to the SID History of a user account. + The Directory Services Restore Mode password is configured. + Permissions on administrative user accounts are changed. + Credential Manager credentials are backed up or restored. + +If you configure this policy setting, an audit event is generated when an attempt to change a user account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated when a user account changes. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management + Audit User Account Management + LastWrite + + + + DetailedTracking_AuditDPAPIActivity + + + + + 0 + This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see https://go.microsoft.com/fwlink/?LinkId=121720. + +If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests. +If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking + Audit DPAPI Activity + LastWrite + + + + DetailedTracking_AuditPNPActivity + + + + + 0 + This policy setting allows you to audit when plug and play detects an external device. + +If you configure this policy setting, an audit event is generated whenever plug and play detects an external device. Only Success audits are recorded for this category. +If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking + Audit PNP Activity + LastWrite + + + + DetailedTracking_AuditProcessCreation + + + + + 0 + This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited. + +If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a process is created. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking + Audit Process Creation + LastWrite + + + + DetailedTracking_AuditProcessTermination + + + + + 0 + This policy setting allows you to audit events generated when a process ends. + +If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a process ends. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking + Audit Process Termination + LastWrite + + + + DetailedTracking_AuditRPCEvents + + + + + 0 + This policy setting allows you to audit inbound remote procedure call (RPC) connections. + +If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a remote RPC connection is attempted. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking + Audit RPC Events + LastWrite + + + + DetailedTracking_AuditTokenRightAdjusted + + + + + 0 + This policy setting allows you to audit events generated by adjusting the privileges of a token. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking + Audit Token Right Adjusted + LastWrite + + + + DSAccess_AuditDetailedDirectoryServiceReplication + + + + + 0 + This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~DS Access + Audit Detailed Directory Service Replication + LastWrite + + + + DSAccess_AuditDirectoryServiceAccess + + + + + 0 + This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. + +Only AD DS objects with a matching system access control list (SACL) are logged. + +Events in this subcategory are similar to the Directory Service Access events available in previous versions of Windows. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~DS Access + Audit Directory Service Access + LastWrite + + + + DSAccess_AuditDirectoryServiceChanges + + + + + 0 + This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. + +When possible, events logged in this subcategory indicate the old and new values of the object’s properties. + +Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged. + +Note: Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema. + +If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded. +If you do not configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~DS Access + Audit Directory Service Changes + LastWrite + + + + DSAccess_AuditDirectoryServiceReplication + + + + + 0 + This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers. + +If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessful replication. +If you do not configure this policy setting, no audit event is generated during AD DS replication. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~DS Access + Audit Directory Service Replication + LastWrite + + + + ObjectAccess_AuditApplicationGenerated + + + + + 0 + This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function. +Events in this subcategory include: + Creation of an application client context. + Deletion of an application client context. + Initialization of an application client context. + Other application operations using the Windows Auditing APIs. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Application Generated + LastWrite + + + + ObjectAccess_AuditCentralAccessPolicyStaging + + + + + 0 + This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object. + +If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event will be generated as follows: +1) Success audits, when configured, records access attempts when the current central access policy grants access but the proposed policy denies access. +2) Failure audits when configured records access attempts when: + a) The current central access policy does not grant access but the proposed policy grants access. + b) A principal requests the maximum access rights they are allowed and the access rights granted by the current central access policy are different than the access rights granted by the proposed policy. + +Volume: Potentially high on a file server when the proposed policy differs significantly from the current central access policy. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Central Access Policy Staging + LastWrite + + + + ObjectAccess_AuditCertificationServices + + + + + 0 + This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations. +AD CS operations include the following: + AD CS startup/shutdown/backup/restore. + Changes to the certificate revocation list (CRL). + New certificate requests. + Issuing of a certificate. + Revocation of a certificate. + Changes to the Certificate Manager settings for AD CS. + Changes in the configuration of AD CS. + Changes to a Certificate Services template. + Importing of a certificate. + Publishing of a certification authority certificate is to Active Directory Domain Services. + Changes to the security permissions for AD CS. + Archival of a key. + Importing of a key. + Retrieval of a key. + Starting of Online Certificate Status Protocol (OCSP) Responder Service. + Stopping of Online Certificate Status Protocol (OCSP) Responder Service. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Certification Services + LastWrite + + + + ObjectAccess_AuditDetailedFileShare + + + + + 0 + This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. + +If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures. + +Note: There are no system access control lists (SACLs) for shared folders. If this policy setting is enabled, access to all shared files and folders on the system is audited. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Detailed File Share + LastWrite + + + + ObjectAccess_AuditFileShare + + + + + 0 + This policy setting allows you to audit attempts to access a shared folder. + +If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures. + +Note: There are no system access control lists (SACLs) for shared folders. If this policy setting is enabled, access to all shared folders on the system is audited. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit File Share + LastWrite + + + + ObjectAccess_AuditFileSystem + + + + + 0 + This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see https://go.microsoft.com/fwlink/?LinkId=122083. + +If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL. + +Note: You can set a SACL on a file system object using the Security tab in that object's Properties dialog box. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit File System + LastWrite + + + + ObjectAccess_AuditFilteringPlatformConnection + + + + + 0 + This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included: + The Windows Firewall Service blocks an application from accepting incoming connections on the network. + The WFP allows a connection. + The WFP blocks a connection. + The WFP permits a bind to a local port. + The WFP blocks a bind to a local port. + The WFP allows a connection. + The WFP blocks a connection. + The WFP permits an application or service to listen on a port for incoming connections. + The WFP blocks an application or service to listen on a port for incoming connections. + +If you configure this policy setting, an audit event is generated when connections are allowed or blocked by the WFP. Success audits record events generated when connections are allowed and Failure audits record events generated when connections are blocked. +If you do not configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Filtering Platform Connection + LastWrite + + + + ObjectAccess_AuditFilteringPlatformPacketDrop + + + + + 0 + This policy setting allows you to audit packets that are dropped by Windows Filtering Platform (WFP). + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Filtering Platform Packet Drop + LastWrite + + + + ObjectAccess_AuditHandleManipulation + + + + + 0 + This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. + +If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a handle is manipulated. + +Note: Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Handle Manipulation + LastWrite + + + + ObjectAccess_AuditKernelObject + + + + + 0 + This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. +Only kernel objects with a matching system access control list (SACL) generate security audit events. + +Note: The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Kernel Object + LastWrite + + + + ObjectAccess_AuditOtherObjectAccessEvents + + + + + 0 + This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. +For scheduler jobs, the following are audited: + Job created. + Job deleted. + Job enabled. + Job disabled. + Job updated. +For COM+ objects, the following are audited: + Catalog object added. + Catalog object updated. + Catalog object deleted. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Other Object Access Events + LastWrite + + + + ObjectAccess_AuditRegistry + + + + + 0 + This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. + +If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL. + +Note: You can set a SACL on a registry object using the Permissions dialog box. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Registry + LastWrite + + + + ObjectAccess_AuditRemovableStorage + + + + + 0 + This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested. + +If you configure this policy setting, an audit event is generated each time an account accesses a file system object on a removable storage. Success audits record successful attempts and Failure audits record unsuccessful attempts. + +If you do not configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit Removable Storage + LastWrite + + + + ObjectAccess_AuditSAM + + + + + 0 + This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. +SAM objects include the following: + SAM_ALIAS -- A local group. + SAM_GROUP -- A group that is not a local group. + SAM_USER – A user account. + SAM_DOMAIN – A domain. + SAM_SERVER – A computer account. +If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made. +Note: Only the System Access Control List (SACL) for SAM_SERVER can be modified. +Volume: High on domain controllers. For information about reducing the amount of events generated in this subcategory, see article 841001 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=121698). + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access + Audit SAM + LastWrite + + + + PolicyChange_AuditAuthenticationPolicyChange + + + + + 1 + This policy setting allows you to audit events generated by changes to the authentication policy such as the following: + Creation of forest and domain trusts. + Modification of forest and domain trusts. + Removal of forest and domain trusts. + Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy. + Granting of any of the following user rights to a user or group: + Access This Computer From the Network. + Allow Logon Locally. + Allow Logon Through Terminal Services. + Logon as a Batch Job. + Logon a Service. + Namespace collision. For example, when a new trust has the same name as an existing namespace name. + +If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when the authentication policy is changed. + +Note: The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change + Audit Authentication Policy Change + LastWrite + + + + PolicyChange_AuditAuthorizationPolicyChange + + + + + 0 + This policy setting allows you to audit events generated by changes to the authorization policy such as the following: + Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory. + Removal of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory. + Changes in the Encrypted File System (EFS) policy. + Changes to the Resource attributes of an object. + Changes to the Central Access Policy (CAP) applied to an object. + +If you configure this policy setting, an audit event is generated when an attempt to change the authorization policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when the authorization policy changes. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change + Audit Authorization Policy Change + LastWrite + + + + PolicyChange_AuditFilteringPlatformPolicyChange + + + + + 0 + This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP) such as the following: + IPsec services status. + Changes to IPsec policy settings. + Changes to Windows Firewall policy settings. + Changes to WFP providers and engine. + +If you configure this policy setting, an audit event is generated when a change to the WFP is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when a change occurs to the WFP. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change + Audit Filtering Platform Policy Change + LastWrite + + + + PolicyChange_AuditMPSSVCRuleLevelPolicyChange + + + + + 0 + This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following: + Reporting of active policies when Windows Firewall service starts. + Changes to Windows Firewall rules. + Changes to Windows Firewall exception list. + Changes to Windows Firewall settings. + Rules ignored or not applied by Windows Firewall Service. + Changes to Windows Firewall Group Policy settings. + +If you configure this policy setting, an audit event is generated by attempts to change policy rules used by the MPSSVC. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change + Audit MPSSVC Rule Level Policy Change + LastWrite + + + + PolicyChange_AuditOtherPolicyChangeEvents + + + + + 0 + This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following: + Trusted Platform Module (TPM) configuration changes. + Kernel-mode cryptographic self tests. + Cryptographic provider operations. + Cryptographic context operations or modifications. + Applied Central Access Policies (CAPs) changes. + Boot Configuration Data (BCD) modifications. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change + Audit Other Policy Change Events + LastWrite + + + + PolicyChange_AuditPolicyChange + + + + + 1 + This policy setting allows you to audit changes in the security audit policy settings such as the following: + Settings permissions and audit settings on the Audit Policy object. + Changes to the system audit policy. + Registration of security event sources. + De-registration of security event sources. + Changes to the per-user audit settings. + Changes to the value of CrashOnAuditFail. + Changes to the system access control list on a file system or registry object. + Changes to the Special Groups list. + +Note: System access control list (SACL) change auditing is done when a SACL for an object changes and the policy change category is enabled. Discretionary access control list (DACL) and ownership changes are audited when object access auditing is enabled and the object's SACL is configured for auditing of DACL/Owner change. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change + Audit Policy Change + LastWrite + + + + PrivilegeUse_AuditNonSensitivePrivilegeUse + + + + + 0 + This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights). +The following privileges are non-sensitive: + Access Credential Manager as a trusted caller. + Access this computer from the network. + Add workstations to domain. + Adjust memory quotas for a process. + Allow log on locally. + Allow log on through Terminal Services. + Bypass traverse checking. + Change the system time. + Create a pagefile. + Create global objects. + + Create permanent shared objects. + Create symbolic links. + Deny access this computer from the network. + Deny log on as a batch job. + Deny log on as a service. + Deny log on locally. + Deny log on through Terminal Services. + Force shutdown from a remote system. + Increase a process working set. + Increase scheduling priority. + Lock pages in memory. + Log on as a batch job. + Log on as a service. + Modify an object label. + Perform volume maintenance tasks. + Profile single process. + Profile system performance. + Remove computer from docking station. + Shut down the system. + Synchronize directory service data. + +If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful calls and Failure audits record unsuccessful calls. +If you do not configure this policy setting, no audit event is generated when a non-sensitive privilege is called. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Privilege Use + Audit Non Sensitive Privilege Use + LastWrite + + + + PrivilegeUse_AuditOtherPrivilegeUseEvents + + + + + 0 + Not used. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Privilege Use + Audit Other Privilege Use Events + LastWrite + + + + PrivilegeUse_AuditSensitivePrivilegeUse + + + + + 0 + This policy setting allows you to audit events generated when sensitive privileges (user rights) are used such as the following: + A privileged service is called. + One of the following privileges are called: + Act as part of the operating system. + Back up files and directories. + Create a token object. + Debug programs. + Enable computer and user accounts to be trusted for delegation. + Generate security audits. + Impersonate a client after authentication. + Load and unload device drivers. + Manage auditing and security log. + Modify firmware environment values. + Replace a process-level token. + Restore files and directories. + Take ownership of files or other objects. + +If you configure this policy setting, an audit event is generated when sensitive privilege requests are made. Success audits record successful requests and Failure audits record unsuccessful requests. +If you do not configure this policy setting, no audit event is generated when sensitive privilege requests are made. + + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Privilege Use + Audit Sensitive Privilege Use + LastWrite + + + + System_AuditIPsecDriver + + + + + 0 + This policy setting allows you to audit events generated by the IPsec filter driver such as the following: + Startup and shutdown of the IPsec services. + Network packets dropped due to integrity check failure. + Network packets dropped due to replay check failure. + Network packets dropped due to being in plaintext. + Network packets received with incorrect Security Parameter Index (SPI). This may indicate that either the network card is not working correctly or the driver needs to be updated. + Inability to process IPsec filters. + +If you configure this policy setting, an audit event is generated on an IPsec filter driver operation. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated on an IPSec filter driver operation. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System + Audit IPsec Driver + LastWrite + + + + System_AuditOtherSystemEvents + + + + + 3 + This policy setting allows you to audit any of the following events: + Startup and shutdown of the Windows Firewall service and driver. + Security policy processing by the Windows Firewall Service. + Cryptography key file and migration operations. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System + Audit Other System Events + LastWrite + + + + System_AuditSecurityStateChange + + + + + 1 + This policy setting allows you to audit events generated by changes in the security state of the computer such as the following events: + Startup and shutdown of the computer. + Change of system time. + Recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System + Audit Security State Change + LastWrite + + + + System_AuditSecuritySystemExtension + + + + + 0 + This policy setting allows you to audit events related to security system extensions or services such as the following: + A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM. + A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account. +If you configure this policy setting, an audit event is generated when an attempt is made to load a security system extension. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you do not configure this policy setting, no audit event is generated when an attempt is made to load a security system extension. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System + Audit Security System Extension + LastWrite + + + + System_AuditSystemIntegrity + + + + + 3 + This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following: + Events that could not be written to the event log because of a problem with the auditing system. + A process that uses a local procedure call (LPC) port that is not valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space. + The detection of a Remote Procedure Call (RPC) that compromises system integrity. + The detection of a hash value of an executable file that is not valid as determined by Code Integrity. + Cryptographic operations that compromise system integrity. + + + + + + + + + + + text/plain + + + phone + Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System + Audit System Integrity + LastWrite + + + Authentication @@ -50264,6 +54564,30 @@ Note: The first sign-in animation will not be shown on Server, so this policy wi LastWrite + + SetMinimumEncryptionKeySize + + + + + 0 + + + + + + + + + + + + text/plain + + + LastWrite + + Browser @@ -51675,7 +55999,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. -When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and extension. +When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension. When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. @@ -51686,11 +56010,11 @@ If disabled or not configured, extensions defined as part of this policy get ign Default setting: Disabled or not configured Related policies: Allow Developer Tools Related Documents: -- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn) -- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business) -- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy) -- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business) -- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows) +- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) +- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business) +- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy) +- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows) @@ -54424,6 +58748,34 @@ Related policy: LastWrite + + DOCacheHostSource + + + + + 0 + + + + + + + + + + + + text/plain + + + DeliveryOptimization.admx + CacheHostSource + DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat + CacheHostSource + LastWrite + + DODelayBackgroundDownloadFromHttp @@ -54619,6 +58971,34 @@ Related policy: LastWrite + + DOMaxBackgroundDownloadBandwidth + + + + + 0 + + + + + + + + + + + + text/plain + + + DeliveryOptimization.admx + MaxBackgroundDownloadBandwidth + DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat + MaxBackgroundDownloadBandwidth + LastWrite + + DOMaxCacheAge @@ -54676,7 +59056,7 @@ Related policy: - DOMaxDownloadBandwidth + DOMaxForegroundDownloadBandwidth @@ -54697,37 +59077,9 @@ Related policy: DeliveryOptimization.admx - MaxDownloadBandwidth + MaxForegroundDownloadBandwidth DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat - MaxDownloadBandwidth - LastWrite - - - - DOMaxUploadBandwidth - - - - - 0 - - - - - - - - - - - - text/plain - - - DeliveryOptimization.admx - MaxUploadBandwidth - DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat - MaxUploadBandwidth + MaxForegroundDownloadBandwidth LastWrite @@ -54954,35 +59306,6 @@ Related policy: LastWrite - - DOPercentageMaxDownloadBandwidth - - - - - 0 - - - - - - - - - - - - text/plain - - - phone - DeliveryOptimization.admx - PercentageMaxDownloadBandwidth - DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat - PercentageMaxDownloadBandwidth - LastWrite - - DOPercentageMaxForegroundBandwidth @@ -55429,6 +59752,33 @@ Related policy: LastWrite + + AllowInstallationOfMatchingDeviceInstanceIDs + + + + + + + + + + + + + + + + + text/plain + + phone + deviceinstallation.admx + DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category + DeviceInstall_Instance_IDs_Allow + LastWrite + + AllowInstallationOfMatchingDeviceSetupClasses @@ -55537,6 +59887,33 @@ Related policy: LastWrite + + PreventInstallationOfMatchingDeviceInstanceIDs + + + + + + + + + + + + + + + + + text/plain + + phone + deviceinstallation.admx + DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category + DeviceInstall_Instance_IDs_Deny + LastWrite + + PreventInstallationOfMatchingDeviceSetupClasses @@ -57087,6 +61464,118 @@ If you do not configure this policy setting, users will be able to choose whethe + + FactoryComposer + + + + + + + + + + + + + + + + + + + BackgroundImagePath + + + + + + + + + + + + + + + + + text/plain + + LastWrite + + + + OEMVersion + + + + + unset; partners can set via settings customization! + + + + + + + + + + + + text/plain + + LastWrite + + + + UserToSignIn + + + + + + + + + + + + + + + + + text/plain + + LastWrite + + + + UWPLaunchOnBoot + + + + + + + + + + + + + + + + + text/plain + + LastWrite + + + FileExplorer @@ -58055,33 +62544,6 @@ If you do not configure this policy setting, users will be able to choose whethe LastWrite - - DisableActiveXVersionListAutoDownload - - - - - - - - - - - - - - - - - text/plain - - phone - inetres.admx - inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement - VersionListAutomaticDownloadDisable - LastWrite - - DisableAdobeFlash @@ -68232,6 +72694,102 @@ If the user has configured a slide show to run on the lock screen when the machi ; + + LetAppsAccessBackgroundSpatialPerception + + + + + 0 + This policy setting specifies whether Windows apps can access the movement of the user's head, hands, motion controllers, and other tracked objects, while the apps are running in the background. + + + + + + + + + + + text/plain + + + HighestValueMostSecure + + + + LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps + + + + + + List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. + + + + + + + + + + + text/plain + + LastWrite + ; + + + + LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps + + + + + + List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the user's movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. + + + + + + + + + + + text/plain + + LastWrite + ; + + + + LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps + + + + + + List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the user movements privacy setting for the listed apps. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. + + + + + + + + + + + text/plain + + LastWrite + ; + + LetAppsAccessCalendar @@ -74951,6 +79509,99 @@ If you disable or do not configure this policy setting, File History can be acti LowestValueMostSecure + + ConfigureJapaneseIMEVersion + + + + + 0 + This policy allows the IT admin to configure the Microsoft Japanese IME version in the desktop. +The following list shows the supported values: +0 (default) – The new Microsoft Japanese IME is on by default. Allow to control Microsoft Japanese IME version to use. +1 - The previous version of Microsoft Japanese IME is always selected. Not allowed to control Microsoft Japanese IME version to use. +2 - The new Microsoft Japanese IME is always selected. Not allowed to control Microsoft Japanese IME version to use. + + + + + + + + + + + text/plain + + + EAIME.admx + EAIME~AT~WindowsComponents~L_IME + L_ConfigureJapaneseImeVersion + LowestValueMostSecure + + + + ConfigureSimplifiedChineseIMEVersion + + + + + 0 + This policy allows the IT admin to configure the Microsoft Simplified Chinese IME version in the desktop. +The following list shows the supported values: +0 (default) – The new Microsoft Simplified Chinese IME is on by default. Allow to control Microsoft Simplified Chinese IME version to use. +1 - The previous version of Microsoft Simplified Chinese IME is always selected. Not allowed to control Microsoft Simplified Chinese IME version to use. +2 - The new Microsoft Simplified Chinese IME is always selected. Not allowed to control Microsoft Simplified Chinese IME version to use. + + + + + + + + + + + text/plain + + + EAIME.admx + EAIME~AT~WindowsComponents~L_IME + L_ConfigureSimplifiedChineseImeVersion + LowestValueMostSecure + + + + ConfigureTraditionalChineseIMEVersion + + + + + 0 + This policy allows the IT admin to configure the Microsoft Traditional Chinese IME version in the desktop. +The following list shows the supported values: +0 (default) – The new Microsoft Traditional Chinese IME is on by default. Allow to control Microsoft Traditional Chinese IME version to use. +1 - The previous version of Microsoft Traditional Chinese IME is always selected. Not allowed to control Microsoft Traditional Chinese IME version to use. +2 - The new Microsoft Traditional Chinese IME is always selected. Not allowed to control Microsoft Traditional Chinese IME version to use. + + + + + + + + + + + text/plain + + + EAIME.admx + EAIME~AT~WindowsComponents~L_IME + L_ConfigureTraditionalChineseImeVersion + LowestValueMostSecure + + EnableTouchKeyboardAutoInvokeInDesktopMode @@ -76956,6 +81607,33 @@ If you disable or do not configure this policy setting, the wake setting as spec LastWrite + + TargetReleaseVersion + + + + + + + + + + + + + + + + + text/plain + + WindowsUpdate.admx + TargetReleaseVersionId + WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat + TargetReleaseVersion + LastWrite + + UpdateNotificationLevel diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index e2b10b625a..2c1db8dd46 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -9,14 +9,11 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 07/20/2018 +ms.date: 06/03/2020 --- # SUPL DDF file -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider (CSP). Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). From 5985efe9067645af3ab5492e78b51a623875a963 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:00:00 -0700 Subject: [PATCH 69/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index fa1ce5201f..26289b0be6 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2218,12 +2218,12 @@ }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -6133,22 +6133,22 @@ }, { "source_path": "windows/keep-secure/configure-windows-defender-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/enable-pua-windows-defender-for-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/get-started-with-windows-defender-for-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus", "redirect_document_id": false }, { "source_path": "windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus", "redirect_document_id": true }, { From df87f3d497aec6b431f2b9e094111346fc98a3d2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:01:33 -0700 Subject: [PATCH 70/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 26289b0be6..fd2e2252dd 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -6153,22 +6153,22 @@ }, { "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-block-at-first-sight.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-enhanced-notifications.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9388,7 +9388,7 @@ }, { "source_path": "windows/keep-secure/command-line-arguments-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9418,12 +9418,12 @@ }, { "source_path": "windows/keep-secure/configure-block-at-first-sight-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-cloud-block-timeout-period-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus", "redirect_document_id": true }, { From f681cb7d6369761bf6cafeee1f5542de74665998 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:02:53 -0700 Subject: [PATCH 71/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index fd2e2252dd..5daac41691 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -9438,7 +9438,7 @@ }, { "source_path": "windows/keep-secure/configure-end-user-interaction-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9468,12 +9468,12 @@ }, { "source_path": "windows/keep-secure/configure-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-extension-file-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9488,7 +9488,7 @@ }, { "source_path": "windows/keep-secure/configure-local-policy-overrides-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus", "redirect_document_id": true }, { From 2be1f24778cf2a11f0ee07914ba59e9e0258689d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:03:17 -0700 Subject: [PATCH 72/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 5daac41691..efc40bf67f 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -9493,17 +9493,17 @@ }, { "source_path": "windows/keep-secure/configure-network-connections-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-notifications-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { From 7131869912c575286d0be7f9f93654889bd9b2bf Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:03:43 -0700 Subject: [PATCH 73/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index efc40bf67f..4cd4ef471f 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -9508,7 +9508,7 @@ }, { "source_path": "windows/keep-secure/configure-protection-features-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9518,12 +9518,12 @@ }, { "source_path": "windows/keep-secure/configure-real-time-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-remediation-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus", "redirect_document_id": true }, { From 4da55212acc50ea0ebf1f4483aed1965ceb89757 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:05:17 -0700 Subject: [PATCH 74/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 4cd4ef471f..5de0db03ec 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -9533,7 +9533,7 @@ }, { "source_path": "windows/keep-secure/configure-server-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9573,7 +9573,7 @@ }, { "source_path": "windows/keep-secure/configure-windows-defender-antivirus-features.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features", "redirect_document_id": true }, { @@ -9788,7 +9788,7 @@ }, { "source_path": "windows/keep-secure/customize-run-review-remediate-scans-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9883,7 +9883,7 @@ }, { "source_path": "windows/keep-secure/deploy-manage-report-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9893,7 +9893,7 @@ }, { "source_path": "windows/keep-secure/deploy-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9903,7 +9903,7 @@ }, { "source_path": "windows/keep-secure/deployment-vdi-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9913,7 +9913,7 @@ }, { "source_path": "windows/keep-secure/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus", "redirect_document_id": true }, { From 1822d51cc7b32cf0a697b97be539d0937f62fa41 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:06:07 -0700 Subject: [PATCH 75/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 5de0db03ec..5a055d3aaa 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -10073,7 +10073,7 @@ }, { "source_path": "windows/keep-secure/enable-cloud-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -10143,7 +10143,7 @@ }, { "source_path": "windows/keep-secure/evaluate-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -11778,12 +11778,12 @@ }, { "source_path": "windows/keep-secure/manage-event-based-updates-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/manage-outdated-endpoints-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -11793,7 +11793,7 @@ }, { "source_path": "windows/keep-secure/manage-protection-update-schedule-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus", "redirect_document_id": true }, { From 6c6772310f2fca2bcefcb0c28c61bffb17ff06ff Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:06:38 -0700 Subject: [PATCH 76/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 5a055d3aaa..7e0f6e7a15 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -11798,7 +11798,7 @@ }, { "source_path": "windows/keep-secure/manage-protection-updates-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -11813,12 +11813,12 @@ }, { "source_path": "windows/keep-secure/manage-updates-baselines-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/manage-updates-mobile-devices-vms-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus", "redirect_document_id": true }, { From 8115869c1640f3625e34cbab1d396bd25c7bbb0e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:06:53 -0700 Subject: [PATCH 77/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 7e0f6e7a15..58df7287bd 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -12293,7 +12293,7 @@ }, { "source_path": "windows/keep-secure/prevent-end-user-interaction-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus", "redirect_document_id": true }, { From f4d244746bb14a465043f84348e48aaa959d8de3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:07:16 -0700 Subject: [PATCH 78/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 58df7287bd..4942f73ca5 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -12398,7 +12398,7 @@ }, { "source_path": "windows/keep-secure/report-monitor-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -12463,7 +12463,7 @@ }, { "source_path": "windows/keep-secure/run-scan-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus", "redirect_document_id": true }, { From 11525dbc20b407d1599864097a126671d21f8a11 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:07:28 -0700 Subject: [PATCH 79/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 4942f73ca5..57cef0983d 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -12473,7 +12473,7 @@ }, { "source_path": "windows/keep-secure/scheduled-catch-up-scans-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus", "redirect_document_id": true }, { From 806224834c8498696d0bbd18777f118eb6babc18 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:07:43 -0700 Subject: [PATCH 80/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 57cef0983d..691053f995 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -12643,7 +12643,7 @@ }, { "source_path": "windows/keep-secure/specify-cloud-protection-level-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus", "redirect_document_id": true }, { From ef28159942235d32a233b16916f4a20a92f0bfb2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:08:11 -0700 Subject: [PATCH 81/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 691053f995..032114d273 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -12858,17 +12858,17 @@ }, { "source_path": "windows/keep-secure/use-group-policy-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/use-intune-config-manager-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus", "redirect_document_id": true }, { From 6ccb3b82ec048736ac32ca74c99616f953951809 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:08:26 -0700 Subject: [PATCH 82/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 032114d273..4fda6179b1 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -12888,7 +12888,7 @@ }, { "source_path": "windows/keep-secure/use-wmi-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus", "redirect_document_id": true }, { From 2456bdb920c3e82baaf62e5192fe835b5df3aec1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:08:40 -0700 Subject: [PATCH 83/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 4fda6179b1..77180ea1f9 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -12983,7 +12983,7 @@ }, { "source_path": "windows/keep-secure/utilize-microsoft-cloud-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus", "redirect_document_id": true }, { From a835a694246979ae9b2d261da60e0e8f65c192e4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:09:14 -0700 Subject: [PATCH 84/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 77180ea1f9..0ded623b21 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -13103,22 +13103,22 @@ }, { "source_path": "windows/keep-secure/windows-defender-antivirus-compatibility.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-antivirus-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-antivirus-on-windows-server-2016.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-offline.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-offline", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/windows-defender-offline", "redirect_document_id": true }, { From afdef1cdf45a2c855d1c313240ce6c408b3ed9b6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 13:11:53 -0700 Subject: [PATCH 85/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 0ded623b21..d7834051e9 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -12458,7 +12458,7 @@ }, { "source_path": "windows/keep-secure/review-scan-results-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -13123,7 +13123,7 @@ }, { "source_path": "windows/keep-secure/windows-defender-security-center-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus", "redirect_document_id": true }, { From 0a215a57153a401ba30eb30cbe894923b3c55081 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 3 Jun 2020 13:54:55 -0700 Subject: [PATCH 86/99] clarifying statement --- windows/security/threat-protection/intelligence/criteria.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 311c43f82b..74c19eb50f 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -175,7 +175,7 @@ Microsoft uses specific categories and the category definitions to classify soft * **Cryptomining software:** Software that uses your device resources to mine cryptocurrencies. -* **Bundling software:** Software that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualifies as PUA based on the criteria outlined in this document. +* **Bundling software:** Software that offers to install other software that is not developed by the same entity or not required for the software to run. Also, software that offers to install other software that qualifies as PUA based on the criteria outlined in this document. * **Marketing software:** Software that monitors and transmits the activities of users to applications or services other than itself for marketing research. From d12475b3fc793612e0ec46f28a785e4e06511b46 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 3 Jun 2020 14:23:51 -0700 Subject: [PATCH 87/99] Revert "Wdav redirects" --- .openpublishing.redirection.json | 112 +++++++++++++++---------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index d7834051e9..a4e6e02c6d 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2043,12 +2043,12 @@ }, { "source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", "redirect_document_id": false }, { @@ -2218,12 +2218,12 @@ }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus", "redirect_document_id": true }, { @@ -6133,42 +6133,42 @@ }, { "source_path": "windows/keep-secure/configure-windows-defender-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/enable-pua-windows-defender-for-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/get-started-with-windows-defender-for-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus", "redirect_document_id": false }, { "source_path": "windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-block-at-first-sight.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-enhanced-notifications.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9388,7 +9388,7 @@ }, { "source_path": "windows/keep-secure/command-line-arguments-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9418,12 +9418,12 @@ }, { "source_path": "windows/keep-secure/configure-block-at-first-sight-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-cloud-block-timeout-period-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9438,7 +9438,7 @@ }, { "source_path": "windows/keep-secure/configure-end-user-interaction-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9468,12 +9468,12 @@ }, { "source_path": "windows/keep-secure/configure-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-extension-file-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9488,27 +9488,27 @@ }, { "source_path": "windows/keep-secure/configure-local-policy-overrides-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-network-connections-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-notifications-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-protection-features-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9518,12 +9518,12 @@ }, { "source_path": "windows/keep-secure/configure-real-time-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-remediation-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9533,7 +9533,7 @@ }, { "source_path": "windows/keep-secure/configure-server-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9573,7 +9573,7 @@ }, { "source_path": "windows/keep-secure/configure-windows-defender-antivirus-features.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features", "redirect_document_id": true }, { @@ -9788,7 +9788,7 @@ }, { "source_path": "windows/keep-secure/customize-run-review-remediate-scans-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9883,7 +9883,7 @@ }, { "source_path": "windows/keep-secure/deploy-manage-report-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9893,7 +9893,7 @@ }, { "source_path": "windows/keep-secure/deploy-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9903,7 +9903,7 @@ }, { "source_path": "windows/keep-secure/deployment-vdi-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus", "redirect_document_id": true }, { @@ -9913,7 +9913,7 @@ }, { "source_path": "windows/keep-secure/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus", "redirect_document_id": true }, { @@ -10073,7 +10073,7 @@ }, { "source_path": "windows/keep-secure/enable-cloud-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus", "redirect_document_id": true }, { @@ -10143,7 +10143,7 @@ }, { "source_path": "windows/keep-secure/evaluate-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus", "redirect_document_id": true }, { @@ -11778,12 +11778,12 @@ }, { "source_path": "windows/keep-secure/manage-event-based-updates-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/manage-outdated-endpoints-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus", "redirect_document_id": true }, { @@ -11793,12 +11793,12 @@ }, { "source_path": "windows/keep-secure/manage-protection-update-schedule-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/manage-protection-updates-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus", "redirect_document_id": true }, { @@ -11813,12 +11813,12 @@ }, { "source_path": "windows/keep-secure/manage-updates-baselines-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/manage-updates-mobile-devices-vms-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus", "redirect_document_id": true }, { @@ -12293,7 +12293,7 @@ }, { "source_path": "windows/keep-secure/prevent-end-user-interaction-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus", "redirect_document_id": true }, { @@ -12398,7 +12398,7 @@ }, { "source_path": "windows/keep-secure/report-monitor-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus", "redirect_document_id": true }, { @@ -12458,12 +12458,12 @@ }, { "source_path": "windows/keep-secure/review-scan-results-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/run-scan-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus", "redirect_document_id": true }, { @@ -12473,7 +12473,7 @@ }, { "source_path": "windows/keep-secure/scheduled-catch-up-scans-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus", "redirect_document_id": true }, { @@ -12643,7 +12643,7 @@ }, { "source_path": "windows/keep-secure/specify-cloud-protection-level-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus", "redirect_document_id": true }, { @@ -12858,17 +12858,17 @@ }, { "source_path": "windows/keep-secure/use-group-policy-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/use-intune-config-manager-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus", "redirect_document_id": true }, { @@ -12888,7 +12888,7 @@ }, { "source_path": "windows/keep-secure/use-wmi-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus", "redirect_document_id": true }, { @@ -12983,7 +12983,7 @@ }, { "source_path": "windows/keep-secure/utilize-microsoft-cloud-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus", "redirect_document_id": true }, { @@ -13103,27 +13103,27 @@ }, { "source_path": "windows/keep-secure/windows-defender-antivirus-compatibility.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-antivirus-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-antivirus-on-windows-server-2016.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-offline.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/windows-defender-offline", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-offline", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-security-center-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus", "redirect_document_id": true }, { From c5a71cd9390a24a39a0e9754aec4ef339af3d587 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 3 Jun 2020 14:28:36 -0700 Subject: [PATCH 88/99] Corrected first note so that it renders correctly --- windows/client-management/mdm/dmprocessconfigxmlfiltered.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index 6bfc9c4ef7..2e1b590d91 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -24,7 +24,7 @@ ms.date: 06/26/2017 # DMProcessConfigXMLFiltered function -[!Important] +> [!Important] > The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. Please see [Connectivity configuration](https://msdn.microsoft.com/library/windows/hardware/dn757424) for more information about the new process for provisioning connectivity configuration. However, this function is still supported for other OEM uses. From ca9ecb1530f1b7982531d35b68568371a0082af2 Mon Sep 17 00:00:00 2001 From: Ramu Konidena Date: Wed, 3 Jun 2020 16:47:22 -0500 Subject: [PATCH 89/99] Arbitrary change to force view staging server changes --- browsers/internet-explorer/kb-support/ie-edge-faqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.md b/browsers/internet-explorer/kb-support/ie-edge-faqs.md index ef07a2a337..0257a9db03 100644 --- a/browsers/internet-explorer/kb-support/ie-edge-faqs.md +++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.md @@ -1,6 +1,6 @@ --- title: IE and Microsoft Edge FAQ for IT Pros -description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals. +description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals. audience: ITPro manager: msmets author: ramakoni1 From 7db505c54bfccb673f41b9440f0e39067c2a844e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 3 Jun 2020 14:48:43 -0700 Subject: [PATCH 90/99] Acrolinx terminology: "Active Sync" --- .../mdm/policy-configuration-service-provider.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 0a8b288709..3f32491bba 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4052,8 +4052,8 @@ The following diagram shows the Policy configuration service provider in tree fo ## Policy CSPs supported by Microsoft Surface Hub - [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md) -## Policy CSPs that can be set using Exchange Active Sync (EAS) -- [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md) +## Policy CSPs that can be set using Exchange ActiveSync (EAS) +- [Policy CSPs that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md) ## Related topics From 864149f7217056b678a86e555c2dbe2330e47362 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 3 Jun 2020 14:50:00 -0700 Subject: [PATCH 91/99] Acrolinx terminology: "Activex" --- windows/client-management/mdm/policy-csp-activexcontrols.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index de8b3c5a94..7a981c49d8 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -74,7 +74,7 @@ manager: dansimp -This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL. +This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved ActiveX Install sites specified by host URL. If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. From 361c67dbc705518fde10d8c9bc5f764d42311538 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 3 Jun 2020 15:31:41 -0700 Subject: [PATCH 92/99] Minor updates --- .../microsoft-defender-atp/api-portal-mapping.md | 3 ++- .../threat-protection/microsoft-defender-atp/apis-intro.md | 4 ++-- .../exposed-apis-create-app-nativeapp.md | 2 +- .../exposed-apis-create-app-partners.md | 2 +- .../microsoft-defender-atp/exposed-apis-create-app-webapp.md | 2 +- .../threat-protection/microsoft-defender-atp/files.md | 2 +- 6 files changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 33a0dd182a..6139c4802e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -28,8 +28,9 @@ ms.topic: article Understand what data fields are exposed as part of the detections API and how they map to Microsoft Defender Security Center. >[!Note] ->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections +>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections. >- **Microsoft Defender ATP Detection** is composed from the suspicious event occurred on the Device and its related **Alert** details. +>- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md). ## Detections API fields and portal mapping The following table lists the available fields exposed in the detections API payload. It shows examples for the populated values and a reference on how data is reflected on the portal. diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index fcb5d20e0b..c837df60ee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -43,7 +43,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User Steps that need to be taken to access Microsoft Defender ATP API with application context: 1. Create an AAD Web-Application. - 2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Devices'. + 2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'. 3. Create a key for this Application. 4. Get token using the application with its key. 5. Use the token to access Microsoft Defender ATP API @@ -56,7 +56,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User Steps that needs to be taken to access Microsoft Defender ATP API with application context: 1. Create AAD Native-Application. - 2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Devices' etc. + 2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 3. Get token using the application with user credentials. 4. Use the token to access Microsoft Defender ATP API diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index 15146d95af..8bdf15c60a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -77,7 +77,7 @@ This page explains how to create an AAD application, get an access token to Micr For instance, - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission - - To [isolate a device](isolate-machine.md), select 'Isolate device' permission + - To [isolate a device](isolate-machine.md), select 'Isolate machine' permission - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. - Click **Grant consent** diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md index da03fac023..53f48b4a51 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md @@ -68,7 +68,7 @@ The following steps with guide you how to create an AAD application, get an acce - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission - - To [isolate a device](isolate-machine.md), select 'Isolate device' permission + - To [isolate a device](isolate-machine.md), select 'Isolate machine' permission In the following example we will use **'Read all alerts'** permission: diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md index a41c006894..be3db97ab4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md @@ -58,7 +58,7 @@ This article explains how to create an Azure AD application, get an access token Note that you need to select the relevant permissions. 'Read All Alerts' is only an example. For instance: - To [run advanced queries](run-advanced-query-api.md), select the 'Run advanced queries' permission. - - To [isolate a device](isolate-machine.md), select the 'Isolate device' permission. + - To [isolate a device](isolate-machine.md), select the 'Isolate machine' permission. - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. 5. Select **Grant consent**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md index afa24af464..5ef6fc7ec4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/files.md @@ -29,7 +29,7 @@ Method|Return Type |Description :---|:---|:--- [Get file](get-file-information.md) | [file](files.md) | Get a single file [List file related alerts](get-file-related-alerts.md) | [alert](alerts.md) collection | Get the [alert](alerts.md) entities that are associated with the file. -[List file related devices](get-file-related-machines.md) | [machine](machine.md) collection | Get the [device](machine.md) entities associated with the alert. +[List file related machines](get-file-related-machines.md) | [machine](machine.md) collection | Get the [machine](machine.md) entities associated with the alert. [file statistics](get-file-statistics.md) | Statistics summary | Retrieves the prevalence for the given file. From 0a89b16ebe686e2703f230775ae0ac662b04eba2 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Wed, 3 Jun 2020 15:32:35 -0700 Subject: [PATCH 93/99] Update .openpublishing.redirection.json Added /security/ to keep-secure related strings --- .openpublishing.redirection.json | 96 ++++++++++++++++---------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index d7834051e9..bab6e4aecc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2043,12 +2043,12 @@ }, { "source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", "redirect_document_id": false }, { @@ -9388,17 +9388,17 @@ }, { "source_path": "windows/keep-secure/command-line-arguments-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configuration-management-reference-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-advanced-scan-types-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9418,12 +9418,12 @@ }, { "source_path": "windows/keep-secure/configure-block-at-first-sight-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-cloud-block-timeout-period-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9438,7 +9438,7 @@ }, { "source_path": "windows/keep-secure/configure-end-user-interaction-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9468,12 +9468,12 @@ }, { "source_path": "windows/keep-secure/configure-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-extension-file-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9488,27 +9488,27 @@ }, { "source_path": "windows/keep-secure/configure-local-policy-overrides-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-network-connections-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-notifications-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-protection-features-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9518,12 +9518,12 @@ }, { "source_path": "windows/keep-secure/configure-real-time-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-remediation-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9533,7 +9533,7 @@ }, { "source_path": "windows/keep-secure/configure-server-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9573,7 +9573,7 @@ }, { "source_path": "windows/keep-secure/configure-windows-defender-antivirus-features.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features", "redirect_document_id": true }, { @@ -9788,7 +9788,7 @@ }, { "source_path": "windows/keep-secure/customize-run-review-remediate-scans-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9883,7 +9883,7 @@ }, { "source_path": "windows/keep-secure/deploy-manage-report-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9893,7 +9893,7 @@ }, { "source_path": "windows/keep-secure/deploy-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9903,7 +9903,7 @@ }, { "source_path": "windows/keep-secure/deployment-vdi-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9913,7 +9913,7 @@ }, { "source_path": "windows/keep-secure/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -10073,7 +10073,7 @@ }, { "source_path": "windows/keep-secure/enable-cloud-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -10143,7 +10143,7 @@ }, { "source_path": "windows/keep-secure/evaluate-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -11778,12 +11778,12 @@ }, { "source_path": "windows/keep-secure/manage-event-based-updates-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/manage-outdated-endpoints-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -11793,12 +11793,12 @@ }, { "source_path": "windows/keep-secure/manage-protection-update-schedule-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/manage-protection-updates-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -11813,12 +11813,12 @@ }, { "source_path": "windows/keep-secure/manage-updates-baselines-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/manage-updates-mobile-devices-vms-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -12293,7 +12293,7 @@ }, { "source_path": "windows/keep-secure/prevent-end-user-interaction-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -12398,7 +12398,7 @@ }, { "source_path": "windows/keep-secure/report-monitor-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -12458,12 +12458,12 @@ }, { "source_path": "windows/keep-secure/review-scan-results-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/run-scan-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -12473,7 +12473,7 @@ }, { "source_path": "windows/keep-secure/scheduled-catch-up-scans-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -12643,7 +12643,7 @@ }, { "source_path": "windows/keep-secure/specify-cloud-protection-level-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -12858,17 +12858,17 @@ }, { "source_path": "windows/keep-secure/use-group-policy-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/use-intune-config-manager-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -12888,7 +12888,7 @@ }, { "source_path": "windows/keep-secure/use-wmi-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -12983,7 +12983,7 @@ }, { "source_path": "windows/keep-secure/utilize-microsoft-cloud-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -13103,27 +13103,27 @@ }, { "source_path": "windows/keep-secure/windows-defender-antivirus-compatibility.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-antivirus-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-antivirus-on-windows-server-2016.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-offline.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/windows-defender-offline", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-offline", "redirect_document_id": true }, { "source_path": "windows/keep-secure/windows-defender-security-center-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus", "redirect_document_id": true }, { From f49e587c935e99beec36189d60334f49a6437178 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 3 Jun 2020 16:00:40 -0700 Subject: [PATCH 94/99] Boolean to Integer updates in two settings --- .../mdm/new-in-windows-mdm-enrollment-management.md | 5 +++++ windows/client-management/mdm/policy-csp-networkisolation.md | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 8a720f94a0..22c842d346 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -59,6 +59,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s - [What is dmwappushsvc?](#what-is-dmwappushsvc) - **Change history in MDM documentation** + - [June 2020](#june-2020) - [May 2020](#may-2020) - [February 2020](#february-2020) - [January 2020](#january-2020) @@ -1980,6 +1981,10 @@ What data is handled by dmwappushsvc? | It is a component handling the internal How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. | ## Change history in MDM documentation +### June 2020 +|New or updated topic | Description| +|--- | ---| +|[Policy CSP - NetworkIsolation](networkisolation-csp.md)|Updated the description to Integer instead of Boolean for the following policy settings:
        EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative| ### May 2020 |New or updated topic | Description| diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 3d7afccb49..601cfb8378 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -228,7 +228,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. +Integer value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. @@ -468,7 +468,7 @@ ADMX Info: -Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. +Integer value that tells the client to accept the configured list of proxies and not try to detect other work proxies. From c4c9356d4b84347db44848f9090e3ce752ef2fcd Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 3 Jun 2020 16:26:09 -0700 Subject: [PATCH 95/99] Fixed build warning --- .../mdm/new-in-windows-mdm-enrollment-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 22c842d346..b2ca393530 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1984,7 +1984,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o ### June 2020 |New or updated topic | Description| |--- | ---| -|[Policy CSP - NetworkIsolation](networkisolation-csp.md)|Updated the description to Integer instead of Boolean for the following policy settings:
        EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative| +|[Policy CSP - NetworkIsolation](policy-csp-networkisolation.md)|Updated the description to Integer instead of Boolean for the following policy settings:
        EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative| ### May 2020 |New or updated topic | Description| From 03524a2bca9dd744ca6ba7b3337e642527fb8030 Mon Sep 17 00:00:00 2001 From: Thomas Date: Wed, 3 Jun 2020 18:14:45 -0700 Subject: [PATCH 96/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 282 ++++++++++++++++++++++++++++++- 1 file changed, 281 insertions(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index edd89b7792..bf04931bb3 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15990,6 +15990,286 @@ "source_path": "windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus", "redirect_document_id": true -} +}, +{ + "source_path": "windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/oldTOC.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-offline", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus", + "redirect_document_id": true + } ] } From 9f6801ac9cf2c732a230211fc341c5f643791b74 Mon Sep 17 00:00:00 2001 From: Thomas Date: Wed, 3 Jun 2020 18:22:16 -0700 Subject: [PATCH 97/99] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index bf04931bb3..d84ac75c66 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -16156,21 +16156,6 @@ "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus", "redirect_document_id": true }, - { - "source_path": "windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md", - "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus", - "redirect_document_id": true - }, - { - "source_path": "windows/security/threat-protection/windows-defender-antivirus/oldTOC.md", - "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC", - "redirect_document_id": true - }, - { - "source_path": "windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md", - "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection", - "redirect_document_id": true - }, { "source_path": "windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus", @@ -16181,11 +16166,6 @@ "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus", "redirect_document_id": true }, - { - "source_path": "windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md", - "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus", - "redirect_document_id": true - }, { "source_path": "windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus", @@ -16241,11 +16221,6 @@ "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus", "redirect_document_id": true }, - { - "source_path": "windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md", - "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus", - "redirect_document_id": true - }, { "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility", From cab1f7ca74592d1300971b0cc6e274dbe61e228b Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Thu, 4 Jun 2020 09:27:30 -0700 Subject: [PATCH 98/99] changed Windows Defender AV to Microsoft Defender AV --- .../update/update-compliance-monitor.md | 2 +- ...llect-diagnostic-data-update-compliance.md | 6 ++--- .../collect-diagnostic-data.md | 6 ++--- ...-reference-microsoft-defender-antivirus.md | 2 +- ...scan-types-microsoft-defender-antivirus.md | 4 ++-- ...irst-sight-microsoft-defender-antivirus.md | 2 +- ...out-period-microsoft-defender-antivirus.md | 2 +- ...nteraction-microsoft-defender-antivirus.md | 4 ++-- ...exclusions-microsoft-defender-antivirus.md | 4 ++-- ...exclusions-microsoft-defender-antivirus.md | 2 +- ...-overrides-microsoft-defender-antivirus.md | 4 ++-- ...exclusions-microsoft-defender-antivirus.md | 2 +- ...n-features-microsoft-defender-antivirus.md | 2 +- ...oyment-vdi-microsoft-defender-antivirus.md | 8 +++---- ...protection-microsoft-defender-antivirus.md | 2 +- ...c-scanning-microsoft-defender-antivirus.md | 4 ++-- ...ed-updates-microsoft-defender-antivirus.md | 4 ++-- ...-endpoints-microsoft-defender-antivirus.md | 8 +++---- ...on-updates-microsoft-defender-antivirus.md | 2 +- ...evices-vms-microsoft-defender-antivirus.md | 4 ++-- ...rosoft-defender-antivirus-in-windows-10.md | 2 +- ...fender-antivirus-on-windows-server-2016.md | 10 ++++---- .../microsoft-defender-offline.md | 4 ++-- ...soft-defender-security-center-antivirus.md | 8 +++---- .../microsoft-defender-antivirus/oldTOC.md | 24 +++++++++---------- ...nteraction-microsoft-defender-antivirus.md | 2 +- 26 files changed, 62 insertions(+), 62 deletions(-) diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 8e4da6a05c..311272e93b 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -1,5 +1,5 @@ --- -title: Monitor Windows Updates and Windows Defender AV with Update Compliance (Windows 10) +title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance (Windows 10) ms.reviewer: manager: laurawi description: You can use Update Compliance in Azure Portal to monitor the progress of updates and key antimalware protection features on devices in your network. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md index 532462188a..691027c34e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -1,7 +1,7 @@ --- title: Collect diagnostic data for Update Compliance and Windows Defender Microsoft Defender Antivirus description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Microsoft Defender Antivirus Assessment add in -keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av +keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -17,13 +17,13 @@ ms.reviewer: manager: dansimp --- -# Collect Update Compliance diagnostic data for Windows Defender AV Assessment +# Collect Update Compliance diagnostic data for Microsoft Defender AV Assessment **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in. +This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Microsoft Defender AV Assessment section in the Update Compliance add-in. Before attempting this process, ensure you have read [Troubleshoot Microsoft Defender Antivirus reporting](troubleshoot-reporting.md), met all require prerequisites, and taken any other suggested troubleshooting steps. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md index 708ec3f869..6152f332d7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md @@ -1,7 +1,7 @@ --- title: Collect diagnostic data of Microsoft Defender Antivirus description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus -keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av +keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -17,13 +17,13 @@ ms.reviewer: manager: dansimp --- -# Collect Windows Defender AV diagnostic data +# Collect Microsoft Defender AV diagnostic data **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV. +This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Microsoft Defender AV. On at least two devices that are experiencing the same issue, obtain the .cab diagnostic file by taking the following steps: diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md index a48b41622f..9ca273c668 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Manage Windows Defender in your business -description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the command line to manage Windows Defender AV +description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the command line to manage Microsoft Defender AV keywords: group policy, gpo, config manager, sccm, scep, powershell, wmi, intune, defender, antivirus, antimalware, security, protection search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md index e2bba2fe2b..3464a06430 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Configure scanning options for Windows Defender AV -description: You can configure Windows Defender AV to scan email storage files, back-up or reparse points, network files, and archived files (such as .zip files). +title: Configure scanning options for Microsoft Defender AV +description: You can configure Microsoft Defender AV to scan email storage files, back-up or reparse points, network files, and archived files (such as .zip files). keywords: advanced scans, scanning, email, archive, zip, rar, archive, reparse scanning search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md index 3906d071de..5fb8feab26 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md @@ -34,7 +34,7 @@ You can [specify how long the file should be prevented from running](configure-c When Microsoft Defender Antivirus encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend applies heuristics, machine learning, and automated analysis of the file to determine whether the files are malicious or clean. Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). -![List of Windows Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) +![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) In Windows 10, version 1803, block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md index 6fb6d97688..7840be58fc 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Configure the Windows Defender AV cloud block timeout period +title: Configure the Microsoft Defender AV cloud block timeout period description: You can configure how long Microsoft Defender Antivirus will block a file from running while waiting for a cloud determination. keywords: Microsoft Defender Antivirus, antimalware, security, defender, cloud, timeout, block, period, seconds search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md index 13346bae2f..b7af3e0452 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Configure how users can interact with Windows Defender AV -description: Configure how end-users interact with Windows Defender AV, what notifications they see, and if they can override settings. +title: Configure how users can interact with Microsoft Defender AV +description: Configure how end-users interact with Microsoft Defender AV, what notifications they see, and if they can override settings. keywords: endpoint, user, interaction, notifications, ui lockdown mode, headless mode, hide interface search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md index 6407947fe2..78dd9f20a7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Set up exclusions for Windows Defender AV scans -description: You can exclude files (including files modified by specified processes) and folders from being scanned by Windows Defender AV. Validate your exclusions with PowerShell. +title: Set up exclusions for Microsoft Defender AV scans +description: You can exclude files (including files modified by specified processes) and folders from being scanned by Microsoft Defender AV. Validate your exclusions with PowerShell. keywords: search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md index db259755b0..de3333fed1 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md @@ -140,7 +140,7 @@ All files under a folder (including files in subdirectories), or a specific file >[!IMPORTANT] >If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list. -For example, the following code snippet would cause Windows Defender AV scans to exclude any file with the `.test` file extension: +For example, the following code snippet would cause Microsoft Defender AV scans to exclude any file with the `.test` file extension: ```PowerShell Add-MpPreference -ExclusionExtension ".test" diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md index a7871d1232..16fc08a832 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Configure local overrides for Windows Defender AV settings -description: Enable or disable users from locally changing settings in Windows Defender AV. +title: Configure local overrides for Microsoft Defender AV settings +description: Enable or disable users from locally changing settings in Microsoft Defender AV. keywords: local override, local policy, group policy, gpo, lockdown,merge, lists search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 7b14f8eda8..ffe624dd8e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -101,7 +101,7 @@ Remove items from the list | `Remove-MpPreference` >[!IMPORTANT] >If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list. -For example, the following code snippet would cause Windows Defender AV scans to exclude any file that is opened by the specified process: +For example, the following code snippet would cause Microsoft Defender AV scans to exclude any file that is opened by the specified process: ```PowerShell Add-MpPreference -ExclusionProcess "c:\internal\test.exe" diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md index e09172a74b..2f09169a15 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Enable and configure Microsoft Defender Antivirus protection features -description: Enable behavior-based, heuristic, and real-time protection in Windows Defender AV. +description: Enable behavior-based, heuristic, and real-time protection in Microsoft Defender AV. keywords: heuristic, machine-learning, behavior monitor, real-time protection, always-on, Microsoft Defender Antivirus, antimalware, security, defender search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index 096a6816cb..a906762b9a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -44,7 +44,7 @@ This guide describes how to configure your VMs for optimal protection and perfor You can also download the whitepaper [Microsoft Defender Antivirus on Virtual Desktop Infrastructure](https://demo.wd.microsoft.com/Content/wdav-testing-vdi-ssu.pdf), which looks at the new shared security intelligence update feature, alongside performance testing and guidance on how you can test antivirus performance on your own VDI. > [!IMPORTANT] -> Although the VDI can be hosted on Windows Server 2012 or Windows Server 2016, the virtual machines (VMs) should be running Windows 10, 1607 at a minimum, due to increased protection technologies and features that are unavailable in earlier versions of Windows.
        There are performance and feature improvements to the way in which Windows Defender AV operates on virtual machines in Windows 10 Insider Preview, build 18323 (and later). We'll identify in this guide if you need to be using an Insider Preview build; if it isn't specified, then the minimum required version for the best protection and performance is Windows 10 1607. +> Although the VDI can be hosted on Windows Server 2012 or Windows Server 2016, the virtual machines (VMs) should be running Windows 10, 1607 at a minimum, due to increased protection technologies and features that are unavailable in earlier versions of Windows.
        There are performance and feature improvements to the way in which Microsoft Defender AV operates on virtual machines in Windows 10 Insider Preview, build 18323 (and later). We'll identify in this guide if you need to be using an Insider Preview build; if it isn't specified, then the minimum required version for the best protection and performance is Windows 10 1607. ### Set up a dedicated VDI file share @@ -194,7 +194,7 @@ If you would prefer to do everything manually, this what you would need to do to Scheduled scans run in addition to [real-time protection and scanning](configure-real-time-protection-microsoft-defender-antivirus.md). -The start time of the scan itself is still based on the scheduled scan policy – ScheduleDay, ScheduleTime, ScheduleQuickScanTime. Randomization will cause Windows Defender AV to start a scan on each machine within a 4 hour window from the time set for the scheduled scan. +The start time of the scan itself is still based on the scheduled scan policy – ScheduleDay, ScheduleTime, ScheduleQuickScanTime. Randomization will cause Microsoft Defender AV to start a scan on each machine within a 4 hour window from the time set for the scheduled scan. See [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) for other configuration options available for scheduled scans. @@ -219,7 +219,7 @@ Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist 3. Click **OK**. -This prevents notifications from Windows Defender AV appearing in the action center on Windows 10 when scans or remediation is performed. +This prevents notifications from Microsoft Defender AV appearing in the action center on Windows 10 when scans or remediation is performed. ### Disable scans after an update @@ -253,7 +253,7 @@ This forces a scan if the VM has missed two or more consecutive scheduled scans. 2. Click **OK**. -This hides the entire Windows Defender AV user interface from users. +This hides the entire Microsoft Defender AV user interface from users. ### Exclusions diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md index 69f126b8f8..84f310871d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md @@ -26,7 +26,7 @@ ms.custom: nextgen > The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). -![List of Windows Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) +![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) You can enable or disable Microsoft Defender Antivirus cloud-delivered protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md index 8e83b95ad4..fdc1e748f8 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md @@ -37,7 +37,7 @@ By default, Microsoft Defender Antivirus will enable itself on a Windows 10 devi If Microsoft Defender Antivirus is enabled, the usual options will appear to configure it on that device: -![Windows Security app showing Windows Defender AV options, including scan options, settings, and update options](images/vtp-wdav.png) +![Windows Security app showing Microsoft Defender AV options, including scan options, settings, and update options](images/vtp-wdav.png) If another antivirus product is installed and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the **Virus & threat protection** section to show status about the AV product, and provide a link to the product's configuration options: @@ -47,7 +47,7 @@ Underneath any third party AV products, a new link will appear as **Microsoft De ![The limited periodic option is a toggle to enable or disable **periodic scanning**](images/vtp-3ps-lps.png) -Sliding the switch to **On** will show the standard Windows Defender AV options underneath the third party AV product. The limited periodic scanning option will appear at the bottom of the page. +Sliding the switch to **On** will show the standard Microsoft Defender AV options underneath the third party AV product. The limited periodic scanning option will appear at the bottom of the page. ![When enabled, periodic scanning shows the normal Microsoft Defender Antivirus options](images/vtp-3ps-lps-on.png) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md index 6f5db8d1e5..c29455e452 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md @@ -129,9 +129,9 @@ For more information, see [Windows Defender WMIv2 APIs](https://docs.microsoft.c ## Allow ad hoc changes to protection based on cloud-delivered protection -Windows Defender AV can make changes to its protection based on cloud-delivered protection. Such changes can occur outside of normal or scheduled protection updates. +Microsoft Defender AV can make changes to its protection based on cloud-delivered protection. Such changes can occur outside of normal or scheduled protection updates. -If you have enabled cloud-delivered protection, Windows Defender AV will send files it is suspicious about to the Windows Defender cloud. If the cloud service reports that the file is malicious, and the file is detected in a recent protection update, you can use Group Policy to configure Windows Defender AV to automatically receive that protection update. Other important protection updates can also be applied. +If you have enabled cloud-delivered protection, Microsoft Defender AV will send files it is suspicious about to the Windows Defender cloud. If the cloud service reports that the file is malicious, and the file is detected in a recent protection update, you can use Group Policy to configure Microsoft Defender AV to automatically receive that protection update. Other important protection updates can also be applied. ### Use Group Policy to automatically download recent updates based on cloud-delivered protection diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md index 6d5ec2c418..8956c31df7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Apply Windows Defender AV protection updates to out of date endpoints +title: Apply Microsoft Defender AV protection updates to out of date endpoints description: Define when and how updates should be applied for endpoints that have not updated in a while. keywords: updates, protection, out-of-date, outdated, old, catch-up search.product: eADQiWindows 10XVcnh @@ -56,7 +56,7 @@ If Microsoft Defender Antivirus did not download protection updates for a specif 4. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates**. -5. Double-click the **Define the number of days after which a catch-up security intelligence update is required** setting and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to check for and download the latest protection update. +5. Double-click the **Define the number of days after which a catch-up security intelligence update is required** setting and set the option to **Enabled**. Enter the number of days after which you want Microsoft Defender AV to check for and download the latest protection update. 6. Click **OK**. @@ -96,11 +96,11 @@ You can also specify the number of days after which Microsoft Defender Antivirus 5. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates** and configure the following settings: - 1. Double-click **Define the number of days before spyware definitions are considered out of date** and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to consider spyware Security intelligence to be out-of-date. + 1. Double-click **Define the number of days before spyware definitions are considered out of date** and set the option to **Enabled**. Enter the number of days after which you want Microsoft Defender AV to consider spyware Security intelligence to be out-of-date. 2. Click **OK**. - 3. Double-click **Define the number of days before virus definitions are considered out of date** and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to consider virus Security intelligence to be out-of-date. + 3. Double-click **Define the number of days before virus definitions are considered out of date** and set the option to **Enabled**. Enter the number of days after which you want Microsoft Defender AV to consider virus Security intelligence to be out-of-date. 4. Click **OK**. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index d3a6243859..fb6976a1fa 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Manage how and where Windows Defender AV receives updates +title: Manage how and where Microsoft Defender AV receives updates description: Manage the fallback order for how Microsoft Defender Antivirus receives protection updates. keywords: updates, security baselines, protection, fallback order, ADL, MMPC, UNC, file path, share, wsus search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index 81ba39a7cc..fb9cbcf454 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Define how mobile devices are updated by Windows Defender AV -description: Manage how mobile devices, such as laptops, should be updated with Windows Defender AV protection updates. +title: Define how mobile devices are updated by Microsoft Defender AV +description: Manage how mobile devices, such as laptops, should be updated with Microsoft Defender AV protection updates. keywords: updates, protection, schedule updates, battery, mobile device, laptop, notebook, opt-in, microsoft update, wsus, override search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md index f0ebabb8e5..4be2a05301 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md @@ -1,6 +1,6 @@ --- title: Next-generation protection in Windows 10, Windows Server 2016, and Windows Server 2019 -description: Learn how to manage, configure, and use Windows Defender AV, the built-in antimalware and antivirus product available in Windows 10 and Windows Server 2016 +description: Learn how to manage, configure, and use Microsoft Defender AV, the built-in antimalware and antivirus product available in Windows 10 and Windows Server 2016 keywords: Microsoft Defender Antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md index 4cf3a8a1e7..5018ae9f9d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md @@ -1,6 +1,6 @@ --- title: Microsoft Defender Antivirus on Windows Server 2016 and 2019 -description: Enable and configure Windows Defender AV on Windows Server 2016 and 2019 +description: Enable and configure Microsoft Defender AV on Windows Server 2016 and 2019 keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012 search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -91,7 +91,7 @@ To use PowerShell to install Microsoft Defender Antivirus, run the following cmd Install-WindowsFeature -Name Windows-Defender ``` -Event messages for the antimalware engine included with Microsoft Defender Antivirus can be found in [Windows Defender AV Events](troubleshoot-microsoft-defender-antivirus.md). +Event messages for the antimalware engine included with Microsoft Defender Antivirus can be found in [Microsoft Defender AV Events](troubleshoot-microsoft-defender-antivirus.md). ## Verify Microsoft Defender Antivirus is running @@ -190,14 +190,14 @@ If you determine you do want to uninstall Microsoft Defender Antivirus, follow t If you unselect **Windows Defender** by itself under the **Windows Defender Features** section, you will be prompted to remove the interface option **GUI for Windows Defender**. - Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature. + Microsoft Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature. ### Uninstall Microsoft Defender Antivirus using PowerShell >[!NOTE] >You can't uninstall the Windows Security app, but you can disable the interface with these instructions. -The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016 or 2019: +The following PowerShell cmdlet will also uninstall Microsoft Defender AV on Windows Server 2016 or 2019: ```PowerShell Uninstall-WindowsFeature -Name Windows-Defender @@ -216,6 +216,6 @@ Uninstall-WindowsFeature -Name Windows-Defender-GUI - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) +- [Configure exclusions in Microsoft Defender AV on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md index 636b470f3c..103ede404e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md @@ -48,7 +48,7 @@ To run Microsoft Defender Offline from the endpoint, the user must be logged in Microsoft Defender Offline uses the most recent protection updates available on the endpoint; it's updated whenever Windows Defender Antivirus is updated. > [!NOTE] -> Before running an offline scan, you should attempt to update Windows Defender AV protection. You can either force an update with Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest protection updates from the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx). +> Before running an offline scan, you should attempt to update Microsoft Defender AV protection. You can either force an update with Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest protection updates from the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx). See the [Manage Microsoft Defender Antivirus Security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) topic for more information. @@ -75,7 +75,7 @@ Microsoft Defender Offline scans are indicated under **Malware remediation statu ## Configure notifications -Microsoft Defender Offline notifications are configured in the same policy setting as other Windows Defender AV notifications. +Microsoft Defender Offline notifications are configured in the same policy setting as other Microsoft Defender AV notifications. For more information about notifications in Windows Defender, see the [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) topic. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md index 36f41c59d3..c2d53844a7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md @@ -1,6 +1,6 @@ --- title: Microsoft Defender Antivirus in the Windows Security app -description: With Windows Defender AV now included in the Windows Security app, you can review, compare, and perform common tasks. +description: With Microsoft Defender AV now included in the Windows Security app, you can review, compare, and perform common tasks. keywords: wdav, antivirus, firewall, security, windows search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -27,8 +27,8 @@ In Windows 10, version 1703 and later, the Windows Defender app is part of the W Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703. > [!IMPORTANT] -> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
        If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. ->It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. +> Disabling the Windows Security Center service will not disable Microsoft Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
        If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. +>It may also prevent Microsoft Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. >This will significantly lower the protection of your device and could lead to malware infection. @@ -108,7 +108,7 @@ This section describes how to perform some of the most common tasks when reviewi >[!NOTE] >If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats. - >If you install another antivirus product, Windows Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md). + >If you install another antivirus product, Microsoft Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md b/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md index 6e1deba9b5..3c99217e75 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md @@ -1,12 +1,12 @@ # [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -## [Windows Defender AV in the Microsoft Defender Security Center app](microsoft-defender-security-center-antivirus.md) +## [Microsoft Defender AV in the Microsoft Defender Security Center app](microsoft-defender-security-center-antivirus.md) -## [Windows Defender AV on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md) +## [Microsoft Defender AV on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md) ## [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md) -### [Use limited periodic scanning in Windows Defender AV](limited-periodic-scanning-microsoft-defender-antivirus.md) +### [Use limited periodic scanning in Microsoft Defender AV](limited-periodic-scanning-microsoft-defender-antivirus.md) ## [Evaluate Microsoft Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md) @@ -35,18 +35,18 @@ ### [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) #### [Detect and block Potentially Unwanted Applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) #### [Enable and configure always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -### [Configure end-user interaction with Windows Defender AV](configure-end-user-interaction-microsoft-defender-antivirus.md) +### [Configure end-user interaction with Microsoft Defender AV](configure-end-user-interaction-microsoft-defender-antivirus.md) #### [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) #### [Prevent users from seeing or interacting with the user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) #### [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) ## [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -### [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-microsoft-defender-antivirus.md) +### [Configure and validate exclusions in Microsoft Defender AV scans](configure-exclusions-microsoft-defender-antivirus.md) #### [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) #### [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -#### [Configure exclusions in Windows Defender AV on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md) -### [Configure scanning options in Windows Defender AV](configure-advanced-scan-types-microsoft-defender-antivirus.md) +#### [Configure exclusions in Microsoft Defender AV on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md) +### [Configure scanning options in Microsoft Defender AV](configure-advanced-scan-types-microsoft-defender-antivirus.md) ### [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) ### [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) ### [Configure and run scans](run-scan-microsoft-defender-antivirus.md) @@ -59,10 +59,10 @@ ## [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) -### [Use Group Policy settings to configure and manage Windows Defender AV](use-group-policy-microsoft-defender-antivirus.md) -### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](use-intune-config-manager-microsoft-defender-antivirus.md) -### [Use PowerShell cmdlets to configure and manage Windows Defender AV](use-powershell-cmdlets-microsoft-defender-antivirus.md) -### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](use-wmi-microsoft-defender-antivirus.md) -### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](command-line-arguments-microsoft-defender-antivirus.md) +### [Use Group Policy settings to configure and manage Microsoft Defender AV](use-group-policy-microsoft-defender-antivirus.md) +### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Microsoft Defender AV](use-intune-config-manager-microsoft-defender-antivirus.md) +### [Use PowerShell cmdlets to configure and manage Microsoft Defender AV](use-powershell-cmdlets-microsoft-defender-antivirus.md) +### [Use Windows Management Instrumentation (WMI) to configure and manage Microsoft Defender AV](use-wmi-microsoft-defender-antivirus.md) +### [Use the mpcmdrun.exe commandline tool to configure and manage Microsoft Defender AV](command-line-arguments-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md index 4b5dfb5cc2..18c0fdfc15 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md @@ -44,7 +44,7 @@ In earlier versions of Windows 10, the setting will hide the Windows Defender cl ![Warning message when headless mode is enabled in Windows 10, versions earlier than 1703](images/defender/wdav-headless-mode-1607.png) -## Use Group Policy to hide the Windows Defender AV interface from users +## Use Group Policy to hide the Microsoft Defender AV interface from users 1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**. From ee2c2b28a39520e961f73b9cc0bab74f04d97736 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Thu, 4 Jun 2020 09:30:07 -0700 Subject: [PATCH 99/99] Changed Windows Defender AV to Microsoft Defender AV --- .../deployment/update/update-compliance-monitor.md | 2 +- .../report-monitor-microsoft-defender-antivirus.md | 4 ++-- ...quarantined-files-microsoft-defender-antivirus.md | 6 +++--- ...view-scan-results-microsoft-defender-antivirus.md | 2 +- .../run-scan-microsoft-defender-antivirus.md | 2 +- ...ed-catch-up-scans-microsoft-defender-antivirus.md | 2 +- .../troubleshoot-microsoft-defender-antivirus.md | 2 +- .../troubleshoot-reporting.md | 10 +++++----- ...ne-config-manager-microsoft-defender-antivirus.md | 2 +- ...owershell-cmdlets-microsoft-defender-antivirus.md | 2 +- .../use-wmi-microsoft-defender-antivirus.md | 2 +- ...-cloud-protection-microsoft-defender-antivirus.md | 2 +- .../microsoft-defender-atp/alerts-queue.md | 8 ++++---- .../microsoft-defender-atp/api-portal-mapping.md | 12 ++++++------ .../configure-server-endpoints.md | 6 +++--- .../enable-controlled-folders.md | 2 +- .../microsoft-defender-atp/investigate-files.md | 2 +- .../microsoft-defender-atp/manage-indicators.md | 6 +++--- .../microsoft-defender-atp/network-protection.md | 4 ++-- .../microsoft-defender-atp/portal-overview.md | 2 +- .../microsoft-defender-atp/respond-machine-alerts.md | 4 ++-- .../microsoft-defender-atp/troubleshoot-asr.md | 2 +- .../microsoft-defender-atp/troubleshoot-np.md | 2 +- .../windows-defender-security-center.md | 12 ++++++------ windows/whats-new/ltsc/whats-new-windows-10-2019.md | 4 ++-- .../whats-new/whats-new-windows-10-version-1703.md | 8 ++++---- 26 files changed, 56 insertions(+), 56 deletions(-) diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 8e4da6a05c..311272e93b 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -1,5 +1,5 @@ --- -title: Monitor Windows Updates and Windows Defender AV with Update Compliance (Windows 10) +title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance (Windows 10) ms.reviewer: manager: laurawi description: You can use Update Compliance in Azure Portal to monitor the progress of updates and key antimalware protection features on devices in your network. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md index af0ed9fd05..aa0b387ceb 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- title: Monitor and report on Microsoft Defender Antivirus protection -description: Use Configuration Manager or security information and event management (SIEM) tools to consume reports, and monitor Windows Defender AV with PowerShell and WMI. -keywords: siem, monitor, report, windows defender av +description: Use Configuration Manager or security information and event management (SIEM) tools to consume reports, and monitor Microsoft Defender AV with PowerShell and WMI. +keywords: siem, monitor, report, Microsoft Defender AV search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md index 5a30c57794..325b0800ee 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Restore quarantined files in Windows Defender AV -description: You can restore files and folders that were quarantined by Windows Defender AV. +title: Restore quarantined files in Microsoft Defender AV +description: You can restore files and folders that were quarantined by Microsoft Defender AV. keywords: search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -17,7 +17,7 @@ ms.reviewer: manager: dansimp --- -# Restore quarantined files in Windows Defender AV +# Restore quarantined files in Microsoft Defender AV **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md index 258b495b60..1e4a2b7142 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Review the results of Windows Defender AV scans +title: Review the results of Microsoft Defender AV scans description: Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app keywords: scan results, remediation, full scan, quick scan search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md index 0d9933fc95..a0fc81be46 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Run and customize on-demand scans in Windows Defender AV +title: Run and customize on-demand scans in Microsoft Defender AV description: Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app keywords: scan, on-demand, dos, intune, instant scan search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md index 6dd4dadced..a155de8626 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Schedule regular quick and full scans with Windows Defender AV +title: Schedule regular quick and full scans with Microsoft Defender AV description: Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans keywords: quick scan, full scan, quick vs full, schedule scan, daily, weekly, time, scheduled, recurring, regular search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md index 68ce4eebbd..75665404c2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Windows Defender AV event IDs and error codes +title: Microsoft Defender AV event IDs and error codes description: Look up the causes and solutions for Microsoft Defender Antivirus event IDs and errors keywords: event, error code, siem, logging, troubleshooting, wef, windows event forwarding search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md index 8abffb90b1..43310f4b21 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md @@ -1,7 +1,7 @@ --- -title: Troubleshoot problems with reporting tools for Windows Defender AV -description: Identify and solve common problems when attempting to report in Windows Defender AV protection status in Update Compliance -keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av +title: Troubleshoot problems with reporting tools for Microsoft Defender AV +description: Identify and solve common problems when attempting to report in Microsoft Defender AV protection status in Update Compliance +keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -51,9 +51,9 @@ There are three steps to troubleshooting these problems: In order for devices to properly show up in Update Compliance, you have to meet certain prerequisites for both the Update Compliance service and for Microsoft Defender Antivirus: >[!div class="checklist"] ->- Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](microsoft-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. +>- Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Microsoft Defender AV to disable itself](microsoft-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. > - [Cloud-delivered protection is enabled](enable-cloud-protection-microsoft-defender-antivirus.md). -> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-microsoft-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) +> - Endpoints can [connect to the Microsoft Defender AV cloud](configure-network-connections-microsoft-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) > - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level). > - It has been 3 days since all requirements have been met diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md index a6ba01f23b..37d31d6dc7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Configure Microsoft Defender Antivirus with Configuration Manager and Intune -description: Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure Windows Defender AV and Endpoint Protection +description: Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure Microsoft Defender AV and Endpoint Protection keywords: scep, intune, endpoint protection, configuration search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md index fcfc8ca38c..2ec659113a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Use PowerShell cmdlets to configure and run Windows Defender AV +title: Use PowerShell cmdlets to configure and run Microsoft Defender AV description: In Windows 10, you can use PowerShell cmdlets to run scans, update Security intelligence, and change settings in Microsoft Defender Antivirus. keywords: scan, command line, mpcmdrun, defender search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md index 73d1b7d19f..5a54bd4546 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Configure Microsoft Defender Antivirus with WMI -description: Use WMI scripts to configure Windows Defender AV. +description: Use WMI scripts to configure Microsoft Defender AV. keywords: wmi, scripts, windows management instrumentation, configuration search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md index 6e52508bcb..e998e86722 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md @@ -25,7 +25,7 @@ ms.custom: nextgen Microsoft next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). -![List of Windows Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) +![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) To take advantage of the power and speed of these next-generation technologies, Microsoft Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense. diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index 7f13a487ad..34e1b7c512 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -58,16 +58,16 @@ Informational
        (Grey) | Alerts that might not be considered harmful to the n #### Understanding alert severity -Microsoft Defender Antivirus (Windows Defender AV) and Microsoft Defender ATP alert severities are different because they represent different scopes. +Microsoft Defender Antivirus (Microsoft Defender AV) and Microsoft Defender ATP alert severities are different because they represent different scopes. -The Windows Defender AV threat severity represents the absolute severity of the detected threat (malware), and is assigned based on the potential risk to the individual machine, if infected. +The Microsoft Defender AV threat severity represents the absolute severity of the detected threat (malware), and is assigned based on the potential risk to the individual machine, if infected. The Microsoft Defender ATP alert severity represents the severity of the detected behavior, the actual risk to the machine but more importantly the potential risk to the organization. So, for example: -- The severity of a Microsoft Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage. -- An alert about a commercial malware was detected while executing, but blocked and remediated by Windows Defender AV, is categorized as "Low" because it may have caused some damage to the individual machine but poses no organizational threat. +- The severity of a Microsoft Defender ATP alert about a Microsoft Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage. +- An alert about a commercial malware was detected while executing, but blocked and remediated by Microsoft Defender AV, is categorized as "Low" because it may have caused some damage to the individual machine but poses no organizational threat. - An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High". - Suspicious behavioral alerts, which weren't blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 2ec8ca9023..2fdc0af72f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -43,7 +43,7 @@ Field numbers match the numbers in the images below. > > | Portal label | SIEM field name | ArcSight field | Example value | Description | > |------------------|---------------------------|---------------------|------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -> | 1 | AlertTitle | name | Windows Defender AV detected 'Mikatz' high-severity malware | Value available for every Detection. | +> | 1 | AlertTitle | name | Microsoft Defender AV detected 'Mikatz' high-severity malware | Value available for every Detection. | > | 2 | Severity | deviceSeverity | High | Value available for every Detection. | > | 3 | Category | deviceEventCategory | Malware | Value available for every Detection. | > | 4 | Detection source | sourceServiceName | Antivirus | Microsoft Defender Antivirus or Microsoft Defender ATP. Value available for every Detection. | @@ -53,13 +53,13 @@ Field numbers match the numbers in the images below. > | 8 | UserDomain | sourceNtDomain | CONTOSO | The domain of the user context running the activity, available for Microsoft Defender ATP behavioral based detections. | > | 9 | UserName | sourceUserName | liz.bean | The user context running the activity, available for Microsoft Defender ATP behavioral based detections. | > | 10 | Sha1 | fileHash | 3da065e07b990034e9db7842167f70b63aa5329 | Available for detections associated with a file or process. | -> | 11 | Sha256 | deviceCustomString6 | ebf54f745dc81e1958f75e4ca91dd0ab989fc9787bb6b0bf993e2f5 | Available for Windows Defender AV detections. | -> | 12 | Md5 | deviceCustomString5 | db979c04a99b96d370988325bb5a8b21 | Available for Windows Defender AV detections. | -> | 13 | ThreatName | deviceCustomString1 | HackTool:Win32/Mikatz!dha | Available for Windows Defender AV detections. | +> | 11 | Sha256 | deviceCustomString6 | ebf54f745dc81e1958f75e4ca91dd0ab989fc9787bb6b0bf993e2f5 | Available for Microsoft Defender AV detections. | +> | 12 | Md5 | deviceCustomString5 | db979c04a99b96d370988325bb5a8b21 | Available for Microsoft Defender AV detections. | +> | 13 | ThreatName | deviceCustomString1 | HackTool:Win32/Mikatz!dha | Available for Microsoft Defender AV detections. | > | 14 | IpAddress | sourceAddress | 218.90.204.141 | Available for detections associated to network events. For example, 'Communication to a malicious network destination'. | > | 15 | Url | requestUrl | down.esales360.cn | Available for detections associated to network events. For example, 'Communication to a malicious network destination'. | -> | 16 | RemediationIsSuccess | deviceCustomNumber2 | TRUE | Available for Windows Defender AV detections. ArcSight value is 1 when TRUE and 0 when FALSE. | -> | 17 | WasExecutingWhileDetected | deviceCustomNumber1 | FALSE | Available for Windows Defender AV detections. ArcSight value is 1 when TRUE and 0 when FALSE. | +> | 16 | RemediationIsSuccess | deviceCustomNumber2 | TRUE | Available for Microsoft Defender AV detections. ArcSight value is 1 when TRUE and 0 when FALSE. | +> | 17 | WasExecutingWhileDetected | deviceCustomNumber1 | FALSE | Available for Microsoft Defender AV detections. ArcSight value is 1 when TRUE and 0 when FALSE. | > | 18 | AlertId | externalId | 636210704265059241_673569822 | Value available for every Detection. | > | 19 | LinkToWDATP | flexString1 | `https://securitycenter.windows.com/alert/636210704265059241_673569822` | Value available for every Detection. | > | 20 | AlertTime | deviceReceiptTime | 2017-05-07T01:56:59.3191352Z | The time the event occurred. Value available for every Detection. | diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 6893fc8c8d..c3acfa8df0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -151,7 +151,7 @@ Support for Windows Server, provide deeper insight into activities happening on 1. Configure Microsoft Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints.md). -2. If you're running a third-party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings. Verify that it was configured correctly: +2. If you're running a third-party antimalware solution, you'll need to apply the following Microsoft Defender AV passive mode settings. Verify that it was configured correctly: 1. Set the following registry entry: - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection` @@ -168,11 +168,11 @@ Support for Windows Server, provide deeper insight into activities happening on ![Image of passive mode verification result](images/atp-verify-passive-mode.png) -3. Run the following command to check if Windows Defender AV is installed: +3. Run the following command to check if Microsoft Defender AV is installed: ```sc.exe query Windefend``` - If the result is 'The specified service does not exist as an installed service', then you'll need to install Windows Defender AV. For more information, see [Microsoft Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). + If the result is 'The specified service does not exist as an installed service', then you'll need to install Microsoft Defender AV. For more information, see [Microsoft Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). ## Integration with Azure Security Center diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md index dc345b0974..61cf625503 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md @@ -41,7 +41,7 @@ Group Policy settings that disable local administrator list merging will overrid * Microsoft Defender Antivirus **Configure local administrator merge behavior for lists** * System Center Endpoint Protection **Allow users to add exclusions and overrides** -For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged). +For more information about disabling local list merging, see [Prevent or allow users to locally modify Microsoft Defender AV policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged). ## Windows Security app diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md index 47494dd290..ba6d70f4b3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md @@ -61,7 +61,7 @@ For more information on these actions, see [Take response action on a file](resp The file details, incident, malware detection, and file prevalence cards display various attributes about the file. -You'll see details such as the file’s MD5, the Virus Total detection ratio, and Windows Defender AV detection if available, and the file’s prevalence, both worldwide and within your organizations. +You'll see details such as the file’s MD5, the Virus Total detection ratio, and Microsoft Defender AV detection if available, and the file’s prevalence, both worldwide and within your organizations. ![Image of file information](images/atp-file-information.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md index e3e6a5d05e..c2f2dd8964 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md @@ -30,13 +30,13 @@ Indicator of compromise (IoCs) matching is an essential feature in every endpoin Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to. -Currently supported sources are the cloud detection engine of Microsoft Defender ATP, the automated investigation and remediation engine, and the endpoint prevention engine (Windows Defender AV). +Currently supported sources are the cloud detection engine of Microsoft Defender ATP, the automated investigation and remediation engine, and the endpoint prevention engine (Microsoft Defender AV). **Cloud detection engine**
        The cloud detection engine of Microsoft Defender ATP regularly scans collected data and tries to match the indicators you set. When there is a match, action will be taken according to the settings you specified for the IoC. **Endpoint prevention engine**
        -The same list of indicators is honored by the prevention agent. Meaning, if Windows Defender AV is the primary AV configured, the matched indicators will be treated according to the settings. For example, if the action is "Alert and Block", Windows Defender AV will prevent file executions (block and remediate) and a corresponding alert will be raised. On the other hand, if the Action is set to "Allow", Windows Defender AV will not detect nor block the file from being run. +The same list of indicators is honored by the prevention agent. Meaning, if Microsoft Defender AV is the primary AV configured, the matched indicators will be treated according to the settings. For example, if the action is "Alert and Block", Microsoft Defender AV will prevent file executions (block and remediate) and a corresponding alert will be raised. On the other hand, if the Action is set to "Allow", Microsoft Defender AV will not detect nor block the file from being run. **Automated investigation and remediation engine**
        The automated investigation and remediation behave the same. If an indicator is set to "Allow", Automated investigation and remediation will ignore a "bad" verdict for it. If set to "Block", Automated investigation and remediation will treat it as "bad". @@ -153,7 +153,7 @@ It's important to understand the following prerequisites prior to creating indic You can create indicators for certificates. Some common use cases include: - Scenarios when you need to deploy blocking technologies, such as [attack surface reduction rules](attack-surface-reduction.md) and [controlled folder access](controlled-folders.md) but need to allow behaviors from signed applications by adding the certificate in the allow list. -- Blocking the use of a specific signed application across your organization. By creating an indicator to block the certificate of the application, Windows Defender AV will prevent file executions (block and remediate) and the Automated Investigation and Remediation behave the same. +- Blocking the use of a specific signed application across your organization. By creating an indicator to block the certificate of the application, Microsoft Defender AV will prevent file executions (block and remediate) and the Automated Investigation and Remediation behave the same. ### Before you begin diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 874368fd85..eb56826c55 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -44,11 +44,11 @@ You can also use [audit mode](audit-windows-defender.md) to evaluate how Network ## Requirements -Network protection requires Windows 10 Pro, Enterprise E3, E5 and Windows Defender AV real-time protection. +Network protection requires Windows 10 Pro, Enterprise E3, E5 and Microsoft Defender AV real-time protection. Windows 10 version | Microsoft Defender Antivirus -|- -Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled +Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled ## Review network protection events in the Microsoft Defender ATP Security Center diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index d14ef73895..96e8c08aa9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -81,7 +81,7 @@ Icon | Description ![Not remediated icon](images/not-remediated-icon.png)| Not remediated – Threat not removed from the machine. ![Thunderbolt icon](images/atp-thunderbolt-icon.png)| Indicates events that triggered an alert in the **Alert process tree**. ![Machine icon](images/atp-machine-icon.png)| Machine icon -![Windows Defender AV events icon](images/atp-windows-defender-av-events-icon.png)| Microsoft Defender Antivirus events +![Microsoft Defender AV events icon](images/atp-windows-defender-av-events-icon.png)| Microsoft Defender Antivirus events ![Application Guard events icon](images/atp-Application-Guard-events-icon.png)| Windows Defender Application Guard events ![Device Guard events icon](images/atp-Device-Guard-events-icon.png)| Windows Defender Device Guard events ![Exploit Guard events icon](images/atp-Exploit-Guard-events-icon.png)| Windows Defender Exploit Guard events diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md index 8fbea48837..7d64a9e1f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md @@ -116,13 +116,13 @@ As part of the investigation or response process, you can remotely initiate an a >[!IMPORTANT] >- This action is available for machines on Windows 10, version 1709 or later. ->- A Microsoft Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. Windows Defender AV can be in Passive mode. For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +>- A Microsoft Defender Antivirus (Microsoft Defender AV) scan can run alongside other antivirus solutions, whether Microsoft Defender AV is the active antivirus solution or not. Microsoft Defender AV can be in Passive mode. For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). One you have selected **Run antivirus scan**, select the scan type that you'd like to run (quick or full) and add a comment before confirming the scan. ![Image of notification to select quick scan or full scan and add comment](images/run-antivirus.png) -The Action center will show the scan information and the machine timeline will include a new event, reflecting that a scan action was submitted on the machine. Windows Defender AV alerts will reflect any detections that surfaced during the scan. +The Action center will show the scan information and the machine timeline will include a new event, reflecting that a scan action was submitted on the machine. Microsoft Defender AV alerts will reflect any detections that surfaced during the scan. ## Restrict app execution diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md index 5c669d24fa..8f87ff3707 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md @@ -46,7 +46,7 @@ Attack surface reduction rules will only work on devices with the following cond - Endpoints are running Windows 10 Enterprise, version 1709 (also known as the Fall Creators Update). -- Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +- Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Microsoft Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). - [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index 2ee2db32a1..12ce265639 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -43,7 +43,7 @@ Network protection will only work on devices with the following conditions: >[!div class="checklist"] > * Endpoints are running Windows 10 Enterprise edition, version 1709 or higher (also known as the Fall Creators Update). -> * Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +> * Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Microsoft Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). > * [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled. > * [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled. > * Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**). diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index d6c9634430..0f263a291a 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -42,7 +42,7 @@ You can't uninstall the Windows Security app, but you can do one of the followin - Disable the interface on Windows Server 2016. See [Microsoft Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016). - Hide all of the sections on client computers (see below). -- Disable Microsoft Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). +- Disable Microsoft Defender Antivirus, if needed. See [Enable and configure Microsoft Defender AV always-on protection and monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). You can find more information about each section, including options for configuring the sections - such as hiding each of the sections - at the following topics: @@ -77,20 +77,20 @@ You can find more information about each section, including options for configur ## How the Windows Security app works with Windows security features > [!IMPORTANT] -> Windows Defender AV and the Windows Security app use similarly named services for specific purposes. +> Microsoft Defender AV and the Windows Security app use similarly named services for specific purposes. > > The Windows Security app uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection. > ->These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product. +>These services do not affect the state of Microsoft Defender AV. Disabling or modifying these services will not disable Microsoft Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product. > ->Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +>Microsoft Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). > -> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). +> Disabling the Windows Security Center service will not disable Microsoft Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). > [!WARNING] > If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. > -> It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. +> It may also prevent Microsoft Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. > > This will significantly lower the protection of your device and could lead to malware infection. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index d39a343109..8c41f40e80 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -83,9 +83,9 @@ Endpoint detection and response is improved. Enterprise customers can now take a - [Configuring features](/windows/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features) - [Troubleshooting](/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus) - Some of the highlights of the new library include [Evaluation guide for Windows Defender AV](/windows/threat-protection/microsoft-defender-antivirus//evaluate-microsoft-defender-antivirus) and [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus). + Some of the highlights of the new library include [Evaluation guide for Microsoft Defender AV](/windows/threat-protection/microsoft-defender-antivirus//evaluate-microsoft-defender-antivirus) and [Deployment guide for Microsoft Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus). - New features for Windows Defender AV in Windows 10 Enterprise 2019 LTSC include: + New features for Microsoft Defender AV in Windows 10 Enterprise 2019 LTSC include: - [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) - [The ability to specify the level of cloud-protection](/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus) - [Microsoft Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 8421a263ce..2f32d6a64d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -138,10 +138,10 @@ The new library includes information on: - [Troubleshooting](/windows/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus) Some of the highlights of the new library include: -- [Evaluation guide for Windows Defender AV](/windows/threat-protection/microsoft-defender-antivirus//evaluate-microsoft-defender-antivirus) -- [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus) +- [Evaluation guide for Microsoft Defender AV](/windows/threat-protection/microsoft-defender-antivirus//evaluate-microsoft-defender-antivirus) +- [Deployment guide for Microsoft Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus) -New features for Windows Defender AV in Windows 10, version 1703 include: +New features for Microsoft Defender AV in Windows 10, version 1703 include: - [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) - [The ability to specify the level of cloud-protection](/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus) @@ -150,7 +150,7 @@ New features for Windows Defender AV in Windows 10, version 1703 include: In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). -You can read more about ransomware mitigations and detection capability in Windows Defender AV in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). +You can read more about ransomware mitigations and detection capability in Microsoft Defender AV in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). ### Device Guard and Credential Guard
        Diagnostics dataStarting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see Manage enterprise diagnostic data level.
        If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work. -
        Network Connection Status Indicator (NCSI)Windows must be able to tell that the device is able to access the internet. For more information, see Network Connection Status Indicator (NCSI). +
        Network Connection Status Indicator (NCSI)Windows must be able to tell that the device is able to access the internet. For more information, see Network Connection Status Indicator (NCSI). www.msftconnecttest.com must be resolvable via DNS and accessible via HTTP. -
        Windows Notification Services (WNS)This service is used to enable Windows to receive notifications from apps and services. See Microsoft Store for more information.
        +
        Windows Notification Services (WNS)This service is used to enable Windows to receive notifications from apps and services. See Microsoft Store for more information.
        If the WNS services are not available, the Autopilot process will still continue without notifications.
        Microsoft Store, Microsoft Store for BusinessApps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in. For more information, see Prerequisites for Microsoft Store for Business and Education (also includes Azure AD and Windows Notification Services).
        From 9c3b541db7eee0e0b940c26d5ca9363e33427185 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 28 May 2020 11:49:20 -0700 Subject: [PATCH 19/99] metadata update --- .../windows-autopilot/windows-autopilot-requirements.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 1680ccbc04..25fee702e2 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -14,6 +14,9 @@ author: greg-lindsay ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article +ms.custom: +- CI 116757 +- CSSTroubleshooting --- From 1744fdf99123fc2044d9d8a2a68d0ae416bf77da Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Thu, 28 May 2020 16:13:49 -0700 Subject: [PATCH 20/99] changed windows-defender-antivirus to microsoft... --- .../antivirus-false-positives-negatives.md | 0 .../collect-diagnostic-data-update-compliance.md | 0 ...-line-arguments-microsoft-defender-antivirus.md} | 0 ...nagement-reference-windows-defender-antivirus.md | 0 ...dvanced-scan-types-windows-defender-antivirus.md | 0 ...ock-at-first-sight-windows-defender-antivirus.md | 0 ...ock-timeout-period-windows-defender-antivirus.md | 0 ...d-user-interaction-windows-defender-antivirus.md | 0 ...nfigure-exclusions-windows-defender-antivirus.md | 0 ...on-file-exclusions-windows-defender-antivirus.md | 0 ...l-policy-overrides-windows-defender-antivirus.md | 0 ...etwork-connections-windows-defender-antivirus.md | 0 ...gure-notifications-windows-defender-antivirus.md | 0 ...ed-file-exclusions-windows-defender-antivirus.md | 0 ...rotection-features-windows-defender-antivirus.md | 0 ...al-time-protection-windows-defender-antivirus.md | 0 ...figure-remediation-windows-defender-antivirus.md | 0 ...-server-exclusions-windows-defender-antivirus.md | 0 ...configure-windows-defender-antivirus-features.md | 0 ...ew-remediate-scans-windows-defender-antivirus.md | 0 ...ploy-manage-report-windows-defender-antivirus.md | 0 .../deploy-windows-defender-antivirus.md | 0 .../deployment-vdi-windows-defender-antivirus.md | 0 ...ally-unwanted-apps-windows-defender-antivirus.md | 0 ...e-cloud-protection-windows-defender-antivirus.md | 0 .../evaluate-windows-defender-antivirus.md | 0 .../images/WDAV-WinSvr2019-turnfeatureson.jpg | Bin .../images/atp-portal-onboarding-page.png | Bin .../images/defender-updatedefs2.png | Bin .../images/defender/client.png | Bin .../images/defender/intune-block-at-first-sight.png | Bin .../images/defender/notification.png | Bin .../images/defender/sccm-advanced-settings.png | Bin .../defender/sccm-cloud-protection-service.png | Bin .../images/defender/sccm-real-time-protection.png | Bin .../images/defender/sccm-wdo.png | Bin .../images/defender/wdav-bafs-edge.png | Bin .../images/defender/wdav-bafs-ie.png | Bin .../images/defender/wdav-extension-exclusions.png | Bin .../images/defender/wdav-get-mpthreat.png | Bin .../images/defender/wdav-get-mpthreatdetection.png | Bin .../images/defender/wdav-headless-mode-1607.png | Bin .../images/defender/wdav-headless-mode-1703.png | Bin .../images/defender/wdav-headless-mode-off-1703.png | Bin .../images/defender/wdav-history-wdsc.png | Bin .../images/defender/wdav-malware-detected.png | Bin .../images/defender/wdav-order-update-sources.png | Bin .../images/defender/wdav-path-exclusions.png | Bin .../defender/wdav-powershell-get-exclusions-all.png | Bin .../wdav-powershell-get-exclusions-variable.png | Bin .../images/defender/wdav-process-exclusions.png | Bin .../defender/wdav-protection-settings-wdsc.png | Bin .../defender/wdav-quarantined-history-wdsc.png | Bin .../images/defender/wdav-settings-old.png | Bin .../images/defender/wdav-wdsc-defs.png | Bin .../images/defender/wdav-wdsc.png | Bin .../defender/wdav-windows-defender-app-old.png | Bin .../images/gpedit-administrative-templates.PNG | Bin .../images/gpedit-real-time-protection.PNG | Bin .../images/gpedit-search.png | Bin ...gpedit-turn-off-real-time-protection-enabled.PNG | Bin .../images/gpedit-turn-off-real-time-protection.PNG | Bin .../gpedit-windows-defender-antivirus-scan.PNG | Bin .../images/gpedit-windows-defender-antivirus.PNG | Bin .../images/jamf-onboarding.png | Bin .../images/mdatp-1-registerapp.png | Bin .../images/mdatp-10-clientapps.png | Bin .../images/mdatp-11-assignments.png | Bin .../images/mdatp-12-deviceinstall.png | Bin .../images/mdatp-13-systempreferences.png | Bin .../images/mdatp-14-systempreferencesprofiles.png | Bin .../images/mdatp-15-managementprofileconfig.png | Bin .../images/mdatp-16-preferencedomain.png | Bin .../images/mdatp-17-approvedkernelextensions.png | Bin .../images/mdatp-18-configurationprofilesscope.png | Bin .../images/mdatp-19-microsoftdefenderwdavpkg.png | Bin .../images/mdatp-2-downloadpackages.png | Bin .../images/mdatp-20-microsoftdefenderpackages.png | Bin .../images/mdatp-21-mdmprofile1.png | Bin .../images/mdatp-22-mdmprofileapproved.png | Bin .../images/mdatp-23-mdmstatus.png | Bin .../images/mdatp-24-statusonserver.png | Bin .../images/mdatp-25-statusonclient.png | Bin .../images/mdatp-26-uninstall.png | Bin .../images/mdatp-27-uninstallscript.png | Bin .../images/mdatp-28-appinstall.png | Bin .../images/mdatp-29-appinstalllogin.png | Bin .../images/mdatp-3-confirmdevicemgmt.png | Bin .../images/mdatp-30-systemextension.png | Bin .../images/mdatp-31-securityprivacysettings.png | Bin .../images/mdatp-32-main-app-fix.png | Bin .../mdatp-33-securityprivacysettings-noprompt.png | Bin .../images/mdatp-34-mau.png | Bin .../images/mdatp-35-jamf-privacypreferences.png | Bin .../images/mdatp-36-rtp.png | Bin .../images/mdatp-37-exclusions.png | Bin .../images/mdatp-4-managementprofile.png | Bin .../images/mdatp-5-alldevices.png | Bin .../images/mdatp-6-systemconfigurationprofiles.png | Bin .../images/mdatp-7-devicestatusblade.png | Bin .../images/mdatp-8-intuneappinfo.png | Bin .../images/mdatp-9-intunepkginfo.png | Bin .../images/mdatp-icon-bar.png | Bin .../images/mdatp-icon.png | Bin ...ender-atp-next-generation-protection-engines.png | Bin ...ecution-and-post-execution-detection-engines.png | Bin .../images/server-add-gui.png | Bin .../images/svg/check-no.svg | 0 .../images/svg/check-yes.svg | 0 .../images/tamperattemptalert.png | Bin .../images/tamperprotectionturnedon.png | Bin .../images/tamperprotectsecurityrecos.png | Bin .../images/tampprotintune-alert.jpg | Bin .../images/tampprotintune-huntingquery.png | Bin .../images/tampprotintune-windowssecurityapp.png | Bin .../images/turnontamperprotect-consumer.png | Bin .../images/turnontamperprotect-enterprise.png | Bin .../images/turnontamperprotect-intune.png | Bin .../images/turnontamperprotection.png | Bin .../images/vtp-3ps-lps-on.png | Bin .../images/vtp-3ps-lps.png | Bin .../images/vtp-3ps.png | Bin .../images/vtp-wdav.png | Bin ...-periodic-scanning-windows-defender-antivirus.md | 0 ...vent-based-updates-windows-defender-antivirus.md | 0 ...outdated-endpoints-windows-defender-antivirus.md | 0 ...on-update-schedule-windows-defender-antivirus.md | 0 ...protection-updates-windows-defender-antivirus.md | 0 ...-updates-baselines-windows-defender-antivirus.md | 0 ...mobile-devices-vms-windows-defender-antivirus.md | 0 .../office-365-windows-defender-antivirus.md | 0 .../oldTOC.md | 0 ...s-to-security-settings-with-tamper-protection.md | 0 ...d-user-interaction-windows-defender-antivirus.md | 0 .../report-monitor-windows-defender-antivirus.md | 0 ...-quarantined-files-windows-defender-antivirus.md | 0 ...eview-scan-results-windows-defender-antivirus.md | 0 .../run-scan-windows-defender-antivirus.md | 0 ...led-catch-up-scans-windows-defender-antivirus.md | 0 ...d-protection-level-windows-defender-antivirus.md | 0 .../troubleshoot-reporting.md | 0 .../troubleshoot-windows-defender-antivirus.md | 0 .../use-group-policy-windows-defender-antivirus.md | 0 ...une-config-manager-windows-defender-antivirus.md | 0 ...powershell-cmdlets-windows-defender-antivirus.md | 0 .../use-wmi-windows-defender-antivirus.md | 0 ...t-cloud-protection-windows-defender-antivirus.md | 0 .../why-use-microsoft-antivirus.md | 0 .../windows-defender-antivirus-compatibility.md | 0 .../windows-defender-antivirus-in-windows-10.md | 0 ...ows-defender-antivirus-on-windows-server-2016.md | 0 .../windows-defender-offline.md | 0 .../windows-defender-security-center-antivirus.md | 0 153 files changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/antivirus-false-positives-negatives.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/collect-diagnostic-data-update-compliance.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md => microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configuration-management-reference-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-advanced-scan-types-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-block-at-first-sight-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-cloud-block-timeout-period-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-end-user-interaction-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-exclusions-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-extension-file-exclusions-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-local-policy-overrides-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-network-connections-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-notifications-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-process-opened-file-exclusions-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-protection-features-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-real-time-protection-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-remediation-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-server-exclusions-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/configure-windows-defender-antivirus-features.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/customize-run-review-remediate-scans-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/deploy-manage-report-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/deploy-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/deployment-vdi-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/enable-cloud-protection-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/evaluate-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/WDAV-WinSvr2019-turnfeatureson.jpg (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/atp-portal-onboarding-page.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender-updatedefs2.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/client.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/intune-block-at-first-sight.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/notification.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/sccm-advanced-settings.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/sccm-cloud-protection-service.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/sccm-real-time-protection.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/sccm-wdo.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-bafs-edge.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-bafs-ie.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-extension-exclusions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-get-mpthreat.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-get-mpthreatdetection.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-headless-mode-1607.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-headless-mode-1703.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-headless-mode-off-1703.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-history-wdsc.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-malware-detected.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-order-update-sources.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-path-exclusions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-powershell-get-exclusions-all.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-powershell-get-exclusions-variable.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-process-exclusions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-protection-settings-wdsc.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-quarantined-history-wdsc.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-settings-old.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-wdsc-defs.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-wdsc.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/defender/wdav-windows-defender-app-old.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-administrative-templates.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-real-time-protection.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-search.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-turn-off-real-time-protection-enabled.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-turn-off-real-time-protection.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-windows-defender-antivirus-scan.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/gpedit-windows-defender-antivirus.PNG (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/jamf-onboarding.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-1-registerapp.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-10-clientapps.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-11-assignments.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-12-deviceinstall.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-13-systempreferences.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-14-systempreferencesprofiles.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-15-managementprofileconfig.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-16-preferencedomain.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-17-approvedkernelextensions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-18-configurationprofilesscope.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-19-microsoftdefenderwdavpkg.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-2-downloadpackages.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-20-microsoftdefenderpackages.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-21-mdmprofile1.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-22-mdmprofileapproved.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-23-mdmstatus.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-24-statusonserver.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-25-statusonclient.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-26-uninstall.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-27-uninstallscript.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-28-appinstall.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-29-appinstalllogin.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-3-confirmdevicemgmt.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-30-systemextension.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-31-securityprivacysettings.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-32-main-app-fix.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-33-securityprivacysettings-noprompt.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-34-mau.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-35-jamf-privacypreferences.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-36-rtp.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-37-exclusions.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-4-managementprofile.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-5-alldevices.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-6-systemconfigurationprofiles.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-7-devicestatusblade.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-8-intuneappinfo.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-9-intunepkginfo.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-icon-bar.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/mdatp-icon.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/microsoft-defender-atp-next-generation-protection-engines.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/pre-execution-and-post-execution-detection-engines.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/server-add-gui.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/svg/check-no.svg (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/svg/check-yes.svg (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tamperattemptalert.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tamperprotectionturnedon.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tamperprotectsecurityrecos.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tampprotintune-alert.jpg (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tampprotintune-huntingquery.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/tampprotintune-windowssecurityapp.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/turnontamperprotect-consumer.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/turnontamperprotect-enterprise.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/turnontamperprotect-intune.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/turnontamperprotection.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/vtp-3ps-lps-on.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/vtp-3ps-lps.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/vtp-3ps.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/images/vtp-wdav.png (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/limited-periodic-scanning-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-event-based-updates-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-outdated-endpoints-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-protection-update-schedule-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-protection-updates-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-updates-baselines-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/manage-updates-mobile-devices-vms-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/office-365-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/oldTOC.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/prevent-changes-to-security-settings-with-tamper-protection.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/prevent-end-user-interaction-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/report-monitor-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/restore-quarantined-files-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/review-scan-results-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/run-scan-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/scheduled-catch-up-scans-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/specify-cloud-protection-level-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/troubleshoot-reporting.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/troubleshoot-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/use-group-policy-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/use-intune-config-manager-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/use-powershell-cmdlets-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/use-wmi-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/utilize-microsoft-cloud-protection-windows-defender-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/why-use-microsoft-antivirus.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-antivirus-compatibility.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-antivirus-in-windows-10.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-antivirus-on-windows-server-2016.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-offline.md (100%) rename windows/security/threat-protection/{windows-defender-antivirus => microsoft-defender-antivirus}/windows-defender-security-center-antivirus.md (100%) diff --git a/windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md rename to windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md rename to windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md rename to windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/deploy-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/evaluate-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/WDAV-WinSvr2019-turnfeatureson.jpg b/windows/security/threat-protection/microsoft-defender-antivirus/images/WDAV-WinSvr2019-turnfeatureson.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/WDAV-WinSvr2019-turnfeatureson.jpg rename to windows/security/threat-protection/microsoft-defender-antivirus/images/WDAV-WinSvr2019-turnfeatureson.jpg diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/atp-portal-onboarding-page.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/atp-portal-onboarding-page.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/atp-portal-onboarding-page.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/atp-portal-onboarding-page.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender-updatedefs2.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender-updatedefs2.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender-updatedefs2.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender-updatedefs2.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/client.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/client.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/client.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/client.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/intune-block-at-first-sight.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/intune-block-at-first-sight.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/intune-block-at-first-sight.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/intune-block-at-first-sight.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/notification.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/notification.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/notification.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/notification.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-advanced-settings.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-advanced-settings.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-cloud-protection-service.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-cloud-protection-service.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-real-time-protection.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-real-time-protection.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-wdo.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-wdo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-wdo.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/sccm-wdo.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-bafs-edge.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-bafs-edge.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-bafs-edge.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-bafs-edge.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-bafs-ie.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-bafs-ie.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-bafs-ie.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-bafs-ie.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-extension-exclusions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-extension-exclusions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-extension-exclusions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-extension-exclusions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-get-mpthreat.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-get-mpthreat.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-get-mpthreat.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-get-mpthreat.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-get-mpthreatdetection.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-get-mpthreatdetection.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-get-mpthreatdetection.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-get-mpthreatdetection.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-1607.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-1607.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-1607.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-1607.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-1703.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-1703.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-1703.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-1703.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-off-1703.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-off-1703.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-headless-mode-off-1703.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-headless-mode-off-1703.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-history-wdsc.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-history-wdsc.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-history-wdsc.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-history-wdsc.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-malware-detected.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-malware-detected.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-malware-detected.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-malware-detected.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-order-update-sources.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-order-update-sources.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-order-update-sources.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-order-update-sources.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-path-exclusions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-path-exclusions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-path-exclusions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-path-exclusions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-powershell-get-exclusions-all.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-powershell-get-exclusions-all.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-powershell-get-exclusions-all.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-powershell-get-exclusions-all.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-powershell-get-exclusions-variable.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-powershell-get-exclusions-variable.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-powershell-get-exclusions-variable.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-powershell-get-exclusions-variable.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-process-exclusions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-process-exclusions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-process-exclusions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-process-exclusions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-quarantined-history-wdsc.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-quarantined-history-wdsc.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-quarantined-history-wdsc.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-quarantined-history-wdsc.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-settings-old.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-settings-old.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-settings-old.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-settings-old.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc-defs.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-wdsc-defs.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc-defs.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-wdsc-defs.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-wdsc.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-wdsc.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-windows-defender-app-old.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-windows-defender-app-old.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-windows-defender-app-old.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/defender/wdav-windows-defender-app-old.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-administrative-templates.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-administrative-templates.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-administrative-templates.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-administrative-templates.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-real-time-protection.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-real-time-protection.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-real-time-protection.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-real-time-protection.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-search.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-search.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-search.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-search.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-turn-off-real-time-protection-enabled.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-turn-off-real-time-protection-enabled.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-turn-off-real-time-protection-enabled.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-turn-off-real-time-protection-enabled.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-turn-off-real-time-protection.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-turn-off-real-time-protection.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-turn-off-real-time-protection.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-turn-off-real-time-protection.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-windows-defender-antivirus-scan.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-windows-defender-antivirus-scan.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-windows-defender-antivirus-scan.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-windows-defender-antivirus-scan.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/gpedit-windows-defender-antivirus.PNG b/windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-windows-defender-antivirus.PNG similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/gpedit-windows-defender-antivirus.PNG rename to windows/security/threat-protection/microsoft-defender-antivirus/images/gpedit-windows-defender-antivirus.PNG diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/jamf-onboarding.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/jamf-onboarding.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/jamf-onboarding.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/jamf-onboarding.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-1-registerapp.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-1-registerapp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-1-registerapp.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-1-registerapp.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-10-clientapps.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-10-clientapps.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-10-clientapps.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-10-clientapps.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-11-assignments.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-11-assignments.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-11-assignments.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-11-assignments.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-12-deviceinstall.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-12-deviceinstall.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-12-deviceinstall.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-12-deviceinstall.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-13-systempreferences.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-13-systempreferences.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-13-systempreferences.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-13-systempreferences.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-14-systempreferencesprofiles.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-14-systempreferencesprofiles.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-14-systempreferencesprofiles.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-14-systempreferencesprofiles.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-15-managementprofileconfig.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-15-managementprofileconfig.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-15-managementprofileconfig.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-15-managementprofileconfig.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-16-preferencedomain.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-16-preferencedomain.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-16-preferencedomain.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-16-preferencedomain.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-17-approvedkernelextensions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-17-approvedkernelextensions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-17-approvedkernelextensions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-17-approvedkernelextensions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-18-configurationprofilesscope.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-18-configurationprofilesscope.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-18-configurationprofilesscope.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-18-configurationprofilesscope.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-19-microsoftdefenderwdavpkg.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-19-microsoftdefenderwdavpkg.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-19-microsoftdefenderwdavpkg.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-19-microsoftdefenderwdavpkg.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-2-downloadpackages.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-2-downloadpackages.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-2-downloadpackages.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-2-downloadpackages.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-20-microsoftdefenderpackages.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-20-microsoftdefenderpackages.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-20-microsoftdefenderpackages.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-20-microsoftdefenderpackages.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-21-mdmprofile1.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-21-mdmprofile1.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-21-mdmprofile1.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-21-mdmprofile1.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-22-mdmprofileapproved.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-22-mdmprofileapproved.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-22-mdmprofileapproved.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-22-mdmprofileapproved.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-23-mdmstatus.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-23-mdmstatus.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-23-mdmstatus.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-23-mdmstatus.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-24-statusonserver.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-24-statusonserver.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-24-statusonserver.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-24-statusonserver.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-25-statusonclient.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-25-statusonclient.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-25-statusonclient.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-25-statusonclient.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-26-uninstall.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-26-uninstall.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-26-uninstall.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-26-uninstall.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-27-uninstallscript.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-27-uninstallscript.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-27-uninstallscript.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-27-uninstallscript.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-28-appinstall.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-28-appinstall.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-28-appinstall.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-28-appinstall.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-29-appinstalllogin.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-29-appinstalllogin.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-29-appinstalllogin.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-29-appinstalllogin.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-3-confirmdevicemgmt.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-3-confirmdevicemgmt.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-3-confirmdevicemgmt.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-3-confirmdevicemgmt.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-30-systemextension.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-30-systemextension.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-30-systemextension.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-30-systemextension.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-31-securityprivacysettings.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-31-securityprivacysettings.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-31-securityprivacysettings.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-31-securityprivacysettings.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-32-main-app-fix.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-32-main-app-fix.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-32-main-app-fix.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-32-main-app-fix.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-33-securityprivacysettings-noprompt.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-33-securityprivacysettings-noprompt.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-33-securityprivacysettings-noprompt.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-33-securityprivacysettings-noprompt.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-34-mau.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-34-mau.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-34-mau.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-34-mau.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-35-jamf-privacypreferences.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-35-jamf-privacypreferences.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-35-jamf-privacypreferences.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-35-jamf-privacypreferences.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-36-rtp.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-36-rtp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-36-rtp.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-36-rtp.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-37-exclusions.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-37-exclusions.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-37-exclusions.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-37-exclusions.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-4-managementprofile.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-4-managementprofile.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-4-managementprofile.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-4-managementprofile.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-5-alldevices.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-5-alldevices.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-5-alldevices.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-5-alldevices.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-6-systemconfigurationprofiles.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-6-systemconfigurationprofiles.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-6-systemconfigurationprofiles.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-6-systemconfigurationprofiles.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-7-devicestatusblade.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-7-devicestatusblade.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-7-devicestatusblade.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-7-devicestatusblade.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-8-intuneappinfo.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-8-intuneappinfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-8-intuneappinfo.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-8-intuneappinfo.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-9-intunepkginfo.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-9-intunepkginfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-9-intunepkginfo.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-9-intunepkginfo.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-icon-bar.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-icon-bar.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-icon-bar.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-icon-bar.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/mdatp-icon.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-icon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/mdatp-icon.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-icon.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/microsoft-defender-atp-next-generation-protection-engines.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/microsoft-defender-atp-next-generation-protection-engines.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/microsoft-defender-atp-next-generation-protection-engines.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/microsoft-defender-atp-next-generation-protection-engines.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/pre-execution-and-post-execution-detection-engines.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/pre-execution-and-post-execution-detection-engines.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/pre-execution-and-post-execution-detection-engines.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/pre-execution-and-post-execution-detection-engines.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/server-add-gui.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/server-add-gui.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/server-add-gui.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/server-add-gui.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/svg/check-no.svg b/windows/security/threat-protection/microsoft-defender-antivirus/images/svg/check-no.svg similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/svg/check-no.svg rename to windows/security/threat-protection/microsoft-defender-antivirus/images/svg/check-no.svg diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/svg/check-yes.svg b/windows/security/threat-protection/microsoft-defender-antivirus/images/svg/check-yes.svg similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/svg/check-yes.svg rename to windows/security/threat-protection/microsoft-defender-antivirus/images/svg/check-yes.svg diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tamperattemptalert.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tamperattemptalert.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tamperattemptalert.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tamperattemptalert.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tamperprotectionturnedon.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tamperprotectionturnedon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tamperprotectionturnedon.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tamperprotectionturnedon.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tamperprotectsecurityrecos.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tamperprotectsecurityrecos.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tamperprotectsecurityrecos.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tamperprotectsecurityrecos.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-alert.jpg b/windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-alert.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-alert.jpg rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-alert.jpg diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-huntingquery.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-huntingquery.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-huntingquery.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-huntingquery.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-windowssecurityapp.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-windowssecurityapp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/tampprotintune-windowssecurityapp.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/tampprotintune-windowssecurityapp.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-consumer.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-consumer.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-consumer.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-consumer.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-enterprise.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-enterprise.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-enterprise.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-enterprise.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-intune.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-intune.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotect-intune.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-intune.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotection.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotection.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/turnontamperprotection.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotection.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps-lps-on.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps-lps-on.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps-lps-on.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps-lps-on.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps-lps.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps-lps.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps-lps.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps-lps.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/vtp-3ps.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-3ps.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/vtp-wdav.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-wdav.png similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/images/vtp-wdav.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/vtp-wdav.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/office-365-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md b/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/oldTOC.md rename to windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md rename to windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/run-scan-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md rename to windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-compatibility.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-compatibility.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-in-windows-10.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-in-windows-10.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-offline.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-offline.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus.md similarity index 100% rename from windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus.md From 2b34d9e2de3a2cbcd93b52eeb770b99f5476905a Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Fri, 29 May 2020 12:16:10 -0700 Subject: [PATCH 21/99] updated files names to microsoft-defender-antivirus --- ...nt-reference-windows-defender-antivirus.md | 45 -- ...d-scan-types-windows-defender-antivirus.md | 93 ---- ...-first-sight-windows-defender-antivirus.md | 180 -------- ...meout-period-windows-defender-antivirus.md | 54 --- ...-interaction-windows-defender-antivirus.md | 36 -- ...e-exclusions-windows-defender-antivirus.md | 37 -- ...e-exclusions-windows-defender-antivirus.md | 295 ------------- ...cy-overrides-windows-defender-antivirus.md | 92 ---- ...-connections-windows-defender-antivirus.md | 130 ------ ...otifications-windows-defender-antivirus.md | 106 ----- ...e-exclusions-windows-defender-antivirus.md | 198 --------- ...ion-features-windows-defender-antivirus.md | 43 -- ...e-protection-windows-defender-antivirus.md | 114 ----- ...-remediation-windows-defender-antivirus.md | 72 --- ...r-exclusions-windows-defender-antivirus.md | 411 ------------------ ...ure-windows-defender-antivirus-features.md | 49 --- ...ge-report-microsoft-defender-antivirus.md} | 0 ...=> deploy-microsoft-defender-antivirus.md} | 0 ...yment-vdi-microsoft-defender-antivirus.md} | 0 ...nted-apps-microsoft-defender-antivirus.md} | 0 ...rotection-microsoft-defender-antivirus.md} | 0 ... evaluate-microsoft-defender-antivirus.md} | 0 ...-scanning-microsoft-defender-antivirus.md} | 0 ...d-updates-microsoft-defender-antivirus.md} | 0 ...endpoints-microsoft-defender-antivirus.md} | 0 ...-schedule-microsoft-defender-antivirus.md} | 0 ...n-updates-microsoft-defender-antivirus.md} | 0 ...baselines-microsoft-defender-antivirus.md} | 0 ...vices-vms-microsoft-defender-antivirus.md} | 0 ...rosft-defender-antivirus-in-windows-10.md} | 0 ...osoft-defender-antivirus-compatibility.md} | 0 ...ender-antivirus-on-windows-server-2016.md} | 0 ...fline.md => microsoft-defender-offline.md} | 0 ...oft-defender-security-center-antivirus.md} | 0 ...ffice-365-microsoft-defender-antivirus.md} | 0 ...teraction-microsoft-defender-antivirus.md} | 0 ...t-monitor-microsoft-defender-antivirus.md} | 0 ...ned-files-microsoft-defender-antivirus.md} | 0 ...n-results-microsoft-defender-antivirus.md} | 0 ... run-scan-microsoft-defender-antivirus.md} | 0 ...-up-scans-microsoft-defender-antivirus.md} | 0 ...ion-level-microsoft-defender-antivirus.md} | 0 ...ubleshoot-microsoft-defender-antivirus.md} | 0 ...up-policy-microsoft-defender-antivirus.md} | 0 ...g-manager-microsoft-defender-antivirus.md} | 0 ...l-cmdlets-microsoft-defender-antivirus.md} | 0 ...> use-wmi-microsoft-defender-antivirus.md} | 0 ...rotection-microsoft-defender-antivirus.md} | 0 ...> why-use-microsoft-defender-antivirus.md} | 0 49 files changed, 1955 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md rename windows/security/threat-protection/microsoft-defender-antivirus/{deploy-manage-report-windows-defender-antivirus.md => deploy-manage-report-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{deploy-windows-defender-antivirus.md => deploy-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{deployment-vdi-windows-defender-antivirus.md => deployment-vdi-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{detect-block-potentially-unwanted-apps-windows-defender-antivirus.md => detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{enable-cloud-protection-windows-defender-antivirus.md => enable-cloud-protection-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{evaluate-windows-defender-antivirus.md => evaluate-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{limited-periodic-scanning-windows-defender-antivirus.md => limited-periodic-scanning-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{manage-event-based-updates-windows-defender-antivirus.md => manage-event-based-updates-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{manage-outdated-endpoints-windows-defender-antivirus.md => manage-outdated-endpoints-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{manage-protection-update-schedule-windows-defender-antivirus.md => manage-protection-update-schedule-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{manage-protection-updates-windows-defender-antivirus.md => manage-protection-updates-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{manage-updates-baselines-windows-defender-antivirus.md => manage-updates-baselines-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{manage-updates-mobile-devices-vms-windows-defender-antivirus.md => manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{windows-defender-antivirus-in-windows-10.md => microsft-defender-antivirus-in-windows-10.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{windows-defender-antivirus-compatibility.md => microsoft-defender-antivirus-compatibility.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{windows-defender-antivirus-on-windows-server-2016.md => microsoft-defender-antivirus-on-windows-server-2016.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{windows-defender-offline.md => microsoft-defender-offline.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{windows-defender-security-center-antivirus.md => microsoft-defender-security-center-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{office-365-windows-defender-antivirus.md => office-365-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{prevent-end-user-interaction-windows-defender-antivirus.md => prevent-end-user-interaction-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{report-monitor-windows-defender-antivirus.md => report-monitor-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{restore-quarantined-files-windows-defender-antivirus.md => restore-quarantined-files-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{review-scan-results-windows-defender-antivirus.md => review-scan-results-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{run-scan-windows-defender-antivirus.md => run-scan-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{scheduled-catch-up-scans-windows-defender-antivirus.md => scheduled-catch-up-scans-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{specify-cloud-protection-level-windows-defender-antivirus.md => specify-cloud-protection-level-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{troubleshoot-windows-defender-antivirus.md => troubleshoot-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{use-group-policy-windows-defender-antivirus.md => use-group-policy-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{use-intune-config-manager-windows-defender-antivirus.md => use-intune-config-manager-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{use-powershell-cmdlets-windows-defender-antivirus.md => use-powershell-cmdlets-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{use-wmi-windows-defender-antivirus.md => use-wmi-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{utilize-microsoft-cloud-protection-windows-defender-antivirus.md => utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md} (100%) rename windows/security/threat-protection/microsoft-defender-antivirus/{why-use-microsoft-antivirus.md => why-use-microsoft-defender-antivirus.md} (100%) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md deleted file mode 100644 index 8ea3ed528e..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Manage Windows Defender in your business -description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the command line to manage Windows Defender AV -keywords: group policy, gpo, config manager, sccm, scep, powershell, wmi, intune, defender, antivirus, antimalware, security, protection -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 09/03/2018 -ms.reviewer: -manager: dansimp ---- - -# Manage Windows Defender Antivirus in your business - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -You can manage and configure Windows Defender Antivirus with the following tools: - -- Microsoft Intune -- Microsoft Endpoint Configuration Manager -- Group Policy -- PowerShell cmdlets -- Windows Management Instrumentation (WMI) -- The mpcmdrun.exe utility - -The articles in this section provide further information, links, and resources for using these tools to manage and configure Windows Defender Antivirus. - -## In this section - -Article | Description ----|--- -[Manage Windows Defender Antivirus with Microsoft Intune and Microsoft Endpoint Configuration Manager](use-intune-config-manager-microsoft-defender-antivirus.md)|Information about using Intune and Configuration Manager to deploy, manage, report, and configure Windows Defender Antivirus -[Manage Windows Defender Antivirus with Group Policy settings](use-group-policy-microsoft-defender-antivirus.md)|List of all Group Policy settings located in ADMX templates -[Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md)|Instructions for using PowerShell cmdlets to manage Windows Defender Antivirus, plus links to documentation for all cmdlets and allowed parameters -[Manage Windows Defender Antivirus with Windows Management Instrumentation (WMI)](use-wmi-microsoft-defender-antivirus.md)| Instructions for using WMI to manage Windows Defender Antivirus, plus links to documentation for the WMIv2 APIs (including all classes, methods, and properties) -[Manage Windows Defender Antivirus with the mpcmdrun.exe command-line tool](command-line-arguments-microsoft-defender-antivirus.md)|Instructions on using the dedicated command-line tool to manage and use Windows Defender Antivirus diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md deleted file mode 100644 index b4742f97c9..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Configure scanning options for Windows Defender AV -description: You can configure Windows Defender AV to scan email storage files, back-up or reparse points, network files, and archived files (such as .zip files). -keywords: advanced scans, scanning, email, archive, zip, rar, archive, reparse scanning -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.reviewer: -manager: dansimp - ---- - -# Configure Windows Defender Antivirus scanning options - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -**Use Microsoft Intune to configure scanning options** - -See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. - - - -## Use Microsoft Endpoint Configuration Manager to configure scanning options: - -See [How to create and deploy antimalware policies: Scan settings](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring Microsoft Endpoint Configuration Manager (current branch). - -## Use Group Policy to configure scanning options - -To configure the Group Policy settings described in the following table: - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below. - -4. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. - -Description | Location and setting | Default setting (if not configured) | PowerShell `Set-MpPreference` parameter or WMI property for `MSFT_MpPreference` class ----|---|---|--- -Email scanning See [Email scanning limitations](#ref1)| Scan > Turn on e-mail scanning | Disabled | `-DisableEmailScanning` -Scan [reparse points](https://msdn.microsoft.com/library/windows/desktop/aa365503.aspx) | Scan > Turn on reparse point scanning | Disabled | Not available -Scan mapped network drives | Scan > Run full scan on mapped network drives | Disabled | `-DisableScanningMappedNetworkDrivesForFullScan` - Scan archive files (such as .zip or .rar files). The [extensions exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md) will take precedence over this setting. | Scan > Scan archive files | Enabled | `-DisableArchiveScanning` -Scan files on the network | Scan > Scan network files | Disabled | `-DisableScanningNetworkFiles` -Scan packed executables | Scan > Scan packed executables | Enabled | Not available -Scan removable drives during full scans only | Scan > Scan removable drives | Disabled | `-DisableRemovableDriveScanning` -Specify the level of subfolders within an archive folder to scan | Scan > Specify the maximum depth to scan archive files | 0 | Not available - Specify the maximum CPU load (as a percentage) during a scan. Note: This is not a hard limit but rather a guidance for the scanning engine to not exceed this maximum on average. | Scan > Specify the maximum percentage of CPU utilization during a scan | 50 | `-ScanAvgCPULoadFactor` - Specify the maximum size (in kilobytes) of archive files that should be scanned. The default, **0**, applies no limit | Scan > Specify the maximum size of archive files to be scanned | No limit | Not available - Configure low CPU priority for scheduled scans | Scan > Configure low CPU priority for scheduled scans | Disabled | Not available - ->[!NOTE] ->If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. - -## Use PowerShell to configure scanning options - -See [Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. - -## Use WMI to configure scanning options - -For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx). - -## Email scanning limitations - -Email scanning enables scanning of email files used by Outlook and other mail clients during on-demand and scheduled scans. Embedded objects within an email file (such as attachments and archived files) are also scanned. The following file format types can be scanned and remediated: - -- DBX -- MBX -- MIME - -PST files used by Outlook 2003 or older (where the archive type is set to non-unicode) will also be scanned, but Windows Defender cannot remediate threats detected inside PST files. - -If Windows Defender Antivirus detects a threat inside an email, it will show you the following information to assist you in identifying the compromised email, so you can remediate the threat manually: - -- Email subject -- Attachment name - -## Related topics - -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) -- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md deleted file mode 100644 index acc9c3d662..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ /dev/null @@ -1,180 +0,0 @@ ---- -title: Enable Block at First Sight to detect malware in seconds -description: Enable the Block at First sight feature to detect and block malware within seconds, and validate that it is configured correctly. -keywords: scan, BAFS, malware, first seen, first sight, cloud, defender -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.reviewer: -manager: dansimp -ms.custom: nextgen ---- - -# Enable block at first sight - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Block at first sight provides a way to detect and block new malware within seconds. This protection is enabled by default when certain prerequisite settings are also enabled. In most cases, these prerequisite settings are also enabled by default, so the feature is running without any intervention. - -You can [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) while the cloud-based protection service analyzes the file. And, you can [customize the message displayed on users' desktops](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL. - ->[!TIP] ->Visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work. - -## How it works - -When Windows Defender Antivirus encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend applies heuristics, machine learning, and automated analysis of the file to determine whether the files are malicious or clean. - -Windows Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). -![List of Windows Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) - -In Windows 10, version 1803, block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. - -Block at first sight only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or that originate from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file. - -If the cloud backend is unable to make a determination, Windows Defender Antivirus locks the file and uploads a copy to the cloud. The cloud performs additional analysis to reach a determination before it either allows the file to run or blocks it in all future encounters, depending on whether it determines the file to be malicious or safe. - -In many cases, this process can reduce the response time for new malware from hours to seconds. - -## Confirm and validate that block at first sight is enabled - -Block at first sight requires a number of settings to be configured correctly or it will not work. These settings are enabled by default in most enterprise Windows Defender Antivirus deployments. - -### Confirm block at first sight is enabled with Intune - -1. In Intune, navigate to **Device configuration - Profiles** > *Profile name* > **Device restrictions** > **Windows Defender Antivirus**. - - > [!NOTE] - > The profile you select must be a Device Restriction profile type, not an Endpoint Protection profile type. - -2. Verify these settings are configured as follows: - - - **Cloud-delivered protection**: **Enable** - - **File Blocking Level**: **High** - - **Time extension for file scanning by the cloud**: **50** - - **Prompt users before sample submission**: **Send all data without prompting** - - ![Intune config](images/defender/intune-block-at-first-sight.png) - - > [!WARNING] - > Setting the file blocking level to **High** will apply a strong level of detection. In the unlikely event that it causes a false positive detection of legitimate files, use the option to [restore the quarantined files](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus). - -For more information about configuring Windows Defender Antivirus device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). - -For a list of Windows Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus). - -### Enable block at first sight with Microsoft Endpoint Configuration Manager - -1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **AntiMalware Policies**. - -2. Click **Home** > **Create Antimalware Policy**. - -3. Enter a name and a description, and add these settings: - - **Real time protection** - - **Advanced** - - **Cloud Protection Service** - -4. In the left column, click **Real time protection**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**. - ![Enable real-time protection](images/defender/sccm-real-time-protection.png) - -5. Click **Advanced**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**. - ![Enable Advanced settings](images/defender/sccm-advanced-settings.png) - -6. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking malicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds. - ![Enable Cloud Protection Service](images/defender/sccm-cloud-protection-service.png) - -7. Click **OK** to create the policy. - - -### Confirm block at first sight is enabled with Group Policy - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **MAPS**, configure the following Group Policies, and then click **OK**: - - - Double-click **Join Microsoft MAPS** and ensure the option is set to **Enabled**. Click **OK**. - - - Double-click **Send file samples when further analysis is required** and ensure the option is set to **Enabled** and the additional options are either **Send safe samples (1)** or **Send all samples (3)**. - - > [!WARNING] - > Setting to **Always prompt (0)** will lower the protection state of the device. Setting to **Never send (2)** means block at first sight will not function. - -4. In the **Group Policy Management Editor**, expand the tree to **Windows components** > **Windows Defender Antivirus** > **Real-time Protection**: - - 1. Double-click **Scan all downloaded files and attachments** and ensure the option is set to **Enabled**, and then click **OK**. - - 2. Double-click **Turn off real-time protection** and ensure the option is set to **Disabled**, and then click **OK**. - -If you had to change any of the settings, you should re-deploy the Group Policy Object across your network to ensure all endpoints are covered. - -### Confirm block at first sight is enabled with Registry editor - -1. Start Registry Editor. - -2. Go to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet**, and make sure that - - 1. **SpynetReporting** key is set to **1** - - 2. **SubmitSamplesConsent** key is set to either **1** (Send safe samples) or **3** (Send all samples) - -3. Go to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection**, and make sure that - - 1. **DisableIOAVProtection** key is set to **0** - - 2. **DisableRealtimeMonitoring** key is set to **0** - -### Confirm Block at First Sight is enabled on individual clients - -You can confirm that block at first sight is enabled on individual clients using Windows security settings. - -Block at first sight is automatically enabled as long as **Cloud-delivered protection** and **Automatic sample submission** are both turned on. - -1. Open the Windows Security app. - -2. Select **Virus & threat protection**, and then, under **Virus & threat protection settings**, select **Manage Settings**. - - ![Screenshot of the Virus & threat protection settings label in the Windows Security app](images/defender/wdav-protection-settings-wdsc.png) - -3. Confirm that **Cloud-delivered protection** and **Automatic sample submission** are both turned on. - -> [!NOTE] -> If the prerequisite settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. - -### Validate block at first sight is working - -You can validate that the feature is working by following the steps outlined in [Validate connections between your network and the cloud](configure-network-connections-microsoft-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud). - -## Disable block at first sight - -> [!WARNING] -> Disabling block at first sight will lower the protection state of the endpoint and your network. - -You may choose to disable block at first sight if you want to retain the prerequisite settings without using block at first sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network. - -### Disable block at first sight with Group Policy - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure, and then click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree through **Windows components** > **Windows Defender Antivirus** > **MAPS**. - -4. Double-click **Configure the 'Block at First Sight' feature** and set the option to **Disabled**. - - > [!NOTE] - > Disabling block at first sight will not disable or alter the prerequisite group policies. - -## Related topics - -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md deleted file mode 100644 index 116cffdaa7..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Configure the Windows Defender AV cloud block timeout period -description: You can configure how long Windows Defender Antivirus will block a file from running while waiting for a cloud determination. -keywords: windows defender antivirus, antimalware, security, defender, cloud, timeout, block, period, seconds -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 09/03/2018 -ms.reviewer: -manager: dansimp -ms.custom: nextgen ---- - -# Configure the cloud block timeout period - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -When Windows Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud service](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). - -The default period that the file will be [blocked](configure-block-at-first-sight-microsoft-defender-antivirus.md) is 10 seconds. You can specify an additional period of time to wait before the file is allowed to run. This can help ensure there is enough time to receive a proper determination from the Windows Defender Antivirus cloud service. - -## Prerequisites to use the extended cloud block timeout - -[Block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) and its prerequisites must be enabled before you can specify an extended timeout period. - -## Specify the extended timeout period - -You can use Group Policy to specify an extended timeout for cloud checks. - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine** - -4. Double-click **Configure extended cloud check** and ensure the option is enabled. Specify the additional amount of time to prevent the file from running while waiting for a cloud determination. You can specify the additional time, in seconds, from 1 second to 50 seconds. This time will be added to the default 10 seconds. - -5. Click **OK**. - -## Related topics - -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Use next-generation antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) -- [Configure block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) -- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md deleted file mode 100644 index f748db5175..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Configure how users can interact with Windows Defender AV -description: Configure how end-users interact with Windows Defender AV, what notifications they see, and if they can override settings. -keywords: endpoint, user, interaction, notifications, ui lockdown mode, headless mode, hide interface -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 09/03/2018 -ms.reviewer: -manager: dansimp ---- - -# Configure end-user interaction with Windows Defender Antivirus - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -You can configure how users of the endpoints on your network can interact with Windows Defender Antivirus. - -This includes whether they see the Windows Defender Antivirus interface, what notifications they see, and if they can locally override globally-deployed Group Policy settings. - -## In this section - -Topic | Description ----|--- -[Configure notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) | Configure and customize additional notifications, customized text for notifications, and notifications about reboots for remediation -[Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) | Hide the user interface from users -[Prevent users from locally modifying policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) | Prevent (or allow) users from overriding policy settings on their individual endpoints diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md deleted file mode 100644 index 635d677a14..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-windows-defender-antivirus.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Set up exclusions for Windows Defender AV scans -description: You can exclude files (including files modified by specified processes) and folders from being scanned by Windows Defender AV. Validate your exclusions with PowerShell. -keywords: -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 03/12/2020 -ms.reviewer: -manager: dansimp ---- - -# Configure and validate exclusions for Windows Defender Antivirus scans - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -You can exclude certain files, folders, processes, and process-opened files from Windows Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection. - ->[!WARNING] ->Defining exclusions lowers the protection offered by Windows Defender Antivirus. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious. - -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from Windows Defender Antivirus scans based on their file extension, file name, or location. - -- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from scans that have been opened by a specific process. - -## Related articles - -[Windows Defender Antivirus exclusions on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md deleted file mode 100644 index e41c0fe9e7..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ /dev/null @@ -1,295 +0,0 @@ ---- -title: Configure and validate exclusions based on extension, name, or location -description: Exclude files from Windows Defender Antivirus scans based on their file extension, file name, or location. -keywords: exclusions, files, extension, file type, folder name, file name, scans -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.reviewer: -manager: dansimp ---- - -# Configure and validate exclusions based on file extension and folder location - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -> [!IMPORTANT] -> Windows Defender Antivirus exclusions don't apply to other Microsoft Defender ATP capabilities, including [endpoint detection and response (EDR)](../microsoft-defender-atp/overview-endpoint-detection-response.md), [attack surface reduction (ASR) rules](../microsoft-defender-atp/attack-surface-reduction.md), and [controlled folder access](../microsoft-defender-atp/controlled-folders.md). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, add them to the Microsoft Defender ATP [custom indicators](../microsoft-defender-atp/manage-indicators.md). - -## Exclusion lists - -You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Windows Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations. - -> [!NOTE] -> Automatic exclusions apply only to Windows Server 2016 and above. The default antimalware policy we deploy at Microsoft doesn't set any exclusions by default. - -This article describes how to configure exclusion lists for the files and folders. - -Exclusion | Examples | Exclusion list ----|---|--- -Any file with a specific extension | All files with the specified extension, anywhere on the machine.
        Valid syntax: `.test` and `test` | Extension exclusions -Any file under a specific folder | All files under the `c:\test\sample` folder | File and folder exclusions -A specific file in a specific folder | The file `c:\sample\sample.test` only | File and folder exclusions -A specific process | The executable file `c:\test\process.exe` | File and folder exclusions - -Exclusion lists have the following characteristics: - -- Folder exclusions will apply to all files and folders under that folder, unless the subfolder is a reparse point. Reparse point subfolders must be excluded separately. -- File extensions will apply to any file name with the defined extension if a path or folder is not defined. - ->[!IMPORTANT] ->The use of wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work. -> ->You cannot exclude mapped network drives. You must specify the actual network path. -> ->Folders that are reparse points that are created after the Windows Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target. - -To exclude files opened by a specific process, see [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). - -The exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md). - ->[!IMPORTANT] ->Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). -> ->Changes made in the Windows Security app **will not show** in the Group Policy lists. - -By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence when there are conflicts. - -You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-microsoft-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings. - -## Configure the list of exclusions based on folder name or file extension - -### Use Intune to configure file name, folder, or file extension exclusions - -See the following articles: -- [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) -- [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) - -### Use Configuration Manager to configure file name, folder, or file extension exclusions - -See [How to create and deploy antimalware policies: Exclusion settings](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring Microsoft Endpoint Configuration Manager (current branch). - -### Use Group Policy to configure folder or file extension exclusions - ->[!NOTE] ->If you specify a fully qualified path to a file, then only that file is excluded. If a folder is defined in the exclusion, then all files and subdirectories under that folder are excluded. - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree to **Windows components > Windows Defender Antivirus > Exclusions**. - -4. Double-click the **Path Exclusions** setting and add the exclusions. - - - Set the option to **Enabled**. - - Under the **Options** section, click **Show...**. - - Specify each folder on its own line under the **Value name** column. - - If you are specifying a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column. - -5. Click **OK**. - - ![The Group Policy setting for file and folder exclusions](images/defender/wdav-path-exclusions.png) - -6. Double-click the **Extension Exclusions** setting and add the exclusions. - - - Set the option to **Enabled**. - - Under the **Options** section, click **Show...**. - - Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column. - -7. Click **OK**. - - ![The Group Policy setting for extension exclusions](images/defender/wdav-extension-exclusions.png) - - - -### Use PowerShell cmdlets to configure file name, folder, or file extension exclusions - -Using PowerShell to add or remove exclusions for files based on the extension, location, or file name requires using a combination of three cmdlets and the appropriate exclusion list parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/itpro/powershell/windows/defender/defender). - -The format for the cmdlets is as follows: - -```PowerShell - - "" -``` - -The following are allowed as the ``: - -Configuration action | PowerShell cmdlet ----|--- -Create or overwrite the list | `Set-MpPreference` -Add to the list | `Add-MpPreference` -Remove item from the list | `Remove-MpPreference` - -The following are allowed as the ``: - -Exclusion type | PowerShell parameter ----|--- -All files with a specified file extension | `-ExclusionExtension` -All files under a folder (including files in subdirectories), or a specific file | `-ExclusionPath` - ->[!IMPORTANT] ->If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list. - -For example, the following code snippet would cause Windows Defender AV scans to exclude any file with the `.test` file extension: - -```PowerShell -Add-MpPreference -ExclusionExtension ".test" -``` - -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). - -### Use Windows Management Instruction (WMI) to configure file name, folder, or file extension exclusions - -Use the [**Set**, **Add**, and **Remove** methods of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: - -```WMI -ExclusionExtension -ExclusionPath -``` - -The use of **Set**, **Add**, and **Remove** is analogous to their counterparts in PowerShell: `Set-MpPreference`, `Add-MpPreference`, and `Remove-MpPreference`. - -For more information, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx). - - - -### Use the Windows Security app to configure file name, folder, or file extension exclusions - -See [Add exclusions in the Windows Security app](windows-defender-security-center-antivirus.md#exclusions) for instructions. - - - -## Use wildcards in the file name and folder path or extension exclusion lists - -You can use the asterisk `*`, question mark `?`, or environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the file name or folder path exclusion list. The way in which these wildcards are interpreted differs from their usual usage in other apps and languages. Make sure to read this section to understand their specific limitations. - ->[!IMPORTANT] ->There are key limitations and usage scenarios for these wildcards: -> ->- Environment variable usage is limited to machine variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account. ->- You cannot use a wildcard in place of a drive letter. ->- An asterisk `*` in a folder exclusion will stand in place for a single folder. Use multiple instances of `\*\` to indicate multiple nested folders with unspecified names. - -The following table describes how the wildcards can be used and provides some examples. - - -|Wildcard |Examples | -|---------|---------| -|`*` (asterisk)

        In **file name and file extension inclusions**, the asterisk replaces any number of characters, and only applies to files in the last folder defined in the argument.

        In **folder exclusions**, the asterisk replaces a single folder. Use multiple `*` with folder slashes `\` to indicate multiple, nested folders. After matching the number of wild carded and named folders, all subfolders are also included. | `C:\MyData\*.txt` would include `C:\MyData\notes.txt`

        `C:\somepath\*\Data` would include any file in `C:\somepath\Archives\Data and its subfolders` and `C:\somepath\Authorized\Data and its subfolders`

        `C:\Serv\*\*\Backup` would include any file in `C:\Serv\Primary\Denied\Backup and its subfolders` and `C:\Serv\Secondary\Allowed\Backup and its subfolders` | -|`?` (question mark)

        In **file name and file extension inclusions**, the question mark replaces a single character, and only applies to files in the last folder defined in the argument.

        In **folder exclusions**, the question mark replaces a single character in a folder name. After matching the number of wild carded and named folders, all subfolders are also included. |`C:\MyData\my` would include `C:\MyData\my1.zip`

        `C:\somepath\?\Data` would include any file in `C:\somepath\P\Data` and its subfolders

        `C:\somepath\test0?\Data` would include any file in `C:\somepath\test01\Data` and its subfolders | -|Environment variables

        The defined variable is populated as a path when the exclusion is evaluated. |`%ALLUSERSPROFILE%\CustomLogFiles` would include `C:\ProgramData\CustomLogFiles\Folder1\file1.txt` | - - ->[!IMPORTANT] ->If you mix a file exclusion argument with a folder exclusion argument, the rules will stop at the file argument match in the matched folder, and will not look for file matches in any subfolders. -> ->For example, you can exclude all files that start with "date" in the folders `c:\data\final\marked` and `c:\data\review\marked` by using the rule argument `c:\data\*\marked\date*`. -> ->This argument, however, will not match any files in subfolders under `c:\data\final\marked` or `c:\data\review\marked`. - - - -## Review the list of exclusions - -You can retrieve the items in the exclusion list using one of the following methods: -- [Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) -- [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) -- MpCmdRun -- PowerShell -- [Windows Security app](windows-defender-security-center-antivirus.md#exclusions) - ->[!IMPORTANT] ->Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). -> ->Changes made in the Windows Security app **will not show** in the Group Policy lists. - -If you use PowerShell, you can retrieve the list in two ways: - -- Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line. -- Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line. - -### Validate the exclusion list by using MpCmdRun - -To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command: - -```DOS -MpCmdRun.exe -CheckExclusion -path -``` - ->[!NOTE] ->Checking exclusions with MpCmdRun requires Windows Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later. - -### Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell - -Use the following cmdlet: - -```PowerShell -Get-MpPreference -``` - -In the following example, the items contained in the `ExclusionExtension` list are highlighted: - -![PowerShell output for Get-MpPreference showing the exclusion list alongside other preferences](images/defender/wdav-powershell-get-exclusions-all.png) - -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). - -### Retrieve a specific exclusions list by using PowerShell - -Use the following code snippet (enter each line as a separate command); replace **WDAVprefs** with whatever label you want to name the variable: - -```PowerShell -$WDAVprefs = Get-MpPreference -$WDAVprefs.ExclusionExtension -$WDAVprefs.ExclusionPath -``` - -In the following example, the list is split into new lines for each use of the `Add-MpPreference` cmdlet: - -![PowerShell output showing only the entries in the exclusion list](images/defender/wdav-powershell-get-exclusions-variable.png) - -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). - - - -## Validate exclusions lists with the EICAR test file - -You can validate that your exclusion lists are working by using PowerShell with either the `Invoke-WebRequest` cmdlet or the .NET WebClient class to download a test file. - -In the following PowerShell snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure you run the cmdlet within that path. - -```PowerShell -Invoke-WebRequest "http://www.eicar.org/download/eicar.com.txt" -OutFile "test.txt" -``` - -If Windows Defender Antivirus reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm the contents are the same as what is described on the [EICAR test file website](http://www.eicar.org/86-0-Intended-use.html). - -You can also use the following PowerShell code, which calls the .NET WebClient class to download the test file - as with the `Invoke-WebRequest` cmdlet; replace *c:\test.txt* with a file that conforms to the rule you are validating: - -```PowerShell -$client = new-object System.Net.WebClient -$client.DownloadFile("http://www.eicar.org/download/eicar.com.txt","c:\test.txt") -``` - -If you do not have Internet access, you can create your own EICAR test file by writing the EICAR string to a new text file with the following PowerShell command: - -```PowerShell -[io.file]::WriteAllText("test.txt",'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*') -``` - -You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude. - -## Related topics - -- [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) -- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md deleted file mode 100644 index ea4872fa0d..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Configure local overrides for Windows Defender AV settings -description: Enable or disable users from locally changing settings in Windows Defender AV. -keywords: local override, local policy, group policy, gpo, lockdown,merge, lists -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 02/13/2020 -ms.reviewer: -manager: dansimp ---- - -# Prevent or allow users to locally modify Windows Defender Antivirus policy settings - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -By default, Windows Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances. - -For example, it may be necessary to allow certain user groups (such as security researchers and threat investigators) further control over individual settings on the endpoints they use. - -## Configure local overrides for Windows Defender Antivirus settings - -The default setting for these policies is **Disabled**. - -If they are set to **Enabled**, users on endpoints can make changes to the associated setting with the [Windows Security](windows-defender-security-center-antivirus.md) app, local Group Policy settings, and PowerShell cmdlets (where appropriate). - -The following table lists each of the override policy setting and the configuration instructions for the associated feature or setting. - -To configure these settings: - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below. - -4. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. - -5. Deploy the Group Policy Object as usual. - -Location | Setting | Article ----|---|---|--- -MAPS | Configure local setting override for reporting to Microsoft MAPS | [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) -Quarantine | Configure local setting override for the removal of items from Quarantine folder | [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override for monitoring file and program activity on your computer | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override for monitoring for incoming and outgoing file activity | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override for scanning all downloaded files and attachments | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override for turn on behavior monitoring | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override to turn on real-time protection | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Remediation | Configure local setting override for the time of day to run a scheduled full scan to complete remediation | [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) -Scan | Configure local setting override for maximum percentage of CPU utilization | [Configure and run scans](run-scan-microsoft-defender-antivirus.md) -Scan | Configure local setting override for schedule scan day | [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Scan | Configure local setting override for scheduled quick scan time | [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Scan | Configure local setting override for scheduled scan time | [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Scan | Configure local setting override for the scan type to use for a scheduled scan | [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) - - - -## Configure how locally and globally defined threat remediation and exclusions lists are merged - -You can also configure how locally defined lists are combined or merged with globally defined lists. This setting applies to [exclusion lists](configure-exclusions-microsoft-defender-antivirus.md), [specified remediation lists](configure-remediation-microsoft-defender-antivirus.md), and [attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction). - -By default, lists that have been configured in local group policy and the Windows Security app are merged with lists that are defined by the appropriate Group Policy Object that you have deployed on your network. Where there are conflicts, the globally-defined list takes precedence. - -You can disable this setting to ensure that only globally-defined lists (such as those from any deployed GPOs) are used. - -### Use Group Policy to disable local list merging - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree to **Windows components > Windows Defender Antivirus**. - -4. Double-click **Configure local administrator merge behavior for lists** and set the option to **Disabled**. Click **OK**. - -> [!NOTE] -> If you disable local list merging, it will override controlled folder access settings. It also overrides any protected folders or allowed apps set by the local administrator. For more information about controlled folder access settings, see [Allow a blocked app in Windows Security](https://support.microsoft.com/help/4046851/windows-10-allow-blocked-app-windows-security). - -## Related topics - -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md deleted file mode 100644 index 0feb021b20..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ /dev/null @@ -1,130 +0,0 @@ ---- -title: Configure and validate Windows Defender Antivirus network connections -description: Configure and test your connection to the Windows Defender Antivirus cloud protection service. -keywords: antivirus, windows defender antivirus, antimalware, security, defender, cloud, aggressiveness, protection level -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 10/08/2018 -ms.reviewer: -manager: dansimp ---- - -# Configure and validate Windows Defender Antivirus network connections - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -To ensure Windows Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers. - -This article lists the connections that must be allowed, such as by using firewall rules, and provides instructions for validating your connection. Configuring your protection properly helps ensure that you receive the best value from your cloud-delivered protection services. - -See the blog post [Important changes to Microsoft Active Protection Services endpoint](https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Important-changes-to-Microsoft-Active-Protection-Service-MAPS/ba-p/274006) for some details about network connectivity. - ->[!TIP] ->You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working: -> ->- Cloud-delivered protection ->- Fast learning (including block at first sight) ->- Potentially unwanted application blocking - -## Allow connections to the Windows Defender Antivirus cloud service - -The Windows Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network. - ->[!NOTE] ->The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. - -See [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) for details on enabling the service with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. - -After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints. - -Because your protection is a cloud service, computers must have access to the internet and reach the ATP machine learning services. Do not exclude the URL `*.blob.core.windows.net` from any kind of network inspection. The table below lists the services and their associated URLs. Make sure that there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL `*.blob.core.windows.net`). Below mention URLs are using port 443 for communication. - - -| **Service**| **Description** |**URL** | -| :--: | :-- | :-- | -| Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)|Used by Windows Defender Antivirus to provide cloud-delivered protection|`*.wdcp.microsoft.com`
        `*.wdcpalt.microsoft.com`
        `*.wd.microsoft.com`| -| Microsoft Update Service (MU)| Security intelligence and product updates |`*.update.microsoft.com`| -|Security intelligence updates Alternate Download Location (ADL)| Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| `*.download.microsoft.com`| -| Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net`
        `ussus1westprod.blob.core.windows.net`
        `usseu1northprod.blob.core.windows.net`
        `usseu1westprod.blob.core.windows.net`
        `ussuk1southprod.blob.core.windows.net`
        `ussuk1westprod.blob.core.windows.net`
        `ussas1eastprod.blob.core.windows.net`
        `ussas1southeastprod.blob.core.windows.net`
        `ussau1eastprod.blob.core.windows.net`
        `ussau1southeastprod.blob.core.windows.net` | -| Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL | `https://www.microsoft.com/pkiops/crl/`
        `https://www.microsoft.com/pkiops/certs`
        `https://crl.microsoft.com/pki/crl/products`
        `https://www.microsoft.com/pki/certs` | -| Symbol Store|Used by Windows Defender Antivirus to restore certain critical files during remediation flows | `https://msdl.microsoft.com/download/symbols` | -| Universal Telemetry Client| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com`
        `settings-win.data.microsoft.com`| - -## Validate connections between your network and the cloud - -After whitelisting the URLs listed above, you can test if you are connected to the Windows Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you are fully protected. - -**Use the cmdline tool to validate cloud-delivered protection:** - -Use the following argument with the Windows Defender Antivirus command-line utility (`mpcmdrun.exe`) to verify that your network can communicate with the Windows Defender Antivirus cloud service: - -```DOS -"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -ValidateMapsConnection -``` - -> [!NOTE] -> You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703 or higher. - -For more information, see [Manage Windows Defender Antivirus with the mpcmdrun.exe commandline tool](command-line-arguments-microsoft-defender-antivirus.md). - -**Attempt to download a fake malware file from Microsoft:** - -You can download a sample file that Windows Defender Antivirus will detect and block if you are properly connected to the cloud. - -Download the file by visiting the following link: -- https://aka.ms/ioavtest - ->[!NOTE] ->This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud. - -If you are properly connected, you will see a warning Windows Defender Antivirus notification: - -![Windows Defender Antivirus notification informing the user that malware was found](images/defender/wdav-malware-detected.png) - -If you are using Microsoft Edge, you'll also see a notification message: - -![Microsoft Edge informing the user that malware was found](images/defender/wdav-bafs-edge.png) - -A similar message occurs if you are using Internet Explorer: - -![Windows Defender Antivirus notification informing the user that malware was found](images/defender/wdav-bafs-ie.png) - -You will also see a detection under **Quarantined threats** in the **Scan history** section in the Windows Security app: - -1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Scan history** label: - - ![Screenshot of the Scan history label in the Windows Security app](images/defender/wdav-history-wdsc.png) - -3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware: - - ![Screenshot of quarantined items in the Windows Security app](images/defender/wdav-quarantined-history-wdsc.png) - ->[!NOTE] ->Versions of Windows 10 before version 1703 have a different user interface. See [Windows Defender Antivirus in the Windows Security app](windows-defender-security-center-antivirus.md). - -The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-microsoft-defender-antivirus.md). - ->[!IMPORTANT] ->You will not be able to use a proxy auto-config (.pac) file to test network connections to these URLs. You will need to verify your proxy servers and any network filtering tools manually to ensure connectivity. - -## Related articles - -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) - -- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) - -- [Run an Windows Defender Antivirus scan from the command line](command-line-arguments-microsoft-defender-antivirus.md) and [Command line arguments](command-line-arguments-microsoft-defender-antivirus.md) - -- [Important changes to Microsoft Active Protection Services endpoint](https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Important-changes-to-Microsoft-Active-Protection-Service-MAPS/ba-p/274006) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md deleted file mode 100644 index 2ac2d79b53..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-windows-defender-antivirus.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Configure Windows Defender Antivirus notifications -description: Configure and customize Windows Defender Antivirus notifications. -keywords: notifications, defender, antivirus, endpoint, management, admin -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 09/03/2018 -ms.reviewer: -manager: dansimp ---- - -# Configure the notifications that appear on endpoints - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -In Windows 10, application notifications about malware detection and remediation are more robust, consistent, and concise. - -Notifications appear on endpoints when manually triggered and scheduled scans are completed and threats are detected. These notifications also appear in the **Notification Center**, and a summary of scans and threat detections appear at regular time intervals. - -You can also configure how standard notifications appear on endpoints, such as notifications for reboot or when a threat has been detected and remediated. - -## Configure the additional notifications that appear on endpoints - -You can configure the display of additional notifications, such as recent threat detection summaries, in the [Windows Security app](windows-defender-security-center-antivirus.md) and with Group Policy. - -> [!NOTE] -> In Windows 10, version 1607 the feature was called **Enhanced notifications** and could be configured under **Windows Settings** > **Update & security** > **Windows Defender**. In Group Policy settings in all versions of Windows 10, it is called **Enhanced notifications**. - -> [!IMPORTANT] -> Disabling additional notifications will not disable critical notifications, such as threat detection and remediation alerts. - -**Use the Windows Security app to disable additional notifications:** - -1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label: - - ![Screenshot of the Virus & threat protection settings label in the Windows Security app](images/defender/wdav-protection-settings-wdsc.png) - -3. Scroll to the **Notifications** section and click **Change notification settings**. - -4. Slide the switch to **Off** or **On** to disable or enable additional notifications. - -**Use Group Policy to disable additional notifications:** - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration**. - -3. Click **Administrative templates**. - -4. Expand the tree to **Windows components > Windows Defender Antivirus > Reporting**. - -5. Double-click **Turn off enhanced notifications** and set the option to **Enabled**. Click **OK**. This will prevent additional notifications from appearing. - -## Configure standard notifications on endpoints - -You can use Group Policy to: - -- Display additional, customized text on endpoints when the user needs to perform an action -- Hide all notifications on endpoints -- Hide reboot notifications on endpoints - -Hiding notifications can be useful in situations where you can't hide the entire Windows Defender Antivirus interface. See [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) for more information. - -> [!NOTE] -> Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [Microsoft Endpoint Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). - -See [Customize the Windows Security app for your organization](../windows-defender-security-center/windows-defender-security-center.md) for instructions to add custom contact information to the notifications that users see on their machines. - -**Use Group Policy to hide notifications:** - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure, and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree to **Windows components > Windows Defender Antivirus > Client interface**. - -4. Double-click **Suppress all notifications** and set the option to **Enabled**. Click **OK**. This will prevent additional notifications from appearing. - -**Use Group Policy to hide reboot notifications:** - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration**. - -3. Click **Administrative templates**. - -4. Expand the tree to **Windows components > Windows Defender Antivirus > Client interface**. - -5. Double-click **Suppresses reboot notifications** and set the option to **Enabled**. Click **OK**. This will prevent additional notifications from appearing. - -## Related topics - -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md deleted file mode 100644 index 5b95e815bb..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md +++ /dev/null @@ -1,198 +0,0 @@ ---- -title: Configure exclusions for files opened by specific processes -description: You can exclude files from scans if they have been opened by a specific process. -keywords: Windows Defender Antivirus, process, exclusion, files, scans -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.reviewer: -manager: dansimp ---- - -# Configure exclusions for files opened by processes - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -You can exclude files that have been opened by specific processes from Windows Defender Antivirus scans. - -This topic describes how to configure exclusion lists for the following: - - - -Exclusion | Example ----|--- -Any file on the machine that is opened by any process with a specific file name | Specifying "test.exe" would exclude files opened by:
        • c:\sample\test.exe
        • d:\internal\files\test.exe
        -Any file on the machine that is opened by any process under a specific folder | Specifying "c:\test\sample\\*" would exclude files opened by:
        • c:\test\sample\test.exe
        • c:\test\sample\test2.exe
        • c:\test\sample\utility.exe
        -Any file on the machine that is opened by a specific process in a specific folder | Specifying "c:\test\process.exe" would exclude files only opened by c:\test\process.exe - -When you add a process to the process exclusion list, Windows Defender Antivirus won't scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md). - -The exclusions only apply to [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). They don't apply to scheduled or on-demand scans. - -Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). However, changes made in the Windows Security app **will not show** in the Group Policy lists. - -You can add, remove, and review the lists for exclusions in [Group Policy](#gp), [Microsoft Endpoint Configuration Manager, Microsoft Intune, and with the Windows Security app](#man-tools), and you can [use wildcards](#wildcards) to further customize the lists. - -You can also [use PowerShell cmdlets and WMI to configure the exclusion lists](#ps), including [reviewing](#review) your lists. - -By default, local changes made to the lists (by users with administrator privileges; this includes changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in the case of conflicts. - -You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-microsoft-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings. - -## Configure the list of exclusions for files opened by specified processes - - - -### Use Microsoft Intune to exclude files that have been opened by specified processes from scans - -See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. - -### Use Microsoft Endpoint Configuration Manager to exclude files that have been opened by specified processes from scans - -See [How to create and deploy antimalware policies: Exclusion settings](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring Microsoft Endpoint Configuration Manager (current branch). - -### Use Group Policy to exclude files that have been opened by specified processes from scans - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree to **Windows components > Windows Defender Antivirus > Exclusions**. - -4. Double-click **Process Exclusions** and add the exclusions: - - 1. Set the option to **Enabled**. - 2. Under the **Options** section, click **Show...**. - 3. Enter each process on its own line under the **Value name** column. See the [example table](#examples) for the different types of process exclusions. Enter **0** in the **Value** column for all processes. - -5. Click **OK**. - -![The Group Policy setting for specifying process exclusions](images/defender/wdav-process-exclusions.png) - - - -### Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans - -Using PowerShell to add or remove exclusions for files that have been opened by processes requires using a combination of three cmdlets with the `-ExclusionProcess` parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/itpro/powershell/windows/defender/defender). - -The format for the cmdlets is: - -```PowerShell - -ExclusionProcess "" -``` - -The following are allowed as the \: - -Configuration action | PowerShell cmdlet ----|--- -Create or overwrite the list | `Set-MpPreference` -Add to the list | `Add-MpPreference` -Remove items from the list | `Remove-MpPreference` - ->[!IMPORTANT] ->If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list. - -For example, the following code snippet would cause Windows Defender AV scans to exclude any file that is opened by the specified process: - -```PowerShell -Add-MpPreference -ExclusionProcess "c:\internal\test.exe" -``` - -See [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-Windows Defender Antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. - -### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans - -Use the [**Set**, **Add**, and **Remove** methods of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: - -```WMI -ExclusionProcess -``` - -The use of **Set**, **Add**, and **Remove** is analogous to their counterparts in PowerShell: `Set-MpPreference`, `Add-MpPreference`, and `Remove-MpPreference`. - -See the following for more information and allowed parameters: - -- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) - - - -### Use the Windows Security app to exclude files that have been opened by specified processes from scans - -See [Add exclusions in the Windows Security app](windows-defender-security-center-antivirus.md#exclusions) for instructions. - - - -## Use wildcards in the process exclusion list - -The use of wildcards in the process exclusion list is different from their use in other exclusion lists. - -In particular, you cannot use the question mark ? wildcard, and the asterisk \* wildcard can only be used at the end of a complete path. You can still use environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the process exclusion list. - -The following table describes how the wildcards can be used in the process exclusion list: - -Wildcard | Use | Example use | Example matches ----|---|---|--- -\* (asterisk) | Replaces any number of characters |
        • C:\MyData\\*
        |
        • Any file opened by C:\MyData\file.exe
        -? (question mark) | Not available | \- | \- -Environment variables | The defined variable will be populated as a path when the exclusion is evaluated |
        • %ALLUSERSPROFILE%\CustomLogFiles\file.exe
        |
        • Any file opened by C:\ProgramData\CustomLogFiles\file.exe
        - - - -## Review the list of exclusions - -You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/intune/device-restrictions-configure), or the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). - -If you use PowerShell, you can retrieve the list in two ways: - -- Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line. -- Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line. - -### Validate the exclusion list by using MpCmdRun - -To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command: - -```DOS -MpCmdRun.exe -CheckExclusion -path -``` - ->[!NOTE] ->Checking exclusions with MpCmdRun requires Windows Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later. - - -### Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell - -Use the following cmdlet: - -```PowerShell -Get-MpPreference -``` - -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. - -### Retrieve a specific exclusions list by using PowerShell - -Use the following code snippet (enter each line as a separate command); replace **WDAVprefs** with whatever label you want to name the variable: - -```PowerShell -$WDAVprefs = Get-MpPreference -$WDAVprefs.ExclusionProcess -``` - -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. - -## Related articles - -- [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) -- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md deleted file mode 100644 index 61e774a5fc..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-windows-defender-antivirus.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Enable and configure Windows Defender Antivirus protection features -description: Enable behavior-based, heuristic, and real-time protection in Windows Defender AV. -keywords: heuristic, machine-learning, behavior monitor, real-time protection, always-on, windows defender antivirus, antimalware, security, defender -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 09/03/2018 -ms.reviewer: -manager: dansimp ---- - -# Configure behavioral, heuristic, and real-time protection - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Windows Defender Antivirus uses several methods to provide threat protection: - -- Cloud-delivered protection for near-instant detection and blocking of new and emerging threats -- Always-on scanning, using file and process behavior monitoring and other heuristics (also known as "real-time protection") -- Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research - -You can configure how Windows Defender Antivirus uses these methods with Group Policy, System Center Configuration Manage, PowerShell cmdlets, and Windows Management Instrumentation (WMI). - -This section covers configuration for always-on scanning, including how to detect and block apps that are deemed unsafe, but may not be detected as malware. - -See [Use next-gen Windows Defender Antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for how to enable and configure Windows Defender Antivirus cloud-delivered protection. - -## In this section - - Topic | Description ----|--- -[Detect and block potentially unwanted applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) | Detect and block apps that may be unwanted in your network, such as adware, browser modifiers and toolbars, and rogue or fake antivirus apps -[Enable and configure Windows Defender Antivirus protection capabilities](configure-real-time-protection-microsoft-defender-antivirus.md) | Enable and configure real-time protection, heuristics, and other always-on Windows Defender Antivirus monitoring features diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md deleted file mode 100644 index 41f1eefe60..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: Enable and configure Windows Defender Antivirus protection capabilities -description: Enable and configure Windows Defender Antivirus real-time protection features such as behavior monitoring, heuristics, and machine-learning -keywords: antivirus, real-time protection, rtp, machine-learning, behavior monitoring, heuristics -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.date: 12/16/2019 -ms.reviewer: -manager: dansimp -ms.custom: nextgen ---- - -# Enable and configure Windows Defender Antivirus always-on protection in Group Policy - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Always-on protection consists of real-time protection, behavior monitoring, and heuristics to identify malware based on known suspicious and malicious activities. - -These activities include events, such as processes making unusual changes to existing files, modifying or creating automatic startup registry keys and startup locations (also known as auto-start extensibility points, or ASEPs), and other changes to the file system or file structure. - -## Enable and configure always-on protection in Group Policy - -You can use **Local Group Policy Editor** to enable and configure Windows Defender Antivirus always-on protection settings. - -To enable and configure always-on protection: - -1. Open **Local Group Policy Editor**. To do this: - 1. In your Windows 10 taskbar search box, type **gpedit**. - 2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. -![GPEdit taskbar search result](images/gpedit-search.png) -2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus**. -![Windows Defender Antivirus](images/gpedit-microsoft-defender-antivirus.png) -3. Configure the Windows Defender Antivirus antimalware service policy settings. To do this: - 1. In the **Windows Defender Antivirus** details pane on right, double-click the policy setting as specified in the following table: - - | Setting | Description | Default setting | - |-----------------------------|------------------------|-------------------------------| - | Allow antimalware service to startup with normal priority | You can lower the priority of the Windows Defender Antivirus engine, which may be useful in lightweight deployments where you want to have as lean a startup process as possible. This may impact protection on the endpoint. | Enabled - | Allow antimalware service to remain running always | If protection updates have been disabled, you can set Windows Defender Antivirus to still run. This lowers the protection on the endpoint. | Disabled | - - 2. Configure the setting as appropriate, and click **OK**. - 3. Repeat the previous steps for each setting in the table. - -4. Configure the Windows Defender Antivirus real-time protection policy settings. To do this: - 1. In the **Windows Defender Antivirus** details pane, double-click **Real-time Protection**. Or, from the **Windows Defender Antivirus** tree on left pane, click **Real-time Protection**. - ![Windows Defender Antivirus Real-time Protection options](images/gpedit-real-time-protection.png) - 2. In the **Real-time Protection** details pane on right, double-click the policy setting as specified in the following table: - - | Setting | Description | Default setting | - |-----------------------------|------------------------|-------------------------------| - | Turn on behavior monitoring | The AV engine will monitor file processes, file and registry changes, and other events on your endpoints for suspicious and known malicious activity. | Enabled | - | Scan all downloaded files and attachments | Downloaded files and attachments are automatically scanned. This operates in addition to the Windows Defender SmartScreen filter, which scans files before and during downloading. | Enabled | - | Monitor file and program activity on your computer | The Windows Defender Antivirus engine makes note of any file changes (file writes, such as moves, copies, or modifications) and general program activity (programs that are opened or running and that cause other programs to run). | Enabled | - | Turn on raw volume write notifications | Information about raw volume writes will be analyzed by behavior monitoring. | Enabled | - | Turn on process scanning whenever real-time protection is enabled | You can independently enable the Microsoft Defender Antivirus engine to scan running processes for suspicious modifications or behaviors. This is useful if you have temporarily disabled real-time protection and want to automatically scan processes that started while it was disabled. | Enabled | - | Define the maximum size of downloaded files and attachments to be scanned | You can define the size in kilobytes. | Enabled | - | Configure local setting override for turn on behavior monitoring | Configure a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | - | Configure local setting override for scanning all downloaded files and attachments | Configure a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | - | Configure local setting override for monitoring file and program activity on your computer | Configure a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | - | Configure local setting override to turn on real-time protection | Configure a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | - | Configure local setting override for monitoring for incoming and outgoing file activity | Configure a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. | Enabled | - | Configure monitoring for incoming and outgoing file and program activity | Specify whether monitoring should occur on incoming, outgoing, both, or neither direction. This is relevant for Windows Server installations where you have defined specific servers or Server Roles that see large amounts of file changes in only one direction and you want to improve network performance. Fully updated endpoints (and servers) on a network will see little performance impact irrespective of the number or direction of file changes. | Enabled (both directions) | - - 3. Configure the setting as appropriate, and click **OK**. - 4. Repeat the previous steps for each setting in the table. - -5. Configure the Windows Defender Antivirus scanning policy setting. To do this: - 1. From the **Windows Defender Antivirus** tree on left pane, click **Scan**. - ![Windows Defender Antivirus Scan options](images/gpedit-microsoft-defender-antivirus-scan.png) - - 2. In the **Scan** details pane on right, double-click the policy setting as specified in the following table: - - | Setting | Description | Default setting | - |-----------------------------|------------------------|-------------------------------| - | Turn on heuristics | Heuristic protection will disable or block suspicious activity immediately before the Windows Defender Antivirus engine is asked to detect the activity. | Enabled | - - 3. Configure the setting as appropriate, and click **OK**. -6. Close **Local Group Policy Editor**. - - -## Disable real-time protection in Group Policy -> [!WARNING] -> Disabling real-time protection drastically reduces the protection on your endpoints and is not recommended. - -The main real-time protection capability is enabled by default, but you can disable it by using **Local Group Policy Editor**. - -To disable real-time protection in Group policy: -1. Open **Local Group Policy Editor**. - 1. In your Windows 10 taskbar search box, type **gpedit**. - 2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. - -2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **Real-time Protection**. - -3. In the **Real-time Protection** details pane on right, double-click **Turn off real-time protection**. -![Turn off real-time protection](images/gpedit-turn-off-real-time-protection.png) - -4. In the **Turn off real-time protection** setting window, set the option to **Enabled**. -![Turn off real-time protection enabled](images/gpedit-turn-off-real-time-protection-enabled.png) -5. Click **OK**. -6. Close **Local Group Policy Editor**. - -## Related articles - -- [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md deleted file mode 100644 index 23c2e484d3..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-windows-defender-antivirus.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: Remediate and resolve infections detected by Windows Defender Antivirus -description: Configure what Windows Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder -keywords: remediation, fix, remove, threats, quarantine, scan, restore -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 09/03/2018 -ms.reviewer: -manager: dansimp ---- - -# Configure remediation for Windows Defender Antivirus scans - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -When Windows Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Windows Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats. - -This topic describes how to configure these settings with Group Policy, but you can also use [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#threat-overrides-settings) and [Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). - -You can also use the [`Set-MpPreference` PowerShell cmdlet](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference) or [`MSFT_MpPreference` WMI class](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) to configure these settings. - -## Configure remediation options - -You can configure how remediation works with the Group Policy settings described in this section. - -To configure these settings: - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. - -3. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below. - -4. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. - -Location | Setting | Description | Default setting (if not configured) ----|---|---|--- -Scan | Create a system restore point | A system restore point will be created each day before cleaning or scanning is attempted | Disabled -Scan | Turn on removal of items from scan history folder | Specify how many days items should be kept in the scan history | 30 days -Root | Turn off routine remediation | You can specify whether Windows Defender Antivirus automatically remediates threats, or if it should ask the endpoint user what to do. | Disabled (threats are remediated automatically) -Quarantine | Configure removal of items from Quarantine folder | Specify how many days items should be kept in quarantine before being removed | Never removed -Threats | Specify threat alert levels at which default action should not be taken when detected | Every threat that is detected by Windows Defender Antivirus is assigned a threat level (low, medium, high, or severe). You can use this setting to define how all threats for each of the threat levels should be remediated (quarantined, removed, or ignored) | Not applicable -Threats | Specify threats upon which default action should not be taken when detected | Specify how specific threats (using their threat ID) should be remediated. You can specify whether the specific threat should be quarantined, removed, or ignored | Not applicable - -> [!IMPORTANT] -> Windows Defender Antivirus detects and remediates files based on many factors. Sometimes, completing a remediation requires a reboot. Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additional remediation steps have been completed. ->

        -> If you are certain Windows Defender Antivirus quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. See [Restore quarantined files in Windows Defender Antivirus](restore-quarantined-files-microsoft-defender-antivirus.md). ->

        -> To avoid this problem in the future, you can exclude files from the scans. See [Configure and validate exclusions for Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md). - -Also see [Configure remediation-required scheduled full Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md#remed) for more remediation-related settings. - -## Related topics - -- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) -- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) -- [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) -- [Configure end-user Windows Defender Antivirus interaction](configure-end-user-interaction-microsoft-defender-antivirus.md) -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md deleted file mode 100644 index 55f6eeec2a..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md +++ /dev/null @@ -1,411 +0,0 @@ ---- -title: Configure Windows Defender Antivirus exclusions on Windows Server 2016 or 2019 -ms.reviewer: -manager: dansimp -description: Windows Servers 2016 and 2019 include automatic exclusions, based on server role. You can also add custom exclusions. -keywords: exclusions, server, auto-exclusions, automatic, custom, scans, Windows Defender Antivirus -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen ---- - -# Configure Windows Defender Antivirus exclusions on Windows Server - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Windows Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). - -> [!NOTE] -> Automatic exclusions only apply to Real-time protection (RTP) scanning. Automatic exclusions are not honored during a Full/Quick or On-demand scan. - -In addition to server role-defined automatic exclusions, you can add or remove custom exclusions. To do that, refer to these articles: -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) -- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) - -## A few points to keep in mind - -- Custom exclusions take precedence over automatic exclusions. - -- Automatic exclusions only apply to Real-time protection (RTP) scanning. Automatic exclusions are not honored during a Full/Quick or On-demand scan. - -- Custom and duplicate exclusions do not conflict with automatic exclusions. - -- Windows Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools to determine which roles are installed on your computer. - -## Opt out of automatic exclusions - -In Windows Server 2016 and 2019, the predefined exclusions delivered by Security intelligence updates only exclude the default paths for a role or feature. If you installed a role or feature in a custom path, or you want to manually control the set of exclusions, make sure to opt out of the automatic exclusions delivered in Security intelligence updates. But keep in mind that the exclusions that are delivered automatically are optimized for Windows Server 2016 and 2019 roles. - -> [!WARNING] -> Opting out of automatic exclusions may adversely impact performance, or result in data corruption. The exclusions that are delivered automatically are optimized for Windows Server 2016 and 2019 roles. - -Because predefined exclusions only exclude **default paths**, if you move NTDS and SYSVOL to another drive or path that is *different from the original path*, you must add exclusions manually using the information [here](configure-extension-file-exclusions-microsoft-defender-antivirus.md#configure-the-list-of-exclusions-based-on-folder-name-or-file-extension) . - -You can disable the automatic exclusion lists with Group Policy, PowerShell cmdlets, and WMI. - -### Use Group Policy to disable the auto-exclusions list on Windows Server 2016 and 2019 - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx). Right-click the Group Policy Object you want to configure, and then click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration**, and then click **Administrative templates**. - -3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Exclusions**. - -4. Double-click **Turn off Auto Exclusions**, and set the option to **Enabled**. Then click **OK**. - -### Use PowerShell cmdlets to disable the auto-exclusions list on Windows Server 2016 and 2019 - -Use the following cmdlets: - -```PowerShell -Set-MpPreference -DisableAutoExclusions $true -``` - -[Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md). - -[Use PowerShell with Windows Defender Antivirus](https://technet.microsoft.com/itpro/powershell/windows/defender/index). - -### Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016 and 2019 - -Use the **Set** method of the [MSFT_MpPreference](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: - -```WMI -DisableAutoExclusions -``` - -See the following for more information and allowed parameters: -- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) - -## List of automatic exclusions - -The following sections contain the exclusions that are delivered with automatic exclusions file paths and file types. - -### Default exclusions for all roles - -This section lists the default exclusions for all Windows Server 2016 and 2019 roles. - -#### Windows "temp.edb" files - -- *%windir%*\SoftwareDistribution\Datastore\\*\tmp.edb - -- *%ProgramData%*\Microsoft\Search\Data\Applications\Windows\\*\\\*.log - -#### Windows Update files or Automatic Update files - -- *%windir%*\SoftwareDistribution\Datastore\\*\Datastore.edb - -- *%windir%*\SoftwareDistribution\Datastore\\*\edb.chk - -- *%windir%*\SoftwareDistribution\Datastore\\*\edb\*.log - -- *%windir%*\SoftwareDistribution\Datastore\\*\Edb\*.jrs - -- *%windir%*\SoftwareDistribution\Datastore\\*\Res\*.log - -#### Windows Security files - -- *%windir%*\Security\database\\*.chk - -- *%windir%*\Security\database\\*.edb - -- *%windir%*\Security\database\\*.jrs - -- *%windir%*\Security\database\\*.log - -- *%windir%*\Security\database\\*.sdb - -#### Group Policy files - -- *%allusersprofile%*\NTUser.pol - -- *%SystemRoot%*\System32\GroupPolicy\Machine\registry.pol - -- *%SystemRoot%*\System32\GroupPolicy\User\registry.pol - -#### WINS files - -- *%systemroot%*\System32\Wins\\*\\\*.chk - -- *%systemroot%*\System32\Wins\\*\\\*.log - -- *%systemroot%*\System32\Wins\\*\\\*.mdb - -- *%systemroot%*\System32\LogFiles\ - -- *%systemroot%*\SysWow64\LogFiles\ - -#### File Replication Service (FRS) exclusions - -- Files in the File Replication Service (FRS) working folder. The FRS working folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory` - - - *%windir%*\Ntfrs\jet\sys\\*\edb.chk - - - *%windir%*\Ntfrs\jet\\*\Ntfrs.jdb - - - *%windir%*\Ntfrs\jet\log\\*\\\*.log - -- FRS Database log files. The FRS Database log file folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory` - - - *%windir%*\Ntfrs\\*\Edb\*.log - -- The FRS staging folder. The staging folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage` - - - *%systemroot%*\Sysvol\\*\Nntfrs_cmp\*\ - -- The FRS preinstall folder. This folder is specified by the folder `Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory` - - - *%systemroot%*\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\\*\Ntfrs\*\ - -- The Distributed File System Replication (DFSR) database and working folders. These folders are specified by the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File` - - > [!NOTE] - > For custom locations, see [Opt out of automatic exclusions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus#opt-out-of-automatic-exclusions). - - - *%systemdrive%*\System Volume Information\DFSR\\$db_normal$ - - - *%systemdrive%*\System Volume Information\DFSR\FileIDTable_* - - - *%systemdrive%*\System Volume Information\DFSR\SimilarityTable_* - - - *%systemdrive%*\System Volume Information\DFSR\\*.XML - - - *%systemdrive%*\System Volume Information\DFSR\\$db_dirty$ - - - *%systemdrive%*\System Volume Information\DFSR\\$db_clean$ - - - *%systemdrive%*\System Volume Information\DFSR\\$db_lostl$ - - - *%systemdrive%*\System Volume Information\DFSR\Dfsr.db - - - *%systemdrive%*\System Volume Information\DFSR\\*.frx - - - *%systemdrive%*\System Volume Information\DFSR\\*.log - - - *%systemdrive%*\System Volume Information\DFSR\Fsr*.jrs - - - *%systemdrive%*\System Volume Information\DFSR\Tmp.edb - -#### Process exclusions - -- *%systemroot%*\System32\dfsr.exe - -- *%systemroot%*\System32\dfsrs.exe - -#### Hyper-V exclusions - -This section lists the file type exclusions, folder exclusions, and process exclusions that are delivered automatically when you install the Hyper-V role - -- File type exclusions: - - - *.vhd - - - *.vhdx - - - *.avhd - - - *.avhdx - - - *.vsv - - - *.iso - - - *.rct - - - *.vmcx - - - *.vmrs - -- Folder exclusions: - - - *%ProgramData%*\Microsoft\Windows\Hyper-V - - - *%ProgramFiles%*\Hyper-V - - - *%SystemDrive%*\ProgramData\Microsoft\Windows\Hyper-V\Snapshots - - - *%Public%*\Documents\Hyper-V\Virtual Hard Disks - -- Process exclusions: - - - *%systemroot%*\System32\Vmms.exe - - - *%systemroot%*\System32\Vmwp.exe - -#### SYSVOL files - -- *%systemroot%*\Sysvol\Domain\\*.adm - -- *%systemroot%*\Sysvol\Domain\\*.admx - -- *%systemroot%*\Sysvol\Domain\\*.adml - -- *%systemroot%*\Sysvol\Domain\Registry.pol - -- *%systemroot%*\Sysvol\Domain\\*.aas - -- *%systemroot%*\Sysvol\Domain\\*.inf - -- *%systemroot%*\Sysvol\Domain\\*.Scripts.ini - -- *%systemroot%*\Sysvol\Domain\\*.ins - -- *%systemroot%*\Sysvol\Domain\Oscfilter.ini - -### Active Directory exclusions - -This section lists the exclusions that are delivered automatically when you install Active Directory Domain Services. - -#### NTDS database files - -The database files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File` - -- %windir%\Ntds\ntds.dit - -- %windir%\Ntds\ntds.pat - -#### The AD DS transaction log files - -The transaction log files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files Path` - -- %windir%\Ntds\EDB*.log - -- %windir%\Ntds\Res*.log - -- %windir%\Ntds\Edb*.jrs - -- %windir%\Ntds\Ntds*.pat - -- %windir%\Ntds\TEMP.edb - -#### The NTDS working folder - -This folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory` - -- %windir%\Ntds\Temp.edb - -- %windir%\Ntds\Edb.chk - -#### Process exclusions for AD DS and AD DS-related support files - -- %systemroot%\System32\ntfrs.exe - -- %systemroot%\System32\lsass.exe - -### DHCP Server exclusions - -This section lists the exclusions that are delivered automatically when you install the DHCP Server role. The DHCP Server file locations are specified by the *DatabasePath*, *DhcpLogFilePath*, and *BackupDatabasePath* parameters in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters` - -- *%systemroot%*\System32\DHCP\\*\\\*.mdb - -- *%systemroot%*\System32\DHCP\\*\\\*.pat - -- *%systemroot%*\System32\DHCP\\*\\\*.log - -- *%systemroot%*\System32\DHCP\\*\\\*.chk - -- *%systemroot%*\System32\DHCP\\*\\\*.edb - -### DNS Server exclusions - -This section lists the file and folder exclusions and the process exclusions that are delivered automatically when you install the DNS Server role. - -#### File and folder exclusions for the DNS Server role - -- *%systemroot%*\System32\Dns\\*\\\*.log - -- *%systemroot%*\System32\Dns\\*\\\*.dns - -- *%systemroot%*\System32\Dns\\*\\\*.scc - -- *%systemroot%*\System32\Dns\\*\BOOT - -#### Process exclusions for the DNS Server role - -- *%systemroot%*\System32\dns.exe - -### File and Storage Services exclusions - -This section lists the file and folder exclusions that are delivered automatically when you install the File and Storage Services role. The exclusions listed below do not include exclusions for the Clustering role. - -- *%SystemDrive%*\ClusterStorage - -- *%clusterserviceaccount%*\Local Settings\Temp - -- *%SystemDrive%*\mscs - -### Print Server exclusions - -This section lists the file type exclusions, folder exclusions, and the process exclusions that are delivered automatically when you install the Print Server role. - -#### File type exclusions - -- *.shd - -- *.spl - -#### Folder exclusions - -This folder is specified in the registry key `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\DefaultSpoolDirectory` - -- *%system32%*\spool\printers\\* - -#### Process exclusions - -- spoolsv.exe - -### Web Server exclusions - -This section lists the folder exclusions and the process exclusions that are delivered automatically when you install the Web Server role. - -#### Folder exclusions - -- *%SystemRoot%*\IIS Temporary Compressed Files - -- *%SystemDrive%*\inetpub\temp\IIS Temporary Compressed Files - -- *%SystemDrive%*\inetpub\temp\ASP Compiled Templates - -- *%systemDrive%*\inetpub\logs - -- *%systemDrive%*\inetpub\wwwroot - -#### Process exclusions - -- *%SystemRoot%*\system32\inetsrv\w3wp.exe - -- *%SystemRoot%*\SysWOW64\inetsrv\w3wp.exe - -- *%SystemDrive%*\PHP5433\php-cgi.exe - -### Windows Server Update Services exclusions - -This section lists the folder exclusions that are delivered automatically when you install the Windows Server Update Services (WSUS) role. The WSUS folder is specified in the registry key `HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup` - -- *%systemroot%*\WSUS\WSUSContent - -- *%systemroot%*\WSUS\UpdateServicesDBFiles - -- *%systemroot%*\SoftwareDistribution\Datastore - -- *%systemroot%*\SoftwareDistribution\Download - -## Related articles - -- [Configure and validate exclusions for Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) - -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) - -- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) - -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) - -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md deleted file mode 100644 index 1bbdf69dbd..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-windows-defender-antivirus-features.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Configure Windows Defender Antivirus features -description: You can configure Windows Defender Antivirus features with Intune, Microsoft Endpoint Configuration Manager, Group Policy, and PowerShell. -keywords: Windows Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, Microsoft Endpoint Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 09/03/2018 -ms.reviewer: -manager: dansimp ---- - -# Configure Windows Defender Antivirus features - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -You can configure Windows Defender Antivirus with a number of tools, including: - -- Microsoft Intune -- Microsoft Endpoint Configuration Manager -- Group Policy -- PowerShell cmdlets -- Windows Management Instrumentation (WMI) - -The following broad categories of features can be configured: - -- Cloud-delivered protection -- Always-on real-time protection, including behavioral, heuristic, and machine-learning-based protection -- How end-users interact with the client on individual endpoints - -The topics in this section describe how to perform key tasks when configuring Windows Defender Antivirus. Each topic includes instructions for the applicable configuration tool (or tools). - -You can also review the [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) topic for an overview of each tool and links to further help. - -## In this section -Topic | Description -:---|:--- -[Utilize Microsoft cloud-provided Windows Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) | Cloud-delivered protection provides an advanced level of fast, robust antivirus detection -[Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)|Enable behavior-based, heuristic, and real-time antivirus protection -[Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md)|Configure how end-users interact with Windows Defender Antivirus, what notifications they see, and whether they can override settings diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/deploy-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/evaluate-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-in-windows-10.md rename to windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-compatibility.md rename to windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md rename to windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-offline.md rename to windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/office-365-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/run-scan-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus.md rename to windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md From c919c989652f71a6fbed770282a49fe1e0e577ba Mon Sep 17 00:00:00 2001 From: Thomas Date: Sat, 30 May 2020 08:16:29 -0700 Subject: [PATCH 22/99] Redirects for microsoft defender antivirus updating existing redirects --- .openpublishing.redirection.json | 64 ++++++++++++++++---------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 28a2f92415..a6afcc0a05 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2208,12 +2208,12 @@ }, { "source_path": "windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -2228,142 +2228,142 @@ }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-windows-microsoft-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -9393,12 +9393,12 @@ }, { "source_path": "windows/keep-secure/configuration-management-reference-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/keep-secure/configure-advanced-scan-types-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus", "redirect_document_id": true }, { From 00c23798b8051eac5c4c0fbc42cc846d96126de7 Mon Sep 17 00:00:00 2001 From: Thomas Date: Sat, 30 May 2020 08:29:08 -0700 Subject: [PATCH 23/99] Update .openpublishing.redirection.json update existing redirects --- .openpublishing.redirection.json | 36 ++++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index a6afcc0a05..cf19354c8b 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2038,7 +2038,7 @@ }, { "source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus", "redirect_document_id": true }, { @@ -2368,87 +2368,87 @@ }, { "source_path": "windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus", "redirect_document_id": true }, { From f4eeebb6db4a0ba5e7ab9f685a3a1aa7261d9381 Mon Sep 17 00:00:00 2001 From: Thomas Date: Sat, 30 May 2020 09:04:02 -0700 Subject: [PATCH 24/99] Update .openpublishing.redirection.json add new redirects --- .openpublishing.redirection.json | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index cf19354c8b..a66e5c9cb0 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15955,6 +15955,31 @@ "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction", "redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-antivirus/oldTOC.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus", +"redirect_document_id": true } ] } From 15564003e7dc07c743067954ec3b4c09cb2153b3 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Mon, 1 Jun 2020 15:30:21 -0700 Subject: [PATCH 25/99] Changed windows to microsoft in UX mentions --- .../mdm/policy-csp-defender.md | 86 ++++----- .../new-policies-for-windows-10.md | 22 +-- ...indows-10-1809-and-windows-server-2019.yml | 2 +- .../antivirus-false-positives-negatives.md | 24 +-- ...llect-diagnostic-data-update-compliance.md | 10 +- ...-arguments-microsoft-defender-antivirus.md | 10 +- ...-reference-microsoft-defender-antivirus.md | 16 +- ...scan-types-microsoft-defender-antivirus.md | 18 +- ...irst-sight-microsoft-defender-antivirus.md | 22 +-- ...out-period-microsoft-defender-antivirus.md | 12 +- ...nteraction-microsoft-defender-antivirus.md | 8 +- ...exclusions-microsoft-defender-antivirus.md | 10 +- ...exclusions-microsoft-defender-antivirus.md | 30 +-- ...-overrides-microsoft-defender-antivirus.md | 24 +-- ...e-microsoft-defender-antivirus-features.md | 16 +- ...onnections-microsoft-defender-antivirus.md | 44 ++--- ...ifications-microsoft-defender-antivirus.md | 16 +- ...exclusions-microsoft-defender-antivirus.md | 30 +-- ...n-features-microsoft-defender-antivirus.md | 12 +- ...protection-microsoft-defender-antivirus.md | 40 ++-- ...emediation-microsoft-defender-antivirus.md | 34 ++-- ...exclusions-microsoft-defender-antivirus.md | 22 +-- ...iate-scans-microsoft-defender-antivirus.md | 14 +- ...ediate-scans-windows-defender-antivirus.md | 14 +- ...age-report-microsoft-defender-antivirus.md | 38 ++-- .../deploy-microsoft-defender-antivirus.md | 22 +-- ...oyment-vdi-microsoft-defender-antivirus.md | 16 +- ...anted-apps-microsoft-defender-antivirus.md | 26 +-- ...protection-microsoft-defender-antivirus.md | 26 +-- .../evaluate-microsoft-defender-antivirus.md | 20 +- ...c-scanning-microsoft-defender-antivirus.md | 22 +-- ...ed-updates-microsoft-defender-antivirus.md | 36 ++-- ...-endpoints-microsoft-defender-antivirus.md | 28 +-- ...e-schedule-microsoft-defender-antivirus.md | 16 +- ...on-updates-microsoft-defender-antivirus.md | 30 +-- ...-baselines-microsoft-defender-antivirus.md | 26 +-- ...evices-vms-microsoft-defender-antivirus.md | 14 +- ...crosft-defender-antivirus-in-windows-10.md | 18 +- ...rosoft-defender-antivirus-compatibility.md | 54 +++--- ...fender-antivirus-on-windows-server-2016.md | 72 +++---- .../microsoft-defender-offline.md | 10 +- ...soft-defender-security-center-antivirus.md | 24 +-- ...office-365-microsoft-defender-antivirus.md | 16 +- .../microsoft-defender-antivirus/oldTOC.md | 16 +- ...ecurity-settings-with-tamper-protection.md | 22 +-- ...nteraction-microsoft-defender-antivirus.md | 20 +- ...rt-monitor-microsoft-defender-antivirus.md | 12 +- ...ined-files-microsoft-defender-antivirus.md | 2 +- ...an-results-microsoft-defender-antivirus.md | 10 +- .../run-scan-microsoft-defender-antivirus.md | 12 +- ...h-up-scans-microsoft-defender-antivirus.md | 26 +-- ...tion-level-microsoft-defender-antivirus.md | 20 +- ...oubleshoot-microsoft-defender-antivirus.md | 182 +++++++++--------- .../troubleshoot-reporting.md | 20 +- ...oup-policy-microsoft-defender-antivirus.md | 106 +++++----- ...ig-manager-microsoft-defender-antivirus.md | 10 +- ...ll-cmdlets-microsoft-defender-antivirus.md | 10 +- .../use-wmi-microsoft-defender-antivirus.md | 10 +- ...protection-microsoft-defender-antivirus.md | 28 +-- .../why-use-microsoft-defender-antivirus.md | 22 +-- .../api-portal-mapping.md | 2 +- .../controlled-folders.md | 2 +- .../custom-detection-rules.md | 2 +- .../customize-attack-surface-reduction.md | 2 +- .../customize-controlled-folders.md | 4 +- .../data-storage-privacy.md | 2 +- .../defender-compatibility.md | 18 +- .../edr-in-block-mode.md | 14 +- .../enable-attack-surface-reduction.md | 2 +- .../enable-controlled-folders.md | 4 +- .../enable-network-protection.md | 2 +- .../microsoft-defender-atp/evaluation-lab.md | 2 +- .../event-error-codes.md | 8 +- .../fix-unhealthy-sensors.md | 4 +- .../microsoft-defender-atp/machine-reports.md | 2 +- .../manage-indicators.md | 4 +- .../minimum-requirements.md | 20 +- .../network-protection.md | 2 +- .../microsoft-defender-atp/oldTOC.txt | 6 +- .../onboard-downlevel.md | 2 +- .../overview-attack-surface-reduction.md | 6 +- .../microsoft-defender-atp/portal-overview.md | 4 +- .../prepare-deployment.md | 2 +- .../respond-file-alerts.md | 4 +- .../respond-machine-alerts.md | 6 +- .../microsoft-defender-atp/run-av-scan.md | 2 +- .../supported-response-apis.md | 2 +- .../troubleshoot-asr.md | 2 +- .../troubleshoot-mdatp.md | 2 +- .../microsoft-defender-atp/troubleshoot-np.md | 2 +- .../troubleshoot-onboarding.md | 8 +- .../whats-new-in-microsoft-defender-atp.md | 10 +- ...ication-control-policy-design-decisions.md | 2 +- .../wdsc-hide-notifications.md | 40 ++-- .../wdsc-virus-threat-protection.md | 8 +- .../windows-defender-security-center.md | 6 +- .../ltsc/whats-new-windows-10-2019.md | 12 +- .../whats-new-windows-10-version-1703.md | 8 +- .../whats-new-windows-10-version-1709.md | 2 +- .../whats-new-windows-10-version-1803.md | 4 +- .../whats-new-windows-10-version-1809.md | 4 +- 101 files changed, 909 insertions(+), 909 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index d691487aa2..2e45c2f251 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -205,7 +205,7 @@ Allows or disallows scanning of archives. ADMX Info: - GP English name: *Scan archive files* - GP name: *Scan_DisableArchiveScanning* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -275,7 +275,7 @@ Allows or disallows Windows Defender Behavior Monitoring functionality. ADMX Info: - GP English name: *Turn on behavior monitoring* - GP name: *RealtimeProtection_DisableBehaviorMonitoring* -- GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection* +- GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -346,7 +346,7 @@ ADMX Info: - GP English name: *Join Microsoft MAPS* - GP name: *SpynetReporting* - GP element: *SpynetReporting* -- GP path: *Windows Components/Windows Defender Antivirus/MAPS* +- GP path: *Windows Components/Microsoft Defender Antivirus/MAPS* - GP ADMX file name: *WindowsDefender.admx* @@ -416,7 +416,7 @@ Allows or disallows scanning of email. ADMX Info: - GP English name: *Turn on e-mail scanning* - GP name: *Scan_DisableEmailScanning* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -486,7 +486,7 @@ Allows or disallows a full scan of mapped network drives. ADMX Info: - GP English name: *Run full scan on mapped network drives* - GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -556,7 +556,7 @@ Allows or disallows a full scan of removable drives. During a quick scan, remova ADMX Info: - GP English name: *Scan removable drives* - GP name: *Scan_DisableRemovableDriveScanning* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -626,7 +626,7 @@ Allows or disallows Windows Defender IOAVP Protection functionality. ADMX Info: - GP English name: *Scan all downloaded files and attachments* - GP name: *RealtimeProtection_DisableIOAVProtection* -- GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection* +- GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -758,7 +758,7 @@ Allows or disallows Windows Defender On Access Protection functionality. ADMX Info: - GP English name: *Monitor file and program activity on your computer* - GP name: *RealtimeProtection_DisableOnAccessProtection* -- GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection* +- GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -828,7 +828,7 @@ Allows or disallows Windows Defender Realtime Monitoring functionality. ADMX Info: - GP English name: *Turn off real-time protection* - GP name: *DisableRealtimeMonitoring* -- GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection* +- GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -898,7 +898,7 @@ Allows or disallows a scanning of network files. ADMX Info: - GP English name: *Scan network files* - GP name: *Scan_DisableScanningNetworkFiles* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -1030,7 +1030,7 @@ Allows or disallows user access to the Windows Defender UI. If disallowed, all W ADMX Info: - GP English name: *Enable headless UI mode* - GP name: *UX_Configuration_UILockdown* -- GP path: *Windows Components/Windows Defender Antivirus/Client Interface* +- GP path: *Windows Components/Microsoft Defender Antivirus/Client Interface* - GP ADMX file name: *WindowsDefender.admx* @@ -1103,7 +1103,7 @@ ADMX Info: - GP English name: *Exclude files and paths from Attack Surface Reduction Rules* - GP name: *ExploitGuard_ASR_ASROnlyExclusions* - GP element: *ExploitGuard_ASR_ASROnlyExclusions* -- GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction* +- GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction* - GP ADMX file name: *WindowsDefender.admx* @@ -1171,7 +1171,7 @@ ADMX Info: - GP English name: *Configure Attack Surface Reduction rules* - GP name: *ExploitGuard_ASR_Rules* - GP element: *ExploitGuard_ASR_Rules* -- GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction* +- GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction* - GP ADMX file name: *WindowsDefender.admx* @@ -1238,7 +1238,7 @@ ADMX Info: - GP English name: *Specify the maximum percentage of CPU utilization during a scan* - GP name: *Scan_AvgCPULoadFactor* - GP element: *Scan_AvgCPULoadFactor* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -1315,7 +1315,7 @@ ADMX Info: - GP English name: *Check for the latest virus and spyware definitions before running a scheduled scan* - GP name: *CheckForSignaturesBeforeRunningScan* - GP element: *CheckForSignaturesBeforeRunningScan* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -1380,11 +1380,11 @@ ADMX Info: > This policy is only enforced in Windows 10 for desktop. -Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. +Added in Windows 10, version 1709. This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. -If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. +If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. -For more information about specific values that are supported, see the Windows Defender Antivirus documentation site. +For more information about specific values that are supported, see the Microsoft Defender Antivirus documentation site. > [!NOTE] > This feature requires the "Join Microsoft MAPS" setting enabled in order to function. @@ -1395,7 +1395,7 @@ ADMX Info: - GP English name: *Select cloud protection level* - GP name: *MpEngine_MpCloudBlockLevel* - GP element: *MpCloudBlockLevel* -- GP path: *Windows Components/Windows Defender Antivirus/MpEngine* +- GP path: *Windows Components/Microsoft Defender Antivirus/MpEngine* - GP ADMX file name: *WindowsDefender.admx* @@ -1459,7 +1459,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. +Added in Windows 10, version 1709. This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. @@ -1474,7 +1474,7 @@ ADMX Info: - GP English name: *Configure extended cloud check* - GP name: *MpEngine_MpBafsExtendedTimeout* - GP element: *MpBafsExtendedTimeout* -- GP path: *Windows Components/Windows Defender Antivirus/MpEngine* +- GP path: *Windows Components/Microsoft Defender Antivirus/MpEngine* - GP ADMX file name: *WindowsDefender.admx* @@ -1529,7 +1529,7 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. -Added in Windows 10, version 1709. This policy setting allows user-specified applications to the controlled folder access feature. Adding an allowed application means the controlled folder access feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. +Added in Windows 10, version 1709. This policy setting allows user-specified applications to the controlled folder access feature. Adding an allowed application means the controlled folder access feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Microsoft Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. @@ -1537,7 +1537,7 @@ ADMX Info: - GP English name: *Configure allowed applications* - GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications* - GP element: *ExploitGuard_ControlledFolderAccess_AllowedApplications* -- GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access* +- GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access* - GP ADMX file name: *WindowsDefender.admx* @@ -1600,7 +1600,7 @@ ADMX Info: - GP English name: *Configure protected folders* - GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders* - GP element: *ExploitGuard_ControlledFolderAccess_ProtectedFolders* -- GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access* +- GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access* - GP ADMX file name: *WindowsDefender.admx* @@ -1667,7 +1667,7 @@ ADMX Info: - GP English name: *Configure removal of items from Quarantine folder* - GP name: *Quarantine_PurgeItemsAfterDelay* - GP element: *Quarantine_PurgeItemsAfterDelay* -- GP path: *Windows Components/Windows Defender Antivirus/Quarantine* +- GP path: *Windows Components/Microsoft Defender Antivirus/Quarantine* - GP ADMX file name: *WindowsDefender.admx* @@ -1742,7 +1742,7 @@ ADMX Info: - GP English name: *Turn on catch-up full scan* - GP name: *Scan_DisableCatchupFullScan* - GP element: *Scan_DisableCatchupFullScan* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -1822,7 +1822,7 @@ ADMX Info: - GP English name: *Turn on catch-up quick scan* - GP name: *Scan_DisableCatchupQuickScan* - GP element: *Scan_DisableCatchupQuickScan* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -1894,7 +1894,7 @@ ADMX Info: - GP English name: *Configure Controlled folder access* - GP name: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess* - GP element: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess* -- GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access* +- GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access* - GP ADMX file name: *WindowsDefender.admx* @@ -1971,7 +1971,7 @@ ADMX Info: - GP English name: *Configure low CPU priority for scheduled scans* - GP name: *Scan_LowCpuPriority* - GP element: *Scan_LowCpuPriority* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -2049,7 +2049,7 @@ ADMX Info: - GP English name: *Prevent users and apps from accessing dangerous websites* - GP name: *ExploitGuard_EnableNetworkProtection* - GP element: *ExploitGuard_EnableNetworkProtection* -- GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Network Protection* +- GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Network Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2121,7 +2121,7 @@ ADMX Info: - GP English name: *Path Exclusions* - GP name: *Exclusions_Paths* - GP element: *Exclusions_PathsList* -- GP path: *Windows Components/Windows Defender Antivirus/Exclusions* +- GP path: *Windows Components/Microsoft Defender Antivirus/Exclusions* - GP ADMX file name: *WindowsDefender.admx* @@ -2185,7 +2185,7 @@ ADMX Info: - GP English name: *Extension Exclusions* - GP name: *Exclusions_Extensions* - GP element: *Exclusions_ExtensionsList* -- GP path: *Windows Components/Windows Defender Antivirus/Exclusions* +- GP path: *Windows Components/Microsoft Defender Antivirus/Exclusions* - GP ADMX file name: *WindowsDefender.admx* @@ -2255,7 +2255,7 @@ ADMX Info: - GP English name: *Process Exclusions* - GP name: *Exclusions_Processes* - GP element: *Exclusions_ProcessesList* -- GP path: *Windows Components/Windows Defender Antivirus/Exclusions* +- GP path: *Windows Components/Microsoft Defender Antivirus/Exclusions* - GP ADMX file name: *WindowsDefender.admx* @@ -2385,7 +2385,7 @@ ADMX Info: - GP English name: *Configure monitoring for incoming and outgoing file and program activity* - GP name: *RealtimeProtection_RealtimeScanDirection* - GP element: *RealtimeProtection_RealtimeScanDirection* -- GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection* +- GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2457,7 +2457,7 @@ ADMX Info: - GP English name: *Specify the scan type to use for a scheduled scan* - GP name: *Scan_ScanParameters* - GP element: *Scan_ScanParameters* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -2537,7 +2537,7 @@ ADMX Info: - GP English name: *Specify the time for a daily quick scan* - GP name: *Scan_ScheduleQuickScantime* - GP element: *Scan_ScheduleQuickScantime* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -2608,7 +2608,7 @@ ADMX Info: - GP English name: *Specify the day of the week to run a scheduled scan* - GP name: *Scan_ScheduleDay* - GP element: *Scan_ScheduleDay* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -2695,7 +2695,7 @@ ADMX Info: - GP English name: *Specify the time of day to run a scheduled scan* - GP name: *Scan_ScheduleTime* - GP element: *Scan_ScheduleTime* -- GP path: *Windows Components/Windows Defender Antivirus/Scan* +- GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -2774,7 +2774,7 @@ ADMX Info: - GP English name: *Define the order of sources for downloading definition updates* - GP name: *SignatureUpdate_FallbackOrder* - GP element: *SignatureUpdate_FallbackOrder* -- GP path: *Windows Components/Windows Defender Antivirus/Signature Updates* +- GP path: *Windows Components/Microsoft Defender Antivirus/Signature Updates* - GP ADMX file name: *WindowsDefender.admx* @@ -2853,7 +2853,7 @@ ADMX Info: - GP English name: *Define file shares for downloading definition updates* - GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources* - GP element: *SignatureUpdate_DefinitionUpdateFileSharesSources* -- GP path: *Windows Components/Windows Defender Antivirus/Signature Updates* +- GP path: *Windows Components/Microsoft Defender Antivirus/Signature Updates* - GP ADMX file name: *WindowsDefender.admx* @@ -2933,7 +2933,7 @@ ADMX Info: - GP English name: *Specify the interval to check for definition updates* - GP name: *SignatureUpdate_SignatureUpdateInterval* - GP element: *SignatureUpdate_SignatureUpdateInterval* -- GP path: *Windows Components/Windows Defender Antivirus/Signature Updates* +- GP path: *Windows Components/Microsoft Defender Antivirus/Signature Updates* - GP ADMX file name: *WindowsDefender.admx* @@ -3001,7 +3001,7 @@ ADMX Info: - GP English name: *Send file samples when further analysis is required* - GP name: *SubmitSamplesConsent* - GP element: *SubmitSamplesConsent* -- GP path: *Windows Components/Windows Defender Antivirus/MAPS* +- GP path: *Windows Components/Microsoft Defender Antivirus/MAPS* - GP ADMX file name: *WindowsDefender.admx* @@ -3092,7 +3092,7 @@ ADMX Info: - GP English name: *Specify threat alert levels at which default action should not be taken when detected* - GP name: *Threats_ThreatSeverityDefaultAction* - GP element: *Threats_ThreatSeverityDefaultActionList* -- GP path: *Windows Components/Windows Defender Antivirus/Threats* +- GP path: *Windows Components/Microsoft Defender Antivirus/Threats* - GP ADMX file name: *WindowsDefender.admx* diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 8b4d14515d..3462504a92 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -175,8 +175,8 @@ The following Group Policy settings were added in Windows 10, version 1809: - Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Remove remote desktop wallpaper - Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for logoff of RemoteApp sessions - Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for logoff of RemoteApp sessions -- Windows Components\Windows Defender Antivirus\Configure detection for potentially unwanted applications -- Windows Components\Windows Defender Antivirus\Scan\Configure low CPU priority for scheduled scans +- Windows Components\Microsoft Defender Antivirus\Configure detection for potentially unwanted applications +- Windows Components\Microsoft Defender Antivirus\Scan\Configure low CPU priority for scheduled scans - Windows Components\Windows Defender Application Guard\Allow camera and microphone access in Windows Defender Application Guard - Windows Components\Windows Defender Application Guard\Allow users to trust files that open in Windows Defender Application Guard - Windows Components\Windows Defender Application Guard\Allow Windows Defender Application Guard to use Root Certificate Authorities from the user’s device @@ -318,12 +318,12 @@ The following Group Policy settings were added in Windows 10, version 1709: - Windows Components\Search\Allow Cloud Search - Windows Components\Windows Defender Application Guard\Allow data persistence for Windows Defender Application Guard - Windows Components\Windows Defender Application Guard\Allow auditing events in Windows Defender Application Guard -- Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Network Protection\Prevent users and apps from accessing dangerous websites -- Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access\Configure Controlled folder access -- Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction\Configure Attack Surface Reduction rules -- Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction\Exclude files and paths from Attack Surface Reduction Rules -- Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access\Configure allowed applications -- Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access\Configure protected folders +- Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Network Protection\Prevent users and apps from accessing dangerous websites +- Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access\Configure Controlled folder access +- Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction\Configure Attack Surface Reduction rules +- Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction\Exclude files and paths from Attack Surface Reduction Rules +- Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access\Configure allowed applications +- Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access\Configure protected folders - Windows Components\Windows Defender Exploit Guard\Exploit Protection\Use a common set of exploit protection settings - Windows Components\Windows Defender Security Center\Virus and threat protection\Hide the Virus and threat protection area - Windows Components\Windows Defender Security Center\Firewall and network protection\Hide the Firewall and network protection area @@ -458,9 +458,9 @@ The following Group Policy settings were added in Windows 10, version 1703: - Windows Components\Smart Card\Turn on certificate propagation from smart card - Windows Components\Tablet PC\Pen UX Behaviors\Prevent flicks - Windows Components\BitLocker Drive Encryption\Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507]) -- Windows Components\Windows Defender Antivirus\Real-time Protection\Turn on behavior monitoring -- Windows Components\Windows Defender Antivirus\Signature Updates\Define file shares for downloading definition updates -- Windows Components\Windows Defender Antivirus\Signature Updates\Turn on scan after signature update +- Windows Components\Microsoft Defender Antivirus\Real-time Protection\Turn on behavior monitoring +- Windows Components\Microsoft Defender Antivirus\Signature Updates\Define file shares for downloading definition updates +- Windows Components\Microsoft Defender Antivirus\Signature Updates\Turn on scan after signature update - Windows Components\File Explorer\Display confirmation dialog when deleting files - Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow OpenSearch queries in File Explorer - Windows Components\Windows Update\Remove access to use all Windows Update features diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index 2eb42f02b4..887025029f 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -55,7 +55,7 @@ sections: text: " - +
        DetailsOriginating updateStatusHistory
        Unable to create local users in Chinese, Japanese and Korean during device setup
        When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

        Note This issue does not affect using a Microsoft Account during OOBE.

        Affected platforms:
        • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
        • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
        Resolution: This issue was resolved in KB4534321.

        Back to top        		OS Build 17763.737

        September 10, 2019
        KB4512578        		Resolved
        KB4534321        		Resolved:
        January 23, 2020
        02:00 PM PT

        Opened:
        October 29, 2019
        05:15 PM PT
        Microsoft Defender Advanced Threat Protection might stop running
        After installing the optional non-security update (KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe.

        Note Microsoft Windows Defender Antivirus is not affected by this issue.

        Affected platforms:
        • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
        • Server: Windows Server, version 1809; Windows Server 2019
        Resolution: This issue was resolved in KB4523205.

        Back to top        		OS Build 17763.832

        October 15, 2019
        KB4520062        		Resolved
        KB4523205        		Resolved:
        November 12, 2019
        10:00 AM PT

        Opened:
        October 17, 2019
        05:14 PM PT
        Microsoft Defender Advanced Threat Protection might stop running
        After installing the optional non-security update (KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe.

        Note Microsoft Microsoft Defender Antivirus is not affected by this issue.

        Affected platforms:
        • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
        • Server: Windows Server, version 1809; Windows Server 2019
        Resolution: This issue was resolved in KB4523205.

        Back to top        		OS Build 17763.832

        October 15, 2019
        KB4520062        		Resolved
        KB4523205        		Resolved:
        November 12, 2019
        10:00 AM PT

        Opened:
        October 17, 2019
        05:14 PM PT
        " diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md index 01595e6230..243ea0e80a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md @@ -1,7 +1,7 @@ --- -title: What to do with false positives/negatives in Windows Defender Antivirus -description: Did Windows Defender Antivirus miss or wrongly detect something? Find out what you can do. -keywords: Windows Defender Antivirus, false positives, false negatives, exclusions +title: What to do with false positives/negatives in Microsoft Defender Antivirus +description: Did Microsoft Defender Antivirus miss or wrongly detect something? Find out what you can do. +keywords: Microsoft Defender Antivirus, false positives, false negatives, exclusions search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -19,18 +19,18 @@ audience: ITPro ms.topic: article --- -# What to do with false positives/negatives in Windows Defender Antivirus +# What to do with false positives/negatives in Microsoft Defender Antivirus **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Antivirus is designed to keep your PC safe with built-in, trusted antivirus protection. With Windows Defender Antivirus, you get comprehensive, ongoing, and real-time protection against software threats like viruses, malware and spyware across email, apps, the cloud, and the web. +Microsoft Defender Antivirus is designed to keep your PC safe with built-in, trusted antivirus protection. With Microsoft Defender Antivirus, you get comprehensive, ongoing, and real-time protection against software threats like viruses, malware and spyware across email, apps, the cloud, and the web. But what if something gets detected wrongly as malware, or something is missed? We call these false positives and false negatives. Fortunately, there are some steps you can take to deal with these things. You can: - [Submit a file to Microsoft for analysis](#submit-a-file-to-microsoft-for-analysis); - [Create an "Allow" indicator to prevent a false positive from recurring](#create-an-allow-indicator-to-prevent-a-false-positive-from-recurring); or -- [Define an exclusion on an individual Windows device to prevent an item from being scanned](#define-an-exclusion-on-an-individual-windows-device-to-prevent-an-item-from-being-scanned) by Windows Defender Antivirus. +- [Define an exclusion on an individual Windows device to prevent an item from being scanned](#define-an-exclusion-on-an-individual-windows-device-to-prevent-an-item-from-being-scanned) by Microsoft Defender Antivirus. ## Submit a file to Microsoft for analysis @@ -42,13 +42,13 @@ But what if something gets detected wrongly as malware, or something is missed? ## Create an "Allow" indicator to prevent a false positive from recurring -If a file, IP address, URL, or domain is treated as malware on a device, even though it's safe, you can create an "Allow" indicator. This indicator tells Windows Defender Antivirus (and Microsoft Defender Advanced Threat Protection) that the item is safe. +If a file, IP address, URL, or domain is treated as malware on a device, even though it's safe, you can create an "Allow" indicator. This indicator tells Microsoft Defender Antivirus (and Microsoft Defender Advanced Threat Protection) that the item is safe. To set up your "Allow" indicator, follow the guidance in [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators). ## Define an exclusion on an individual Windows device to prevent an item from being scanned -When you define an exclusion for Windows Defender Antivirus, you configure your antivirus to skip that item. +When you define an exclusion for Microsoft Defender Antivirus, you configure your antivirus to skip that item. 1. On your Windows 10 device, open the Windows Security app. 2. Select **Virus & threat protection** > **Virus & threat protection settings**. @@ -59,10 +59,10 @@ The following table summarizes exclusion types, how they're defined, and what ha |Exclusion type |Defined by |What happens | |---------|---------|---------| -|**File** |Location
        Example: `c:\sample\sample.test` |The specified file is skipped by Windows Defender Antivirus. | -|**Folder** |Location
        Example: `c:\test\sample` |All items in the specified folder are skipped by Windows Defender Antivirus. | -|**File type** |File extension
        Example: `.test` |All files with the specified extension anywhere on your device are skipped by Windows Defender Antivirus. | -|**Process** |Executable file path
        Example: `c:\test\process.exe` |The specified process and any files that are opened by that process are skipped by Windows Defender Antivirus. | +|**File** |Location
        Example: `c:\sample\sample.test` |The specified file is skipped by Microsoft Defender Antivirus. | +|**Folder** |Location
        Example: `c:\test\sample` |All items in the specified folder are skipped by Microsoft Defender Antivirus. | +|**File type** |File extension
        Example: `.test` |All files with the specified extension anywhere on your device are skipped by Microsoft Defender Antivirus. | +|**Process** |Executable file path
        Example: `c:\test\process.exe` |The specified process and any files that are opened by that process are skipped by Microsoft Defender Antivirus. | To learn more, see: - [Configure and validate exclusions based on file extension and folder location](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md index 1cae26190b..532462188a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -1,6 +1,6 @@ --- -title: Collect diagnostic data for Update Compliance and Windows Defender Windows Defender Antivirus -description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender Antivirus Assessment add in +title: Collect diagnostic data for Update Compliance and Windows Defender Microsoft Defender Antivirus +description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Microsoft Defender Antivirus Assessment add in keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -25,7 +25,7 @@ manager: dansimp This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in. -Before attempting this process, ensure you have read [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md), met all require prerequisites, and taken any other suggested troubleshooting steps. +Before attempting this process, ensure you have read [Troubleshoot Microsoft Defender Antivirus reporting](troubleshoot-reporting.md), met all require prerequisites, and taken any other suggested troubleshooting steps. On at least two devices that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by taking the following steps: @@ -52,7 +52,7 @@ On at least two devices that are not reporting or showing up in Update Complianc 6. Send an email using the Update Compliance support email template, and fill out the template with the following information: ``` - I am encountering the following issue when using Windows Defender Antivirus in Update Compliance: + I am encountering the following issue when using Microsoft Defender Antivirus in Update Compliance: I have provided at least 2 support .cab files at the following location: @@ -63,5 +63,5 @@ On at least two devices that are not reporting or showing up in Update Complianc ## See also -- [Troubleshoot Windows Defender Windows Defender Antivirus reporting](troubleshoot-reporting.md) +- [Troubleshoot Windows Defender Microsoft Defender Antivirus reporting](troubleshoot-reporting.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md index 1feb9db788..32f43ac10a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Use the command line to manage Windows Defender Antivirus -description: Run Windows Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility. +title: Use the command line to manage Microsoft Defender Antivirus +description: Run Microsoft Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility. keywords: run windows defender scan, run antivirus scan from command line, run windows defender scan from command line, mpcmdrun, defender search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -16,13 +16,13 @@ ms.reviewer: ksarens manager: dansimp --- -# Configure and manage Windows Defender Antivirus with the mpcmdrun.exe command-line tool +# Configure and manage Microsoft Defender Antivirus with the mpcmdrun.exe command-line tool **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Windows Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt. +You can perform various Microsoft Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Microsoft Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt. > [!NOTE] > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. @@ -59,4 +59,4 @@ MpCmdRun.exe -scan -2 ## Related topics - [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md index 8ea3ed528e..a48b41622f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md @@ -17,13 +17,13 @@ ms.reviewer: manager: dansimp --- -# Manage Windows Defender Antivirus in your business +# Manage Microsoft Defender Antivirus in your business **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can manage and configure Windows Defender Antivirus with the following tools: +You can manage and configure Microsoft Defender Antivirus with the following tools: - Microsoft Intune - Microsoft Endpoint Configuration Manager @@ -32,14 +32,14 @@ You can manage and configure Windows Defender Antivirus with the following tools - Windows Management Instrumentation (WMI) - The mpcmdrun.exe utility -The articles in this section provide further information, links, and resources for using these tools to manage and configure Windows Defender Antivirus. +The articles in this section provide further information, links, and resources for using these tools to manage and configure Microsoft Defender Antivirus. ## In this section Article | Description ---|--- -[Manage Windows Defender Antivirus with Microsoft Intune and Microsoft Endpoint Configuration Manager](use-intune-config-manager-microsoft-defender-antivirus.md)|Information about using Intune and Configuration Manager to deploy, manage, report, and configure Windows Defender Antivirus -[Manage Windows Defender Antivirus with Group Policy settings](use-group-policy-microsoft-defender-antivirus.md)|List of all Group Policy settings located in ADMX templates -[Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md)|Instructions for using PowerShell cmdlets to manage Windows Defender Antivirus, plus links to documentation for all cmdlets and allowed parameters -[Manage Windows Defender Antivirus with Windows Management Instrumentation (WMI)](use-wmi-microsoft-defender-antivirus.md)| Instructions for using WMI to manage Windows Defender Antivirus, plus links to documentation for the WMIv2 APIs (including all classes, methods, and properties) -[Manage Windows Defender Antivirus with the mpcmdrun.exe command-line tool](command-line-arguments-microsoft-defender-antivirus.md)|Instructions on using the dedicated command-line tool to manage and use Windows Defender Antivirus +[Manage Microsoft Defender Antivirus with Microsoft Intune and Microsoft Endpoint Configuration Manager](use-intune-config-manager-microsoft-defender-antivirus.md)|Information about using Intune and Configuration Manager to deploy, manage, report, and configure Microsoft Defender Antivirus +[Manage Microsoft Defender Antivirus with Group Policy settings](use-group-policy-microsoft-defender-antivirus.md)|List of all Group Policy settings located in ADMX templates +[Manage Microsoft Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md)|Instructions for using PowerShell cmdlets to manage Microsoft Defender Antivirus, plus links to documentation for all cmdlets and allowed parameters +[Manage Microsoft Defender Antivirus with Windows Management Instrumentation (WMI)](use-wmi-microsoft-defender-antivirus.md)| Instructions for using WMI to manage Microsoft Defender Antivirus, plus links to documentation for the WMIv2 APIs (including all classes, methods, and properties) +[Manage Microsoft Defender Antivirus with the mpcmdrun.exe command-line tool](command-line-arguments-microsoft-defender-antivirus.md)|Instructions on using the dedicated command-line tool to manage and use Microsoft Defender Antivirus diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md index b4742f97c9..e2bba2fe2b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md @@ -17,7 +17,7 @@ manager: dansimp --- -# Configure Windows Defender Antivirus scanning options +# Configure Microsoft Defender Antivirus scanning options **Applies to:** @@ -25,7 +25,7 @@ manager: dansimp **Use Microsoft Intune to configure scanning options** -See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. +See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. @@ -41,7 +41,7 @@ To configure the Group Policy settings described in the following table: 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below. +3. Expand the tree to **Windows components > Microsoft Defender Antivirus** and then the **Location** specified in the table below. 4. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. @@ -64,7 +64,7 @@ Specify the level of subfolders within an archive folder to scan | Scan > Specif ## Use PowerShell to configure scanning options -See [Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Manage Microsoft Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. ## Use WMI to configure scanning options @@ -80,14 +80,14 @@ Email scanning enables scanning of email files used by Outlook and other mail c PST files used by Outlook 2003 or older (where the archive type is set to non-unicode) will also be scanned, but Windows Defender cannot remediate threats detected inside PST files. -If Windows Defender Antivirus detects a threat inside an email, it will show you the following information to assist you in identifying the compromised email, so you can remediate the threat manually: +If Microsoft Defender Antivirus detects a threat inside an email, it will show you the following information to assist you in identifying the compromised email, so you can remediate the threat manually: - Email subject - Attachment name ## Related topics -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) -- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Configure and run on-demand Microsoft Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) +- [Configure scheduled Microsoft Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md index acc9c3d662..3906d071de 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md @@ -31,26 +31,26 @@ You can [specify how long the file should be prevented from running](configure-c ## How it works -When Windows Defender Antivirus encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend applies heuristics, machine learning, and automated analysis of the file to determine whether the files are malicious or clean. +When Microsoft Defender Antivirus encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend applies heuristics, machine learning, and automated analysis of the file to determine whether the files are malicious or clean. -Windows Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). +Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). ![List of Windows Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) In Windows 10, version 1803, block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. Block at first sight only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or that originate from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file. -If the cloud backend is unable to make a determination, Windows Defender Antivirus locks the file and uploads a copy to the cloud. The cloud performs additional analysis to reach a determination before it either allows the file to run or blocks it in all future encounters, depending on whether it determines the file to be malicious or safe. +If the cloud backend is unable to make a determination, Microsoft Defender Antivirus locks the file and uploads a copy to the cloud. The cloud performs additional analysis to reach a determination before it either allows the file to run or blocks it in all future encounters, depending on whether it determines the file to be malicious or safe. In many cases, this process can reduce the response time for new malware from hours to seconds. ## Confirm and validate that block at first sight is enabled -Block at first sight requires a number of settings to be configured correctly or it will not work. These settings are enabled by default in most enterprise Windows Defender Antivirus deployments. +Block at first sight requires a number of settings to be configured correctly or it will not work. These settings are enabled by default in most enterprise Microsoft Defender Antivirus deployments. ### Confirm block at first sight is enabled with Intune -1. In Intune, navigate to **Device configuration - Profiles** > *Profile name* > **Device restrictions** > **Windows Defender Antivirus**. +1. In Intune, navigate to **Device configuration - Profiles** > *Profile name* > **Device restrictions** > **Microsoft Defender Antivirus**. > [!NOTE] > The profile you select must be a Device Restriction profile type, not an Endpoint Protection profile type. @@ -67,9 +67,9 @@ Block at first sight requires a number of settings to be configured correctly or > [!WARNING] > Setting the file blocking level to **High** will apply a strong level of detection. In the unlikely event that it causes a false positive detection of legitimate files, use the option to [restore the quarantined files](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus). -For more information about configuring Windows Defender Antivirus device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). +For more information about configuring Microsoft Defender Antivirus device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). -For a list of Windows Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus). +For a list of Microsoft Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus). ### Enable block at first sight with Microsoft Endpoint Configuration Manager @@ -100,7 +100,7 @@ For a list of Windows Defender Antivirus device restrictions in Intune, see [Dev 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **MAPS**, configure the following Group Policies, and then click **OK**: +3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **MAPS**, configure the following Group Policies, and then click **OK**: - Double-click **Join Microsoft MAPS** and ensure the option is set to **Enabled**. Click **OK**. @@ -109,7 +109,7 @@ For a list of Windows Defender Antivirus device restrictions in Intune, see [Dev > [!WARNING] > Setting to **Always prompt (0)** will lower the protection state of the device. Setting to **Never send (2)** means block at first sight will not function. -4. In the **Group Policy Management Editor**, expand the tree to **Windows components** > **Windows Defender Antivirus** > **Real-time Protection**: +4. In the **Group Policy Management Editor**, expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Real-time Protection**: 1. Double-click **Scan all downloaded files and attachments** and ensure the option is set to **Enabled**, and then click **OK**. @@ -167,7 +167,7 @@ You may choose to disable block at first sight if you want to retain the prerequ 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree through **Windows components** > **Windows Defender Antivirus** > **MAPS**. +3. Expand the tree through **Windows components** > **Microsoft Defender Antivirus** > **MAPS**. 4. Double-click **Configure the 'Block at First Sight' feature** and set the option to **Disabled**. @@ -176,5 +176,5 @@ You may choose to disable block at first sight if you want to retain the prerequ ## Related topics -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) - [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md index 116cffdaa7..6fb6d97688 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- title: Configure the Windows Defender AV cloud block timeout period -description: You can configure how long Windows Defender Antivirus will block a file from running while waiting for a cloud determination. -keywords: windows defender antivirus, antimalware, security, defender, cloud, timeout, block, period, seconds +description: You can configure how long Microsoft Defender Antivirus will block a file from running while waiting for a cloud determination. +keywords: Microsoft Defender Antivirus, antimalware, security, defender, cloud, timeout, block, period, seconds search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -24,9 +24,9 @@ ms.custom: nextgen - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -When Windows Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud service](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). +When Microsoft Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Microsoft Defender Antivirus cloud service](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). -The default period that the file will be [blocked](configure-block-at-first-sight-microsoft-defender-antivirus.md) is 10 seconds. You can specify an additional period of time to wait before the file is allowed to run. This can help ensure there is enough time to receive a proper determination from the Windows Defender Antivirus cloud service. +The default period that the file will be [blocked](configure-block-at-first-sight-microsoft-defender-antivirus.md) is 10 seconds. You can specify an additional period of time to wait before the file is allowed to run. This can help ensure there is enough time to receive a proper determination from the Microsoft Defender Antivirus cloud service. ## Prerequisites to use the extended cloud block timeout @@ -40,7 +40,7 @@ You can use Group Policy to specify an extended timeout for cloud checks. 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine** +3. Expand the tree to **Windows components > Microsoft Defender Antivirus > MpEngine** 4. Double-click **Configure extended cloud check** and ensure the option is enabled. Specify the additional amount of time to prevent the file from running while waiting for a cloud determination. You can specify the additional time, in seconds, from 1 second to 50 seconds. This time will be added to the default 10 seconds. @@ -48,7 +48,7 @@ You can use Group Policy to specify an extended timeout for cloud checks. ## Related topics -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) - [Use next-generation antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) - [Configure block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) - [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md index f748db5175..13346bae2f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md @@ -17,20 +17,20 @@ ms.reviewer: manager: dansimp --- -# Configure end-user interaction with Windows Defender Antivirus +# Configure end-user interaction with Microsoft Defender Antivirus **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can configure how users of the endpoints on your network can interact with Windows Defender Antivirus. +You can configure how users of the endpoints on your network can interact with Microsoft Defender Antivirus. -This includes whether they see the Windows Defender Antivirus interface, what notifications they see, and if they can locally override globally-deployed Group Policy settings. +This includes whether they see the Microsoft Defender Antivirus interface, what notifications they see, and if they can locally override globally-deployed Group Policy settings. ## In this section Topic | Description ---|--- [Configure notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) | Configure and customize additional notifications, customized text for notifications, and notifications about reboots for remediation -[Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) | Hide the user interface from users +[Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) | Hide the user interface from users [Prevent users from locally modifying policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) | Prevent (or allow) users from overriding policy settings on their individual endpoints diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md index 635d677a14..6407947fe2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md @@ -17,21 +17,21 @@ ms.reviewer: manager: dansimp --- -# Configure and validate exclusions for Windows Defender Antivirus scans +# Configure and validate exclusions for Microsoft Defender Antivirus scans **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can exclude certain files, folders, processes, and process-opened files from Windows Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection. +You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection. >[!WARNING] ->Defining exclusions lowers the protection offered by Windows Defender Antivirus. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious. +>Defining exclusions lowers the protection offered by Microsoft Defender Antivirus. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious. -- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from Windows Defender Antivirus scans based on their file extension, file name, or location. +- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from Microsoft Defender Antivirus scans based on their file extension, file name, or location. - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from scans that have been opened by a specific process. ## Related articles -[Windows Defender Antivirus exclusions on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md) \ No newline at end of file +[Microsoft Defender Antivirus exclusions on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md index e41c0fe9e7..a89a602b81 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Configure and validate exclusions based on extension, name, or location -description: Exclude files from Windows Defender Antivirus scans based on their file extension, file name, or location. +description: Exclude files from Microsoft Defender Antivirus scans based on their file extension, file name, or location. keywords: exclusions, files, extension, file type, folder name, file name, scans search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -23,11 +23,11 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!IMPORTANT] -> Windows Defender Antivirus exclusions don't apply to other Microsoft Defender ATP capabilities, including [endpoint detection and response (EDR)](../microsoft-defender-atp/overview-endpoint-detection-response.md), [attack surface reduction (ASR) rules](../microsoft-defender-atp/attack-surface-reduction.md), and [controlled folder access](../microsoft-defender-atp/controlled-folders.md). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, add them to the Microsoft Defender ATP [custom indicators](../microsoft-defender-atp/manage-indicators.md). +> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender ATP capabilities, including [endpoint detection and response (EDR)](../microsoft-defender-atp/overview-endpoint-detection-response.md), [attack surface reduction (ASR) rules](../microsoft-defender-atp/attack-surface-reduction.md), and [controlled folder access](../microsoft-defender-atp/controlled-folders.md). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, add them to the Microsoft Defender ATP [custom indicators](../microsoft-defender-atp/manage-indicators.md). ## Exclusion lists -You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Windows Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations. +You can exclude certain files from Microsoft Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Microsoft Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations. > [!NOTE] > Automatic exclusions apply only to Windows Server 2016 and above. The default antimalware policy we deploy at Microsoft doesn't set any exclusions by default. @@ -51,7 +51,7 @@ Exclusion lists have the following characteristics: > >You cannot exclude mapped network drives. You must specify the actual network path. > ->Folders that are reparse points that are created after the Windows Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target. +>Folders that are reparse points that are created after the Microsoft Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target. To exclude files opened by a specific process, see [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). @@ -72,7 +72,7 @@ You can [configure how locally and globally defined exclusions lists are merged] See the following articles: - [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) -- [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) +- [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) ### Use Configuration Manager to configure file name, folder, or file extension exclusions @@ -87,7 +87,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https:// 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus > Exclusions**. +3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**. 4. Double-click the **Path Exclusions** setting and add the exclusions. @@ -146,7 +146,7 @@ For example, the following code snippet would cause Windows Defender AV scans to Add-MpPreference -ExclusionExtension ".test" ``` -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). +For more information, see [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). ### Use Windows Management Instruction (WMI) to configure file name, folder, or file extension exclusions @@ -215,7 +215,7 @@ You can retrieve the items in the exclusion list using one of the following meth If you use PowerShell, you can retrieve the list in two ways: -- Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line. +- Retrieve the status of all Microsoft Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line. - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line. ### Validate the exclusion list by using MpCmdRun @@ -227,9 +227,9 @@ MpCmdRun.exe -CheckExclusion -path ``` >[!NOTE] ->Checking exclusions with MpCmdRun requires Windows Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later. +>Checking exclusions with MpCmdRun requires Microsoft Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later. -### Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell +### Review the list of exclusions alongside all other Microsoft Defender Antivirus preferences by using PowerShell Use the following cmdlet: @@ -241,7 +241,7 @@ In the following example, the items contained in the `ExclusionExtension` list a ![PowerShell output for Get-MpPreference showing the exclusion list alongside other preferences](images/defender/wdav-powershell-get-exclusions-all.png) -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). +For more information, see [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). ### Retrieve a specific exclusions list by using PowerShell @@ -257,7 +257,7 @@ In the following example, the list is split into new lines for each use of the ` ![PowerShell output showing only the entries in the exclusion list](images/defender/wdav-powershell-get-exclusions-variable.png) -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). +For more information, see [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index). @@ -271,7 +271,7 @@ In the following PowerShell snippet, replace *test.txt* with a file that conform Invoke-WebRequest "http://www.eicar.org/download/eicar.com.txt" -OutFile "test.txt" ``` -If Windows Defender Antivirus reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm the contents are the same as what is described on the [EICAR test file website](http://www.eicar.org/86-0-Intended-use.html). +If Microsoft Defender Antivirus reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm the contents are the same as what is described on the [EICAR test file website](http://www.eicar.org/86-0-Intended-use.html). You can also use the following PowerShell code, which calls the .NET WebClient class to download the test file - as with the `Invoke-WebRequest` cmdlet; replace *c:\test.txt* with a file that conforms to the rule you are validating: @@ -290,6 +290,6 @@ You can also copy the string into a blank text file and attempt to save it with ## Related topics -- [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +- [Configure and validate exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) +- [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md index ea4872fa0d..d9ddfe765f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md @@ -17,17 +17,17 @@ ms.reviewer: manager: dansimp --- -# Prevent or allow users to locally modify Windows Defender Antivirus policy settings +# Prevent or allow users to locally modify Microsoft Defender Antivirus policy settings **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -By default, Windows Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances. +By default, Microsoft Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances. For example, it may be necessary to allow certain user groups (such as security researchers and threat investigators) further control over individual settings on the endpoints they use. -## Configure local overrides for Windows Defender Antivirus settings +## Configure local overrides for Microsoft Defender Antivirus settings The default setting for these policies is **Disabled**. @@ -41,7 +41,7 @@ To configure these settings: 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below. +3. Expand the tree to **Windows components > Microsoft Defender Antivirus** and then the **Location** specified in the table below. 4. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. @@ -51,11 +51,11 @@ Location | Setting | Article ---|---|---|--- MAPS | Configure local setting override for reporting to Microsoft MAPS | [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) Quarantine | Configure local setting override for the removal of items from Quarantine folder | [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override for monitoring file and program activity on your computer | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override for monitoring for incoming and outgoing file activity | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override for scanning all downloaded files and attachments | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override for turn on behavior monitoring | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Configure local setting override to turn on real-time protection | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for monitoring file and program activity on your computer | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for monitoring for incoming and outgoing file activity | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for scanning all downloaded files and attachments | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override for turn on behavior monitoring | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure local setting override to turn on real-time protection | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) Remediation | Configure local setting override for the time of day to run a scheduled full scan to complete remediation | [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) Scan | Configure local setting override for maximum percentage of CPU utilization | [Configure and run scans](run-scan-microsoft-defender-antivirus.md) Scan | Configure local setting override for schedule scan day | [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) @@ -79,7 +79,7 @@ You can disable this setting to ensure that only globally-defined lists (such as 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus**. +3. Expand the tree to **Windows components > Microsoft Defender Antivirus**. 4. Double-click **Configure local administrator merge behavior for lists** and set the option to **Disabled**. Click **OK**. @@ -88,5 +88,5 @@ You can disable this setting to ensure that only globally-defined lists (such as ## Related topics -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md index 1bbdf69dbd..3f6f29e47b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md @@ -1,7 +1,7 @@ --- -title: Configure Windows Defender Antivirus features -description: You can configure Windows Defender Antivirus features with Intune, Microsoft Endpoint Configuration Manager, Group Policy, and PowerShell. -keywords: Windows Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, Microsoft Endpoint Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell +title: Configure Microsoft Defender Antivirus features +description: You can configure Microsoft Defender Antivirus features with Intune, Microsoft Endpoint Configuration Manager, Group Policy, and PowerShell. +keywords: Microsoft Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, Microsoft Endpoint Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -17,13 +17,13 @@ ms.reviewer: manager: dansimp --- -# Configure Windows Defender Antivirus features +# Configure Microsoft Defender Antivirus features **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can configure Windows Defender Antivirus with a number of tools, including: +You can configure Microsoft Defender Antivirus with a number of tools, including: - Microsoft Intune - Microsoft Endpoint Configuration Manager @@ -37,13 +37,13 @@ The following broad categories of features can be configured: - Always-on real-time protection, including behavioral, heuristic, and machine-learning-based protection - How end-users interact with the client on individual endpoints -The topics in this section describe how to perform key tasks when configuring Windows Defender Antivirus. Each topic includes instructions for the applicable configuration tool (or tools). +The topics in this section describe how to perform key tasks when configuring Microsoft Defender Antivirus. Each topic includes instructions for the applicable configuration tool (or tools). You can also review the [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) topic for an overview of each tool and links to further help. ## In this section Topic | Description :---|:--- -[Utilize Microsoft cloud-provided Windows Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) | Cloud-delivered protection provides an advanced level of fast, robust antivirus detection +[Utilize Microsoft cloud-provided Microsoft Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) | Cloud-delivered protection provides an advanced level of fast, robust antivirus detection [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)|Enable behavior-based, heuristic, and real-time antivirus protection -[Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md)|Configure how end-users interact with Windows Defender Antivirus, what notifications they see, and whether they can override settings +[Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md)|Configure how end-users interact with Microsoft Defender Antivirus, what notifications they see, and whether they can override settings diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md index 0feb021b20..c113327bd0 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- -title: Configure and validate Windows Defender Antivirus network connections -description: Configure and test your connection to the Windows Defender Antivirus cloud protection service. -keywords: antivirus, windows defender antivirus, antimalware, security, defender, cloud, aggressiveness, protection level +title: Configure and validate Microsoft Defender Antivirus network connections +description: Configure and test your connection to the Microsoft Defender Antivirus cloud protection service. +keywords: antivirus, Microsoft Defender Antivirus, antimalware, security, defender, cloud, aggressiveness, protection level search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -17,13 +17,13 @@ ms.reviewer: manager: dansimp --- -# Configure and validate Windows Defender Antivirus network connections +# Configure and validate Microsoft Defender Antivirus network connections **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -To ensure Windows Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers. +To ensure Microsoft Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers. This article lists the connections that must be allowed, such as by using firewall rules, and provides instructions for validating your connection. Configuring your protection properly helps ensure that you receive the best value from your cloud-delivered protection services. @@ -36,12 +36,12 @@ See the blog post [Important changes to Microsoft Active Protection Services end >- Fast learning (including block at first sight) >- Potentially unwanted application blocking -## Allow connections to the Windows Defender Antivirus cloud service +## Allow connections to the Microsoft Defender Antivirus cloud service -The Windows Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network. +The Microsoft Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network. >[!NOTE] ->The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. +>The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. See [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) for details on enabling the service with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. @@ -52,21 +52,21 @@ Because your protection is a cloud service, computers must have access to the in | **Service**| **Description** |**URL** | | :--: | :-- | :-- | -| Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)|Used by Windows Defender Antivirus to provide cloud-delivered protection|`*.wdcp.microsoft.com`
        `*.wdcpalt.microsoft.com`
        `*.wd.microsoft.com`| +| Microsoft Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)|Used by Microsoft Defender Antivirus to provide cloud-delivered protection|`*.wdcp.microsoft.com`
        `*.wdcpalt.microsoft.com`
        `*.wd.microsoft.com`| | Microsoft Update Service (MU)| Security intelligence and product updates |`*.update.microsoft.com`| -|Security intelligence updates Alternate Download Location (ADL)| Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| `*.download.microsoft.com`| +|Security intelligence updates Alternate Download Location (ADL)| Alternate location for Microsoft Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| `*.download.microsoft.com`| | Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net`
        `ussus1westprod.blob.core.windows.net`
        `usseu1northprod.blob.core.windows.net`
        `usseu1westprod.blob.core.windows.net`
        `ussuk1southprod.blob.core.windows.net`
        `ussuk1westprod.blob.core.windows.net`
        `ussas1eastprod.blob.core.windows.net`
        `ussas1southeastprod.blob.core.windows.net`
        `ussau1eastprod.blob.core.windows.net`
        `ussau1southeastprod.blob.core.windows.net` | | Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL | `https://www.microsoft.com/pkiops/crl/`
        `https://www.microsoft.com/pkiops/certs`
        `https://crl.microsoft.com/pki/crl/products`
        `https://www.microsoft.com/pki/certs` | -| Symbol Store|Used by Windows Defender Antivirus to restore certain critical files during remediation flows | `https://msdl.microsoft.com/download/symbols` | -| Universal Telemetry Client| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com`
        `settings-win.data.microsoft.com`| +| Symbol Store|Used by Microsoft Defender Antivirus to restore certain critical files during remediation flows | `https://msdl.microsoft.com/download/symbols` | +| Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com`
        `settings-win.data.microsoft.com`| ## Validate connections between your network and the cloud -After whitelisting the URLs listed above, you can test if you are connected to the Windows Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you are fully protected. +After whitelisting the URLs listed above, you can test if you are connected to the Microsoft Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you are fully protected. **Use the cmdline tool to validate cloud-delivered protection:** -Use the following argument with the Windows Defender Antivirus command-line utility (`mpcmdrun.exe`) to verify that your network can communicate with the Windows Defender Antivirus cloud service: +Use the following argument with the Microsoft Defender Antivirus command-line utility (`mpcmdrun.exe`) to verify that your network can communicate with the Microsoft Defender Antivirus cloud service: ```DOS "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -ValidateMapsConnection @@ -75,11 +75,11 @@ Use the following argument with the Windows Defender Antivirus command-line util > [!NOTE] > You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703 or higher. -For more information, see [Manage Windows Defender Antivirus with the mpcmdrun.exe commandline tool](command-line-arguments-microsoft-defender-antivirus.md). +For more information, see [Manage Microsoft Defender Antivirus with the mpcmdrun.exe commandline tool](command-line-arguments-microsoft-defender-antivirus.md). **Attempt to download a fake malware file from Microsoft:** -You can download a sample file that Windows Defender Antivirus will detect and block if you are properly connected to the cloud. +You can download a sample file that Microsoft Defender Antivirus will detect and block if you are properly connected to the cloud. Download the file by visiting the following link: - https://aka.ms/ioavtest @@ -87,9 +87,9 @@ Download the file by visiting the following link: >[!NOTE] >This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud. -If you are properly connected, you will see a warning Windows Defender Antivirus notification: +If you are properly connected, you will see a warning Microsoft Defender Antivirus notification: -![Windows Defender Antivirus notification informing the user that malware was found](images/defender/wdav-malware-detected.png) +![Microsoft Defender Antivirus notification informing the user that malware was found](images/defender/wdav-malware-detected.png) If you are using Microsoft Edge, you'll also see a notification message: @@ -97,7 +97,7 @@ If you are using Microsoft Edge, you'll also see a notification message: A similar message occurs if you are using Internet Explorer: -![Windows Defender Antivirus notification informing the user that malware was found](images/defender/wdav-bafs-ie.png) +![Microsoft Defender Antivirus notification informing the user that malware was found](images/defender/wdav-bafs-ie.png) You will also see a detection under **Quarantined threats** in the **Scan history** section in the Windows Security app: @@ -112,7 +112,7 @@ You will also see a detection under **Quarantined threats** in the **Scan histor ![Screenshot of quarantined items in the Windows Security app](images/defender/wdav-quarantined-history-wdsc.png) >[!NOTE] ->Versions of Windows 10 before version 1703 have a different user interface. See [Windows Defender Antivirus in the Windows Security app](windows-defender-security-center-antivirus.md). +>Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](windows-defender-security-center-antivirus.md). The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-microsoft-defender-antivirus.md). @@ -121,10 +121,10 @@ The Windows event log will also show [Windows Defender client event ID 2050](tro ## Related articles -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) - [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) -- [Run an Windows Defender Antivirus scan from the command line](command-line-arguments-microsoft-defender-antivirus.md) and [Command line arguments](command-line-arguments-microsoft-defender-antivirus.md) +- [Run an Microsoft Defender Antivirus scan from the command line](command-line-arguments-microsoft-defender-antivirus.md) and [Command line arguments](command-line-arguments-microsoft-defender-antivirus.md) - [Important changes to Microsoft Active Protection Services endpoint](https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Important-changes-to-Microsoft-Active-Protection-Service-MAPS/ba-p/274006) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md index 2ac2d79b53..37137f9b07 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Configure Windows Defender Antivirus notifications -description: Configure and customize Windows Defender Antivirus notifications. +title: Configure Microsoft Defender Antivirus notifications +description: Configure and customize Microsoft Defender Antivirus notifications. keywords: notifications, defender, antivirus, endpoint, management, admin search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -59,7 +59,7 @@ You can configure the display of additional notifications, such as recent threat 3. Click **Administrative templates**. -4. Expand the tree to **Windows components > Windows Defender Antivirus > Reporting**. +4. Expand the tree to **Windows components > Microsoft Defender Antivirus > Reporting**. 5. Double-click **Turn off enhanced notifications** and set the option to **Enabled**. Click **OK**. This will prevent additional notifications from appearing. @@ -71,7 +71,7 @@ You can use Group Policy to: - Hide all notifications on endpoints - Hide reboot notifications on endpoints -Hiding notifications can be useful in situations where you can't hide the entire Windows Defender Antivirus interface. See [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) for more information. +Hiding notifications can be useful in situations where you can't hide the entire Microsoft Defender Antivirus interface. See [Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) for more information. > [!NOTE] > Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [Microsoft Endpoint Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). @@ -84,7 +84,7 @@ See [Customize the Windows Security app for your organization](../windows-defend 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus > Client interface**. +3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Client interface**. 4. Double-click **Suppress all notifications** and set the option to **Enabled**. Click **OK**. This will prevent additional notifications from appearing. @@ -96,11 +96,11 @@ See [Customize the Windows Security app for your organization](../windows-defend 3. Click **Administrative templates**. -4. Expand the tree to **Windows components > Windows Defender Antivirus > Client interface**. +4. Expand the tree to **Windows components > Microsoft Defender Antivirus > Client interface**. 5. Double-click **Suppresses reboot notifications** and set the option to **Enabled**. Click **OK**. This will prevent additional notifications from appearing. ## Related topics -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 5b95e815bb..92ea102d1d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- title: Configure exclusions for files opened by specific processes description: You can exclude files from scans if they have been opened by a specific process. -keywords: Windows Defender Antivirus, process, exclusion, files, scans +keywords: Microsoft Defender Antivirus, process, exclusion, files, scans search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -22,7 +22,7 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can exclude files that have been opened by specific processes from Windows Defender Antivirus scans. +You can exclude files that have been opened by specific processes from Microsoft Defender Antivirus scans. This topic describes how to configure exclusion lists for the following: @@ -34,7 +34,7 @@ Any file on the machine that is opened by any process with a specific file name Any file on the machine that is opened by any process under a specific folder | Specifying "c:\test\sample\\*" would exclude files opened by:
        • c:\test\sample\test.exe
        • c:\test\sample\test2.exe
        • c:\test\sample\utility.exe
        Any file on the machine that is opened by a specific process in a specific folder | Specifying "c:\test\process.exe" would exclude files only opened by c:\test\process.exe -When you add a process to the process exclusion list, Windows Defender Antivirus won't scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md). +When you add a process to the process exclusion list, Microsoft Defender Antivirus won't scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md). The exclusions only apply to [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). They don't apply to scheduled or on-demand scans. @@ -54,7 +54,7 @@ You can [configure how locally and globally defined exclusions lists are merged] ### Use Microsoft Intune to exclude files that have been opened by specified processes from scans -See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. +See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. ### Use Microsoft Endpoint Configuration Manager to exclude files that have been opened by specified processes from scans @@ -66,7 +66,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https:// 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus > Exclusions**. +3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**. 4. Double-click **Process Exclusions** and add the exclusions: @@ -107,7 +107,7 @@ For example, the following code snippet would cause Windows Defender AV scans to Add-MpPreference -ExclusionProcess "c:\internal\test.exe" ``` -See [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-Windows Defender Antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-Microsoft Defender Antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. ### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans @@ -153,7 +153,7 @@ You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Mic If you use PowerShell, you can retrieve the list in two ways: -- Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line. +- Retrieve the status of all Microsoft Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line. - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line. ### Validate the exclusion list by using MpCmdRun @@ -165,10 +165,10 @@ MpCmdRun.exe -CheckExclusion -path ``` >[!NOTE] ->Checking exclusions with MpCmdRun requires Windows Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later. +>Checking exclusions with MpCmdRun requires Microsoft Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later. -### Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell +### Review the list of exclusions alongside all other Microsoft Defender Antivirus preferences by using PowerShell Use the following cmdlet: @@ -176,7 +176,7 @@ Use the following cmdlet: Get-MpPreference ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. ### Retrieve a specific exclusions list by using PowerShell @@ -187,12 +187,12 @@ $WDAVprefs = Get-MpPreference $WDAVprefs.ExclusionProcess ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. ## Related articles -- [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +- [Configure and validate exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) -- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) +- [Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md index 61e774a5fc..e09172a74b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- -title: Enable and configure Windows Defender Antivirus protection features +title: Enable and configure Microsoft Defender Antivirus protection features description: Enable behavior-based, heuristic, and real-time protection in Windows Defender AV. -keywords: heuristic, machine-learning, behavior monitor, real-time protection, always-on, windows defender antivirus, antimalware, security, defender +keywords: heuristic, machine-learning, behavior monitor, real-time protection, always-on, Microsoft Defender Antivirus, antimalware, security, defender search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -23,21 +23,21 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Antivirus uses several methods to provide threat protection: +Microsoft Defender Antivirus uses several methods to provide threat protection: - Cloud-delivered protection for near-instant detection and blocking of new and emerging threats - Always-on scanning, using file and process behavior monitoring and other heuristics (also known as "real-time protection") - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research -You can configure how Windows Defender Antivirus uses these methods with Group Policy, System Center Configuration Manage, PowerShell cmdlets, and Windows Management Instrumentation (WMI). +You can configure how Microsoft Defender Antivirus uses these methods with Group Policy, System Center Configuration Manage, PowerShell cmdlets, and Windows Management Instrumentation (WMI). This section covers configuration for always-on scanning, including how to detect and block apps that are deemed unsafe, but may not be detected as malware. -See [Use next-gen Windows Defender Antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for how to enable and configure Windows Defender Antivirus cloud-delivered protection. +See [Use next-gen Microsoft Defender Antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for how to enable and configure Microsoft Defender Antivirus cloud-delivered protection. ## In this section Topic | Description ---|--- [Detect and block potentially unwanted applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) | Detect and block apps that may be unwanted in your network, such as adware, browser modifiers and toolbars, and rogue or fake antivirus apps -[Enable and configure Windows Defender Antivirus protection capabilities](configure-real-time-protection-microsoft-defender-antivirus.md) | Enable and configure real-time protection, heuristics, and other always-on Windows Defender Antivirus monitoring features +[Enable and configure Microsoft Defender Antivirus protection capabilities](configure-real-time-protection-microsoft-defender-antivirus.md) | Enable and configure real-time protection, heuristics, and other always-on Microsoft Defender Antivirus monitoring features diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md index 41f1eefe60..f932ef43ba 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Enable and configure Windows Defender Antivirus protection capabilities -description: Enable and configure Windows Defender Antivirus real-time protection features such as behavior monitoring, heuristics, and machine-learning +title: Enable and configure Microsoft Defender Antivirus protection capabilities +description: Enable and configure Microsoft Defender Antivirus real-time protection features such as behavior monitoring, heuristics, and machine-learning keywords: antivirus, real-time protection, rtp, machine-learning, behavior monitoring, heuristics search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -17,7 +17,7 @@ manager: dansimp ms.custom: nextgen --- -# Enable and configure Windows Defender Antivirus always-on protection in Group Policy +# Enable and configure Microsoft Defender Antivirus always-on protection in Group Policy **Applies to:** @@ -29,7 +29,7 @@ These activities include events, such as processes making unusual changes to exi ## Enable and configure always-on protection in Group Policy -You can use **Local Group Policy Editor** to enable and configure Windows Defender Antivirus always-on protection settings. +You can use **Local Group Policy Editor** to enable and configure Microsoft Defender Antivirus always-on protection settings. To enable and configure always-on protection: @@ -37,29 +37,29 @@ To enable and configure always-on protection: 1. In your Windows 10 taskbar search box, type **gpedit**. 2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. ![GPEdit taskbar search result](images/gpedit-search.png) -2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus**. -![Windows Defender Antivirus](images/gpedit-microsoft-defender-antivirus.png) -3. Configure the Windows Defender Antivirus antimalware service policy settings. To do this: - 1. In the **Windows Defender Antivirus** details pane on right, double-click the policy setting as specified in the following table: +2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus**. +![Microsoft Defender Antivirus](images/gpedit-microsoft-defender-antivirus.png) +3. Configure the Microsoft Defender Antivirus antimalware service policy settings. To do this: + 1. In the **Microsoft Defender Antivirus** details pane on right, double-click the policy setting as specified in the following table: | Setting | Description | Default setting | |-----------------------------|------------------------|-------------------------------| - | Allow antimalware service to startup with normal priority | You can lower the priority of the Windows Defender Antivirus engine, which may be useful in lightweight deployments where you want to have as lean a startup process as possible. This may impact protection on the endpoint. | Enabled - | Allow antimalware service to remain running always | If protection updates have been disabled, you can set Windows Defender Antivirus to still run. This lowers the protection on the endpoint. | Disabled | + | Allow antimalware service to startup with normal priority | You can lower the priority of the Microsoft Defender Antivirus engine, which may be useful in lightweight deployments where you want to have as lean a startup process as possible. This may impact protection on the endpoint. | Enabled + | Allow antimalware service to remain running always | If protection updates have been disabled, you can set Microsoft Defender Antivirus to still run. This lowers the protection on the endpoint. | Disabled | 2. Configure the setting as appropriate, and click **OK**. 3. Repeat the previous steps for each setting in the table. -4. Configure the Windows Defender Antivirus real-time protection policy settings. To do this: - 1. In the **Windows Defender Antivirus** details pane, double-click **Real-time Protection**. Or, from the **Windows Defender Antivirus** tree on left pane, click **Real-time Protection**. - ![Windows Defender Antivirus Real-time Protection options](images/gpedit-real-time-protection.png) +4. Configure the Microsoft Defender Antivirus real-time protection policy settings. To do this: + 1. In the **Microsoft Defender Antivirus** details pane, double-click **Real-time Protection**. Or, from the **Microsoft Defender Antivirus** tree on left pane, click **Real-time Protection**. + ![Microsoft Defender Antivirus Real-time Protection options](images/gpedit-real-time-protection.png) 2. In the **Real-time Protection** details pane on right, double-click the policy setting as specified in the following table: | Setting | Description | Default setting | |-----------------------------|------------------------|-------------------------------| | Turn on behavior monitoring | The AV engine will monitor file processes, file and registry changes, and other events on your endpoints for suspicious and known malicious activity. | Enabled | | Scan all downloaded files and attachments | Downloaded files and attachments are automatically scanned. This operates in addition to the Windows Defender SmartScreen filter, which scans files before and during downloading. | Enabled | - | Monitor file and program activity on your computer | The Windows Defender Antivirus engine makes note of any file changes (file writes, such as moves, copies, or modifications) and general program activity (programs that are opened or running and that cause other programs to run). | Enabled | + | Monitor file and program activity on your computer | The Microsoft Defender Antivirus engine makes note of any file changes (file writes, such as moves, copies, or modifications) and general program activity (programs that are opened or running and that cause other programs to run). | Enabled | | Turn on raw volume write notifications | Information about raw volume writes will be analyzed by behavior monitoring. | Enabled | | Turn on process scanning whenever real-time protection is enabled | You can independently enable the Microsoft Defender Antivirus engine to scan running processes for suspicious modifications or behaviors. This is useful if you have temporarily disabled real-time protection and want to automatically scan processes that started while it was disabled. | Enabled | | Define the maximum size of downloaded files and attachments to be scanned | You can define the size in kilobytes. | Enabled | @@ -73,15 +73,15 @@ To enable and configure always-on protection: 3. Configure the setting as appropriate, and click **OK**. 4. Repeat the previous steps for each setting in the table. -5. Configure the Windows Defender Antivirus scanning policy setting. To do this: - 1. From the **Windows Defender Antivirus** tree on left pane, click **Scan**. - ![Windows Defender Antivirus Scan options](images/gpedit-microsoft-defender-antivirus-scan.png) +5. Configure the Microsoft Defender Antivirus scanning policy setting. To do this: + 1. From the **Microsoft Defender Antivirus** tree on left pane, click **Scan**. + ![Microsoft Defender Antivirus Scan options](images/gpedit-microsoft-defender-antivirus-scan.png) 2. In the **Scan** details pane on right, double-click the policy setting as specified in the following table: | Setting | Description | Default setting | |-----------------------------|------------------------|-------------------------------| - | Turn on heuristics | Heuristic protection will disable or block suspicious activity immediately before the Windows Defender Antivirus engine is asked to detect the activity. | Enabled | + | Turn on heuristics | Heuristic protection will disable or block suspicious activity immediately before the Microsoft Defender Antivirus engine is asked to detect the activity. | Enabled | 3. Configure the setting as appropriate, and click **OK**. 6. Close **Local Group Policy Editor**. @@ -98,7 +98,7 @@ To disable real-time protection in Group policy: 1. In your Windows 10 taskbar search box, type **gpedit**. 2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. -2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **Real-time Protection**. +2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Real-time Protection**. 3. In the **Real-time Protection** details pane on right, double-click **Turn off real-time protection**. ![Turn off real-time protection](images/gpedit-turn-off-real-time-protection.png) @@ -111,4 +111,4 @@ To disable real-time protection in Group policy: ## Related articles - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md index 23c2e484d3..f8ac6071ef 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Remediate and resolve infections detected by Windows Defender Antivirus -description: Configure what Windows Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder +title: Remediate and resolve infections detected by Microsoft Defender Antivirus +description: Configure what Microsoft Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder keywords: remediation, fix, remove, threats, quarantine, scan, restore search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -17,13 +17,13 @@ ms.reviewer: manager: dansimp --- -# Configure remediation for Windows Defender Antivirus scans +# Configure remediation for Microsoft Defender Antivirus scans **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -When Windows Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Windows Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats. +When Microsoft Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Microsoft Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats. This topic describes how to configure these settings with Group Policy, but you can also use [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#threat-overrides-settings) and [Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). @@ -39,7 +39,7 @@ To configure these settings: 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below. +3. Expand the tree to **Windows components > Microsoft Defender Antivirus** and then the **Location** specified in the table below. 4. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. @@ -47,26 +47,26 @@ Location | Setting | Description | Default setting (if not configured) ---|---|---|--- Scan | Create a system restore point | A system restore point will be created each day before cleaning or scanning is attempted | Disabled Scan | Turn on removal of items from scan history folder | Specify how many days items should be kept in the scan history | 30 days -Root | Turn off routine remediation | You can specify whether Windows Defender Antivirus automatically remediates threats, or if it should ask the endpoint user what to do. | Disabled (threats are remediated automatically) +Root | Turn off routine remediation | You can specify whether Microsoft Defender Antivirus automatically remediates threats, or if it should ask the endpoint user what to do. | Disabled (threats are remediated automatically) Quarantine | Configure removal of items from Quarantine folder | Specify how many days items should be kept in quarantine before being removed | Never removed -Threats | Specify threat alert levels at which default action should not be taken when detected | Every threat that is detected by Windows Defender Antivirus is assigned a threat level (low, medium, high, or severe). You can use this setting to define how all threats for each of the threat levels should be remediated (quarantined, removed, or ignored) | Not applicable +Threats | Specify threat alert levels at which default action should not be taken when detected | Every threat that is detected by Microsoft Defender Antivirus is assigned a threat level (low, medium, high, or severe). You can use this setting to define how all threats for each of the threat levels should be remediated (quarantined, removed, or ignored) | Not applicable Threats | Specify threats upon which default action should not be taken when detected | Specify how specific threats (using their threat ID) should be remediated. You can specify whether the specific threat should be quarantined, removed, or ignored | Not applicable > [!IMPORTANT] -> Windows Defender Antivirus detects and remediates files based on many factors. Sometimes, completing a remediation requires a reboot. Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additional remediation steps have been completed. +> Microsoft Defender Antivirus detects and remediates files based on many factors. Sometimes, completing a remediation requires a reboot. Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additional remediation steps have been completed. >

        -> If you are certain Windows Defender Antivirus quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. See [Restore quarantined files in Windows Defender Antivirus](restore-quarantined-files-microsoft-defender-antivirus.md). +> If you are certain Microsoft Defender Antivirus quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. See [Restore quarantined files in Microsoft Defender Antivirus](restore-quarantined-files-microsoft-defender-antivirus.md). >

        -> To avoid this problem in the future, you can exclude files from the scans. See [Configure and validate exclusions for Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md). +> To avoid this problem in the future, you can exclude files from the scans. See [Configure and validate exclusions for Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md). -Also see [Configure remediation-required scheduled full Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md#remed) for more remediation-related settings. +Also see [Configure remediation-required scheduled full Microsoft Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md#remed) for more remediation-related settings. ## Related topics -- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) -- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) +- [Configure Microsoft Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) +- [Configure scheduled Microsoft Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +- [Configure and run on-demand Microsoft Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) - [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) -- [Configure end-user Windows Defender Antivirus interaction](configure-end-user-interaction-microsoft-defender-antivirus.md) -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Configure end-user Microsoft Defender Antivirus interaction](configure-end-user-interaction-microsoft-defender-antivirus.md) +- [Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index 55f6eeec2a..91e8c046b2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -1,9 +1,9 @@ --- -title: Configure Windows Defender Antivirus exclusions on Windows Server 2016 or 2019 +title: Configure Microsoft Defender Antivirus exclusions on Windows Server 2016 or 2019 ms.reviewer: manager: dansimp description: Windows Servers 2016 and 2019 include automatic exclusions, based on server role. You can also add custom exclusions. -keywords: exclusions, server, auto-exclusions, automatic, custom, scans, Windows Defender Antivirus +keywords: exclusions, server, auto-exclusions, automatic, custom, scans, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -16,13 +16,13 @@ ms.author: deniseb ms.custom: nextgen --- -# Configure Windows Defender Antivirus exclusions on Windows Server +# Configure Microsoft Defender Antivirus exclusions on Windows Server **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). +Microsoft Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). > [!NOTE] > Automatic exclusions only apply to Real-time protection (RTP) scanning. Automatic exclusions are not honored during a Full/Quick or On-demand scan. @@ -39,7 +39,7 @@ In addition to server role-defined automatic exclusions, you can add or remove c - Custom and duplicate exclusions do not conflict with automatic exclusions. -- Windows Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools to determine which roles are installed on your computer. +- Microsoft Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools to determine which roles are installed on your computer. ## Opt out of automatic exclusions @@ -58,7 +58,7 @@ You can disable the automatic exclusion lists with Group Policy, PowerShell cmdl 2. In the **Group Policy Management Editor** go to **Computer configuration**, and then click **Administrative templates**. -3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Exclusions**. +3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Exclusions**. 4. Double-click **Turn off Auto Exclusions**, and set the option to **Enabled**. Then click **OK**. @@ -70,9 +70,9 @@ Use the following cmdlets: Set-MpPreference -DisableAutoExclusions $true ``` -[Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md). +[Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md). -[Use PowerShell with Windows Defender Antivirus](https://technet.microsoft.com/itpro/powershell/windows/defender/index). +[Use PowerShell with Microsoft Defender Antivirus](https://technet.microsoft.com/itpro/powershell/windows/defender/index). ### Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016 and 2019 @@ -400,12 +400,12 @@ This section lists the folder exclusions that are delivered automatically when y ## Related articles -- [Configure and validate exclusions for Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +- [Configure and validate exclusions for Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md index 667079e3a2..0a108f47da 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- title: Run and customize scheduled and on-demand scans -description: Customize and initiate Windows Defender Antivirus scans on endpoints across your network. -keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Windows Defender Antivirus +description: Customize and initiate Microsoft Defender Antivirus scans on endpoints across your network. +keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -17,21 +17,21 @@ ms.reviewer: manager: dansimp --- -# Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation +# Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Windows Defender Antivirus scans. +You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Microsoft Defender Antivirus scans. ## In this section Topic | Description ---|--- -[Configure and validate file, folder, and process-opened file exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) | You can exclude files (including files modified by specified processes) and folders from on-demand scans, scheduled scans, and always-on real-time protection monitoring and scanning -[Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) | You can configure Windows Defender Antivirus to include certain types of email storage files, back-up or reparse points, and archived files (such as .zip files) in scans. You can also enable network file scanning -[Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) | Configure what Windows Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder +[Configure and validate file, folder, and process-opened file exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) | You can exclude files (including files modified by specified processes) and folders from on-demand scans, scheduled scans, and always-on real-time protection monitoring and scanning +[Configure Microsoft Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) | You can configure Microsoft Defender Antivirus to include certain types of email storage files, back-up or reparse points, and archived files (such as .zip files) in scans. You can also enable network file scanning +[Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) | Configure what Microsoft Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) | Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans [Configure and run scans](run-scan-microsoft-defender-antivirus.md) | Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app [Review scan results](review-scan-results-microsoft-defender-antivirus.md) | Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md index 667079e3a2..0a108f47da 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md @@ -1,7 +1,7 @@ --- title: Run and customize scheduled and on-demand scans -description: Customize and initiate Windows Defender Antivirus scans on endpoints across your network. -keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Windows Defender Antivirus +description: Customize and initiate Microsoft Defender Antivirus scans on endpoints across your network. +keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -17,21 +17,21 @@ ms.reviewer: manager: dansimp --- -# Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation +# Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Windows Defender Antivirus scans. +You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Microsoft Defender Antivirus scans. ## In this section Topic | Description ---|--- -[Configure and validate file, folder, and process-opened file exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) | You can exclude files (including files modified by specified processes) and folders from on-demand scans, scheduled scans, and always-on real-time protection monitoring and scanning -[Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) | You can configure Windows Defender Antivirus to include certain types of email storage files, back-up or reparse points, and archived files (such as .zip files) in scans. You can also enable network file scanning -[Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) | Configure what Windows Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder +[Configure and validate file, folder, and process-opened file exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) | You can exclude files (including files modified by specified processes) and folders from on-demand scans, scheduled scans, and always-on real-time protection monitoring and scanning +[Configure Microsoft Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) | You can configure Microsoft Defender Antivirus to include certain types of email storage files, back-up or reparse points, and archived files (such as .zip files) in scans. You can also enable network file scanning +[Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) | Configure what Microsoft Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) | Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans [Configure and run scans](run-scan-microsoft-defender-antivirus.md) | Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app [Review scan results](review-scan-results-microsoft-defender-antivirus.md) | Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md index 8ac767f14a..b9406da6f4 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- -title: Deploy, manage, and report on Windows Defender Antivirus -description: You can deploy and manage Windows Defender Antivirus with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, or WMI -keywords: deploy, manage, update, protection, windows defender antivirus +title: Deploy, manage, and report on Microsoft Defender Antivirus +description: You can deploy and manage Microsoft Defender Antivirus with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, or WMI +keywords: deploy, manage, update, protection, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -17,40 +17,40 @@ ms.reviewer: manager: dansimp --- -# Deploy, manage, and report on Windows Defender Antivirus +# Deploy, manage, and report on Microsoft Defender Antivirus **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can deploy, manage, and report on Windows Defender Antivirus in a number of ways. +You can deploy, manage, and report on Microsoft Defender Antivirus in a number of ways. -Because the Windows Defender Antivirus client is installed as a core part of Windows 10, traditional deployment of a client to your endpoints does not apply. +Because the Microsoft Defender Antivirus client is installed as a core part of Windows 10, traditional deployment of a client to your endpoints does not apply. However, in most cases you will still need to enable the protection service on your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Azure Security Center, or Group Policy Objects, which is described in the following table. You'll also see additional links for: -- Managing Windows Defender Antivirus protection, including managing product and protection updates -- Reporting on Windows Defender Antivirus protection +- Managing Microsoft Defender Antivirus protection, including managing product and protection updates +- Reporting on Microsoft Defender Antivirus protection > [!IMPORTANT] -> In most cases, Windows 10 will disable Windows Defender Antivirus if it finds another antivirus product that is running and up-to-date. You must disable or uninstall third-party antivirus products before Windows Defender Antivirus will function. If you re-enable or install third-party antivirus products, then Windows 10 automatically disables Windows Defender Antivirus. +> In most cases, Windows 10 will disable Microsoft Defender Antivirus if it finds another antivirus product that is running and up-to-date. You must disable or uninstall third-party antivirus products before Microsoft Defender Antivirus will function. If you re-enable or install third-party antivirus products, then Windows 10 automatically disables Microsoft Defender Antivirus. Tool|Deployment options (2)|Management options (network-wide configuration and policy or baseline deployment) ([3](#fn3))|Reporting options ---|---|---|--- Microsoft Intune|[Add endpoint protection settings in Intune](https://docs.microsoft.com/intune/endpoint-protection-configure)|[Configure device restriction settings in Intune](https://docs.microsoft.com/intune/device-restrictions-configure)| [Use the Intune console to manage devices](https://docs.microsoft.com/intune/device-management) Microsoft Endpoint Configuration Manager ([1](#fn1))|Use the [Endpoint Protection point site system role][] and [enable Endpoint Protection with custom client settings][]|With [default and customized antimalware policies][] and [client management][]|With the default [Configuration Manager Monitoring workspace][] and [email alerts][] -Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Windows Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [Configure update options for Windows Defender Antivirus][] and [Configure Windows Defender features][]|Endpoint reporting is not available with Group Policy. You can generate a list of [Group Policies to determine if any settings or policies are not applied][] +Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Microsoft Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [Configure update options for Microsoft Defender Antivirus][] and [Configure Windows Defender features][]|Endpoint reporting is not available with Group Policy. You can generate a list of [Group Policies to determine if any settings or policies are not applied][] PowerShell|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference] and [Update-MpSignature] cmdlets available in the Defender module.|Use the appropriate [Get- cmdlets available in the Defender module][] Windows Management Instrumentation|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class][] and the [Update method of the MSFT_MpSignature class][]|Use the [MSFT_MpComputerStatus][] class and the get method of associated classes in the [Windows Defender WMIv2 Provider][] -Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Windows Defender Antivirus events][] and add that tool as an app in AAD. +Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Microsoft Defender Antivirus events][] and add that tool as an app in AAD. -1. The availability of some functions and features, especially related to cloud-delivered protection, differ between Microsoft Endpoint Configuration Manager (Current Branch) and System Center 2012 Configuration Manager. In this library, we've focused on Windows 10, Windows Server 2016, and Microsoft Endpoint Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2) +1. The availability of some functions and features, especially related to cloud-delivered protection, differ between Microsoft Endpoint Configuration Manager (Current Branch) and System Center 2012 Configuration Manager. In this library, we've focused on Windows 10, Windows Server 2016, and Microsoft Endpoint Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2) -2. In Windows 10, Windows Defender Antivirus is a component available without installation or deployment of an additional client or service. It will automatically be enabled when third-party antivirus products are either uninstalled or out of date ([except on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md)). Traditional deployment therefore is not required. Deployment here refers to ensuring the Windows Defender Antivirus component is available and enabled on endpoints or servers. [(Return to table)](#ref2) +2. In Windows 10, Microsoft Defender Antivirus is a component available without installation or deployment of an additional client or service. It will automatically be enabled when third-party antivirus products are either uninstalled or out of date ([except on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md)). Traditional deployment therefore is not required. Deployment here refers to ensuring the Microsoft Defender Antivirus component is available and enabled on endpoints or servers. [(Return to table)](#ref2) -3. Configuration of features and protection, including configuring product and protection updates, are further described in the [Configure Windows Defender Antivirus features](configure-notifications-microsoft-defender-antivirus.md) section in this library. [(Return to table)](#ref2) +3. Configuration of features and protection, including configuring product and protection updates, are further described in the [Configure Microsoft Defender Antivirus features](configure-notifications-microsoft-defender-antivirus.md) section in this library. [(Return to table)](#ref2) [Endpoint Protection point site system role]: https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-protection-site-role [default and customized antimalware policies]: https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies @@ -70,16 +70,16 @@ Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by [Set-MpPreference]: https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference.md [Update-MpSignature]: https://technet.microsoft.com/itpro/powershell/windows/defender/update-mpsignature [Get- cmdlets available in the Defender module]: https://technet.microsoft.com/itpro/powershell/windows/defender/index -[Configure update options for Windows Defender Antivirus]: manage-updates-baselines-microsoft-defender-antivirus.md +[Configure update options for Microsoft Defender Antivirus]: manage-updates-baselines-microsoft-defender-antivirus.md [Configure Windows Defender features]: configure-microsoft-defender-antivirus-features.md [Group Policies to determine if any settings or policies are not applied]: https://technet.microsoft.com/library/cc771389.aspx [Possibly infected devices]: https://docs.microsoft.com/azure/active-directory/active-directory-reporting-sign-ins-from-possibly-infected-devices -[Windows Defender Antivirus events]: troubleshoot-microsoft-defender-antivirus.md +[Microsoft Defender Antivirus events]: troubleshoot-microsoft-defender-antivirus.md ## In this section Topic | Description ---|--- -[Deploy and enable Windows Defender Antivirus protection](deploy-microsoft-defender-antivirus.md) | While the client is installed as a core part of Windows 10, and traditional deployment does not apply, you will still need to enable the client on your endpoints with Microsoft Endpoint Configuration Manager, Microsoft Intune, or Group Policy Objects. -[Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) | There are two parts to updating Windows Defender Antivirus: updating the client on endpoints (product updates), and updating Security intelligence (protection updates). You can update Security intelligence in a number of ways, using Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, and WMI. -[Monitor and report on Windows Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) | You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, the Update Compliance add-in for Microsoft Operations Management Suite, or a third-party SIEM product (by consuming Windows event logs) to monitor protection status and create reports about endpoint protection. +[Deploy and enable Microsoft Defender Antivirus protection](deploy-microsoft-defender-antivirus.md) | While the client is installed as a core part of Windows 10, and traditional deployment does not apply, you will still need to enable the client on your endpoints with Microsoft Endpoint Configuration Manager, Microsoft Intune, or Group Policy Objects. +[Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) | There are two parts to updating Microsoft Defender Antivirus: updating the client on endpoints (product updates), and updating Security intelligence (protection updates). You can update Security intelligence in a number of ways, using Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, and WMI. +[Monitor and report on Microsoft Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) | You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, the Update Compliance add-in for Microsoft Operations Management Suite, or a third-party SIEM product (by consuming Windows event logs) to monitor protection status and create reports about endpoint protection. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md index 40376869e2..6e0bb71ecc 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- -title: Deploy and enable Windows Defender Antivirus -description: Deploy Windows Defender Antivirus for protection of your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or WMI. -keywords: deploy, enable, Windows Defender Antivirus +title: Deploy and enable Microsoft Defender Antivirus +description: Deploy Microsoft Defender Antivirus for protection of your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or WMI. +keywords: deploy, enable, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -17,22 +17,22 @@ ms.reviewer: manager: dansimp --- -# Deploy and enable Windows Defender Antivirus +# Deploy and enable Microsoft Defender Antivirus **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Depending on the management tool you are using, you may need to specifically enable or configure Windows Defender Antivirus protection. +Depending on the management tool you are using, you may need to specifically enable or configure Microsoft Defender Antivirus protection. -See the table in [Deploy, manage, and report on Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md#ref2) for instructions on how to enable protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, Active Directory, Microsoft Azure, PowerShell cmdlets, and Windows Management Instruction (WMI). +See the table in [Deploy, manage, and report on Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md#ref2) for instructions on how to enable protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, Active Directory, Microsoft Azure, PowerShell cmdlets, and Windows Management Instruction (WMI). -Some scenarios require additional guidance on how to successfully deploy or configure Windows Defender Antivirus protection, such as Virtual Desktop Infrastructure (VDI) environments. +Some scenarios require additional guidance on how to successfully deploy or configure Microsoft Defender Antivirus protection, such as Virtual Desktop Infrastructure (VDI) environments. -The remaining topic in this section provides end-to-end advice and best practices for [setting up Windows Defender Antivirus on virtual machines (VMs) in a VDI or Remote Desktop Services (RDS) environment](deployment-vdi-microsoft-defender-antivirus.md). +The remaining topic in this section provides end-to-end advice and best practices for [setting up Microsoft Defender Antivirus on virtual machines (VMs) in a VDI or Remote Desktop Services (RDS) environment](deployment-vdi-microsoft-defender-antivirus.md). ## Related topics -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) -- [Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Deploy, manage updates, and report on Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Deployment guide for Microsoft Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index feff8fbcae..096a6816cb 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Windows Defender Antivirus Virtual Desktop Infrastructure deployment guide -description: Learn how to deploy Windows Defender Antivirus in a virtual desktop environment for the best balance between protection and performance. +title: Microsoft Defender Antivirus Virtual Desktop Infrastructure deployment guide +description: Learn how to deploy Microsoft Defender Antivirus in a virtual desktop environment for the best balance between protection and performance. keywords: vdi, hyper-v, vm, virtual machine, windows defender, antivirus, av, virtual desktop, rds, remote desktop search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -17,13 +17,13 @@ ms.reviewer: manager: dansimp --- -# Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment +# Deployment guide for Microsoft Defender Antivirus in a virtual desktop infrastructure (VDI) environment **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -In addition to standard on-premises or hardware configurations, you can also use Windows Defender Antivirus in a remote desktop (RDS) or virtual desktop infrastructure (VDI) environment. +In addition to standard on-premises or hardware configurations, you can also use Microsoft Defender Antivirus in a remote desktop (RDS) or virtual desktop infrastructure (VDI) environment. See [Windows Virtual Desktop Documentation](https://docs.microsoft.com/azure/virtual-desktop) for more details on Microsoft Remote Desktop Services and VDI support. @@ -41,7 +41,7 @@ This guide describes how to configure your VMs for optimal protection and perfor - [Scan out-of-date machines or machines that have been offline for a while](#scan-vms-that-have-been-offline) - [Apply exclusions](#exclusions) -You can also download the whitepaper [Windows Defender Antivirus on Virtual Desktop Infrastructure](https://demo.wd.microsoft.com/Content/wdav-testing-vdi-ssu.pdf), which looks at the new shared security intelligence update feature, alongside performance testing and guidance on how you can test antivirus performance on your own VDI. +You can also download the whitepaper [Microsoft Defender Antivirus on Virtual Desktop Infrastructure](https://demo.wd.microsoft.com/Content/wdav-testing-vdi-ssu.pdf), which looks at the new shared security intelligence update feature, alongside performance testing and guidance on how you can test antivirus performance on your own VDI. > [!IMPORTANT] > Although the VDI can be hosted on Windows Server 2012 or Windows Server 2016, the virtual machines (VMs) should be running Windows 10, 1607 at a minimum, due to increased protection technologies and features that are unavailable in earlier versions of Windows.
        There are performance and feature improvements to the way in which Windows Defender AV operates on virtual machines in Windows 10 Insider Preview, build 18323 (and later). We'll identify in this guide if you need to be using an Insider Preview build; if it isn't specified, then the minimum required version for the best protection and performance is Windows 10 1607. @@ -116,7 +116,7 @@ The profile will now be deployed to the impacted devices. This may take some tim 3. Click **Administrative templates**. -4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Security Intelligence Updates**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Security Intelligence Updates**. 5. Double-click **Define security intelligence location for VDI clients**, and then set the option to **Enabled**. A field automatically appears. @@ -211,7 +211,7 @@ Quick scans are the preferred approach as they are designed to look in all place ### Prevent notifications -Sometimes, Windows Defender Antivirus notifications may be sent to or persist across multiple sessions. In order to minimize this problem, you can use the lock down the Windows Defender Antivirus user interface. +Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist across multiple sessions. In order to minimize this problem, you can use the lock down the Microsoft Defender Antivirus user interface. 1. Expand the tree to **Windows components > Windows Defender > Client Interface**. @@ -257,7 +257,7 @@ This hides the entire Windows Defender AV user interface from users. ### Exclusions -On Windows Server 2016, Windows Defender Antivirus will automatically deliver the right exclusions for servers running a VDI environment. However, if you are running an older Windows server version, see [Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus). +On Windows Server 2016, Microsoft Defender Antivirus will automatically deliver the right exclusions for servers running a VDI environment. However, if you are running an older Windows server version, see [Configure Microsoft Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus). ## Additional resources diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md index 7d26faad20..1da72d8f0c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- -title: Block potentially unwanted applications with Windows Defender Antivirus +title: Block potentially unwanted applications with Microsoft Defender Antivirus description: Enable the potentially unwanted application (PUA) antivirus feature to block unwanted software such as adware. -keywords: pua, enable, unwanted software, unwanted apps, adware, browser toolbar, detect, block, Windows Defender Antivirus +keywords: pua, enable, unwanted software, unwanted apps, adware, browser toolbar, detect, block, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -64,20 +64,20 @@ Defender SmartScreen available, including [one for blocking PUA](https://docs.mi Although Microsoft Defender ATP has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender ATP portal, Windows Defender SmartScreen will respect the new settings. -### Windows Defender Antivirus +### Microsoft Defender Antivirus -The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can detect and block PUAs on endpoints in your network. +The potentially unwanted application (PUA) protection feature in Microsoft Defender Antivirus can detect and block PUAs on endpoints in your network. > [!NOTE] > This feature is only available in Windows 10. -Windows Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. +Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. -When a PUA file is detected on an endpoint, Windows Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification will be prefaced with _PUA:_ to indicate its content. +When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification will be prefaced with _PUA:_ to indicate its content. The notification appears in the usual [quarantine list within the Windows Security app](windows-defender-security-center-antivirus.md#detection-history). -#### Configure PUA protection in Windows Defender Antivirus +#### Configure PUA protection in Microsoft Defender Antivirus You can enable PUA protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, or via PowerShell cmdlets. @@ -90,7 +90,7 @@ PUA audit mode is useful if your company is conducting an internal software secu ##### Use Intune to configure PUA protection -See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. +See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. ##### Use Configuration Manager to configure PUA protection @@ -101,7 +101,7 @@ See [How to create and deploy antimalware policies: Scheduled scans settings](ht For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unwanted Application Protection Policy for Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508770.aspx#BKMK_PUA). > [!NOTE] -> PUA events blocked by Windows Defender Antivirus are reported in the Windows Event Viewer and not in Microsoft Endpoint Configuration Manager. +> PUA events blocked by Microsoft Defender Antivirus are reported in the Windows Event Viewer and not in Microsoft Endpoint Configuration Manager. ##### Use Group Policy to configure PUA protection @@ -109,7 +109,7 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw 2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus**. +3. Expand the tree to **Windows components > Microsoft Defender Antivirus**. 4. Double-click **Configure protection for potentially unwanted applications**. @@ -142,7 +142,7 @@ Set-MpPreference -PUAProtection disable ``` Setting the value for this cmdlet to `Disabled` will turn the feature off if it has been enabled. -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. #### View PUA events @@ -150,11 +150,11 @@ PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoi You can turn on email notifications to receive mail about PUA detections. -See [Troubleshoot event IDs](troubleshoot-microsoft-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID **1160**. +See [Troubleshoot event IDs](troubleshoot-microsoft-defender-antivirus.md) for details on viewing Microsoft Defender Antivirus events. PUA events are recorded under event ID **1160**. #### Allow-listing apps -Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed. See [How to Configure Endpoint Protection in Configuration Manager](https://docs.microsoft.com/previous-versions/system-center/system-center-2012-R2/hh508770(v=technet.10)#to-exclude-specific-files-or-folders) for information on allowing files which are currently blocked by PUA protection in Windows Defender Antivirus. +Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed. See [How to Configure Endpoint Protection in Configuration Manager](https://docs.microsoft.com/previous-versions/system-center/system-center-2012-R2/hh508770(v=technet.10)#to-exclude-specific-files-or-folders) for information on allowing files which are currently blocked by PUA protection in Microsoft Defender Antivirus. ## Related articles diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md index 3a601da908..69f126b8f8 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- -title: Enable cloud-delivered protection in Windows Defender Antivirus +title: Enable cloud-delivered protection in Microsoft Defender Antivirus description: Enable cloud-delivered protection to benefit from fast and advanced protection features. -keywords: windows defender antivirus, antimalware, security, cloud, block at first sight +keywords: Microsoft Defender Antivirus, antimalware, security, cloud, block at first sight search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -23,14 +23,14 @@ ms.custom: nextgen - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!NOTE] -> The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. +> The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. -Windows Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). +Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). ![List of Windows Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) -You can enable or disable Windows Defender Antivirus cloud-delivered protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. +You can enable or disable Microsoft Defender Antivirus cloud-delivered protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. -See [Use Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for an overview of Windows Defender Antivirus cloud-delivered protection. +See [Use Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for an overview of Microsoft Defender Antivirus cloud-delivered protection. There are specific network-connectivity requirements to ensure your endpoints can connect to the cloud-delivered protection service. See [Configure and validate network connections](configure-network-connections-microsoft-defender-antivirus.md) for more details. @@ -42,7 +42,7 @@ There are specific network-connectivity requirements to ensure your endpoints ca 1. Sign in to the [Azure portal](https://portal.azure.com). 2. Select **All services > Intune**. 3. In the **Intune** pane, select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). -4. Select **Properties**, select **Settings: Configure**, and then select **Windows Defender Antivirus**. +4. Select **Properties**, select **Settings: Configure**, and then select **Microsoft Defender Antivirus**. 5. On the **Cloud-delivered protection** switch, select **Enable**. 6. In the **Prompt users before sample submission** dropdown, select **Send all data without prompting**. 7. In the **Submit samples consent** dropdown, select one of the following: @@ -56,7 +56,7 @@ There are specific network-connectivity requirements to ensure your endpoints ca > [!WARNING] > Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work. -8. Click **OK** to exit the **Windows Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile. +8. Click **OK** to exit the **Microsoft Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile. For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles) @@ -72,7 +72,7 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht 3. Select **Administrative templates**. -4. Expand the tree to **Windows components > Windows Defender Antivirus > MAPS** +4. Expand the tree to **Windows components > Microsoft Defender Antivirus > MAPS** 5. Double-click **Join Microsoft MAPS**. Ensure the option is enabled and set to **Basic MAPS** or **Advanced MAPS**. Select **OK**. @@ -98,7 +98,7 @@ Set-MpPreference -MAPSReporting Advanced Set-MpPreference -SubmitSamplesConsent SendAllSamples ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. [Policy CSP - Defender](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) also has more information specifically on [-SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Microsoft Defender Antivirus. [Policy CSP - Defender](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) also has more information specifically on [-SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). >[!NOTE] > You can also set **-SubmitSamplesConsent** to `SendSafeSamples` (the default setting), `NeverSend`, or `AlwaysPrompt`. The `SendSafeSamples` setting means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation. @@ -139,9 +139,9 @@ See the following for more information and allowed parameters: - [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) - [Configure block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) -- [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) +- [Use PowerShell cmdlets to manage Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) - [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)] - [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) -- [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) +- [Utilize Microsoft cloud-delivered protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) - [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md index 17c7fe34c1..1c2dec92b5 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- -title: Evaluate Windows Defender Antivirus -description: Businesses of all sizes can use this guide to evaluate and test the protection offered by Windows Defender Antivirus in Windows 10. -keywords: windows defender antivirus, cloud protection, cloud, antimalware, security, defender, evaluate, test, protection, compare, real-time protection +title: Evaluate Microsoft Defender Antivirus +description: Businesses of all sizes can use this guide to evaluate and test the protection offered by Microsoft Defender Antivirus in Windows 10. +keywords: Microsoft Defender Antivirus, cloud protection, cloud, antimalware, security, defender, evaluate, test, protection, compare, real-time protection search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -17,13 +17,13 @@ ms.reviewer: manager: dansimp --- -# Evaluate Windows Defender Antivirus +# Evaluate Microsoft Defender Antivirus **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Use this guide to determine how well Windows Defender Antivirus protects you from viruses, malware, and potentially unwanted applications. +Use this guide to determine how well Microsoft Defender Antivirus protects you from viruses, malware, and potentially unwanted applications. >[!TIP] >You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working and see how they work: @@ -31,7 +31,7 @@ Use this guide to determine how well Windows Defender Antivirus protects you fro >- Fast learning (including Block at first sight) >- Potentially unwanted application blocking -It explains the important next generation protection features of Windows Defender Antivirus available for both small and large enterprises, and how they increase malware detection and protection across your network. +It explains the important next generation protection features of Microsoft Defender Antivirus available for both small and large enterprises, and how they increase malware detection and protection across your network. You can choose to configure and evaluate each setting independently, or all at once. We have grouped similar settings based upon typical evaluation scenarios, and include instructions for using PowerShell to enable the settings. @@ -44,11 +44,11 @@ You can also download a PowerShell that will enable all the settings described i - [Download the PowerShell script to automatically configure the settings](https://www.powershellgallery.com/packages/WindowsDefender_InternalEvaluationSettings) > [!IMPORTANT] -> The guide is currently intended for single-machine evaluation of Windows Defender Antivirus. Enabling all of the settings in this guide may not be suitable for real-world deployment. +> The guide is currently intended for single-machine evaluation of Microsoft Defender Antivirus. Enabling all of the settings in this guide may not be suitable for real-world deployment. > -> For the latest recommendations for real-world deployment and monitoring of Windows Defender Antivirus across a network, see [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md). +> For the latest recommendations for real-world deployment and monitoring of Microsoft Defender Antivirus across a network, see [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md). ## Related topics -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md index e3574b62a7..8e83b95ad4 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Enable the limited periodic Windows Defender Antivirus scanning feature -description: Limited periodic scanning lets you use Windows Defender Antivirus in addition to your other installed AV providers +title: Enable the limited periodic Microsoft Defender Antivirus scanning feature +description: Limited periodic scanning lets you use Microsoft Defender Antivirus in addition to your other installed AV providers keywords: lps, limited, periodic, scan, scanning, compatibility, 3rd party, other av, disable search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -19,7 +19,7 @@ manager: dansimp -# Use limited periodic scanning in Windows Defender Antivirus +# Use limited periodic scanning in Microsoft Defender Antivirus **Applies to:** @@ -27,31 +27,31 @@ manager: dansimp Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device. -It can only be enabled in certain situations. For more information about limited periodic scanning and how Microsoft Defender Antivirus works with other antivirus products, see [Windows Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md). +It can only be enabled in certain situations. For more information about limited periodic scanning and how Microsoft Defender Antivirus works with other antivirus products, see [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md). -**Microsoft does not recommend using this feature in enterprise environments. This is a feature primarily intended for consumers.** This feature only uses a limited subset of the Windows Defender Antivirus capabilities to detect malware, and will not be able to detect most malware and potentially unwanted software. Also, management and reporting capabilities will be limited. Microsoft recommends enterprises choose their primary antivirus solution and use it exclusively. +**Microsoft does not recommend using this feature in enterprise environments. This is a feature primarily intended for consumers.** This feature only uses a limited subset of the Microsoft Defender Antivirus capabilities to detect malware, and will not be able to detect most malware and potentially unwanted software. Also, management and reporting capabilities will be limited. Microsoft recommends enterprises choose their primary antivirus solution and use it exclusively. ## How to enable limited periodic scanning -By default, Windows Defender Antivirus will enable itself on a Windows 10 device if there is no other antivirus product installed, or if the other product is out-of-date, expired, or not working correctly. +By default, Microsoft Defender Antivirus will enable itself on a Windows 10 device if there is no other antivirus product installed, or if the other product is out-of-date, expired, or not working correctly. -If Windows Defender Antivirus is enabled, the usual options will appear to configure it on that device: +If Microsoft Defender Antivirus is enabled, the usual options will appear to configure it on that device: ![Windows Security app showing Windows Defender AV options, including scan options, settings, and update options](images/vtp-wdav.png) -If another antivirus product is installed and working correctly, Windows Defender Antivirus will disable itself. The Windows Security app will change the **Virus & threat protection** section to show status about the AV product, and provide a link to the product's configuration options: +If another antivirus product is installed and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the **Virus & threat protection** section to show status about the AV product, and provide a link to the product's configuration options: ![Windows Security app showing ContosoAV as the installed and running antivirus provider. There is a single link to open ContosoAV settings.](images/vtp-3ps.png) -Underneath any third party AV products, a new link will appear as **Windows Defender Antivirus options**. Clicking this link will expand to show the toggle that enables limited periodic scanning. +Underneath any third party AV products, a new link will appear as **Microsoft Defender Antivirus options**. Clicking this link will expand to show the toggle that enables limited periodic scanning. ![The limited periodic option is a toggle to enable or disable **periodic scanning**](images/vtp-3ps-lps.png) Sliding the switch to **On** will show the standard Windows Defender AV options underneath the third party AV product. The limited periodic scanning option will appear at the bottom of the page. -![When enabled, periodic scanning shows the normal Windows Defender Antivirus options](images/vtp-3ps-lps-on.png) +![When enabled, periodic scanning shows the normal Microsoft Defender Antivirus options](images/vtp-3ps-lps-on.png) ## Related articles - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md index b09fc546f2..6f5db8d1e5 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Apply Windows Defender Antivirus updates after certain events -description: Manage how Windows Defender Antivirus applies security intelligence updates after startup or receiving cloud-delivered detection reports. +title: Apply Microsoft Defender Antivirus updates after certain events +description: Manage how Microsoft Defender Antivirus applies security intelligence updates after startup or receiving cloud-delivered detection reports. keywords: updates, protection, force updates, events, startup, check for latest, notifications search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -23,11 +23,11 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service. +Microsoft Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service. ## Check for protection updates before running a scan -You can use Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, and WMI to force Windows Defender Antivirus to check and download protection updates before running a scheduled scan. +You can use Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, and WMI to force Microsoft Defender Antivirus to check and download protection updates before running a scheduled scan. ### Use Configuration Manager to check for protection updates before running a scan @@ -47,7 +47,7 @@ You can use Microsoft Endpoint Configuration Manager, Group Policy, PowerShell c 3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Scan**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Scan**. 5. Double-click **Check for the latest virus and spyware definitions before running a scheduled scan** and set the option to **Enabled**. @@ -61,7 +61,7 @@ Use the following cmdlets: Set-MpPreference -CheckForSignaturesBeforeRunningScan ``` -For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index). +For more information, see [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index). ### Use Windows Management Instruction (WMI) to check for protection updates before running a scan @@ -75,7 +75,7 @@ For more information, see [Windows Defender WMIv2 APIs](https://docs.microsoft.c ## Check for protection updates on startup -You can use Group Policy to force Windows Defender Antivirus to check and download protection updates when the machine is started. +You can use Group Policy to force Microsoft Defender Antivirus to check and download protection updates when the machine is started. 1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**. @@ -83,15 +83,15 @@ You can use Group Policy to force Windows Defender Antivirus to check and downlo 3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Signature Updates**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**. 5. Double-click **Check for the latest virus and spyware definitions on startup** and set the option to **Enabled**. 6. Click **OK**. -You can also use Group Policy, PowerShell, or WMI to configure Windows Defender Antivirus to check for updates at startup even when it is not running. +You can also use Group Policy, PowerShell, or WMI to configure Microsoft Defender Antivirus to check for updates at startup even when it is not running. -### Use Group Policy to download updates when Windows Defender Antivirus is not present +### Use Group Policy to download updates when Microsoft Defender Antivirus is not present 1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**. @@ -99,13 +99,13 @@ You can also use Group Policy, PowerShell, or WMI to configure Windows Defender 3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Security Intelligence Updates**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Security Intelligence Updates**. 5. Double-click **Initiate security intelligence update on startup** and set the option to **Enabled**. 6. Click **OK**. -### Use PowerShell cmdlets to download updates when Windows Defender Antivirus is not present +### Use PowerShell cmdlets to download updates when Microsoft Defender Antivirus is not present Use the following cmdlets: @@ -113,9 +113,9 @@ Use the following cmdlets: Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine ``` -For more information, see [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +For more information, see [Use PowerShell cmdlets to manage Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. -### Use Windows Management Instruction (WMI) to download updates when Windows Defender Antivirus is not present +### Use Windows Management Instruction (WMI) to download updates when Microsoft Defender Antivirus is not present Use the [**Set** method of the **MSFT_MpPreference**](https://docs.microsoft.com/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)) class for the following properties: @@ -141,7 +141,7 @@ If you have enabled cloud-delivered protection, Windows Defender AV will send fi 3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Signature Updates**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**. 5. Double-click **Allow real-time security intelligence updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Then click **OK**. @@ -152,9 +152,9 @@ If you have enabled cloud-delivered protection, Windows Defender AV will send fi ## Related articles -- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) - [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) - [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) - [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md index 28b6b7c54d..6d5ec2c418 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md @@ -17,21 +17,21 @@ ms.reviewer: manager: dansimp --- -# Manage Windows Defender Antivirus updates and scans for endpoints that are out of date +# Manage Microsoft Defender Antivirus updates and scans for endpoints that are out of date **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis. +Microsoft Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis. For example, an employee that uses a particular PC is on break for three days and does not log on to their PC during that time. -When the user returns to work and logs on to their PC, Windows Defender Antivirus will immediately check and download the latest protection updates, and run a scan. +When the user returns to work and logs on to their PC, Microsoft Defender Antivirus will immediately check and download the latest protection updates, and run a scan. ## Set up catch-up protection updates for endpoints that haven't updated for a while -If Windows Defender Antivirus did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. This is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-microsoft-defender-antivirus.md). +If Microsoft Defender Antivirus did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. This is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-microsoft-defender-antivirus.md). ### Use Configuration Manager to configure catch-up protection updates @@ -54,7 +54,7 @@ If Windows Defender Antivirus did not download protection updates for a specifie 3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**. +4. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates**. 5. Double-click the **Define the number of days after which a catch-up security intelligence update is required** setting and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to check for and download the latest protection update. @@ -68,7 +68,7 @@ Use the following cmdlets: Set-MpPreference -SignatureUpdateCatchupInterval ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Microsoft Defender Antivirus. ### Use Windows Management Instruction (WMI) to configure catch-up protection updates @@ -84,7 +84,7 @@ See the following for more information and allowed parameters: ## Set the number of days before protection is reported as out-of-date -You can also specify the number of days after which Windows Defender Antivirus protection is considered old or out-of-date. After the specified number of days, the client will report itself as out-of-date, and show an error to the user of the PC. It may also cause Windows Defender Antivirus to attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-microsoft-defender-antivirus.md#fallback-order)), such as when using MMPC as a secondary source after setting WSUS or Microsoft Update as the first source. +You can also specify the number of days after which Microsoft Defender Antivirus protection is considered old or out-of-date. After the specified number of days, the client will report itself as out-of-date, and show an error to the user of the PC. It may also cause Microsoft Defender Antivirus to attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-microsoft-defender-antivirus.md#fallback-order)), such as when using MMPC as a secondary source after setting WSUS or Microsoft Update as the first source. ### Use Group Policy to specify the number of days before protection is considered out-of-date @@ -94,7 +94,7 @@ You can also specify the number of days after which Windows Defender Antivirus p 4. Click **Policies** then **Administrative templates**. -5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following settings: +5. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates** and configure the following settings: 1. Double-click **Define the number of days before spyware definitions are considered out of date** and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to consider spyware Security intelligence to be out-of-date. @@ -107,7 +107,7 @@ You can also specify the number of days after which Windows Defender Antivirus p ## Set up catch-up scans for endpoints that have not been scanned for a while -You can set the number of consecutive scheduled scans that can be missed before Windows Defender Antivirus will force a scan. +You can set the number of consecutive scheduled scans that can be missed before Microsoft Defender Antivirus will force a scan. The process for enabling this feature is: @@ -127,7 +127,7 @@ This feature can be enabled for both full and quick scans. 4. Click **Policies** then **Administrative templates**. -5. Expand the tree to **Windows components > Windows Defender Antivirus > Scan** and configure the following settings: +5. Expand the tree to **Windows components > Microsoft Defender Antivirus > Scan** and configure the following settings: 1. If you have set up scheduled quick scans, double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**. 2. If you have set up scheduled full scans, double-click the **Turn on catch-up full scan** setting and set the option to **Enabled**. Click **OK**. @@ -147,7 +147,7 @@ Set-MpPreference -DisableCatchupQuickScan ``` -See [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to manage Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Microsoft Defender Antivirus. ### Use Windows Management Instruction (WMI) to configure catch-up scans @@ -174,9 +174,9 @@ See the following for more information and allowed parameters: ## Related articles -- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) - [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) - [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) - [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md index b5acbf81a1..5ba75a3387 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Schedule Windows Defender Antivirus protection updates +title: Schedule Microsoft Defender Antivirus protection updates description: Schedule the day, time, and interval for when protection updates should be downloaded keywords: updates, security baselines, schedule updates search.product: eADQiWindows 10XVcnh @@ -24,7 +24,7 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Antivirus lets you determine when it should look for and download updates. +Microsoft Defender Antivirus lets you determine when it should look for and download updates. You can schedule updates for your endpoints by: @@ -51,7 +51,7 @@ You can also randomize the times when each endpoint checks and downloads protect ## Use Group Policy to schedule protection updates > [!IMPORTANT] -> By default, Windows Defender Antivirus will check for an update 15 minutes before the time of any scheduled scans. Enabling these settings will override that default. +> By default, Microsoft Defender Antivirus will check for an update 15 minutes before the time of any scheduled scans. Enabling these settings will override that default. 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. @@ -59,7 +59,7 @@ You can also randomize the times when each endpoint checks and downloads protect 4. Click **Policies** then **Administrative templates**. -5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following settings: +5. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates** and configure the following settings: 1. Double-click the **Specify the interval to check for security intelligence updates** setting and set the option to **Enabled**. Enter the number of hours between updates. Click **OK**. 2. Double-click the **Specify the day of the week to check for security intelligence updates** setting and set the option to **Enabled**. Enter the day of the week to check for updates. Click **OK**. @@ -76,7 +76,7 @@ Set-MpPreference -SignatureScheduleTime Set-MpPreference -SignatureUpdateInterval ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Microsoft Defender Antivirus. ## Use Windows Management Instruction (WMI) to schedule protection updates @@ -94,12 +94,12 @@ See the following for more information and allowed parameters: ## Related articles -- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) - [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) - [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) - [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index 9ae6e8d7e1..d3a6243859 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Manage how and where Windows Defender AV receives updates -description: Manage the fallback order for how Windows Defender Antivirus receives protection updates. +description: Manage the fallback order for how Microsoft Defender Antivirus receives protection updates. keywords: updates, security baselines, protection, fallback order, ADL, MMPC, UNC, file path, share, wsus search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -16,7 +16,7 @@ manager: dansimp ms.custom: nextgen --- -# Manage the sources for Windows Defender Antivirus protection updates +# Manage the sources for Microsoft Defender Antivirus protection updates **Applies to:** @@ -25,11 +25,11 @@ ms.custom: nextgen -Keeping your antivirus protection up to date is critical. There are two components to managing protection updates for Windows Defender Antivirus: +Keeping your antivirus protection up to date is critical. There are two components to managing protection updates for Microsoft Defender Antivirus: - *Where* the updates are downloaded from; and - *When* updates are downloaded and applied. -This article describes how to specify from where updates should be downloaded (this is also known as the fallback order). See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) topic for an overview on how updates work, and how to configure other aspects of updates (such as scheduling updates). +This article describes how to specify from where updates should be downloaded (this is also known as the fallback order). See [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) topic for an overview on how updates work, and how to configure other aspects of updates (such as scheduling updates). > [!IMPORTANT] > Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update and starting Monday, October 21, 2019, all security intelligence updates will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to update your security intelligence. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). @@ -53,7 +53,7 @@ There are five locations where you can specify where an endpoint should obtain u - [Windows Server Update Service](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) - [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/servers/manage/updates) - [Network file share](https://docs.microsoft.com/windows-server/storage/nfs/nfs-overview) -- [Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates) (Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.) +- [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates) (Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.) To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads. @@ -70,7 +70,7 @@ Each source has typical scenarios that depend on how your network is configured, |Microsoft Update | You want your endpoints to connect directly to Microsoft Update. This can be useful for endpoints that irregularly connect to your enterprise network, or if you do not use Windows Server Update Service to manage your updates.| |File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-microsoft-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.| |Microsoft Endpoint Configuration Manager | You are using Microsoft Endpoint Configuration Manager to update your endpoints.| -|Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware (formerly referred to as MMPC) |[Make sure your devices are updated to support SHA-2](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update, and starting Monday October 21, 2019 security intelligence updates will be SHA-2 signed exclusively.
        Download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-microsoft-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from Windows Server Update Service or Microsoft Update for [a specified number of days](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).| +|Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware (formerly referred to as MMPC) |[Make sure your devices are updated to support SHA-2](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update, and starting Monday October 21, 2019 security intelligence updates will be SHA-2 signed exclusively.
        Download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-microsoft-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from Windows Server Update Service or Microsoft Update for [a specified number of days](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).| You can manage the order in which update sources are used with Group Policy, Microsoft Endpoint Configuration Manager, PowerShell cmdlets, and WMI. @@ -104,8 +104,8 @@ The procedures in this article first describe how to set the order, and then how 6. Click **OK**. This will set the order of file shares when that source is referenced in the **Define the order of sources...** group policy setting. > [!NOTE] -> For Windows 10, versions 1703 up to and including 1809, the policy path is **Windows Components > Windows Defender Antivirus > Signature Updates** -> For Windows 10, version 1903, the policy path is **Windows Components > Windows Defender Antivirus > Security Intelligence Updates** +> For Windows 10, versions 1703 up to and including 1809, the policy path is **Windows Components > Microsoft Defender Antivirus > Signature Updates** +> For Windows 10, version 1903, the policy path is **Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates** ## Use Configuration Manager to manage the update location @@ -123,7 +123,7 @@ Set-MpPreference -SignatureDefinitionUpdateFileSharesSource {\\UNC SHARE PATH|\\ See the following articles for more information: - [Set-MpPreference -SignatureFallbackOrder](https://docs.microsoft.com/powershell/module/defender/set-mppreference) - [Set-MpPreference -SignatureDefinitionUpdateFileSharesSource](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference#-signaturedefinitionupdatefilesharessources) -- [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) +- [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) - [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) ## Use Windows Management Instruction (WMI) to manage the update location @@ -144,19 +144,19 @@ See [Policy CSP - Defender/SignatureUpdateFallbackOrder](https://docs.microsoft. ## What if we're using a third-party vendor? -This article describes how to configure and manage updates for Windows Defender Antivirus. However, third-party vendors can be used to perform these tasks. +This article describes how to configure and manage updates for Microsoft Defender Antivirus. However, third-party vendors can be used to perform these tasks. -For example, suppose that Contoso has hired Fabrikam to manage their security solution, which includes Windows Defender Antivirus. Fabrikam typically uses [Windows Management Instrumentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus), [PowerShell cmdlets](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus), or [Windows command-line](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) to deploy patches and updates. +For example, suppose that Contoso has hired Fabrikam to manage their security solution, which includes Microsoft Defender Antivirus. Fabrikam typically uses [Windows Management Instrumentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus), [PowerShell cmdlets](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus), or [Windows command-line](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) to deploy patches and updates. > [!NOTE] -> Microsoft does not test third-party solutions for managing Windows Defender Antivirus. +> Microsoft does not test third-party solutions for managing Microsoft Defender Antivirus. ## Related articles -- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) - [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) - [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) - [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 512f37cf0e..0e591bca8c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Manage Windows Defender Antivirus updates and apply baselines -description: Manage how Windows Defender Antivirus receives protection and product updates. +title: Manage Microsoft Defender Antivirus updates and apply baselines +description: Manage how Microsoft Defender Antivirus receives protection and product updates. keywords: updates, security baselines, protection, schedule updates, force updates, mobile updates, wsus search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -16,35 +16,35 @@ ms.reviewer: manager: dansimp --- -# Manage Windows Defender Antivirus updates and apply baselines +# Manage Microsoft Defender Antivirus updates and apply baselines **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -There are two types of updates related to keeping Windows Defender Antivirus up to date: +There are two types of updates related to keeping Microsoft Defender Antivirus up to date: - Security intelligence updates - Product updates > [!IMPORTANT] -> Keeping Windows Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. -> This also applies to devices where Windows Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). +> Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. +> This also applies to devices where Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). ## Security intelligence updates -Windows Defender Antivirus uses [cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection. +Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection. -The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See the [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection. +The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See the [Utilize Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection. Engine updates are included with the security intelligence updates and are released on a monthly cadence. ## Product updates -Windows Defender Antivirus requires [monthly updates (KB4052623)](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as "platform updates"), and will receive major feature updates alongside Windows 10 releases. +Microsoft Defender Antivirus requires [monthly updates (KB4052623)](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as "platform updates"), and will receive major feature updates alongside Windows 10 releases. You can manage the distribution of updates through [Windows Server Update Service (WSUS)](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus), with [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/sum/understand/software-updates-introduction), or in the normal manner that you deploy Microsoft and Windows updates to endpoints in your network. -For more information, see [Manage the sources for Windows Defender Antivirus protection updates](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus). +For more information, see [Manage the sources for Microsoft Defender Antivirus protection updates](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus). > [!NOTE] > We release these monthly updates in phases. This results in multiple packages showing up in your WSUS server. @@ -100,7 +100,7 @@ No known issues * Improve notification for process blocking ### Known Issues -[**Fixed**] Windows Defender Antivirus is skipping files when running a scan. +[**Fixed**] Microsoft Defender Antivirus is skipping files when running a scan.
        @@ -171,7 +171,7 @@ No known issues
        -## Windows Defender Antivirus platform support +## Microsoft Defender Antivirus platform support As stated above, platform and engine updates are provided on a monthly cadence. Customers must stay current with the latest platform update to be fully supported. Our support structure is now dynamic, evolving into two phases depending on the availability of the latest platform version: @@ -186,7 +186,7 @@ Customers must stay current with the latest platform update to be fully supporte During the technical support (only) phase, commercially reasonable support incidents will be provided through Microsoft Customer Service & Support and Microsoft’s managed support offerings (such as Premier Support). If a support incident requires escalation to development for further guidance, requires a non-security update, or requires a security update, customers will be asked to upgrade to the latest platform version or an intermediate update (*). ### Platform version included with Windows 10 releases -The below table provides the Windows Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases: +The below table provides the Microsoft Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases: |Windows 10 release |Platform version |Engine version |Support phase | |-|-|-|-| diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index 3af5e8f3ae..81ba39a7cc 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -33,11 +33,11 @@ There are two settings that are particularly useful for these devices: The following topics may also be useful in these situations: - [Configuring scheduled and catch-up scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) - [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) -- [Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md) +- [Deployment guide for Microsoft Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md) ## Opt-in to Microsoft Update on mobile computers without a WSUS connection -You can use Microsoft Update to keep Security intelligence on mobile devices running Windows Defender Antivirus up to date when they are not connected to the corporate network or don't otherwise have a WSUS connection. +You can use Microsoft Update to keep Security intelligence on mobile devices running Microsoft Defender Antivirus up to date when they are not connected to the corporate network or don't otherwise have a WSUS connection. This means that protection updates can be delivered to devices (via Microsoft Update) even if you have set WSUS to override Microsoft Update. @@ -55,7 +55,7 @@ You can opt-in to Microsoft Update on the mobile device in one of the following 4. Click **Policies** then **Administrative templates**. -5. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Signature Updates**. +5. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**. 6. Double-click the **Allow security intelligence updates from Microsoft Update** setting and set the option to **Enabled**. Click **OK**. @@ -73,7 +73,7 @@ You can opt-in to Microsoft Update on the mobile device in one of the following ## Prevent Security intelligence updates when running on battery power -You can configure Windows Defender Antivirus to only download protection updates when the PC is connected to a wired power source. +You can configure Microsoft Defender Antivirus to only download protection updates when the PC is connected to a wired power source. ### Use Group Policy to prevent security intelligence updates on battery power @@ -83,7 +83,7 @@ You can configure Windows Defender Antivirus to only download protection updates 4. Click **Policies** then **Administrative templates**. -5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following setting: +5. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates** and configure the following setting: 1. Double-click the **Allow security intelligence updates when running on battery power** setting and set the option to **Disabled**. 2. Click **OK**. This will prevent protection updates from downloading when the PC is on battery power. @@ -91,5 +91,5 @@ You can configure Windows Defender Antivirus to only download protection updates ## Related articles -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) -- [Update and manage Windows Defender Antivirus in Windows 10](deploy-manage-report-microsoft-defender-antivirus.md) +- [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Update and manage Microsoft Defender Antivirus in Windows 10](deploy-manage-report-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md index 522fee0543..f0ebabb8e5 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsft-defender-antivirus-in-windows-10.md @@ -1,7 +1,7 @@ --- title: Next-generation protection in Windows 10, Windows Server 2016, and Windows Server 2019 description: Learn how to manage, configure, and use Windows Defender AV, the built-in antimalware and antivirus product available in Windows 10 and Windows Server 2016 -keywords: windows defender antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security +keywords: Microsoft Defender Antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -23,13 +23,13 @@ ms.custom: nextgen - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -## Windows Defender Antivirus: Your next-generation protection +## Microsoft Defender Antivirus: Your next-generation protection -Windows Defender Antivirus is the next-generation protection component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Next-generation protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your enterprise organization. Next-generation protection services include the following: +Microsoft Defender Antivirus is the next-generation protection component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Next-generation protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your enterprise organization. Next-generation protection services include the following: - [Behavior-based, heuristic, and real-time antivirus protection](configure-protection-features-microsoft-defender-antivirus.md). This includes always-on scanning using file and process behavior monitoring and other heuristics (also known as "real-time protection"). It also includes detecting and blocking apps that are deemed unsafe, but may not be detected as malware. - [Cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). This includes near-instant detection and blocking of new and emerging threats. -- [Dedicated protection and product updates](manage-updates-baselines-microsoft-defender-antivirus.md). This includes updates related to keeping Windows Defender Antivirus up to date. +- [Dedicated protection and product updates](manage-updates-baselines-microsoft-defender-antivirus.md). This includes updates related to keeping Microsoft Defender Antivirus up to date. ## Try a demo! @@ -40,20 +40,20 @@ Visit the [Microsoft Defender ATP demo website](https://demo.wd.microsoft.com?oc ## Minimum system requirements -Windows Defender Antivirus has the same hardware requirements as of Windows 10. For more information, see: +Microsoft Defender Antivirus has the same hardware requirements as of Windows 10. For more information, see: - [Minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview) - [Hardware component guidelines](https://docs.microsoft.com/windows-hardware/design/component-guidelines/components) ## Configure next-generation protection services -For information on how to configure next-generation protection services, see [Configure Windows Defender Antivirus features](configure-microsoft-defender-antivirus-features.md). +For information on how to configure next-generation protection services, see [Configure Microsoft Defender Antivirus features](configure-microsoft-defender-antivirus-features.md). > [!Note] -> Configuration and management is largely the same in Windows Server 2016 and Windows Server 2019, while running Windows Defender Antivirus; however, there are some differences. To learn more, see [Windows Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md). +> Configuration and management is largely the same in Windows Server 2016 and Windows Server 2019, while running Microsoft Defender Antivirus; however, there are some differences. To learn more, see [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md). ## Related articles -- [Windows Defender Antivirus management and configuration](configuration-management-reference-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus management and configuration](configuration-management-reference-microsoft-defender-antivirus.md) -- [Evaluate Windows Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md) +- [Evaluate Microsoft Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 92be74d830..f146d2e1e8 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -1,6 +1,6 @@ --- -title: Windows Defender Antivirus compatibility with other security products -description: Windows Defender Antivirus operates in different ways depending on what other security products you have installed, and the operating system you are using. +title: Microsoft Defender Antivirus compatibility with other security products +description: Microsoft Defender Antivirus operates in different ways depending on what other security products you have installed, and the operating system you are using. keywords: windows defender, atp, advanced threat protection, compatibility, passive mode search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -16,7 +16,7 @@ ms.reviewer: manager: dansimp --- -# Windows Defender Antivirus compatibility +# Microsoft Defender Antivirus compatibility **Applies to:** @@ -24,38 +24,38 @@ manager: dansimp ## Overview -Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection. -- If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Windows Defender Antivirus automatically goes into disabled mode. -- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Windows Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Windows Defender Antivirus.) -- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/shadow-protection) (currently in private preview) enabled, then Windows Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack. +Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection. +- If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode. +- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.) +- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/shadow-protection) (currently in private preview) enabled, then Microsoft Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack. ## Antivirus and Microsoft Defender ATP -The following table summarizes what happens with Windows Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender ATP. +The following table summarizes what happens with Microsoft Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender ATP. -| Windows version | Antimalware protection offered by | Organization enrolled in Microsoft Defender ATP | Windows Defender Antivirus state | +| Windows version | Antimalware protection offered by | Organization enrolled in Microsoft Defender ATP | Microsoft Defender Antivirus state | |------|------|-------|-------| | Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode | | Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode | -| Windows 10 | Windows Defender Antivirus | Yes | Active mode | -| Windows 10 | Windows Defender Antivirus | No | Active mode | +| Windows 10 | Microsoft Defender Antivirus | Yes | Active mode | +| Windows 10 | Microsoft Defender Antivirus | No | Active mode | | Windows Server 2016 or 2019 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode[[1](#fn1)] | | Windows Server 2016 or 2019 | A third-party product that is not offered or developed by Microsoft | No | Active mode[[1](#fn1)] | -| Windows Server 2016 or 2019 | Windows Defender Antivirus | Yes | Active mode | -| Windows Server 2016 or 2019 | Windows Defender Antivirus | No | Active mode | +| Windows Server 2016 or 2019 | Microsoft Defender Antivirus | Yes | Active mode | +| Windows Server 2016 or 2019 | Microsoft Defender Antivirus | No | Active mode | -(1) On Windows Server 2016 or 2019, Windows Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should [consider uninstalling Windows Defender Antivirus on Windows Server 2016 or 2019](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-uninstall-microsoft-defender-antivirus) to prevent problems caused by having multiple antivirus products installed on a machine. +(1) On Windows Server 2016 or 2019, Microsoft Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should [consider uninstalling Microsoft Defender Antivirus on Windows Server 2016 or 2019](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-uninstall-microsoft-defender-antivirus) to prevent problems caused by having multiple antivirus products installed on a machine. If you are Using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key: - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection` - Name: ForceDefenderPassiveMode - Value: 1 -See [Windows Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations. +See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations. > [!IMPORTANT] -> Windows Defender Antivirus is only available on endpoints running Windows 10, Windows Server 2016, and Windows Server 2019. +> Microsoft Defender Antivirus is only available on endpoints running Windows 10, Windows Server 2016, and Windows Server 2019. > > In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/library/hh508760.aspx), which is managed through Microsoft Endpoint Configuration Manager. > @@ -72,27 +72,27 @@ The following table summarizes the functionality and features that are available |[EDR in block mode enabled](shadow-protection.md) |No |No |Yes |Yes |Yes | |Automatic disabled mode |No |Yes |No |No |No | -- In Active mode, Windows Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Windows Defender Antivirus app on the machine itself). -- In Passive mode, Windows Defender Antivirus is not used as the antivirus app, and threats are not remediated by Windows Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. -- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) (currently in private preview) is turned on, Windows Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items. -- In Automatic disabled mode, Windows Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. +- In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself). +- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. +- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) (currently in private preview) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items. +- In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. ## Keep the following points in mind -If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks. +If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Microsoft Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks. -When Windows Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Windows Defender Antivirus engine to periodically check for threats in addition to your main antivirus app. +When Microsoft Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app. -In passive and automatic disabled mode, you can still [manage updates for Windows Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Windows Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. +In passive and automatic disabled mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. -If you uninstall the other product, and choose to use Windows Defender Antivirus to provide protection to your endpoints, Windows Defender Antivirus will automatically return to its normal active mode. +If you uninstall the other product, and choose to use Microsoft Defender Antivirus to provide protection to your endpoints, Microsoft Defender Antivirus will automatically return to its normal active mode. > [!WARNING] -> You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](windows-defender-security-center-antivirus.md). +> You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](windows-defender-security-center-antivirus.md). ## Related topics -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Windows Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) - [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md index e95d90109a..4cf3a8a1e7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md @@ -1,5 +1,5 @@ --- -title: Windows Defender Antivirus on Windows Server 2016 and 2019 +title: Microsoft Defender Antivirus on Windows Server 2016 and 2019 description: Enable and configure Windows Defender AV on Windows Server 2016 and 2019 keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012 search.product: eADQiWindows 10XVcnh @@ -16,28 +16,28 @@ ms.reviewer: manager: dansimp --- -# Windows Defender Antivirus on Windows Server 2016 and 2019 +# Microsoft Defender Antivirus on Windows Server 2016 and 2019 **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Antivirus is available on Windows Server 2016 and Windows Server 2019. In some instances, Windows Defender Antivirus is referred to as Endpoint Protection; however, the protection engine is the same. +Microsoft Defender Antivirus is available on Windows Server 2016 and Windows Server 2019. In some instances, Microsoft Defender Antivirus is referred to as Endpoint Protection; however, the protection engine is the same. -While the functionality, configuration, and management are largely the same for Windows Defender Antivirus on Windows 10, there are a few key differences on Windows Server 2016 or Windows Server 2019: +While the functionality, configuration, and management are largely the same for Microsoft Defender Antivirus on Windows 10, there are a few key differences on Windows Server 2016 or Windows Server 2019: - In Windows Server, [automatic exclusions](configure-server-exclusions-microsoft-defender-antivirus.md) are applied based on your defined Server Role. -- In Windows Server, Windows Defender Antivirus does not automatically disable itself if you are running another antivirus product. +- In Windows Server, Microsoft Defender Antivirus does not automatically disable itself if you are running another antivirus product. ## The process at a glance -The process of setting up and running Windows Defender Antivirus on a server platform includes several steps: +The process of setting up and running Microsoft Defender Antivirus on a server platform includes several steps: 1. [Enable the interface](#enable-the-user-interface-on-windows-server-2016-or-2019) -2. [Install Windows Defender Antivirus](#install-microsoft-defender-antivirus-on-windows-server-2016-or-2019) +2. [Install Microsoft Defender Antivirus](#install-microsoft-defender-antivirus-on-windows-server-2016-or-2019) -2. [Verify Windows Defender Antivirus is running](#verify-microsoft-defender-antivirus-is-running) +2. [Verify Microsoft Defender Antivirus is running](#verify-microsoft-defender-antivirus-is-running) 3. [Update your antimalware Security intelligence](#update-antimalware-security-intelligence) @@ -45,11 +45,11 @@ The process of setting up and running Windows Defender Antivirus on a server pla 5. (As needed) [Configure automatic exclusions](#configure-automatic-exclusions) -6. (Only if necessary) [Uninstall Windows Defender Antivirus](#need-to-uninstall-microsoft-defender-antivirus) +6. (Only if necessary) [Uninstall Microsoft Defender Antivirus](#need-to-uninstall-microsoft-defender-antivirus) ## Enable the user interface on Windows Server 2016 or 2019 -By default, Windows Defender Antivirus is installed and functional on Windows Server 2016 and Windows Server 2019. The user interface (GUI) is installed by default on some SKUs, but is not required because you can use PowerShell or other methods to manage Windows Defender Antivirus. And if the GUI is not installed on your server, you can add it by using the Add Roles and Features Wizard or PowerShell. +By default, Microsoft Defender Antivirus is installed and functional on Windows Server 2016 and Windows Server 2019. The user interface (GUI) is installed by default on some SKUs, but is not required because you can use PowerShell or other methods to manage Microsoft Defender Antivirus. And if the GUI is not installed on your server, you can add it by using the Add Roles and Features Wizard or PowerShell. ### Turn on the GUI using the Add Roles and Features Wizard @@ -73,30 +73,30 @@ The following PowerShell cmdlet will enable the interface: Install-WindowsFeature -Name Windows-Defender-GUI ``` -## Install Windows Defender Antivirus on Windows Server 2016 or 2019 +## Install Microsoft Defender Antivirus on Windows Server 2016 or 2019 -You can use either the **Add Roles and Features Wizard** or PowerShell to install Windows Defender Antivirus. +You can use either the **Add Roles and Features Wizard** or PowerShell to install Microsoft Defender Antivirus. ### Use the Add Roles and Features Wizard 1. Refer to [this article](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard), and use the **Add Roles and Features Wizard**. -2. When you get to the **Features** step of the wizard, select the Windows Defender Antivirus option. Also select the **GUI for Windows Defender** option. +2. When you get to the **Features** step of the wizard, select the Microsoft Defender Antivirus option. Also select the **GUI for Windows Defender** option. ### Use PowerShell -To use PowerShell to install Windows Defender Antivirus, run the following cmdlet: +To use PowerShell to install Microsoft Defender Antivirus, run the following cmdlet: ```PowerShell Install-WindowsFeature -Name Windows-Defender ``` -Event messages for the antimalware engine included with Windows Defender Antivirus can be found in [Windows Defender AV Events](troubleshoot-microsoft-defender-antivirus.md). +Event messages for the antimalware engine included with Microsoft Defender Antivirus can be found in [Windows Defender AV Events](troubleshoot-microsoft-defender-antivirus.md). -## Verify Windows Defender Antivirus is running +## Verify Microsoft Defender Antivirus is running -To verify that Windows Defender Antivirus is running on your server, run the following PowerShell cmdlet: +To verify that Microsoft Defender Antivirus is running on your server, run the following PowerShell cmdlet: ```PowerShell Get-Service -Name windefend @@ -108,17 +108,17 @@ To verify that firewall protection is turned on, run the following PowerShell cm Get-Service -Name mpssvc ``` -As an alternative to PowerShell, you can use Command Prompt to verify that Windows Defender Antivirus is running. To do that, run the following command from a command prompt: +As an alternative to PowerShell, you can use Command Prompt to verify that Microsoft Defender Antivirus is running. To do that, run the following command from a command prompt: ```DOS sc query Windefend ``` -The `sc query` command returns information about the Windows Defender Antivirus service. When Windows Defender Antivirus is running, the `STATE` value displays `RUNNING`. +The `sc query` command returns information about the Microsoft Defender Antivirus service. When Microsoft Defender Antivirus is running, the `STATE` value displays `RUNNING`. ## Update antimalware Security intelligence -In order to get updated antimalware Security intelligence, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Windows Defender Antivirus Security intelligence are approved for the computers you manage. +In order to get updated antimalware Security intelligence, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Microsoft Defender Antivirus Security intelligence are approved for the computers you manage. By default, Windows Update does not download and install updates automatically on Windows Server 2016 or 2019. You can change this configuration by using one of the following methods: @@ -135,11 +135,11 @@ To ensure that protection from malware is maintained, we recommend that you enab - Windows Update service -The following table lists the services for Windows Defender Antivirus and the dependent services. +The following table lists the services for Microsoft Defender Antivirus and the dependent services. |Service Name|File Location|Description| |--------|---------|--------| -|Windows Defender Service (WinDefend)|`C:\Program Files\Windows Defender\MsMpEng.exe`|This is the main Windows Defender Antivirus service that needs to be running at all times.| +|Windows Defender Service (WinDefend)|`C:\Program Files\Windows Defender\MsMpEng.exe`|This is the main Microsoft Defender Antivirus service that needs to be running at all times.| |Windows Error Reporting Service (Wersvc)|`C:\WINDOWS\System32\svchost.exe -k WerSvcGroup`|This service sends error reports back to Microsoft.| |Windows Defender Firewall (MpsSvc)|`C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork`|We recommend leaving the Windows Defender Firewall service enabled.| |Windows Update (Wuauserv)|`C:\WINDOWS\system32\svchost.exe -k netsvcs`|Windows Update is needed to get Security intelligence updates and antimalware engine updates| @@ -161,28 +161,28 @@ To enable automatic sample submission, start a Windows PowerShell console as an |Setting |Description | |---------|---------| -|**0** Always prompt |The Windows Defender Antivirus service prompts you to confirm submission of all required files. This is the default setting for Windows Defender Antivirus, but is not recommended for installations on Windows Server 2016 or 2019 without a GUI. | -|**1** Send safe samples automatically |The Windows Defender Antivirus service sends all files marked as "safe" and prompts for the remainder of the files. | -|**2** Never send |The Windows Defender Antivirus service does not prompt and does not send any files. | -|**3** Send all samples automatically |The Windows Defender Antivirus service sends all files without a prompt for confirmation. | +|**0** Always prompt |The Microsoft Defender Antivirus service prompts you to confirm submission of all required files. This is the default setting for Microsoft Defender Antivirus, but is not recommended for installations on Windows Server 2016 or 2019 without a GUI. | +|**1** Send safe samples automatically |The Microsoft Defender Antivirus service sends all files marked as "safe" and prompts for the remainder of the files. | +|**2** Never send |The Microsoft Defender Antivirus service does not prompt and does not send any files. | +|**3** Send all samples automatically |The Microsoft Defender Antivirus service sends all files without a prompt for confirmation. | ## Configure automatic exclusions -To help ensure security and performance, certain exclusions are automatically added based on the roles and features you install when using Windows Defender Antivirus on Windows Server 2016 or 2019. +To help ensure security and performance, certain exclusions are automatically added based on the roles and features you install when using Microsoft Defender Antivirus on Windows Server 2016 or 2019. -See [Configure exclusions in Windows Defender Antivirus on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md). +See [Configure exclusions in Microsoft Defender Antivirus on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md). -## Need to uninstall Windows Defender Antivirus? +## Need to uninstall Microsoft Defender Antivirus? -If you are using a third-party antivirus solution and you're running into issues with that solution and Windows Defender Antivirus, you can consider uninstalling Windows Defender Antivirus. Before you do that, review the following resources: +If you are using a third-party antivirus solution and you're running into issues with that solution and Microsoft Defender Antivirus, you can consider uninstalling Microsoft Defender Antivirus. Before you do that, review the following resources: - See the question "Should I run Microsoft security software at the same time as other security products?" on the [Windows Defender Security Intelligence Antivirus and antimalware software FAQ](https://www.microsoft.com/wdsi/help/antimalware-faq#multiple-products). -- See [Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus). This article describes 10 advantages to using Windows Defender Antivirus together with Microsoft Defender Advanced Threat Protection. +- See [Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus). This article describes 10 advantages to using Microsoft Defender Antivirus together with Microsoft Defender Advanced Threat Protection. -If you determine you do want to uninstall Windows Defender Antivirus, follow the steps in the following sections. +If you determine you do want to uninstall Microsoft Defender Antivirus, follow the steps in the following sections. -### Uninstall Windows Defender Antivirus using the Remove Roles and Features wizard +### Uninstall Microsoft Defender Antivirus using the Remove Roles and Features wizard 1. Refer to [this article](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#remove-roles-role-services-and-features-by-using-the-remove-roles-and-features-wizard), and use the **Remove Roles and Features Wizard**. @@ -192,7 +192,7 @@ If you determine you do want to uninstall Windows Defender Antivirus, follow the Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature. -### Uninstall Windows Defender Antivirus using PowerShell +### Uninstall Microsoft Defender Antivirus using PowerShell >[!NOTE] >You can't uninstall the Windows Security app, but you can disable the interface with these instructions. @@ -205,7 +205,7 @@ Uninstall-WindowsFeature -Name Windows-Defender ### Turn off the GUI using PowerShell -To turn off the Windows Defender Antivirus GUI, use the following PowerShell cmdlet: +To turn off the Microsoft Defender Antivirus GUI, use the following PowerShell cmdlet: ```PowerShell Uninstall-WindowsFeature -Name Windows-Defender-GUI @@ -214,7 +214,7 @@ Uninstall-WindowsFeature -Name Windows-Defender-GUI ## Related topics -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) - [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md index d4a0f79848..2782ada0f1 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md @@ -1,6 +1,6 @@ --- title: Windows Defender Offline in Windows 10 -description: You can use Windows Defender Offline straight from the Windows Defender Antivirus app. You can also manage how it is deployed in your network. +description: You can use Windows Defender Offline straight from the Microsoft Defender Antivirus app. You can also manage how it is deployed in your network. keywords: scan, defender, offline search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -45,12 +45,12 @@ To run Windows Defender Offline from the endpoint, the user must be logged in wi ## Windows Defender Offline updates -Windows Defender Offline uses the most recent protection updates available on the endpoint; it's updated whenever Windows Defender Antivirus is updated. +Windows Defender Offline uses the most recent protection updates available on the endpoint; it's updated whenever Microsoft Defender Antivirus is updated. > [!NOTE] > Before running an offline scan, you should attempt to update Windows Defender AV protection. You can either force an update with Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest protection updates from the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx). -See the [Manage Windows Defender Antivirus Security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) topic for more information. +See the [Manage Microsoft Defender Antivirus Security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) topic for more information. ## Usage scenarios @@ -100,7 +100,7 @@ Use the following cmdlets: Start-MpWDOScan ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Microsoft Defender Antivirus. ### Use Windows Management Instruction (WMI) to run an offline scan @@ -138,4 +138,4 @@ Windows Defender Offline scan results will be listed in the [Scan history sectio ## Related articles - [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md index d15ce423b2..fcf571f83a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md @@ -1,5 +1,5 @@ --- -title: Windows Defender Antivirus in the Windows Security app +title: Microsoft Defender Antivirus in the Windows Security app description: With Windows Defender AV now included in the Windows Security app, you can review, compare, and perform common tasks. keywords: wdav, antivirus, firewall, security, windows search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.reviewer: manager: dansimp --- -# Windows Defender Antivirus in the Windows Security app +# Microsoft Defender Antivirus in the Windows Security app **Applies to:** @@ -52,7 +52,7 @@ The following diagrams compare the location of settings and functions between th ![Version of Windows Defender in Windows 10 before version 1703](images/defender/wdav-windows-defender-app-old.png) -![Windows Defender Antivirus in Windows 10, version 1703 and later](images/defender/wdav-wdsc.png) +![Microsoft Defender Antivirus in Windows 10, version 1703 and later](images/defender/wdav-wdsc.png) Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | Description ---|---|---|--- @@ -64,10 +64,10 @@ Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | De ## Common tasks -This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Windows Defender Antivirus in the Windows Security app. +This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Microsoft Defender Antivirus in the Windows Security app. > [!NOTE] -> If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) topic describes how local policy override settings can be configured. +> If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) topic describes how local policy override settings can be configured. @@ -96,7 +96,7 @@ This section describes how to perform some of the most common tasks when reviewi 4. Click **Check for updates** to download new protection updates (if there are any). -### Ensure Windows Defender Antivirus is enabled in the Windows Security app +### Ensure Microsoft Defender Antivirus is enabled in the Windows Security app 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. @@ -113,7 +113,7 @@ This section describes how to perform some of the most common tasks when reviewi -### Add exclusions for Windows Defender Antivirus in the Windows Security app +### Add exclusions for Microsoft Defender Antivirus in the Windows Security app 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. @@ -130,10 +130,10 @@ The following table summarizes exclusion types and what happens: |Exclusion type |Defined by |What happens | |---------|---------|---------| -|**File** |Location
        Example: `c:\sample\sample.test` |The specific file is skipped by Windows Defender Antivirus. | -|**Folder** |Location
        Example: `c:\test\sample` |All items in the specified folder are skipped by Windows Defender Antivirus. | -|**File type** |File extension
        Example: `.test` |All files with the `.test` extension anywhere on your device are skipped by Windows Defender Antivirus. | -|**Process** |Executable file path
        Example: `c:\test\process.exe` |The specific process and any files that are opened by that process are skipped by Windows Defender Antivirus. | +|**File** |Location
        Example: `c:\sample\sample.test` |The specific file is skipped by Microsoft Defender Antivirus. | +|**Folder** |Location
        Example: `c:\test\sample` |All items in the specified folder are skipped by Microsoft Defender Antivirus. | +|**File type** |File extension
        Example: `.test` |All files with the `.test` extension anywhere on your device are skipped by Microsoft Defender Antivirus. | +|**Process** |Executable file path
        Example: `c:\test\process.exe` |The specific process and any files that are opened by that process are skipped by Microsoft Defender Antivirus. | To learn more, see: - [Configure and validate exclusions based on file extension and folder location](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus) @@ -167,6 +167,6 @@ To learn more, see: ## Related articles -- [Windows Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md index ccec33e576..58f370b7dd 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: "Better together - Windows Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats" -description: "Office 365, which includes OneDrive, goes together wonderfully with Windows Defender Antivirus. Read this article to learn more." +title: "Better together - Microsoft Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats" +description: "Office 365, which includes OneDrive, goes together wonderfully with Microsoft Defender Antivirus. Read this article to learn more." keywords: windows defender, antivirus, office 365, onedrive, restore, ransomware search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -19,22 +19,22 @@ ms.reviewer: manager: dansimp --- -# Better together: Windows Defender Antivirus and Office 365 +# Better together: Microsoft Defender Antivirus and Office 365 **Applies to:** -- Windows Defender Antivirus +- Microsoft Defender Antivirus - Office 365 You might already know that: -- **Windows Defender Antivirus protects your Windows 10 device from software threats, such as viruses, malware, and spyware**. Windows Defender Antivirus is your complete, ongoing protection, built into Windows 10 and ready to go. [Windows Defender Antivirus is your next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). +- **Microsoft Defender Antivirus protects your Windows 10 device from software threats, such as viruses, malware, and spyware**. Microsoft Defender Antivirus is your complete, ongoing protection, built into Windows 10 and ready to go. [Microsoft Defender Antivirus is your next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). - **Office 365 includes antiphishing, antispam, and antimalware protection**. With your Office 365 subscription, you get premium email and calendars, Office apps, 1 TB of cloud storage (via OneDrive), and advanced security across all your devices. This is true for home and business users. And if you're a business user, and your organization is using Office 365 E5, you get even more protection through Office 365 Advanced Threat Protection. [Protect against threats with Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/protect-against-threats). - **OneDrive, included in Office 365, enables you to store your files and folders online, and share them as you see fit**. You can work together with people (for work or fun), and coauthor files that are stored in OneDrive. You can also access your files across all your devices (your PC, phone, and tablet). [Manage sharing in OneDrive](https://docs.microsoft.com/OneDrive/manage-sharing). -**But did you know there are good security reasons to use Windows Defender Antivirus together with Office 365**? Here are two: +**But did you know there are good security reasons to use Microsoft Defender Antivirus together with Office 365**? Here are two: 1. [You get ransomware protection and recovery](#ransomware-protection-and-recovery). @@ -44,11 +44,11 @@ Read the following sections to learn more. ## Ransomware protection and recovery -When you save your files to [OneDrive](https://docs.microsoft.com/onedrive), and [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) detects a ransomware threat on your device, the following things occur: +When you save your files to [OneDrive](https://docs.microsoft.com/onedrive), and [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) detects a ransomware threat on your device, the following things occur: 1. **You are told about the threat**. (If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (ATP), your security operations team is notified, too.) -2. **Windows Defender Antivirus helps you (and your organization's security team) remove the ransomware** from your device(s). (If your organization is using Microsoft Defender ATP, your security operations team can determine whether other devices are infected and take appropriate action, too.) +2. **Microsoft Defender Antivirus helps you (and your organization's security team) remove the ransomware** from your device(s). (If your organization is using Microsoft Defender ATP, your security operations team can determine whether other devices are infected and take appropriate action, too.) 3. **You get the option to recover your files in OneDrive**. With the OneDrive Files Restore feature, you can recover your files in OneDrive to the state they were in before the ransomware attack occurred. See [Ransomware detection and recovering your files](https://support.office.com/article/0d90ec50-6bfd-40f4-acc7-b8c12c73637f). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md b/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md index 2d5af5954d..5c2dfc0611 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md @@ -1,22 +1,22 @@ -# [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +# [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) ## [Windows Defender AV in the Microsoft Defender Security Center app](windows-defender-security-center-antivirus.md) ## [Windows Defender AV on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md) -## [Windows Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md) +## [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md) ### [Use limited periodic scanning in Windows Defender AV](limited-periodic-scanning-microsoft-defender-antivirus.md) -## [Evaluate Windows Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md) +## [Evaluate Microsoft Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md) -## [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) -### [Deploy and enable Windows Defender Antivirus](deploy-microsoft-defender-antivirus.md) +## [Deploy, manage updates, and report on Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +### [Deploy and enable Microsoft Defender Antivirus](deploy-microsoft-defender-antivirus.md) #### [Deployment guide for VDI environments](deployment-vdi-microsoft-defender-antivirus.md) -### [Report on Windows Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) -#### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](troubleshoot-reporting.md) +### [Report on Microsoft Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) +#### [Troubleshoot Microsoft Defender Antivirus reporting in Update Compliance](troubleshoot-reporting.md) ### [Manage updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) #### [Manage protection and Security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) #### [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) @@ -25,7 +25,7 @@ #### [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) -## [Configure Windows Defender Antivirus features](configure-microsoft-defender-antivirus-features.md) +## [Configure Microsoft Defender Antivirus features](configure-microsoft-defender-antivirus-features.md) ### [Utilize Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) #### [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) #### [Specify the cloud-delivered protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 87b51317d3..836aee8909 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -37,7 +37,7 @@ With tamper protection, malicious apps are prevented from taking actions like th ### How it works - Tamper protection essentially locks Windows Defender Antivirus and prevents your security settings from being changed through apps and methods like these: + Tamper protection essentially locks Microsoft Defender Antivirus and prevents your security settings from being changed through apps and methods like these: - Configuring settings in Registry Editor on your Windows machine - Changing settings through PowerShell cmdlets - Editing or removing security settings through group policies @@ -60,7 +60,7 @@ Tamper protection doesn't prevent you from viewing your security settings. And, ## Turn tamper protection on (or off) for an individual machine > [!NOTE] -> Tamper protection blocks attempts to modify Windows Defender Antivirus settings through the registry. +> Tamper protection blocks attempts to modify Microsoft Defender Antivirus settings through the registry. > > To help ensure that tamper protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to **Windows Security** and update **Security intelligence** to version 1.287.60.0 or later. (See [Security intelligence updates](https://www.microsoft.com/wdsi/definitions).) > @@ -93,7 +93,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- - Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; this is included in Microsoft 365 E5.) - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) for more details about releases.) - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above). - - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) + - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) 2. Go to the Microsoft 365 Device Management portal ([https://devicemanagement.microsoft.com](https://devicemanagement.microsoft.com)) and sign in with your work or school account. @@ -165,7 +165,7 @@ No No. Third-party antivirus offerings will continue to register with the Windows Security application. -### What happens if Windows Defender Antivirus is not active on a device? +### What happens if Microsoft Defender Antivirus is not active on a device? Tamper protection will not have any impact on such devices. @@ -175,18 +175,18 @@ If you are a home user, see [Turn tamper protection on (or off) for an individua If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune). -### How does configuring tamper protection in Intune affect how I manage Windows Defender Antivirus through my group policy? +### How does configuring tamper protection in Intune affect how I manage Microsoft Defender Antivirus through my group policy? -Your regular group policy doesn’t apply to tamper protection, and changes to Windows Defender Antivirus settings are ignored when tamper protection is on. +Your regular group policy doesn’t apply to tamper protection, and changes to Microsoft Defender Antivirus settings are ignored when tamper protection is on. >[!NOTE] ->A small delay in Group Policy (GPO) processing may occur if Group Policy settings include values that control Windows Defender Antivirus features protected by tamper protection. To avoid any potential delays, we recommend that you remove settings that control Windows Defender Antivirus related behavior from GPO and simply allow tamper protection to protect Windows Defender Antivirus settings.

        -> Sample Windows Defender Antivirus settings:
        -> Turn off Windows Defender Antivirus
        +>A small delay in Group Policy (GPO) processing may occur if Group Policy settings include values that control Microsoft Defender Antivirus features protected by tamper protection. To avoid any potential delays, we recommend that you remove settings that control Microsoft Defender Antivirus related behavior from GPO and simply allow tamper protection to protect Microsoft Defender Antivirus settings.

        +> Sample Microsoft Defender Antivirus settings:
        +> Turn off Microsoft Defender Antivirus
        > Computer Configuration\Administrative Templates\Windows Components\Windows Defender\ Value DisableAntiSpyware = 0

        >Turn off real-time protection
        -Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Real-time Protection\ +Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\ Value DisableRealtimeMonitoring = 0 ### For Microsoft Defender ATP E5, is configuring tamper protection in Intune targeted to the entire organization only? @@ -234,4 +234,4 @@ No. [Get an overview of Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) -[Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](why-use-microsoft-antivirus.md) +[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](why-use-microsoft-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md index bf93d24969..4b5dfb5cc2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Hide the Windows Defender Antivirus interface +title: Hide the Microsoft Defender Antivirus interface description: You can hide virus and threat protection tile in the Windows Security app. keywords: ui lockdown, headless mode, hide app, hide settings, hide interface search.product: eADQiWindows 10XVcnh @@ -17,17 +17,17 @@ ms.reviewer: manager: dansimp --- -# Prevent users from seeing or interacting with the Windows Defender Antivirus user interface +# Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can use Group Policy to prevent users on endpoints from seeing the Windows Defender Antivirus interface. You can also prevent them from pausing scans. +You can use Group Policy to prevent users on endpoints from seeing the Microsoft Defender Antivirus interface. You can also prevent them from pausing scans. -## Hide the Windows Defender Antivirus interface +## Hide the Microsoft Defender Antivirus interface -In Windows 10, versions 1703, hiding the interface will hide Windows Defender Antivirus notifications and prevent the Virus & threat protection tile from appearing in the Windows Security app. +In Windows 10, versions 1703, hiding the interface will hide Microsoft Defender Antivirus notifications and prevent the Virus & threat protection tile from appearing in the Windows Security app. With the setting set to **Enabled**: @@ -38,7 +38,7 @@ With the setting set to **Disabled** or not configured: ![Screenshot of Windows Security showing the shield icon and virus and threat protection section](images/defender/wdav-headless-mode-off-1703.png) >[!NOTE] ->Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually [configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) +>Hiding the interface will also prevent Microsoft Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually [configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) In earlier versions of Windows 10, the setting will hide the Windows Defender client interface. If the user attempts to open it, they will receive a warning that says, "Your system administrator has restricted access to this app." @@ -52,7 +52,7 @@ In earlier versions of Windows 10, the setting will hide the Windows Defender cl 3. Click **Administrative templates**. -4. Expand the tree to **Windows components > Windows Defender Antivirus > Client interface**. +4. Expand the tree to **Windows components > Microsoft Defender Antivirus > Client interface**. 5. Double-click the **Enable headless UI mode** setting and set the option to **Enabled**. Click **OK**. @@ -70,7 +70,7 @@ You can prevent users from pausing scans, which can be helpful to ensure schedul 3. Click **Administrative templates**. -4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Scan**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Scan**. 5. Double-click the **Allow users to pause scan** setting and set the option to **Disabled**. Click **OK**. @@ -78,6 +78,6 @@ You can prevent users from pausing scans, which can be helpful to ensure schedul - [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) -- [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) +- [Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md index 30282438d8..af0ed9fd05 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Monitor and report on Windows Defender Antivirus protection +title: Monitor and report on Microsoft Defender Antivirus protection description: Use Configuration Manager or security information and event management (SIEM) tools to consume reports, and monitor Windows Defender AV with PowerShell and WMI. keywords: siem, monitor, report, windows defender av search.product: eADQiWindows 10XVcnh @@ -17,15 +17,15 @@ ms.reviewer: manager: dansimp --- -# Report on Windows Defender Antivirus +# Report on Microsoft Defender Antivirus **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -With Windows Defender Antivirus, you have several options for reviewing protection status and alerts. You can use Microsoft Endpoint Configuration Manager to [monitor Windows Defender Antivirus](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-configure-alerts). Or, you can monitor protection using [Microsoft Intune](https://docs.microsoft.com/intune/introduction-intune). +With Microsoft Defender Antivirus, you have several options for reviewing protection status and alerts. You can use Microsoft Endpoint Configuration Manager to [monitor Microsoft Defender Antivirus](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-configure-alerts). Or, you can monitor protection using [Microsoft Intune](https://docs.microsoft.com/intune/introduction-intune). -Microsoft Operations Management Suite has an [Update Compliance add-in](/windows/deployment/update/update-compliance-get-started) that reports on key Windows Defender Antivirus issues, including protection updates and real-time protection settings. +Microsoft Operations Management Suite has an [Update Compliance add-in](/windows/deployment/update/update-compliance-get-started) that reports on key Microsoft Defender Antivirus issues, including protection updates and real-time protection settings. If you have a third-party security information and event management (SIEM) server, you can also consume [Windows Defender client events](https://msdn.microsoft.com/library/windows/desktop/aa964766(v=vs.85).aspx). @@ -39,6 +39,6 @@ For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, s ## Related articles -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md index 35be37a69f..5a30c57794 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md @@ -39,5 +39,5 @@ If Microsoft Defender Antivirus is configured to detect and remediate threats on - [Review scan results](review-scan-results-microsoft-defender-antivirus.md) - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md) - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) +- [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md index 767bde8aa6..258b495b60 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md @@ -17,13 +17,13 @@ ms.reviewer: manager: dansimp --- -# Review Windows Defender Antivirus scan results +# Review Microsoft Defender Antivirus scan results **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -After an Windows Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. +After an Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. ## Use Microsoft Intune to review scan results @@ -56,7 +56,7 @@ Get-MpThreat ![IMAGEALT](images/defender/wdav-get-mpthreat.png) -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. ## Use Windows Management Instruction (WMI) to review scan results @@ -65,5 +65,5 @@ Use the [**Get** method of the **MSFT_MpThreat** and **MSFT_MpThreatDetection**] ## Related articles -- [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md index 876c7c6685..f93cee3be9 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md @@ -17,7 +17,7 @@ ms.reviewer: manager: dansimp --- -# Configure and run on-demand Windows Defender Antivirus scans +# Configure and run on-demand Microsoft Defender Antivirus scans **Applies to:** @@ -50,7 +50,7 @@ Use the following `-scan` parameter: ```DOS mpcmdrun.exe -scan -scantype 1 ``` -See [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender Antivirus](command-line-arguments-microsoft-defender-antivirus.md) for more information on how to use the tool and additional parameters, including starting a full scan or defining paths. +See [Use the mpcmdrun.exe commandline tool to configure and manage Microsoft Defender Antivirus](command-line-arguments-microsoft-defender-antivirus.md) for more information on how to use the tool and additional parameters, including starting a full scan or defining paths. ## Use Microsoft Intune to run a scan @@ -70,7 +70,7 @@ Use the following cmdlet: ```PowerShell Start-MpScan ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. ## Use Windows Management Instruction (WMI) to run a scan @@ -82,6 +82,6 @@ See the following for more information and allowed parameters: ## Related articles -- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) -- [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Configure Microsoft Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) +- [Configure scheduled Microsoft Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md index ac688d7602..6dd4dadced 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md @@ -17,14 +17,14 @@ ms.reviewer: manager: dansimp --- -# Configure scheduled quick or full Windows Defender Antivirus scans +# Configure scheduled quick or full Microsoft Defender Antivirus scans **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!NOTE] -> By default, Windows Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) to override this default. +> By default, Microsoft Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) to override this default. In addition to always-on real-time protection and [on-demand](run-scan-microsoft-defender-antivirus.md) scans, you can set up regular, scheduled scans. @@ -41,7 +41,7 @@ To configure the Group Policy settings described in this topic: 4. Click **Administrative templates**. -5. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below. +5. Expand the tree to **Windows components > Microsoft Defender Antivirus** and then the **Location** specified in the table below. 6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. @@ -69,7 +69,7 @@ A custom scan allows you to specify the files and folders to scan, such as a USB Scheduled scans will run at the day and time you specify. You can use Group Policy, PowerShell, and WMI to configure scheduled scans. >[!NOTE] ->If a computer is unplugged and running on battery during a scheduled full scan, the scheduled scan will stop with event 1002, which states that the scan stopped before completion. Windows Defender Antivirus will run a full scan at the next scheduled time. +>If a computer is unplugged and running on battery during a scheduled full scan, the scheduled scan will stop with event 1002, which states that the scan stopped before completion. Microsoft Defender Antivirus will run a full scan at the next scheduled time. **Use Group Policy to schedule scans:** @@ -78,7 +78,7 @@ Location | Setting | Description | Default setting (if not configured) Scan | Specify the scan type to use for a scheduled scan | Quick scan Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am). | 2 am -Root | Randomize scheduled task times |In Windows Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours.
        In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled +Root | Randomize scheduled task times |In Microsoft Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours.
        In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled **Use PowerShell cmdlets to schedule scans:** @@ -92,7 +92,7 @@ Set-MpPreference -RandomizeScheduleTaskTimes ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. **Use Windows Management Instruction (WMI) to schedule scans:** @@ -127,7 +127,7 @@ Use the following cmdlets: Set-MpPreference -ScanOnlyIfIdleEnabled ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. **Use Windows Management Instruction (WMI):** @@ -163,7 +163,7 @@ Set-MpPreference -RemediationScheduleDay Set-MpPreference -RemediationScheduleTime ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. **Use Windows Management Instruction (WMI):** @@ -200,7 +200,7 @@ Use the following cmdlets: Set-MpPreference -ScanScheduleQuickTime ``` -See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. +See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. **Use Windows Management Instruction (WMI) to schedule daily scans:** @@ -233,8 +233,8 @@ Signature updates | Turn on scan after Security intelligence update | A scan wil - [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) -- [Configure and run on-demand Windows Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) -- [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) -- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) +- [Configure and run on-demand Microsoft Defender Antivirus scans](run-scan-microsoft-defender-antivirus.md) +- [Configure Microsoft Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) +- [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) - [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md index 52bbe5da00..c6a20d3a13 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- -title: Specify cloud-delivered protection level in Windows Defender Antivirus -description: Set the aggressiveness of cloud-delivered protection in Windows Defender Antivirus. -keywords: windows defender antivirus, antimalware, security, defender, cloud, aggressiveness, protection level +title: Specify cloud-delivered protection level in Microsoft Defender Antivirus +description: Set the aggressiveness of cloud-delivered protection in Microsoft Defender Antivirus. +keywords: Microsoft Defender Antivirus, antimalware, security, defender, cloud, aggressiveness, protection level search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -23,24 +23,24 @@ ms.custom: nextgen - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can specify the level of cloud-protection offered by Windows Defender Antivirus with Group Policy and Microsoft Endpoint Configuration Manager. +You can specify the level of cloud-protection offered by Microsoft Defender Antivirus with Group Policy and Microsoft Endpoint Configuration Manager. >[!NOTE] ->The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. +>The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. ## Use Intune to specify the level of cloud-delivered protection 1. Sign in to the [Azure portal](https://portal.azure.com). 2. Select **All services > Intune**. 3. In the **Intune** pane, select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). -4. Select **Properties**, select **Settings: Configure**, and then select **Windows Defender Antivirus**. +4. Select **Properties**, select **Settings: Configure**, and then select **Microsoft Defender Antivirus**. 5. On the **File Blocking Level** switch, select one of the following: 1. **High**: Applies a strong level of detection. 2. **High +**: Uses the **High** level and applies additional protection measures (may impact client performance). 3. **Zero tolerance**: Blocks all unknown executables. -8. Click **OK** to exit the **Windows Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile. +8. Click **OK** to exit the **Microsoft Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile. For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles) @@ -59,10 +59,10 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht 4. Click **Administrative templates**. -5. Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine**. +5. Expand the tree to **Windows components > Microsoft Defender Antivirus > MpEngine**. 6. Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection: - - **Default Windows Defender Antivirus blocking level** provides strong detection without increasing the risk of detecting legitimate files. + - **Default Microsoft Defender Antivirus blocking level** provides strong detection without increasing the risk of detecting legitimate files. - **High blocking level** applies a strong level of detection while optimizing client performance (greater chance of false positives). - **High + blocking level** applies additional protection measures (may impact client performance and increase risk of false positives). - **Zero tolerance blocking level** blocks all unknown executables. @@ -75,7 +75,7 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht ## Related articles -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) - [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) - [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md index 1297928141..68ce4eebbd 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Windows Defender AV event IDs and error codes -description: Look up the causes and solutions for Windows Defender Antivirus event IDs and errors +description: Look up the causes and solutions for Microsoft Defender Antivirus event IDs and errors keywords: event, error code, siem, logging, troubleshooting, wef, windows event forwarding search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -17,19 +17,19 @@ ms.reviewer: manager: dansimp --- -# Review event logs and error codes to troubleshoot issues with Windows Defender Antivirus +# Review event logs and error codes to troubleshoot issues with Microsoft Defender Antivirus **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -If you encounter a problem with Windows Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution. +If you encounter a problem with Microsoft Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution. The tables list: -- [Windows Defender Antivirus event IDs](#windows-defender-av-ids) (these apply to both Windows 10 and Windows Server 2016) -- [Windows Defender Antivirus client error codes](#error-codes) -- [Internal Windows Defender Antivirus client error codes (used by Microsoft during development and testing)](#internal-error-codes) +- [Microsoft Defender Antivirus event IDs](#windows-defender-av-ids) (these apply to both Windows 10 and Windows Server 2016) +- [Microsoft Defender Antivirus client error codes](#error-codes) +- [Internal Microsoft Defender Antivirus client error codes (used by Microsoft during development and testing)](#internal-error-codes) > [!TIP] > You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working: @@ -39,18 +39,18 @@ The tables list: > - Potentially unwanted application blocking -## Windows Defender Antivirus event IDs +## Microsoft Defender Antivirus event IDs -Windows Defender Antivirus records event IDs in the Windows event log. +Microsoft Defender Antivirus records event IDs in the Windows event log. -You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender Antivirus client event IDs](troubleshoot-microsoft-defender-antivirus.md#windows-defender-av-ids) to review specific events and errors from your endpoints. +You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume [Microsoft Defender Antivirus client event IDs](troubleshoot-microsoft-defender-antivirus.md#windows-defender-av-ids) to review specific events and errors from your endpoints. -The table in this section lists the main Windows Defender Antivirus event IDs and, where possible, provides suggested solutions to fix or resolve the error. +The table in this section lists the main Microsoft Defender Antivirus event IDs and, where possible, provides suggested solutions to fix or resolve the error. -## To view a Windows Defender Antivirus event +## To view a Microsoft Defender Antivirus event 1. Open **Event Viewer**. -2. In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender Antivirus**. +2. In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Microsoft Defender Antivirus**. 3. Double-click on **Operational**. 4. In the details pane, view the list of individual events to find your event. 5. Click the event to see specific details about an event in the lower pane, under the **General** and **Details** tabs. @@ -324,7 +324,7 @@ Description of the error. User action:         		-The antivirus client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (Windows Defender Antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error. +The antivirus client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (Microsoft Defender Antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error. To troubleshoot this event:
        1. Run the scan again.
          2. @@ -432,7 +432,7 @@ Message: Description:
        		-Windows Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software. For more information, see the following: +Microsoft Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software. For more information, see the following:
        User: <Domain>\<User>
        Name: <Threat name>
        @@ -484,7 +484,7 @@ Message: Description:
        		-Windows Defender Antivirus has encountered an error when taking action on malware or other potentially unwanted software. For more information, see the following: +Microsoft Defender Antivirus has encountered an error when taking action on malware or other potentially unwanted software. For more information, see the following:
        User: <Domain>\<User>
        Name: <Threat name>
        @@ -543,7 +543,7 @@ Message: Description:
        		-Windows Defender Antivirus has restored an item from quarantine. For more information, see the following: +Microsoft Defender Antivirus has restored an item from quarantine. For more information, see the following:
        Name: <Threat name>
        ID: <Threat ID>
        @@ -587,7 +587,7 @@ Message: Description:
        		-Windows Defender Antivirus has encountered an error trying to restore an item from quarantine. For more information, see the following: +Microsoft Defender Antivirus has encountered an error trying to restore an item from quarantine. For more information, see the following:
        Name: <Threat name>
        ID: <Threat ID>
        @@ -634,7 +634,7 @@ Message: Description:
        		-Windows Defender Antivirus has deleted an item from quarantine.
        For more information, see the following: +Microsoft Defender Antivirus has deleted an item from quarantine.
        For more information, see the following:
        Name: <Threat name>
        ID: <Threat ID>
        @@ -677,7 +677,7 @@ Message: Description:
        		-Windows Defender Antivirus has encountered an error trying to delete an item from quarantine. +Microsoft Defender Antivirus has encountered an error trying to delete an item from quarantine. For more information, see the following:
        Name: <Threat name>
        @@ -725,7 +725,7 @@ Message: Description:
        		-Windows Defender Antivirus has removed history of malware and other potentially unwanted software. +Microsoft Defender Antivirus has removed history of malware and other potentially unwanted software.
        Time: The time when the event occurred, for example when the history is purged. This parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.
        User: <Domain>\<User>
        @@ -756,7 +756,7 @@ The antimalware platform could not delete history of malware and other potential Description:
        		-Windows Defender Antivirus has encountered an error trying to remove history of malware and other potentially unwanted software. +Microsoft Defender Antivirus has encountered an error trying to remove history of malware and other potentially unwanted software.
        Time: The time when the event occurred, for example when the history is purged. This parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.
        User: <Domain>\<User>
        @@ -791,7 +791,7 @@ Message: Description:
        		-Windows Defender Antivirus has detected a suspicious behavior.
        For more information, see the following: +Microsoft Defender Antivirus has detected a suspicious behavior.
        For more information, see the following:
        Name: <Threat name>
        ID: <Threat ID>
        @@ -868,7 +868,7 @@ Message: Description:
        		-Windows Defender Antivirus has detected malware or other potentially unwanted software.
        For more information, see the following: +Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
        For more information, see the following:
        Name: <Threat name>
        ID: <Threat ID>
        @@ -921,7 +921,7 @@ UAC User action:
        		-No action is required. Windows Defender Antivirus can suspend and take routine action on this threat. If you want to remove the threat manually, in the Windows Defender Antivirus interface, click Clean Computer. +No action is required. Microsoft Defender Antivirus can suspend and take routine action on this threat. If you want to remove the threat manually, in the Microsoft Defender Antivirus interface, click Clean Computer.
        -Windows Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software.
        For more information, see the following: +Microsoft Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software.
        For more information, see the following:
        Name: <Threat name>
        ID: <Threat ID>
        @@ -1010,7 +1010,7 @@ Description of the error.
        Signature Version: <Definition version>
        Engine Version: <Antimalware Engine version>
        NOTE: -Whenever Windows Defender Antivirus, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services that the malware might have changed:
          +Whenever Microsoft Defender Antivirus, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services that the malware might have changed:
          • Default Internet Explorer or Microsoft Edge setting
          • User Access Control settings
          • Chrome settings
            • @@ -1049,7 +1049,7 @@ Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Se User action:
        		-No action is necessary. Windows Defender Antivirus removed or quarantined a threat. +No action is necessary. Microsoft Defender Antivirus removed or quarantined a threat.
        -Windows Defender Antivirus has encountered a non-critical error when taking action on malware or other potentially unwanted software.
        For more information, see the following: +Microsoft Defender Antivirus has encountered a non-critical error when taking action on malware or other potentially unwanted software.
        For more information, see the following:
        Name: <Threat name>
        ID: <Threat ID>
        @@ -1144,7 +1144,7 @@ Description of the error. User action:
        		-No action is necessary. Windows Defender Antivirus failed to complete a task related to the malware remediation. This is not a critical failure. +No action is necessary. Microsoft Defender Antivirus failed to complete a task related to the malware remediation. This is not a critical failure.
        -Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
        For more information, see the following: +Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
        For more information, see the following:
        Name: <Threat name>
        ID: <Threat ID>
        @@ -1239,7 +1239,7 @@ Description of the error. User action:
        		-The Windows Defender Antivirus client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant User action steps below. +The Microsoft Defender Antivirus client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant User action steps below. @@ -1302,7 +1302,7 @@ Symbolic name: Message: @@ -1310,7 +1310,7 @@ Message: Description: @@ -1467,7 +1467,7 @@ Antivirus signature version has been updated. User action: @@ -1494,7 +1494,7 @@ Message: Description: @@ -1613,7 +1613,7 @@ Message: Description: @@ -1935,7 +1935,7 @@ Message: Description: @@ -2114,7 +2114,7 @@ Message: Description: @@ -2141,7 +2141,7 @@ Message: Description: @@ -2203,7 +2203,7 @@ Message: Description: @@ -2231,7 +2231,7 @@ Message: Description: @@ -2258,7 +2258,7 @@ Message: Description: @@ -2282,7 +2282,7 @@ User action: @@ -2310,7 +2310,7 @@ Message: Description: @@ -2357,7 +2357,7 @@ Message: Description: @@ -2384,7 +2384,7 @@ Message: Description: @@ -2412,7 +2412,7 @@ Message: Description: @@ -2575,7 +2575,7 @@ Message: Description: @@ -2601,7 +2601,7 @@ Message: Description: @@ -2629,7 +2629,7 @@ Message: Description: @@ -2657,10 +2657,10 @@ Message: Description: @@ -2689,7 +2689,7 @@ Message: Description:
        Action -Windows Defender Antivirus has deduced the hashes for a threat resource. +Microsoft Defender Antivirus has deduced the hashes for a threat resource.
        -Windows Defender Antivirus client is up and running in a healthy state. +Microsoft Defender Antivirus client is up and running in a healthy state.
        Current Platform Version: <Current platform version>
        Threat Resource Path: <Path>
        @@ -1349,7 +1349,7 @@ Message: Description:
        		-Windows Defender Antivirus client is up and running in a healthy state. +Microsoft Defender Antivirus client is up and running in a healthy state.
        Platform Version: <Current platform version>
        Signature Version: <Definition version>
        @@ -1362,7 +1362,7 @@ Windows Defender Antivirus client is up and running in a healthy state. User action:
        		-No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported on an hourly basis. +No action is necessary. The Microsoft Defender Antivirus client is in a healthy state. This event is reported on an hourly basis.
        -No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported when signatures are successfully updated. +No action is necessary. The Microsoft Defender Antivirus client is in a healthy state. This event is reported when signatures are successfully updated.
        -Windows Defender Antivirus has encountered an error trying to update signatures. +Microsoft Defender Antivirus has encountered an error trying to update signatures.
        New security intelligence version: <New version number>
        Previous security intelligence version: <Previous version>
        @@ -1572,7 +1572,7 @@ Message: Description:
        		-Windows Defender Antivirus engine version has been updated. +Microsoft Defender Antivirus engine version has been updated.
        Current Engine Version: <Current engine version>
        Previous Engine Version: <Previous engine version>
        @@ -1586,7 +1586,7 @@ Windows Defender Antivirus engine version has been updated. User action:
        		-No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported when the antimalware engine is successfully updated. +No action is necessary. The Microsoft Defender Antivirus client is in a healthy state. This event is reported when the antimalware engine is successfully updated.
        -Windows Defender Antivirus has encountered an error trying to update the engine. +Microsoft Defender Antivirus has encountered an error trying to update the engine.
        New Engine Version:
        Previous Engine Version: <Previous engine version>
        @@ -1631,7 +1631,7 @@ Description of the error. User action:
        		-The Windows Defender Antivirus client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update. +The Microsoft Defender Antivirus client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update. To troubleshoot this event:
        1. Update definitions and force a rescan directly on the endpoint.
          2. @@ -1663,7 +1663,7 @@ Message: Description:
        		-Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. +Microsoft Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
        Signatures Attempted:
        Error Code: <Error code> @@ -1680,7 +1680,7 @@ Description of the error.
        User action:
        		-The Windows Defender Antivirus client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Windows Defender Antivirus will attempt to revert back to a known-good set of definitions. +The Microsoft Defender Antivirus client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Microsoft Defender Antivirus will attempt to revert back to a known-good set of definitions. To troubleshoot this event:
        1. Restart the computer and try again.
          2. @@ -1715,7 +1715,7 @@ Message: Description:
        		-Windows Defender Antivirus could not load antimalware engine because current platform version is not supported. Windows Defender Antivirus will revert back to the last known-good engine and a platform update will be attempted. +Microsoft Defender Antivirus could not load antimalware engine because current platform version is not supported. Microsoft Defender Antivirus will revert back to the last known-good engine and a platform update will be attempted.
        Current Platform Version: <Current platform version>
        @@ -1746,7 +1746,7 @@ Message: Description:         		-Windows Defender Antivirus has encountered an error trying to update the platform. +Microsoft Defender Antivirus has encountered an error trying to update the platform.
        Current Platform Version: <Current platform version>
        Error Code: <Error code> @@ -1779,7 +1779,7 @@ Message: Description:
        		-Windows Defender Antivirus will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Windows Defender Antivirus platform to maintain the best level of protection available. +Microsoft Defender Antivirus will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Microsoft Defender Antivirus platform to maintain the best level of protection available.
        Current Platform Version: <Current platform version>
        @@ -1810,7 +1810,7 @@ Message: Description:         		-Windows Defender Antivirus used Dynamic Signature Service to retrieve additional signatures to help protect your machine. +Microsoft Defender Antivirus used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
        Current Signature Version: <Current signature version>
        Signature Type: <Signature type>, for example:
          @@ -1868,7 +1868,7 @@ Message: Description:
        		-Windows Defender Antivirus used Dynamic Signature Service to discard obsolete signatures. +Microsoft Defender Antivirus used Dynamic Signature Service to discard obsolete signatures.
        Current Signature Version: <Current signature version>
        Signature Type: <Signature type>, for example:
          @@ -1907,7 +1907,7 @@ Windows Defender Antivirus used Dynamic Signature Service to discard obso User action:
        		-No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions. +No action is necessary. The Microsoft Defender Antivirus client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions.
        -Windows Defender Antivirus has encountered an error trying to use Dynamic Signature Service. +Microsoft Defender Antivirus has encountered an error trying to use Dynamic Signature Service.
        Current Signature Version: <Current signature version>
        Signature Type: <Signature type>, for example:
          @@ -2005,7 +2005,7 @@ Message: Description:
        		-Windows Defender Antivirus discarded all Dynamic Signature Service signatures. +Microsoft Defender Antivirus discarded all Dynamic Signature Service signatures.
        Current Signature Version: <Current signature version>
        @@ -2036,7 +2036,7 @@ Message: Description:         		-Windows Defender Antivirus downloaded a clean file. +Microsoft Defender Antivirus downloaded a clean file.
        Filename: <File name> Name of the file.
        @@ -2069,7 +2069,7 @@ Message: Description:
        		-Windows Defender Antivirus has encountered an error trying to download a clean file. +Microsoft Defender Antivirus has encountered an error trying to download a clean file.
        Filename: <File name> Name of the file.
        @@ -2088,7 +2088,7 @@ User action:
        		Check your Internet connectivity settings. -The Windows Defender Antivirus client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue. +The Microsoft Defender Antivirus client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue.
        -Windows Defender Antivirus downloaded and configured offline antivirus to run on the next reboot. +Microsoft Defender Antivirus downloaded and configured offline antivirus to run on the next reboot.
        -Windows Defender Antivirus has encountered an error trying to download and configure offline antivirus. +Microsoft Defender Antivirus has encountered an error trying to download and configure offline antivirus.
        Error Code: <Error code> Result code associated with threat status. Standard HRESULT values.
        @@ -2175,7 +2175,7 @@ Message: Description:
        		-The support for your operating system will expire shortly. Running Windows Defender Antivirus on an out of support operating system is not an adequate solution to protect against threats. +The support for your operating system will expire shortly. Running Microsoft Defender Antivirus on an out of support operating system is not an adequate solution to protect against threats.
        -The support for your operating system has expired. Running Windows Defender Antivirus on an out of support operating system is not an adequate solution to protect against threats. +The support for your operating system has expired. Running Microsoft Defender Antivirus on an out of support operating system is not an adequate solution to protect against threats.
        -The support for your operating system has expired. Windows Defender Antivirus is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats. +The support for your operating system has expired. Microsoft Defender Antivirus is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.
        -Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. +Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
        Feature: <Feature>, for example:
          @@ -2272,7 +2272,7 @@ Windows Defender Antivirus Real-Time Protection feature has encountered an error Result code associated with threat status. Standard HRESULT values.
        Error Description: <Error description> Description of the error.
        -
        Reason: The reason Windows Defender Antivirus real-time protection has restarted a feature.
        +
        Reason: The reason Microsoft Defender Antivirus real-time protection has restarted a feature.
        You should restart the system then run a full scan because it's possible the system was not protected for some time. -The Windows Defender Antivirus client's real-time protection feature encountered an error because one of the services failed to start. +The Microsoft Defender Antivirus client's real-time protection feature encountered an error because one of the services failed to start. If it is followed by a 3007 event ID, the failure was temporary and the antimalware client recovered from the failure.
        -Windows Defender Antivirus Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down. +Microsoft Defender Antivirus Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.
        Feature: <Feature>, for example:
          @@ -2320,7 +2320,7 @@ Windows Defender Antivirus Real-time Protection has restarted a feature. It is r
        • Network Inspection System
        -
        Reason: The reason Windows Defender Antivirus real-time protection has restarted a feature.
        +
        Reason: The reason Microsoft Defender Antivirus real-time protection has restarted a feature.
        -Windows Defender Antivirus real-time protection scanning for malware and other potentially unwanted software was enabled. +Microsoft Defender Antivirus real-time protection scanning for malware and other potentially unwanted software was enabled.
        -Windows Defender Antivirus real-time protection scanning for malware and other potentially unwanted software was disabled. +Microsoft Defender Antivirus real-time protection scanning for malware and other potentially unwanted software was disabled.
        -Windows Defender Antivirus real-time protection feature configuration has changed. +Microsoft Defender Antivirus real-time protection feature configuration has changed.
        Feature: <Feature>, for example:
          @@ -2450,7 +2450,7 @@ Message: Description:
        		-Windows Defender Antivirus configuration has changed. If this is an unexpected event, you should review the settings as this may be the result of malware. +Microsoft Defender Antivirus configuration has changed. If this is an unexpected event, you should review the settings as this may be the result of malware.
        Old value: <Old value number> Old antivirus configuration value.
        @@ -2482,7 +2482,7 @@ Message: Description:
        		-Windows Defender Antivirus engine has been terminated due to an unexpected error. +Microsoft Defender Antivirus engine has been terminated due to an unexpected error.
        Failure Type: <Failure type>, for example: Crash @@ -2513,7 +2513,7 @@ To troubleshoot this event:
          User action:
        		-The Windows Defender Antivirus client engine stopped due to an unexpected error. +The Microsoft Defender Antivirus client engine stopped due to an unexpected error. To troubleshoot this event:
        1. Run the scan again.
          2. @@ -2548,7 +2548,7 @@ Message: Description:
        		-Windows Defender Antivirus scanning for malware and other potentially unwanted software has been enabled. +Microsoft Defender Antivirus scanning for malware and other potentially unwanted software has been enabled.
        -Windows Defender Antivirus scanning for malware and other potentially unwanted software is disabled. +Microsoft Defender Antivirus scanning for malware and other potentially unwanted software is disabled.
        -Windows Defender Antivirus scanning for viruses has been enabled. +Microsoft Defender Antivirus scanning for viruses has been enabled.
        -Windows Defender Antivirus scanning for viruses is disabled. +Microsoft Defender Antivirus scanning for viruses is disabled.
        -Windows Defender Antivirus has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software. +Microsoft Defender Antivirus has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software.
        -
        Expiration Reason: The reason Windows Defender Antivirus will expire.
        -
        Expiration Date: The date Windows Defender Antivirus will expire.
        +
        Expiration Reason: The reason Microsoft Defender Antivirus will expire.
        +
        Expiration Date: The date Microsoft Defender Antivirus will expire.
        -Windows Defender Antivirus grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. +Microsoft Defender Antivirus grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
        Expiration Reason:
        Expiration Date:
        @@ -2703,14 +2703,14 @@ Description of the error.
        -## Windows Defender Antivirus client error codes -If Windows Defender Antivirus experiences any issues it will usually give you an error code to help you troubleshoot the issue. Most often an error means there was a problem installing an update. -This section provides the following information about Windows Defender Antivirus client errors. +## Microsoft Defender Antivirus client error codes +If Microsoft Defender Antivirus experiences any issues it will usually give you an error code to help you troubleshoot the issue. Most often an error means there was a problem installing an update. +This section provides the following information about Microsoft Defender Antivirus client errors. - The error code - The possible reason for the error - Advice on what to do now -Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes. +Use the information in these tables to help troubleshoot Microsoft Defender Antivirus error codes. @@ -2753,7 +2753,7 @@ This error indicates that there might be a problem with your security product. @@ -2852,7 +2852,7 @@ Follow the manual remediation steps outlined in the offline Windows Defender Antivirus article. +Run offline Microsoft Defender Antivirus. You can read about how to do this in the offline Microsoft Defender Antivirus article. @@ -2901,14 +2901,14 @@ Run offline Windows Defender Antivirus. You can read about how to do this in the +You can only use Microsoft Defender Antivirus in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection.
        Resolution
        1. Update the definitions. Either:
            -
          1. Click the Update definitions button on the Update tab in Windows Defender Antivirus. Update definitions in Windows Defender AntivirusOr, +
          2. Click the Update definitions button on the Update tab in Microsoft Defender Antivirus. Update definitions in Microsoft Defender AntivirusOr,
          3. Download the latest definitions from the Microsoft Security Intelligence site. Note: The size of the definitions file downloaded from the site can exceed 60 MB and should not be used as a long-term solution for updating definitions. @@ -2785,7 +2785,7 @@ data that does not allow the engine to function properly.
        Possible reason -This error indicates that Windows Defender Antivirus failed to quarantine a threat. +This error indicates that Microsoft Defender Antivirus failed to quarantine a threat.
        ERROR_MP_PLATFORM_OUTDATED
        Possible reason -This error indicates that Windows Defender Antivirus does not support the current version of the platform and requires a new version of the platform. +This error indicates that Microsoft Defender Antivirus does not support the current version of the platform and requires a new version of the platform.
        Resolution -You can only use Windows Defender Antivirus in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection.
        -The following error codes are used during internal testing of Windows Defender Antivirus. +The following error codes are used during internal testing of Microsoft Defender Antivirus. If you see these errors, you can try to [update definitions](manage-updates-baselines-microsoft-defender-antivirus.md) and force a rescan directly on the endpoint. @@ -3240,5 +3240,5 @@ This is an internal error. It might have triggered when a scan fails to complete ## Related topics -- [Report on Windows Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Report on Microsoft Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md index 1c880042ba..b1872a430d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md @@ -16,25 +16,25 @@ ms.reviewer: manager: dansimp --- -# Troubleshoot Windows Defender Antivirus reporting in Update Compliance +# Troubleshoot Microsoft Defender Antivirus reporting in Update Compliance **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!IMPORTANT] -> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates. +> On March 31, 2020, the Microsoft Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates. -You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). +You can use Microsoft Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). -When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of devices or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you might encounter problems or issues. +When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of devices or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Microsoft Defender Antivirus, you might encounter problems or issues. Typically, the most common indicators of a problem are: - You only see a small number or subset of all the devices you were expecting to see - You do not see any devices at all - The reports and information you do see is outdated (older than a few days) -For common error codes and event IDs related to the Windows Defender Antivirus service that are not related to Update Compliance, see [Windows Defender Antivirus events](troubleshoot-microsoft-defender-antivirus.md). +For common error codes and event IDs related to the Microsoft Defender Antivirus service that are not related to Update Compliance, see [Microsoft Defender Antivirus events](troubleshoot-microsoft-defender-antivirus.md). There are three steps to troubleshooting these problems: @@ -48,16 +48,16 @@ There are three steps to troubleshooting these problems: ## Confirm prerequisites -In order for devices to properly show up in Update Compliance, you have to meet certain prerequisites for both the Update Compliance service and for Windows Defender Antivirus: +In order for devices to properly show up in Update Compliance, you have to meet certain prerequisites for both the Update Compliance service and for Microsoft Defender Antivirus: >[!div class="checklist"] ->- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](microsoft-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. +>- Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](microsoft-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. > - [Cloud-delivered protection is enabled](enable-cloud-protection-microsoft-defender-antivirus.md). > - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-microsoft-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) > - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level). > - It has been 3 days since all requirements have been met -“You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender ATP portal (https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options" +“You can use Microsoft Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender ATP portal (https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options" If the above prerequisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us. @@ -71,5 +71,5 @@ If the above prerequisites have all been met, you might need to proceed to the n ## Related topics -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) -- [Deploy Windows Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md index 7c989eb15a..266e82be31 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Configure Windows Defender Antivirus with Group Policy -description: Configure Windows Defender Antivirus settings with Group Policy +title: Configure Microsoft Defender Antivirus with Group Policy +description: Configure Microsoft Defender Antivirus settings with Group Policy keywords: group policy, GPO, configuration, settings search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -17,15 +17,15 @@ ms.reviewer: manager: dansimp --- -# Use Group Policy settings to configure and manage Windows Defender Antivirus +# Use Group Policy settings to configure and manage Microsoft Defender Antivirus **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can use [Group Policy](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx) to configure and manage Windows Defender Antivirus on your endpoints. +You can use [Group Policy](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx) to configure and manage Microsoft Defender Antivirus on your endpoints. -In general, you can use the following procedure to configure or change Windows Defender Antivirus group policy settings: +In general, you can use the following procedure to configure or change Microsoft Defender Antivirus group policy settings: 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. @@ -33,7 +33,7 @@ In general, you can use the following procedure to configure or change Windows D 3. Click **Administrative templates**. -4. Expand the tree to **Windows components** > **Windows Defender Antivirus**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus**. 5. Expand the section (referred to as **Location** in the table in this topic) that contains the setting you want to configure, double-click the setting to open it, and make configuration changes. @@ -43,14 +43,14 @@ The following table in this topic lists the Group Policy settings available in W Location | Setting | Article ---|---|--- -Client interface | Enable headless UI mode | [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) +Client interface | Enable headless UI mode | [Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) Client interface | Display additional text to clients when they need to perform an action | [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) Client interface | Suppress all notifications | [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) Client interface | Suppresses reboot notifications | [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) -Exclusions | Extension Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) -Exclusions | Path Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) -Exclusions | Process Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) -Exclusions | Turn off Auto Exclusions | [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +Exclusions | Extension Exclusions | [Configure and validate exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +Exclusions | Path Exclusions | [Configure and validate exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +Exclusions | Process Exclusions | [Configure and validate exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) +Exclusions | Turn off Auto Exclusions | [Configure and validate exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) MAPS | Configure the 'Block at First Sight' feature | [Enable block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) MAPS | Join Microsoft MAPS | [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) MAPS | Send file samples when further analysis is required | [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) @@ -61,23 +61,23 @@ Network inspection system | Specify additional definition sets for network traff Network inspection system | Turn on definition retirement | Not used Network inspection system | Turn on protocol recognition | Not used Quarantine | Configure local setting override for the removal of items from Quarantine folder | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) -Quarantine | Configure removal of items from Quarantine folder | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Quarantine | Configure removal of items from Quarantine folder | [Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) Real-time protection | Configure local setting override for monitoring file and program activity on your computer | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) Real-time protection | Configure local setting override for monitoring for incoming and outgoing file activity | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) Real-time protection | Configure local setting override for scanning all downloaded files and attachments | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) Real-time protection | Configure local setting override for turn on behavior monitoring | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) Real-time protection | Configure local setting override to turn on real-time protection | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) -Real-time protection | Define the maximum size of downloaded files and attachments to be scanned | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Monitor file and program activity on your computer | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Scan all downloaded files and attachments | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Turn off real-time protection | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Turn on behavior monitoring | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Turn on process scanning whenever real-time protection is enabled | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Turn on raw volume write notifications | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Real-time protection | Configure monitoring for incoming and outgoing file and program activity | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Define the maximum size of downloaded files and attachments to be scanned | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Monitor file and program activity on your computer | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Scan all downloaded files and attachments | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Turn off real-time protection | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Turn on behavior monitoring | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Turn on process scanning whenever real-time protection is enabled | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Turn on raw volume write notifications | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Real-time protection | Configure monitoring for incoming and outgoing file and program activity | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) Remediation | Configure local setting override for the time of day to run a scheduled full scan to complete remediation | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) -Remediation | Specify the day of the week to run a scheduled full scan to complete remediation | [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Remediation | Specify the time of day to run a scheduled full scan to complete remediation | [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Remediation | Specify the day of the week to run a scheduled full scan to complete remediation | [Configure scheduled Microsoft Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Remediation | Specify the time of day to run a scheduled full scan to complete remediation | [Configure scheduled Microsoft Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) Reporting | Configure Watson events | Not used Reporting | Configure Windows software trace preprocessor components | Not used Reporting | Configure WPP tracing level | Not used @@ -86,16 +86,16 @@ Reporting | Configure time out for detections in non-critical failed state | Not Reporting | Configure time out for detections in recently remediated state | Not used Reporting | Configure time out for detections requiring additional action | Not used Reporting | Turn off enhanced notifications | [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) -Root | Turn off Windows Defender Antivirus | Not used (This setting must be set to **Not configured** to ensure any installed third-party antivirus apps work correctly) +Root | Turn off Microsoft Defender Antivirus | Not used (This setting must be set to **Not configured** to ensure any installed third-party antivirus apps work correctly) Root | Define addresses to bypass proxy server | Not used Root | Define proxy autoconfig (.pac) for connecting to the network | Not used Root | Define proxy server for connecting to the network | Not used Root | Configure local administrator merge behavior for lists | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) -Root | Allow antimalware service to start up with normal priority | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) -Root | Allow antimalware service to remain running always | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) -Root | Turn off routine remediation | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) -Root | Randomize scheduled task times | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Scan | Allow users to pause scan | [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) +Root | Allow antimalware service to start up with normal priority | [Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Root | Allow antimalware service to remain running always | [Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Root | Turn off routine remediation | [Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Root | Randomize scheduled task times | [Configure scheduled scans for Microsoft Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Allow users to pause scan | [Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) Scan | Check for the latest virus and spyware definitions before running a scheduled scan | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) Scan | Define the number of days after which a catch-up scan is forced | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) Scan | Turn on catch up full scan | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) @@ -105,46 +105,46 @@ Scan | Configure local setting override for schedule scan day | [Prevent or allo Scan | Configure local setting override for scheduled quick scan time | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) Scan | Configure local setting override for scheduled scan time | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) Scan | Configure local setting override for the scan type to use for a scheduled scan | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) -Scan | Create a system restore point | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) -Scan | Turn on removal of items from scan history folder | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) -Scan | Turn on heuristics | [Enable and configure Windows Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) -Scan | Turn on e-mail scanning | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Turn on reparse point scanning | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Run full scan on mapped network drives | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Scan archive files | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Scan network files | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Scan packed executables | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Scan removable drives | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Specify the maximum depth to scan archive files | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Specify the maximum percentage of CPU utilization during a scan | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Specify the maximum size of archive files to be scanned | [Configure scanning options in Windows Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) -Scan | Specify the day of the week to run a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Scan | Specify the interval to run quick scans per day | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Scan | Specify the scan type to use for a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Scan | Specify the time for a daily quick scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Scan | Specify the time of day to run a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Scan | Start the scheduled scan only when computer is on but not in use | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Create a system restore point | [Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Scan | Turn on removal of items from scan history folder | [Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Scan | Turn on heuristics | [Enable and configure Microsoft Defender Antivirus always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md) +Scan | Turn on e-mail scanning | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Turn on reparse point scanning | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Run full scan on mapped network drives | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Scan archive files | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Scan network files | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Scan packed executables | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Scan removable drives | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Specify the maximum depth to scan archive files | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Specify the maximum percentage of CPU utilization during a scan | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Specify the maximum size of archive files to be scanned | [Configure scanning options in Microsoft Defender Antivirus](configure-advanced-scan-types-microsoft-defender-antivirus.md) +Scan | Specify the day of the week to run a scheduled scan | [Configure scheduled scans for Microsoft Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Specify the interval to run quick scans per day | [Configure scheduled scans for Microsoft Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Specify the scan type to use for a scheduled scan | [Configure scheduled scans for Microsoft Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Specify the time for a daily quick scan | [Configure scheduled scans for Microsoft Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Specify the time of day to run a scheduled scan | [Configure scheduled scans for Microsoft Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Scan | Start the scheduled scan only when computer is on but not in use | [Configure scheduled scans for Microsoft Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) Security intelligence updates | Allow security intelligence updates from Microsoft Update | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) Security intelligence updates | Allow security intelligence updates when running on battery power | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) Security intelligence updates | Allow notifications to disable definitions-based reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) Security intelligence updates | Allow real-time security intelligence updates based on reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) Security intelligence updates | Check for the latest virus and spyware definitions on startup | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) -Security intelligence updates | Define file shares for downloading security intelligence updates | [Manage Windows Defender Antivirus protection and security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) +Security intelligence updates | Define file shares for downloading security intelligence updates | [Manage Microsoft Defender Antivirus protection and security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) Security intelligence updates | Define the number of days after which a catch up security intelligence update is required | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) Security intelligence updates | Define the number of days before spyware definitions are considered out of date | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) Security intelligence updates | Define the number of days before virus definitions are considered out of date | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) -Security intelligence updates | Define the order of sources for downloading security intelligence updates | [Manage Windows Defender Antivirus protection and security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) +Security intelligence updates | Define the order of sources for downloading security intelligence updates | [Manage Microsoft Defender Antivirus protection and security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md) Security intelligence updates | Initiate security intelligence update on startup | [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) Security intelligence updates | Specify the day of the week to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) Security intelligence updates | Specify the interval to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) Security intelligence updates | Specify the time to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) -Security intelligence updates | Turn on scan after Security intelligence update | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) -Threats | Specify threat alert levels at which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) -Threats | Specify threats upon which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Security intelligence updates | Turn on scan after Security intelligence update | [Configure scheduled scans for Microsoft Defender Antivirus](scheduled-catch-up-scans-microsoft-defender-antivirus.md) +Threats | Specify threat alert levels at which default action should not be taken when detected | [Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) +Threats | Specify threats upon which default action should not be taken when detected | [Configure remediation for Microsoft Defender Antivirus scans](configure-remediation-microsoft-defender-antivirus.md) ## Related articles - [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md index 880a57432f..a6ba01f23b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Configure Windows Defender Antivirus with Configuration Manager and Intune +title: Configure Microsoft Defender Antivirus with Configuration Manager and Intune description: Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure Windows Defender AV and Endpoint Protection keywords: scep, intune, endpoint protection, configuration search.product: eADQiWindows 10XVcnh @@ -17,15 +17,15 @@ ms.reviewer: manager: dansimp --- -# Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage Windows Defender Antivirus +# Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage Microsoft Defender Antivirus **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -If you are using Microsoft Endpoint Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Windows Defender Antivirus scans. +If you are using Microsoft Endpoint Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Microsoft Defender Antivirus scans. -In some cases, the protection will be labeled as Endpoint Protection, although the engine is the same as that used by Windows Defender Antivirus. +In some cases, the protection will be labeled as Endpoint Protection, although the engine is the same as that used by Microsoft Defender Antivirus. See the [Endpoint Protection](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-protection) library on docs.microsoft.com for information on using Configuration Manager. @@ -35,4 +35,4 @@ For Microsoft Intune, consult the [Microsoft Intune library](https://docs.micros ## Related articles - [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md index 88bb40bc67..fcfc8ca38c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Use PowerShell cmdlets to configure and run Windows Defender AV -description: In Windows 10, you can use PowerShell cmdlets to run scans, update Security intelligence, and change settings in Windows Defender Antivirus. +description: In Windows 10, you can use PowerShell cmdlets to run scans, update Security intelligence, and change settings in Microsoft Defender Antivirus. keywords: scan, command line, mpcmdrun, defender search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -17,7 +17,7 @@ ms.reviewer: manager: dansimp --- -# Use PowerShell cmdlets to configure and manage Windows Defender Antivirus +# Use PowerShell cmdlets to configure and manage Microsoft Defender Antivirus **Applies to:** @@ -30,7 +30,7 @@ For a list of the cmdlets and their functions and available parameters, see the PowerShell cmdlets are most useful in Windows Server environments that don't rely on a graphical user interface (GUI) to configure software. > [!NOTE] -> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr), [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), or [Windows Defender Antivirus Group Policy ADMX templates](https://www.microsoft.com/download/100591). +> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr), [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), or [Microsoft Defender Antivirus Group Policy ADMX templates](https://www.microsoft.com/download/100591). Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell. @@ -38,7 +38,7 @@ You can [configure which settings can be overridden locally with local policy ov PowerShell is typically installed under the folder `%SystemRoot%\system32\WindowsPowerShell`. -## Use Windows Defender Antivirus PowerShell cmdlets +## Use Microsoft Defender Antivirus PowerShell cmdlets 1. In the Windows search bar, type **powershell**. 2. Select **Windows PowerShell** from the results to open the interface. @@ -58,4 +58,4 @@ Omit the `-online` parameter to get locally cached help. ## Related topics - [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md index dbf54ea3dc..73d1b7d19f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Configure Windows Defender Antivirus with WMI +title: Configure Microsoft Defender Antivirus with WMI description: Use WMI scripts to configure Windows Defender AV. keywords: wmi, scripts, windows management instrumentation, configuration search.product: eADQiWindows 10XVcnh @@ -17,7 +17,7 @@ ms.reviewer: manager: dansimp --- -# Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender Antivirus +# Use Windows Management Instrumentation (WMI) to configure and manage Microsoft Defender Antivirus **Applies to:** @@ -27,9 +27,9 @@ Windows Management Instrumentation (WMI) is a scripting interface that allows yo Read more about WMI at the [Microsoft Developer Network System Administration library](https://msdn.microsoft.com/library/aa394582(v=vs.85).aspx). -Windows Defender Antivirus has a number of specific WMI classes that can be used to perform most of the same functions as Group Policy and other management tools. Many of the classes are analogous to [Defender PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md). +Microsoft Defender Antivirus has a number of specific WMI classes that can be used to perform most of the same functions as Group Policy and other management tools. Many of the classes are analogous to [Defender PowerShell cmdlets](use-powershell-cmdlets-microsoft-defender-antivirus.md). -The [MSDN Windows Defender WMIv2 Provider reference library](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) lists the available WMI classes for Windows Defender Antivirus, and includes example scripts. +The [MSDN Windows Defender WMIv2 Provider reference library](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) lists the available WMI classes for Microsoft Defender Antivirus, and includes example scripts. Changes made with WMI will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with WMI. @@ -38,4 +38,4 @@ You can [configure which settings can be overridden locally with local policy o ## Related topics - [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) +- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md index 0d7199bee4..6e52508bcb 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- -title: Use next-generation technologies in Windows Defender Antivirus through cloud-delivered protection +title: Use next-generation technologies in Microsoft Defender Antivirus through cloud-delivered protection description: next-generation technologies in cloud-delivered protection provide an advanced level of fast, robust antivirus detection. -keywords: windows defender antivirus, next-generation technologies, next-generation av, machine learning, antimalware, security, defender, cloud, cloud-delivered protection +keywords: Microsoft Defender Antivirus, next-generation technologies, next-generation av, machine learning, antimalware, security, defender, cloud, cloud-delivered protection search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -16,23 +16,23 @@ manager: dansimp ms.custom: nextgen --- -# Use next-generation technologies in Windows Defender Antivirus through cloud-delivered protection +# Use next-generation technologies in Microsoft Defender Antivirus through cloud-delivered protection **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Microsoft next-generation technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. +Microsoft next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. -Windows Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). +Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). ![List of Windows Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) -To take advantage of the power and speed of these next-generation technologies, Windows Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense. +To take advantage of the power and speed of these next-generation technologies, Microsoft Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense. >[!NOTE] ->The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. +>The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. -With cloud-delivered protection, next-generation technologies provide rapid identification of new threats, sometimes even before a single machine is infected. Watch the following video about Microsoft AI and Windows Defender Antivirus in action: +With cloud-delivered protection, next-generation technologies provide rapid identification of new threats, sometimes even before a single machine is infected. Watch the following video about Microsoft AI and Microsoft Defender Antivirus in action: @@ -44,11 +44,11 @@ src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc Read the following blog posts for detailed protection stories involving cloud-protection and Microsoft AI: -- [Why Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-microsoft-defender-antivirus-is-the-most-deployed-in-the-enterprise/) +- [Why Microsoft Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-microsoft-defender-antivirus-is-the-most-deployed-in-the-enterprise/) - [Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/) - [How artificial intelligence stopped an Emotet outbreak](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/) -- [Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-microsoft-defender-antivirus-and-layered-machine-learning-defenses/) -- [Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware](https://cloudblogs.microsoft.com/microsoftsecure/2017/07/18/microsoft-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware/) +- [Detonating a bad rabbit: Microsoft Defender Antivirus and layered machine learning defenses](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-microsoft-defender-antivirus-and-layered-machine-learning-defenses/) +- [Microsoft Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware](https://cloudblogs.microsoft.com/microsoftsecure/2017/07/18/microsoft-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware/) ## Get cloud-delivered protection @@ -70,7 +70,7 @@ The following table describes the differences in cloud-delivered protection betw |Microsoft Endpoint Configuration Manager (Current Branch) |Cloud protection service |Dependent on Windows version |Configurable | |Microsoft Intune |Microsoft Advanced Protection Service |Dependent on Windows version |Configurable | -You can also [configure Windows Defender Antivirus to automatically receive new protection updates based on reports from our cloud service](manage-event-based-updates-microsoft-defender-antivirus.md#cloud-report-updates). +You can also [configure Microsoft Defender Antivirus to automatically receive new protection updates based on reports from our cloud service](manage-event-based-updates-microsoft-defender-antivirus.md#cloud-report-updates). ## Tasks @@ -79,8 +79,8 @@ You can also [configure Windows Defender Antivirus to automatically receive new - [Specify the cloud-delivered protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md). You can specify the level of protection offered by the cloud with Group Policy and Microsoft Endpoint Configuration Manager. The protection level will affect the amount of information shared with the cloud and how aggressively new files are blocked. -- [Configure and validate network connections for Windows Defender Antivirus](configure-network-connections-microsoft-defender-antivirus.md). There are certain Microsoft URLs that your network and endpoints must be able to connect to for cloud-delivered protection to work effectively. This article lists the URLs that should be allowed via firewall or network filtering rules, and instructions for confirming your network is properly enrolled in cloud-delivered protection. +- [Configure and validate network connections for Microsoft Defender Antivirus](configure-network-connections-microsoft-defender-antivirus.md). There are certain Microsoft URLs that your network and endpoints must be able to connect to for cloud-delivered protection to work effectively. This article lists the URLs that should be allowed via firewall or network filtering rules, and instructions for confirming your network is properly enrolled in cloud-delivered protection. - [Configure the block at first sight feature](configure-block-at-first-sight-microsoft-defender-antivirus.md). The "block at first sight" feature can block new malware within seconds, without having to wait hours for traditional Security intelligence. You can enable and configure it with Microsoft Endpoint Configuration Manager and Group Policy. -- [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md). Windows Defender Antivirus can block suspicious files from running while it queries our cloud-delivered protection service. You can configure the amount of time the file will be prevented from running with Microsoft Endpoint Configuration Manager and Group Policy. +- [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md). Microsoft Defender Antivirus can block suspicious files from running while it queries our cloud-delivered protection service. You can configure the amount of time the file will be prevented from running with Microsoft Endpoint Configuration Manager and Group Policy. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md index aae7ad22c5..866f6d5277 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: "Why you should use Windows Defender Antivirus together with Microsoft Defender Advanced Threat Protection" -description: "For best results, use Windows Defender Antivirus together with your other Microsoft offerings." +title: "Why you should use Microsoft Defender Antivirus together with Microsoft Defender Advanced Threat Protection" +description: "For best results, use Microsoft Defender Antivirus together with your other Microsoft offerings." keywords: windows defender, antivirus, third party av search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -18,31 +18,31 @@ ms.reviewer: manager: dansimp --- -# Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection +# Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Antivirus is the next-generation protection component of [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) (Microsoft Defender ATP). +Microsoft Defender Antivirus is the next-generation protection component of [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) (Microsoft Defender ATP). -Although you can use a non-Microsoft antivirus solution with Microsoft Defender ATP, there are advantages to using Windows Defender Antivirus together with Microsoft Defender ATP. Not only is Windows Defender Antivirus an excellent next-generation antivirus solution, but combined with other Microsoft Defender ATP capabilities, such as [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations), you get better protection that's coordinated across products and services. +Although you can use a non-Microsoft antivirus solution with Microsoft Defender ATP, there are advantages to using Microsoft Defender Antivirus together with Microsoft Defender ATP. Not only is Microsoft Defender Antivirus an excellent next-generation antivirus solution, but combined with other Microsoft Defender ATP capabilities, such as [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations), you get better protection that's coordinated across products and services. -## 11 reasons to use Windows Defender Antivirus together with Microsoft Defender ATP +## 11 reasons to use Microsoft Defender Antivirus together with Microsoft Defender ATP | |Advantage |Why it matters | |--|--|--| |1|Antivirus signal sharing |Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See [Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). | -|2|Threat analytics and your configuration score |Windows Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [configuration score](../microsoft-defender-atp/configuration-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. | -|3|Performance |Microsoft Defender ATP is designed to work with Windows Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Windows Defender Antivirus](evaluate-microsoft-defender-antivirus.md) and [Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).| -|4|Details about blocked malware |More details and actions for blocked malware are available with Windows Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).| +|2|Threat analytics and your configuration score |Microsoft Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [configuration score](../microsoft-defender-atp/configuration-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. | +|3|Performance |Microsoft Defender ATP is designed to work with Microsoft Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Microsoft Defender Antivirus](evaluate-microsoft-defender-antivirus.md) and [Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).| +|4|Details about blocked malware |More details and actions for blocked malware are available with Microsoft Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).| |5|Network protection |Your organization's security team can protect your network by blocking specific URLs and IP addresses. [Protect your network](../microsoft-defender-atp/network-protection.md).| |6|File blocking |Your organization's security team can block specific files. [Stop and quarantine files in your network](../microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network).| |7|Attack Surface Reduction |Your organization's security team can reduce your vulnerabilities (attack surfaces), giving attackers fewer ways to perform attacks. Attack surface reduction uses cloud protection for a number of rules. [Reduce attack surfaces with attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction).| |8|Auditing events |Auditing event signals are available in [endpoint detection and response capabilities](../microsoft-defender-atp/overview-endpoint-detection-response.md). (These signals are not available with non-Microsoft antivirus solutions.) | |9|Geographic data |Compliant with ISO 270001 and data retention, geographic data is provided according to your organization's selected geographic sovereignty. See [Compliance offerings: ISO/IEC 27001:2013 Information Security Management Standards](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-27001). | -|10|File recovery via OneDrive |If you are using Windows Defender Antivirus together with [Office 365](https://docs.microsoft.com/Office365/Enterprise), and your device is attacked by ransomware, your files are protected and recoverable. [OneDrive Files Restore and Windows Defender take ransomware protection one step further](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/OneDrive-Files-Restore-and-Windows-Defender-takes-ransomware/ba-p/188001).| -|11|Technical support |By using Microsoft Defender ATP together with Windows Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](../microsoft-defender-atp/troubleshoot-mdatp.md) and [review event logs and error codes with Windows Defender Antivirus](troubleshoot-microsoft-defender-antivirus.md). | +|10|File recovery via OneDrive |If you are using Microsoft Defender Antivirus together with [Office 365](https://docs.microsoft.com/Office365/Enterprise), and your device is attacked by ransomware, your files are protected and recoverable. [OneDrive Files Restore and Windows Defender take ransomware protection one step further](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/OneDrive-Files-Restore-and-Windows-Defender-takes-ransomware/ba-p/188001).| +|11|Technical support |By using Microsoft Defender ATP together with Microsoft Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](../microsoft-defender-atp/troubleshoot-mdatp.md) and [review event logs and error codes with Microsoft Defender Antivirus](troubleshoot-microsoft-defender-antivirus.md). | ## Learn more diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 95aaddc7ab..2ec8ca9023 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -46,7 +46,7 @@ Field numbers match the numbers in the images below. > | 1 | AlertTitle | name | Windows Defender AV detected 'Mikatz' high-severity malware | Value available for every Detection. | > | 2 | Severity | deviceSeverity | High | Value available for every Detection. | > | 3 | Category | deviceEventCategory | Malware | Value available for every Detection. | -> | 4 | Detection source | sourceServiceName | Antivirus | Windows Defender Antivirus or Microsoft Defender ATP. Value available for every Detection. | +> | 4 | Detection source | sourceServiceName | Antivirus | Microsoft Defender Antivirus or Microsoft Defender ATP. Value available for every Detection. | > | 5 | MachineName | sourceHostName | desktop-4a5ngd6 | Value available for every Detection. | > | 6 | FileName | fileName | Robocopy.exe | Available for detections associated with a file or process. | > | 7 | FilePath | filePath | C:\Windows\System32\Robocopy.exe | Available for detections associated with a file or process. | diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index ea4effb1e0..d33c9a2195 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -45,7 +45,7 @@ Controlled folder access is supported on Windows 10, version 1709 and later and ## Requirements -Controlled folder access requires enabling [Windows Defender Antivirus real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md). +Controlled folder access requires enabling [Microsoft Defender Antivirus real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md). ## Review controlled folder access events in the Microsoft Defender ATP Security Center diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index b2fc09e758..fcfeb45219 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -79,7 +79,7 @@ Your custom detection rule can automatically take actions on files or machines t These actions are applied to machines in the `DeviceId` column of the query results: - **Isolate machine** — applies full network isolation, preventing the machine from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about machine isolation](respond-machine-alerts.md#isolate-machines-from-the-network) - **Collect investigation package** — collects machine information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-machines) -- **Run antivirus scan** — performs a full Windows Defender Antivirus scan on the machine +- **Run antivirus scan** — performs a full Microsoft Defender Antivirus scan on the machine - **Initiate investigation** — initiates an [automated investigation](automated-investigations.md) on the machine #### Actions on files diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md index e8f5b64506..a7c6223e18 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md @@ -77,7 +77,7 @@ See the [attack surface reduction](attack-surface-reduction.md) topic for detail 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. +3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. 4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 7e0514fe13..858060526b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -63,7 +63,7 @@ You can use the Windows Security app or Group Policy to add and remove additiona 2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. +3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. 4. Double-click **Configured protected folders** and set the option to **Enabled**. Click **Show** and enter each folder. @@ -117,7 +117,7 @@ An allowed application or service only has write access to a controlled folder a 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. +3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. 4. Double-click the **Configure allowed applications** setting and set the option to **Enabled**. Click **Show** and enter each app. diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md index eec05ff19b..2769a45bcd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md @@ -26,7 +26,7 @@ ms.topic: conceptual This section covers some of the most frequently asked questions regarding privacy and data handling for Microsoft Defender ATP. > [!NOTE] -> This document explains the data storage and privacy details related to Microsoft Defender ATP. For more information related to Microsoft Defender ATP and other products and services like Windows Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information. +> This document explains the data storage and privacy details related to Microsoft Defender ATP. For more information related to Microsoft Defender ATP and other products and services like Microsoft Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information. ## What data does Microsoft Defender ATP collect? diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md index 0b0cb9c6e9..5421596f11 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md @@ -1,5 +1,5 @@ --- -title: Windows Defender Antivirus compatibility with Microsoft Defender ATP +title: Microsoft Defender Antivirus compatibility with Microsoft Defender ATP description: Learn about how Windows Defender works with Microsoft Defender ATP and how it functions when a third-party antimalware client is used. keywords: windows defender compatibility, defender, windows defender atp search.product: eADQiWindows 10XVcnh @@ -18,7 +18,7 @@ ms.topic: conceptual ms.date: 04/24/2018 --- -# Windows Defender Antivirus compatibility with Microsoft Defender ATP +# Microsoft Defender Antivirus compatibility with Microsoft Defender ATP **Applies to:** @@ -30,17 +30,17 @@ ms.date: 04/24/2018 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-defendercompat-abovefoldlink) -The Microsoft Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning. +The Microsoft Defender Advanced Threat Protection agent depends on Microsoft Defender Antivirus for some capabilities such as file scanning. >[!IMPORTANT] ->Microsoft Defender ATP does not adhere to the Windows Defender Antivirus Exclusions settings. +>Microsoft Defender ATP does not adhere to the Microsoft Defender Antivirus Exclusions settings. -You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). +You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). -If an onboarded machine is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode. +If an onboarded machine is protected by a third-party antimalware client, Microsoft Defender Antivirus on that endpoint will enter into passive mode. -Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client. +Microsoft Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client. -The Windows Defender Antivirus interface will be disabled, and users on the machine will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options. +The Microsoft Defender Antivirus interface will be disabled, and users on the machine will not be able to use Microsoft Defender Antivirus to perform on-demand scans or configure most options. -For more information, see the [Windows Defender Antivirus and Microsoft Defender ATP compatibility topic](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +For more information, see the [Microsoft Defender Antivirus and Microsoft Defender ATP compatibility topic](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index 9e7e21cbc4..af6a7cbb1e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -61,9 +61,9 @@ The following image shows an instance of unwanted software that was detected and |Permissions |Global Administrator or Security Administrator role assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions). | |Operating system |One of the following versions:
        - Windows 10 (all releases)
        - Windows Server 2016 or later | |Windows E5 enrollment |Windows E5 is included in the following subscriptions:
        - Microsoft 365 E5
        - Microsoft 365 E3 together with the Identity & Threat Protection offering

        See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). | -|Cloud-delivered protection |Make sure Windows Defender Antivirus is configured such that cloud-delivered protection is enabled.

        See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus). | -|Windows Defender Antivirus antimalware client |Make sure your client is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator.
        In the **AMProductVersion** line, you should see **4.18.2001.10** or above. | -|Windows Defender Antivirus engine |Make sure your engine is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator.
        In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. | +|Cloud-delivered protection |Make sure Microsoft Defender Antivirus is configured such that cloud-delivered protection is enabled.

        See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus). | +|Microsoft Defender Antivirus antimalware client |Make sure your client is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator.
        In the **AMProductVersion** line, you should see **4.18.2001.10** or above. | +|Microsoft Defender Antivirus engine |Make sure your engine is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator.
        In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. | > [!IMPORTANT] > To get the best protection value, make sure your antivirus solution is configured to receive regular updates and essential features. @@ -73,11 +73,11 @@ The following image shows an instance of unwanted software that was detected and ### Will EDR in block mode have any impact on a user's antivirus protection? -No. EDR in block mode does not affect third-party antivirus protection running on users' machines. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Windows Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected. +No. EDR in block mode does not affect third-party antivirus protection running on users' machines. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Microsoft Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected. -### Why do I need to keep Windows Defender Antivirus up to date? +### Why do I need to keep Microsoft Defender Antivirus up to date? -Because Windows Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest machine learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Windows Defender Antivirus up to date. +Because Microsoft Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest machine learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Microsoft Defender Antivirus up to date. ### Why do we need cloud protection on? @@ -87,5 +87,5 @@ Cloud protection is needed to turn on the feature on the device. Cloud protectio [Behavioral blocking and containment](behavioral-blocking-containment.md) -[Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus) +[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index ca3ce4a8d1..a2ebc76a15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -125,7 +125,7 @@ Example: 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. +3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. 4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section. diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md index 6de4052539..dc345b0974 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md @@ -38,7 +38,7 @@ You can enable controlled folder access by using any of these methods: Group Policy settings that disable local administrator list merging will override controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through controlled folder access. These policies include: -* Windows Defender Antivirus **Configure local administrator merge behavior for lists** +* Microsoft Defender Antivirus **Configure local administrator merge behavior for lists** * System Center Endpoint Protection **Allow users to add exclusions and overrides** For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged). @@ -95,7 +95,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access**. +3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access**. 4. Double-click the **Configure Controlled folder access** setting and set the option to **Enabled**. In the options section you must specify one of the following: * **Enable** - Malicious and suspicious apps will not be allowed to make changes to files in protected folders. A notification will be provided in the Windows event log. diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index 2322ed9300..298ace459d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -102,7 +102,7 @@ You can use the following procedure to enable network protection on domain-joine 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Network protection**. +3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Network protection**. 4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following: * **Block** - Users will not be able to access malicious IP addresses and domains diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md index cc246ab066..4685d38d83 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md @@ -116,7 +116,7 @@ The machine will automatically be onboarded to your tenant with the recommended - [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview) >[!NOTE] -> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). +> Microsoft Defender Antivirus will be on (not in audit). If Microsoft Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). Automated investigation settings will be dependent on tenant settings. It will be configured to be semi-automated by default. For more information, see [Overview of Automated investigations](automated-investigations.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md index 9b0abb7d1d..aa9e94343c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md +++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md @@ -198,8 +198,8 @@ See Onboard Windows 10 machines.
        Ensure real-time antimalware protection is running properly.