From bc3b89347ffe7c3955f414611a6dc86b7f14f89f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 2 May 2019 15:24:14 -0700 Subject: [PATCH 01/19] added visio and project are not enlightened --- .../enlightened-microsoft-apps-and-wip.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 3de2479c2a..29a7279338 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -70,6 +70,9 @@ Microsoft has made a concerted effort to enlighten several of our more popular a - Microsoft Remote Desktop +>[!NOTE] +>Microsoft Visio and Microsoft Project are not enlightended apps. + ## List of WIP-work only apps from Microsoft Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with WIP and MAM solutions. From d0c9e1768972709e82d39cf75cbc5ab77d215939 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 2 May 2019 15:30:13 -0700 Subject: [PATCH 02/19] added visio and project --- .../enlightened-microsoft-apps-and-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 29a7279338..50691b90a7 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -71,7 +71,7 @@ Microsoft has made a concerted effort to enlighten several of our more popular a - Microsoft Remote Desktop >[!NOTE] ->Microsoft Visio and Microsoft Project are not enlightended apps. +>Microsoft Visio and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining. ## List of WIP-work only apps from Microsoft Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with WIP and MAM solutions. From 46e3ca3dbbcd5d98712348a3ad24bf379a4041e3 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 2 May 2019 15:31:42 -0700 Subject: [PATCH 03/19] date --- .../enlightened-microsoft-apps-and-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 50691b90a7..600663b95b 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 05/02/2019 --- # List of enlightened Microsoft apps for use with Windows Information Protection (WIP) From cdf4f7178f86f437c624bb2132865d6dd95f3074 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 2 May 2019 17:01:29 -0700 Subject: [PATCH 04/19] typo typo --- .../windows-defender-atp/whats-new-in-windows-defender-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index a125e6e506..8ce696c455 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -51,7 +51,7 @@ The following capabilities are included in the April 2019 preview release. ### In preview The following capability are included in the March 2019 preview release. -- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-rotection) The machine health and compliance report provides high-level information about the devices in your organization. +- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection) The machine health and compliance report provides high-level information about the devices in your organization. ## February 2019 From 8765a8a0171ddc8b3a2b24d1da4034a05721a842 Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Thu, 2 May 2019 17:54:09 -0700 Subject: [PATCH 05/19] Release info preview (#108) --- ...windows-10-1809-and-windows-server-2019.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 82bcf3314f..1a0496c699 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -65,16 +65,17 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ + + - -
SummaryOriginating updateStatusLast updated
Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
May 02, 2019
04:47 PM PT
Devices with some Asian language packs installed may receive an error
After installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
May 02, 2019
04:36 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
April 25, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
April 09, 2019
10:00 AM PT
Issue using PXE to start a device from WDS
Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
April 09, 2019
10:00 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Mitigated
April 09, 2019
10:00 AM PT
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Mitigated
March 15, 2019
12:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Mitigated
January 08, 2019
10:00 AM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

See details >		OS Build 17763.404

April 02, 2019
KB4490481		Resolved
KB4493509		April 09, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4493509		April 09, 2019
10:00 AM PT
Apps may stop working after selecting an audio output device other than the default
Users with multiple audio devices that select an audio output device different from the \"Default Audio Device\" may find certain applications stop working unexpectedly.

See details >		OS Build 17763.348

March 01, 2019
KB4482887		Resolved
KB4490481		April 02, 2019
10:00 AM PT
" @@ -85,6 +86,16 @@ sections:
" +- title: May 2019 +- items: + - type: markdown + text: " + + + +
DetailsOriginating updateStatusHistory
Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"
 
Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround: You can use another browser, such as Internet Explorer to print your documents.
 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
Last updated:
May 02, 2019
04:47 PM PT

Opened:
May 02, 2019
04:47 PM PT
Devices with some Asian language packs installed may receive an error
After installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
  3. Reset your PC:
  4. Go to Settings app -> Recovery.
  5. Click on Get Started under \"Reset this PC\" recovery option.
  6. Select \"Keep my Files\".

Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 02, 2019
04:36 PM PT

Opened:
May 02, 2019
04:36 PM PT
+ " + - title: April 2019 - items: - type: markdown @@ -103,7 +114,6 @@ sections:
Custom URI schemes may not start corresponding application
After installing KB4489899, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Right-click the URL link to open it in a new window or tab, or enable Protected Mode in Internet Explorer for local intranet and trusted sites
  1. Go to Tools > Internet options > Security.
  2. Within Select a zone to view of change security settings, select Local intranet and then select Enable Protected Mode.
  3. Select Trusted Sites and then select Enable Protected Mode
  4. Select OK.
You must restart the browser after making these changes. 
 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

Back to topOS Build 17763.379

March 12, 2019
KB4489899Mitigated
Last updated:
April 09, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT
Issue using PXE to start a device from WDS
After installing KB4489899, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:
Open an Administrator Command prompt and type the following:
Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No 

Option 2:
Use the Windows Deployment Services UI to make the following adjustment: 
  1. Open Windows Deployment Services from Windows Administrative Tools. 
  2. Expand Servers and right-click a WDS server. 
  3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.
Option 3:
Set the following registry value to 0:
HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension  

Restart the WDSServer service after disabling the Variable Window Extension. 

Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

Back to topOS Build 17763.379

March 12, 2019
KB4489899Mitigated
Last updated:
April 09, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT -
Apps may stop working after selecting an audio output device other than the default
After installing KB4482887 on machines that have multiple audio devices, applications that provide advanced options for internal or external audio output devices may stop working unexpectedly. This issue occurs for users that select an audio output device different from the \"Default Audio Device\". Examples of applications that may stop working include: 
  • Windows Media Player 
  • Realtek HD Audio Manager 
  • Sound Blaster Control Panel 
Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4490481

Back to topOS Build 17763.348

March 01, 2019
KB4482887Resolved
KB4490481Resolved:
April 02, 2019
10:00 AM PT

Opened:
March 01, 2019
10:00 AM PT " @@ -121,7 +131,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:  
  • Perform the operation from a process that has administrator privilege. 
  • Perform the operation from a node that doesn’t have CSV ownership. 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.253

January 08, 2019
KB4480116		Mitigated
Last updated:
January 08, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:  
  • Perform the operation from a process that has administrator privilege. 
  • Perform the operation from a node that doesn’t have CSV ownership. 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.253

January 08, 2019
KB4480116		Mitigated
Last updated:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480116, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to: 
  • Cache size and location show zero or empty. 
  • Keyboard shortcuts may not work properly. 
  • Webpages may intermittently fail to load or render correctly. 
  • Issues with credential prompts. 
  • Issues when downloading files. 
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4493509

Back to top		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480116, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
 
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493509

Back to top		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
From 344448c0789f47fd5fbf51adeca6b0f78fc5db43 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 3 May 2019 10:05:51 -0700 Subject: [PATCH 06/19] Update surface-diagnostic-toolkit-business.md --- .../surface-diagnostic-toolkit-business.md | 58 ++++++++++++------- 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md index 0a73499333..f67a2cb1db 100644 --- a/devices/surface/surface-diagnostic-toolkit-business.md +++ b/devices/surface/surface-diagnostic-toolkit-business.md @@ -27,8 +27,6 @@ Specifically, SDT for Business enables you to: To run SDT for Business, download the components listed in the following table. ->[!NOTE] ->In contrast to the way you typically install MSI packages, the SDT distributable MSI package can only be created by running Windows Installer (msiexec.exe) at a command prompt and setting the custom flag `ADMINMODE = 1`. For details, see [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md). Mode | Primary scenarios | Download | Learn more --- | --- | --- | --- @@ -57,16 +55,40 @@ SDT for Business is supported on Surface 3 and later devices, including: ## Installing Surface Diagnostic Toolkit for Business -To create an SDT package that you can distribute to users in your organization, you first need to install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags: +To create an SDT package that you can distribute to users in your organization: + +1. Sign in to your Surface device using the Administrator account. +2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop. +3. The SDT setup wizard appears, as shown in figure 1. Click **Next**. + + >[!NOTE] + >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer. + + ![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png) + + *Figure 1. Surface Diagnostic Toolkit setup wizard* + +4. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA) + +5. On the Install Options screen, change the default install location if desired. +6. Under Setup Type, select **Advanced**. + + >[!NOTE] + >The standard option allows users to run the diagnostic tool directly on their Surface device provided they are signed into their device using an Administrator account. + + ![Install Options: Advanced](images/sdt-install.png) + +7. Click **Next** and then click **Install**. + +## Installing using the command line +If desired, you can install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags: - `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry. - `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for client mode or `1` for IT Administrator mode. The default value is `0`. -**To install SDT in ADMINMODE:** +### To install SDT from the command line: -1. Sign in to your Surface device using the Administrator account. -2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop. -3. Open a command prompt and enter: +1. Open a command prompt and enter: ``` msiexec.exe /i ADMINMODE=1. @@ -77,19 +99,6 @@ To create an SDT package that you can distribute to users in your organization, C:\Users\Administrator> msiexec.exe/I"C:\Users\Administrator\Desktop\Microsoft_Surface_Diagnostic_Toolkit_for_Business_Installer.msi" ADMINMODE=1 ``` -4. The SDT setup wizard appears, as shown in figure 1. Click **Next**. - - >[!NOTE] - >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer. - - ![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png) - - *Figure 1. Surface Diagnostic Toolkit setup wizard* - -5. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA), and select a location to install the package. - -6. Click **Next** and then click **Install**. - ## Locating SDT on your Surface device Both SDT and the SDT app console are installed at `C:\Program Files\Microsoft\Surface\Microsoft Surface Diagnostic Toolkit for Business`. @@ -154,7 +163,14 @@ You can select to run a wide range of logs across applications, drivers, hardwar - [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) - +# Version history +## Version 2.36.139.0 +Release date: April 26, 2019
+This version of Surface Diagnostic Toolkit for Business adds support for the following: +- Advanced Setup option to unlock admin capabilities through the installer UI , without requiring command line configuration. +- Accessibility improvements. +- Surface brightness control settings included in logs. +- External monitor compatibility support link in report generator. From fb4b95f0f364dfc73b92f32946b62b7d253738d9 Mon Sep 17 00:00:00 2001 From: Jiying Ren <30674468+jiyingren@users.noreply.github.com> Date: Fri, 3 May 2019 10:11:09 -0700 Subject: [PATCH 07/19] Release info preview (#110) --- .../status-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- .../status-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../release-information/status-windows-server-2008-sp2.yml | 4 ++-- windows/release-information/status-windows-server-2012.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 9c9b11c520..a15923a007 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Investigating
April 25, 2019
02:00 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
May 03, 2019
08:50 AM PT
Authentication may fail for services after the Kerberos ticket expires
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

See details >		March 12, 2019
KB4489878		Mitigated
April 25, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
April 25, 2019
02:00 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
April 25, 2019
02:00 PM PT
- + diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 4a94eba224..75805707fb 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: We are presently investigating this issue with Avira and will provide an update when available.

Back to top		April 09, 2019
KB4493472		Investigating
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
May 03, 2019
08:50 AM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client:  Windows 8.1; Windows 7 SP1
  • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles: 
Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
- + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Investigating
April 25, 2019
02:00 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Mitigated
May 03, 2019
08:50 AM PT
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

See details >		March 12, 2019
KB4489881		Mitigated
April 25, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Mitigated
April 25, 2019
02:00 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Mitigated
April 25, 2019
02:00 PM PT
- + diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 40672e97b4..102f665769 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Next steps: We are presently investigating this issue with Avira and will provide an update when available.

Back to top		April 09, 2019
KB4493446		Investigating
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
May 03, 2019
08:50 AM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client:  Windows 8.1; Windows 7 SP1
  • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles:  
Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information. 

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
April 18, 2019
05:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Investigating
April 25, 2019
02:00 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Mitigated
May 03, 2019
08:51 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Mitigated
April 25, 2019
02:00 PM PT
Authentication may fail for services after the Kerberos ticket expires
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

See details >		March 12, 2019
KB4489880		Mitigated
April 25, 2019
02:00 PM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		February 12, 2019
KB4487023		Resolved
KB4493471		April 09, 2019
10:00 AM PT
- +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: We are presently investigating this issue with Avira and will provide an update when available.

Back to top		April 09, 2019
KB4493471		Investigating
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article

Back to top		April 09, 2019
KB4493471		Mitigated
Last updated:
May 03, 2019
08:51 AM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493471.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493471		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 046f75de26..831a726f86 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -82,7 +82,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493451		Investigating
April 25, 2019
02:00 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493451		Mitigated
May 03, 2019
08:51 AM PT
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

See details >		March 12, 2019
KB4489891		Mitigated
April 25, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493451		Mitigated
April 25, 2019
02:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

See details >		January 08, 2019
KB4480975		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: We are presently investigating this issue with Avira and will provide an update when available.

Back to top		April 09, 2019
KB4493451		Investigating
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493451		Mitigated
Last updated:
May 03, 2019
08:51 AM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493451.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493451		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
" From 85af1f78f5d607f1fbe68cd63d9e470349b01cb3 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 3 May 2019 10:14:00 -0700 Subject: [PATCH 08/19] Add files via upload --- devices/surface/images/sdt-install.png | Bin 0 -> 91335 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 devices/surface/images/sdt-install.png diff --git a/devices/surface/images/sdt-install.png b/devices/surface/images/sdt-install.png new file mode 100644 index 0000000000000000000000000000000000000000..ce0fe297d7d1f9f717738cbbb4b873e45ff85e89 GIT binary patch literal 91335 zcmX_{V{~QB*0!Hcx?|hv*tR>iZSUB2$2NCt+fK)}?d;g**XKF!`R<>!#u_zNRn1v< z&AL{&f}A)!3=Ygc|NH|lDIuct&p%)+|NQf95DMaN3#5a)_CNpp{6|tmP{lp-JnM(M z>fzTP0S;GVz9n1|vHst)n|X}^P+?)jx>BKyO4Jfi5`p>o0Ra+jZf@4r*2cJJt-4>J zOdCd%Qp)G~9?%`{`sF1Th|ey|sT-tSQ|Ve10qXDT2R9wDKG;M0;(WF-`EgG2mSvnR zrpFZow+tHPgI(L7#Wrd4;wIqHQv0=uFaNG?p8?BValXsMm2(&4%=wF)#z0^E za*MfEptAD3E_?Lt{MqG@fM)vUK)uH@&fZtE8w1)Vb^Pu#{_vgQ+}uwkW=228n<8b@ zQ3~mldfX=Uw+^S?=W`gJH4k&1gtcoe7r_-^SBX zM?_-M57E%5SE$`bs#bJ;ir7g?{8#VtCyNy=Qnn4NaC40RYr{o8z&a$Xa&vWMhY1ER zQo0E$pR#VwQ=pu+Y?>2^`>&q0UxfRjCIR~(eP6L~Y=$OS@<4Q4<^^U*m@2SDAxUQ$ zu&vY2Qs_9azDH*G-w&u`--e0lGR~j2F^m1BT(Jbys z|Eo{6q+0>^=A^eWld*S*sY|N3buy*mCv%~nSfeP^XV`JqFA6DQar9yJ3 zr>p*P#ivs97P|+p=S{;FDcq0$=o~VW-}85dq#9$f{o{h9?Xa0Zs3%38+Z_sk{u$WH z8p(=EO8OaWVruH}bgBDyC?#ZN$;ikK!wGlao}b+>H#?qU?RJ7;F^|`K1fH(8za~Gn z2>CNj$5Zl@%CgtnOc8p&X?zx-HRtu@6W5ziOx&!J;*h3=m6elZZe%<3&er0e%xfcgk^V!y4&@>cgS-la+IdbwB{BoE?6~-uoGo1 zRLNOZASVUPsb|BQz1P0eTfAEB)do-Y(E4$vqpq0NciV96bFHR0o02QTWzXGmRfCa< zKS8jnI9-A{%Y9!eS#!qnEQTv@DnQ3<&0WkF`#w18C(V(CsY8NwyQ{I2b6JMb(r-1p zhn3Hpj)-)b17WHl%8y$p&(A~2_`W3fMspWJI7YTPYm+hkevQ@CFsTS7a)Dys0R)CG_0gsM z<%%`7bYmD#pWwroQT?{VM(l?stgb6{8ni3t^65r)IUADh#4^8X&JOoJm5t_ z!fbDEj~Iq3VDxZVpzo=V-?HhIP=M6e*LNbD3)RohFQoe^o6`Gm*M0??%M#6vq(GzF z8ryU%#pe>FepHl<83fera1H0s5hR&!^l)nax`lnPTo%hw4GCN5xc5{IC6bNZG!!k4 z+pjGlQ6G1>X&p+T6L0nXNT-BCXVBx_rZP!-L_l-Kquuh3VP})t&!N!4NnGi=(f*Sh zG36Rm?1p!T55KLx_plCV>4E0a`Z8E^r48))S)w^1lC?ETWQv z`(f1$Eo#Q@(>s!F%_;8#tnSRh_!}a9W+&bI)8}V5&1`cUWcmrEZK{gAKbn&ujj|YO z&(z?uI^0Uq&-6R|DU&QaeLftPq0X>MsSYlpJ03^>>AP%Tzb+RJ?#W0f#9dx-x<*nZ z7bu#kbQT&*E^(c_ZQH+BcgS_2k<{qma4#@r990!=U2#RiZQd?Yd)k}UX-@Rx0(`i` zWt_e&TmmI|d*7k&7(-+YX9wJzVr&0tCCwVezmKe`$a8)$C zq5{^j2(MsPP%0uOEe%VpQlt0&Wd1H|Fl?d)s!E$zHi|Ni0@<@OCzqu!iJoVcE;EWq7($3U+}m-cA|vNGop z`i(fj;TA66F?la-F4LU9mO?bK=616gzZEi-^kswJmplH?xX;i`i?Hf#WrSqO^4)6s z$H3V{sV>;@j2~JR^--9@Qej1<&O4P?wW;xKRbMSKNoi(tybC0QJ)Q9Mz^>;O9!rd6 z2)K3EnPAHlok*g_-l2^*za6}y7&hR`{uL2VDltJGCl?L_8>R?MIeTb1rFWGu_4cK> zVg+ApLl}3?Zscd*J0ZT4?L6L+EsuQhBzBWDS;*9}yoY*GYjMOTU|iQ~++ViS;SkLm zlqwIb`{d1{@Dp@@6nq@OED$|$#+Y9H6P?yELGVlfTI(K4vxO(nEo|3NW6+(Rev@~2 z?4=||8D=U}_UT*%xYB2g6tf`CWT-r+T2358Z(e^xxx_ObzC_JUae8-zscJ_&NIvzC zrM`;GQ{suV3k7ox#%s&K{U#Vp^hO?;QaN0rhuFRVk6!5U=-cr-acQjc&C}_9an)Lr z*T2e4nUR{Wbj{+sa7L?>?Y8G$XU2R15V52CCEZ+t(vD!=b=51jFoHncHw{*DFx#%ggk-dN=#w?24p7fDlS8R|q_L$OS z8gn76=*F!@i4O0zD|3STJ}=X+u;-!>p_lXg5bX{iza7aFoa=iZFh|#?>_1JmB+Q`vMbu+ZxTy^h8_X&K!UEa-K?S4myB7JvY?k!_GZG4 zNNI^5TX@XjA)%*%Rl&qM{EXmf&k0CzlU#+`+GHqWh-<$wZA-dm`mx8Nq^C zBSsv}F3ZD6WE02u@!OXPs6yO<5j(C-$nfwn?!JeAGYwsAD~hOt66vyhcB|DOe(y#O zV914DfpCLkrZ#IfRZb1@5JGt+PbDsU!mN{<@vS%>ShhC9REzi(ERKS~{#_vg@v~rc55tF;jrxSrM z-o^IE!w>!}`|j3&7B9qoo$ArO)V3=olcjG$XD+#3Eplk>Uv%J*KEF(+1|Q6^`8(i4 zl>)8oHCtcduMje2gbe7)Qylltr^lb22NBa$h*(SU#eUl%xumz0Xu8i1KS0sK#6`__O%IK`{kbvjfn&2ddq=9Z6Z3cX+R~nJe8X$=VFL>ix0v zTl*ET)s2_e+;liey;S4hUrAkk_+l437$TkCN7AA1@#~XJzA$8PXM!5^qfPtDg`rY1 zqayX0oX4njs9OqT3zW|F`2v4X+-qEA8!W_GkU}~i1U_*qE=~Ucsz#nn;E2h+LbTMT zbiSxr!B`y}EBhY)bD`W%PB@NS6>(y?hH*@dfE_8uHG!FLrW7w}~YSKL?6 zFP+K$#>c(qVaEaXH6GYPAj?o=4_55g2q*-a2>|PgjOiiYazgc{21h zMRs0f%hgs~zH`A1W>YBW_>yHxMKk6LK_MX#a=&6ph7(d`Qp`-ZaCK6*?s|^Iu3lC4 z@G`1#+(G^7*K54!U2LGbt3ubJxE9E7^tEsE=q4%F!n# zfiMp3-H7mhY4W=V7exLI=2!$HKUF|8Nj5v`Qr*=BK~j%fxOU4uT-n-h2-A1-2WCpT zGHcyeBFIY97t2l7zMy_;RUsQWgFgv_?;E+$7ZvP8l?&9)O}KN7T1+~X{3=wJ!i81b z_~{Epxlc9ZR}99|59F0PO=)>Hmi5(doEVem^0iXokr|M-S|y=fHFNEICr8xX9%pbs zH0s&7<&LLZ*J`B_u@i$BjfmNL3%&q8Rn9)`xlIm#WdXaR=NGGusLr89P98c!YrvZ% zexRAp!1`psZ_h^I-rd-aS{k-YGAB>Pw$_MW7wE4tTBFr^7v?8-!+u_$c`SIVE$Mfu)efhpy6I*(M5ofeEAf4~!A|ZCa*~2FBoco9s4Ufy z753T_YBIr%td{G^YKBBe?7%8jpErEELRlw&+f!dunZRhls(B20pYeZEr>qcK=i0zArT+6^a zT1~ItsU_7rUFwzxQJNlPT^(`;qw+U0<+M>%!i|^(GdpLvQJ43_a2sveJ9_$cCQ{x&oqOyT&R&+x%?rjG8EUp!qXM&Jh9M)0;yI@vEhZfTEFHwyLnTl!q6K| zu+%g*DpVBM?GRtmldtZN*otsm6dcx^FGM@mer(DlQ68LZ@c#7#Pn(P@yb9X)I+H=n zICQp`*{!9?h|@LbN55C$dzHN3t_77~VvEEIQg5763*xALK0s)3AZ}!-<{MZwnU~IV zQrWqdi6Jc>yFDYZAYPI*o6)(_>ID`|A#Hh8@CAqWIoKjfFL{d(3la=uw@N8Iy#_5( ziJjo6sYtapgBURxcyl+C)*35ur4nD+(SCGhK`xyQy#|tLbO4AFhg(cGF>N&KZK>#_ zTCe*%S9KoE`}>Iapq^NiIXxJo%jy6e>ad`Q7 zXDCfLt=Thme9B%t1=`uB+d!&tYL17Sl9lWBA*Vj&U-7Uqd-6Ydjj7ctpF>$$`h*|a zxYMQHiN2Q{s#d7~^%xfAYE@$;Ilf~P*esL>AA6Z-1PBeZ+sw~k7!}Fq6SN5h`wFaO zF?kMrkD_h%d({b*Q9lE~!9BX9&64Eg@C1A_<@sMkl76qZ*nL$fk0^{qlMa|7&;7MR znTebZpWGB2-jYGuY{MHw;`g|hdz*4lprOynnjMDO)%u^b(X5KP z?+}Zlf9;WlM%TA*p5P8{drm2|En1>PT(Gz#T1;Tsp-LC@y#n&()P91>w}1%OE-chDHltiB@O&M7OLPWFOGg;Dn$13QIP2VxkRxKiJ?6N!}7!%0>ku-g!hO+iNVjS65T5>YpUdiYGzT9HBv**64R^tJz2Y z*tr-qt<|nLT6%&uWRt4V%Py~;>{E$}qD%Lxcl*lFGIchtq2Px&cBr<5UHLG)sPu5} zp#P>olapb>T^DbJE(+h+{$W&x=u^YZpgI)`T?MKrESVXvM_MUz+Cup+j$@7|%z<1d zAY74BaH0|sOg(c=Ur=x=xg7xF1yjhF&9GsMf{7gXOtQ^nA>#Mi`Si_7Zg{U;vcJPf zTrApZcr;kHY|#l$pP-wLK)V}6E7pTPvN!r+@pJ@v-W4CAt5{3u&s<1;CHEdtVb(Gq z0Ny!o1B0wKA~l=n;lbcUj#zN@JI}lRgt(f(QHC>)>pRQOmBF+A7~$ey1xvXTS=2C1 zI892iEQc=G(pj(r}az~nJ35lQmgqG-J6+W zYuT))?VRRILy#4lVyjr<4H-5zDWgsN1H4scSXNLYlV4om|CGV2y1d_ zVarDlOcP3yWh}}u`0Rv#M%bE~@J*KNIqx5IYM4EtD`jIgn%|d{LG>vk+}ouUKT*!) zczxz)XA|&N0y6CpnX}GX&<02)=7~7I|qr1_=~L;x zaGRWD6%ZUMgQwLJksB669^Ec`V>UeYP>^8i;-Yc1$*%-#U0JgZ-HKm7+1*jTmIjl+rpe` zUq;AS@o>gdf*Y`3Ju!(fyhkT&cRN2$$kW9|>)*~!;LbK8>(12X8rrw_efHg18wtL- zq_NatuIq1)z1)RAds-+$s^;3|a9l5p#q+$OpzTFsu5L)N8KhQ>C}x+(uSOYJMue(S zM_84ICbC+B7C@q5bX-$k(=wcKfV##*kcjYF-TqAcAP6P8ab8 zbe339-d(Y!E(e#8Uv^@+rN^Ak#)SO)%HJdu9PXDhAf@KX4HV0I{ta`rMX*1JiYJX& zG%W3#@0>q9^^--JfxvsETdawe68>2@r-G4yiMZ)47wxlW)taVo1BOYZQ1Ml zkUKUL#Z;}$hbz692nsf~tkJpRl5QkfqZ(Ofmrj{ZUvP!jvJ($K@VEi;+2e(y5H?<} zk3~C2(o&23$a@+uk|;4sCJSqdCecD+gl}|ieYR-B1T;BGLjf`Kv=2w2H(EyiJU6^)8qgN)`*GKNj0(SBP;o96N0jhUg9#5GHBrci*w`OxlDG%Zs0l-ahu@e- zB;~uDF|t>t4{(4`BxAaIcS%64sEW15fs;wHT3XydcDi7i=3>`)k)xQj{)++9x%sOG z-$$dE<4*T73sW@oHKi^Yhz3yQ(Vs!{y?heRR&Q>K$=>@@oo@wH!G(>^9}k$-|6>8} z0ocb%Z3Jeya@%Cy0=2}EZ%xHlp!EUBqQycI5*F=+ozhNThe8UcLjW2y6}CL}xHUQR z{QOLYQ&8`%ZiljnYs%=I@7~;n*G7j!$fW)RS(^kO1Zz;?f(FX`9Fs}W-YVQDBSXdJn_|~%@g6>?RR(Dw9Gmy^4$-~p?x{H%aLg)Ub zTBMB6kU%hCFcd?@k_^|S+4<;#Jz97Mhq!JyXBMB16FYh!`?kc^>h}c49Sp0dSACqQ zBoQ@JART+S(_Jx8^g44{w5CF3M9fA8EGNB+@SBW2DK+!d!(qb3yAMM*Cd8-57LoAl_hX~!Y`z%BS4*}!6%EVapSU8Zl8?8^kVyY1}fN_fbE)$JNkrgM$Z940-iT<@sF z%8ZO+*dx05Qx9j2fe$a7u0H$WlKbN;iu;r}S_yl=*jvA6wTs^L7csHP^vQ}V>pwhf zFeQDm8ZR%9NsE8By0-6D-NfU)+VfedPxx%uZNLO^IpYrJWn{iO3HjuM;(a;%|CE2c zoE8v;G3+6b`4W*i+&E4-3?y~TR8GI0W3fjQDc^VUIaAlD``%*!q+9zyr~+hcjjToQ zS)<)fh&8EVEG`Eb?rkF$tA5PG6j24sJH1H{>W1{o2@rz;NCeXKTSQ3+!NXuIox+rA zoWGo{mD<$Jo{zJmzMTL0pbySd^qeX5;q$&g{L_FM?gr%oE)HaQG%lPwrs2tHWR^bz0n$S;}*MHTx&Geteiinp!Ren@%y^Z zPHhJri};isE!dLDQO8frk3Br~m9RK-C@^Ib2Q?S{`<#7BRr+K{ASUxoSI!NMHgL{G zTgl4~21u^J<%OhG&iZ-jaq}Vt7LiiaT7uC4u7}eQ<)CT&eBOWK4g-BqkKc&X6c-;I znSkt(l5-??(AbM^r_6n6XjgmN{|Tjd2mcyXJk(Y;0pv`XkjGTaH~Arj#XB?3>)~=Q zWaNwr-0ot*9S<06p)VMo$T#`cpn8EUVNOXosg|U->&@xLuT0@1GuA#;W{uV$p7UpLJ`$~qVxRvrj@&mcy{cFveD1kpRB&G|{+FAC)Bxx( zcJ=cF+;b9ZFmq;XfeuqHZ3?$-1NvzU-vhLWI)TFz64df~qgYcMt6yj-4}(eLU!#2) z-Pb|pbTn!78nh~d{Xv4!0ahUmpW@9AEvO$~c2lS_I_EAx$ML%pX;4aIrN$LXq)rA8$)!dyfdxp*hrgAFE^|v zRTgO-{*-wlnfak+c!NkdR~lvz=#_J_X$<6b!uh0koUPovthbOI>%SD4&tV9aRqOXm?F~i_4zTN2=}J3W(?(~o7F#WE zu~z4sL=uI>Iv1U24q^7NfL1yVAXDhHV@}H?ea^9hI9Q5ssD-t@y#={2Jr}J;a>{L&1%d4_fS}r8(*K%5FXw+`C%d`yz^_HP^<_g*!@6j z?~l=(apUMLx0ND{O?3BITL+R_5lSzC7%fIGv`Vl}X(dUrHgZ`hpHS_##;>az5YTrA z*OG?z*qIy+$BflT7(eZPRl`)sk{aDN!Al_ob^ni-2>1+N#_85@+CtGD?cvX~o`DwRot(1G5y6(+PFAZ93R z$5>!Lm+LxaVd_1=CW9jY1L+xYCt9Tx3EdWKwey-huE7_HLU8)kN<3+cF&oh__7JDyx&PdtTceu zpG*TiyU?Fr#+vdONl06fZwKHAc+;+WzOs#nV{RVT`5ZVi6|5FmE6ImT$_epfUQnFg z*x|1Ti~ItooX;MQoXX+`zQE_EZYLjU%mc<0+5g~wbg_7|9-`t^nKfASjWaMt)&&i0 zi@Tl!*3|ID%BB%&JH3$0KxCw!p-_Dj#yIEfHfv#1odIaimmOEkwi}$5OO=0dA-on_ zUC{H5kNpY6t{cK!lRKx)8hpND1;!kf6mMUDC?o}Y-O1W=YX>I@icH(!prZ!0Vm0{ zGSm7)p-U+|04($`rPjn5bPp%ifVEhxBn1{7H1L(svUTdw^H1d6JT%Nb*lwr*>6^s6 zy2Dd}H=BUPGuh`haS*_&agJCH1?B6zNl)Er`hU^9znv2TWl#YBqxv=_`l9|1+UvoQ zOpE_N2vMB`n&toK!Y@lwLouO$wYMEvYhJ?Y{l6!Gq`Bk&BOak}5DdGdJHQ>-Ja=nq z^)l0jMW1QP1wQ?;6-@uf9o`TQ396+4li*;(u`!ffT$S$C5@h2nU3RWW`^D+{l`H;C z%lfx;pmys~H%@(3s&3gQzv{a9AZ+OWDEte|6*3+gB1ZhA z)tMtB(9Jnhvd*}H%h3cmbl(9e0>K2}VOrf2vrlt+N-Rj?F~=&*7o@^0M{_EY3QIu} zfUp0W74rW7-}IFkWP%!MXL9|q>f9`fJFAWS1FZ=!U<1wFJekw#aIddSDj2Tln1rPN z(%zuKe-JQiQfJJ%DmmGlQ0i98u+`T+;0!hmm?2*Ps`v4gY0k;A3V&2_{%_3pzUbH^ zv-;KNG<|84>Eb=>;aqE192^yuR-{E`?Z{*!d6daDgyUKuI55emn}pEJ516spJA@ZD z(q!1@8fZz2fUQV22KtTuETb5E4YUI#TAJ}$gHs)1YsnKko3C3c@GhZdT4S#@ME{%c zFGNWxwz?Y;=A4|-9j)>oq43{TWfl$KH)&euN&|R$`EfcMVHN@+j#^|ys-?iX7L#c9 zgreuzxv_0F!ddK}0p$96^TI@Grg6na7{3n(wBWo8` zKXf}a*Afp?2I}t?aXeJnU51X>T9{8dXQNGE9!ed6F7rfS~%ArM+K<%qWG|`X3-1p{(K2e zzNF`v)WrKw%1al*)E>?F*;B##-#Pf`Dj3az9wog^;F->jBq3qKCQ z>(8D&rv4F|+75=M6I^U(&Q*4>z1o_JePghH%ox2_=4miol*le#@WA5&0-svrkPtC1 z6HF#>kAH5xd13}ux}r&;Qzsv+k^Vbl>l>XV#qS`yit#|xzj zXQ{|?(Xx}(0FH;ay3TaeOy>DEyH$Q}@Z!E)ErdGyt^T1ne8Gwbdo`b)jYd7+GFq$g zcs3MhC70_}D&t_#0`jhh<;ob9+^4m5;C;=^sT}#B)op}C-O=yjv2ydB402%6=y3Rv z$diKk#M|M?CvYJRk*~qMhp*LgJP<0q)L^lwqQz?cs{z4|(RfqQVS61HlNoUSn#n?n zXLOojm{fC*p??{BblOW6g+G(k%d(7`oK>(|Z@Oi)U-;Qrt(shW?dg2nmWIkvPq=h_ z9s+dsYa_=G_5SO6DKvOpkZQVbVY&c*qwrZDyS^aE2=trZ*2T z8NdCzoqZzIH_&=J@digPH`M(sNK)&qedUMq z8UP0usKS<)nDc;ey&Sv^#GH8!K{`L2cu2l$bperooQC9MfbEEGW23GDEi{79gO(_p zeb}{;|H zU(&OqeZn}M(g@wMhg$E*#g{8aMkM-4pZBeKBvb;zyK)|gPWCXiE??=_?MU}A6oTfm zF&^o1#;tzY z%$EPiuU0W<3FyaUaJX3zM9Ast#r(+FwUz)(FK;{DcY_0^-X<`b?+Z!mf2@wGN-vI) z5v(5_;s(iAKiN5Yme-HuEM;JNL>vdK=Jqs!FhOyOlbSS%_(p?Po)$nLoOcYkO|gz!e>Dwd@AVv+aJ6HBR)P} zvKXNc%-dd3xcr3QDKy%|t1jKy8-zY2b1Da&9F+sdMNQK&8KVUclZ;v#P^QBXH`0&$ zY}9Mgye&t@c8LPft3G5+uKm1I=?*Xy%Nt2HxTpOo6ERlaWdQA1=sJk&z*dHH5=aoRwJfYOMLup&i z;xj`8WQEf<;F#t7tlMbhF?-3C z_F@lOERe3Lp18t^XgOnX4f~Iu9{55d0&c38%yA)G{bLyJzej&xsSH)5<-cf7L^Ur0 zXbxtygU_~=gBn98bYnXOYowLpYPCp4dvGQmx%@e5urJgeUnos*A&`!0h)!<>eYbcs2x>YfGK5o*3sUn&7wNe0T=6`7@cmMdt16Vs zB{7SA+_dnlquG}W)Jr3YK^xOjdAYy5gN*83GI=~->I#f6b#`ro+`+(LUm}ntQ*=Cr zE!mHjWc@QrQddrdEX@mk9;Z8zbOqtV*e}FGOYvt=xe<@rD_IgCq(^4(^Z`fa;w&1#6rI+6Hch|W)7FfH%XM&G}=Q0)PTPfropz4`o?(--r`pRd9j_#Hg| zHSm742=rT1dpmr5qhgTBT}jT>J5sB}Tz18M#==yo%1he)xkq^u7plqOy417Xz7Fr+ ze^Vd)wQG@0R({l#PJHY(jG22!{dafs0rA8=h7||PWLHoXBS%1^BeN{RP3D%WB zu4hkMW~XCNmi98!LlsVGC3dF3HGBrWro-JBQzew5K!gs($;W!i-D36KF9(2kL-ahw zV}pf}w0Bmo(KjGT$%6-%g~{H}QGySKMD(;8a>`CBhUCQvqQ#OWzupa>x->e#p1iHW zR-=3y$x;XTZjm&&XH;8Xvd|%QVLUSCNkqGY?t+*{+l%rVB3y_Lw9w4!$lZBreI|F9 z)K4C%WF9?&sr=tbDfr^)t+6o!$J!z=gu?Gsic`%V+F?A4gYhw1Dk`BW{aPcAU zz&-I^!O!LI`{hZfdsTzW($aOmIK26qN|WU+0YM|Hp>Jr8M65ILMM5!ExnXH$zpB(` z>dGmS1K9GN#>>8wZ0n5tl>U0p^gm=^W#!q0OKj&Tc(^tdfiA`$RxR$l!Kr!F4camg zr02Yd=##&2`#+{B1Ip9N&#dS3_uJ$lKf-cLl*9 zJpQS9IQEA`peNKEN`epN{J6tOseTiq?QscQT2K+P_HM_r2;NHDf2Ii&2$882lH(7= zb~9yO2e{_C2fD5L4hPQ|?S6N65AQ2*YGO{J!hQy$2>f@J?nE@?c78==vnFOm1fw<5 zpNZveC$^bbw?&Hb(*QE|+dT5osLq9kZ*9?@6ynltjQtw@TS-5h&Z03ZfTMCdbHV$C zz{-&%xzbD%(&4S61>kyGFdlWAnL6dc-dJW>I+TZ85iPef;7605t)S?eM~It^Sdmn+ zhw+Qvdj*^E{V<^d#Z2O@>{g*ZpB*iM9yzLXk>UhshZLW9j@7SA!{=Yr09iLT8c5L&GU{azm>d z%zx)=viiJ?boU6fX`}ub#@CtPTa|I6v|WeSDQZDyeR;9e6BXq#0DN^ zcB3vxA(B}@1`yT@0eX)v#oJQ3b342Imn~C&7V4l5`S?KfXxV69uX5t>S-l$lx849v z-jzJh!6G>eJ&l7cE8VKlvLe8P*CeZ{eu_2=!%l<3JdxR!MMsU14avaH+9BaHG^rzd z=0!!xMy&`~>_FnFN+M2Gjyp?3JZaD|Nm3c;O4Vvp!@E@N2*we0qPA!h~696l?~(8UrQTx7S4td;}gD{qmgB->A* zTsF7s(rn!(A|}R7ZRSSJVJoy~6ig@?%FGq9!31-~n$G01(H5T>Y^6YnuV)pherZeH zqa~wT4;-qo-5=wl5o`ISwLl+jck`5nxdtO`AS<+~lD||kd_dM{J)13SW}9fKq}=Mv zvesDkYpWjfp&ijwu`cAet3tWUUhXT&h9@Ohug36+Qk03qEMV(7s-Q^Ea5$c3WkM_| zSbDZtm1fMnqqEiHzvpV5@ag*chZwo{3dK<>^%d-Cp=l1HESdWjcV9&zK|!rC7%L&& zW#mLl(`9`8i_?`Gg-_A0h@BLsgUyybj7kmM`%Y?_cSf5Xc!(imB@v-y?ah6>{pvLbDfD$Vndm*6bW%Rt6i}Xw3)9bMG(rTpKQTGgIUenZ4Vji zn?N|6X0>pFZt5-NoYa47aSXdZsTPA2N32VJbBi`5UDLbs<#ZN(d>#`|yfCFtw0*M2 zl(g#c@+1ecs=%v7x)OD*%AJE7`^R@qk2yu%rntlPyvpd-#tUJr-SVikbtdOdGP|Xf|{&GgR{A^+w z2Z{O!0us~N6Q&)egx=xQLQjoUIPjRt;IJRFR(rrE17pT#-5tmV*2}wXB({W)G zl+;f&reNtH4N0ai4I7oVk4hc=f$=jb%5sEV#?sjeL*@8TGJTA@t#%_zpFHEs4Qqvh zzc*{7xvlKgVfEXQ*Fa>b?_mBr--Z4kRc{>?$MXDtCm}!}NN|S)XK{B3?hqUncX#*T zy12V6?(XjH?(XjX<8$x*KIc6D>2ns;-*e>3-F_@8WC%k;Rp`*i}>coK8CQi&gsz zOQ#~M8{ONgLu}_S=ar+)=u6iQ2~ou+igaLwkJ~+Lb)ztg>lH8W&@miC(?eZ%7+=Ej z!cOM>uA6oMU8cS90G6{74nw9`&3swp=RpdfsgFbUiBlFo6(h_?r@yTUWm6*A3WAcr zA9@Mb)obN|B_`=Cp}M#(2 zF@Ve=52tCqTak~+YvJzoIvAYLTu!yR0N|@m4nWu>019*|+sv8azE@^*itmw|bk<_~ zR86%5pKc>g@i{=)V!2%y5FX~c8kM=QQi+otvNeZ~#^$)B>Jz@W| z`zzTG^t2H3YH^s&D1ScUr{O&KG}&=TZdg%zGnd^IWJd-6MNJK1egH{q>?v_Ha;^R! z-&oP9#;i0i`|(`2VoAxqi~toQj)j701r!hQ)WDd zu%SkLDZ+Gxp0E#CwZA|%{M8LfSNMPZ`=ESF(G&_72nCiIr^O1?Zr_qdW?(=9OOw;_ zY)ulkwY8EGd<}T&P+cDDh%-@R&C@Kh&Afd{8(DzN*3lV;N=3#5-(4sU!K4)CTnC%2 z)Mx_+@XahzB*-#XyWs$ywcR|MJbyb510DKT1vp3|F)-MV@B5-7b-;Skr8Gau|G5E~ zB_`kn6;BuxqRroh5)>UoJb~%yBA$>Fl)SfOl59qVA6#i-1%HSW5=;`EI!T{$M$K5E zdLwSpsl{J9NuE)9C+uvc$8Kd&w6Tge8&XSx9yUeS+aZ*{H{I$mCv%T1LC$W4N}n?y znNieR@a%Ec47i2a`h;6bz1@tbMnSbQbf*FRjl|Q8w40bO14HZQi-^9IlD#(7PHt6I zz=hWzrPuP`;(eD&&DPId?T-hSqMxivBMxZy)Qh%Wdl4&Na$W^5tGAN+osWyVaZjHW z6&^l^;=70AF?;z>4cBM#tM3yiXwx8S!v+*{_q-S2?ti=|8t5@+cfdyz z!xC&T!N|&AWiIL^g#k5C+^UC$RVA)f)W9maFqP6iEi?v^ie51dJg^?+d< z5+tdKd;Iwd_zb}i9~Goq!=cY}bTzjxt!a$Ef+LQPfiQsm_PJtMI`%%4?# zbo4v#BdA||W9k!-y?T+4n6up1X>RQd3F9<;R?2fcUoLiYS%LqidxcPV^2jLB z^*M)JfKp+E6LECQdpF}fR~7YTy=^EAX8O@qqV(!oIbwXTs`B1$;&!>W^7qe&G-D=x zqr{2fV@{i3D@1<^TLLfs79zoH2X@WutAv+|Hz}d7iePrB)HU|NYYwAn`eFVILune$ z+Rxm}20APR%}O(4S9Jcpzjg-s>IQa2hAsfR^W!) z>%{^tnuabP2t`h*{Du|za%qcjD^2gQ*EAb_N&{Q`UXYM0>6qhsQR5Ug5OEikWE?FS zvB7GxIYjwlj8{`sykg=ejyn@A270)>D#GwCW)zeT@5JB1v65S51wFfWv-iq>i$Zim z#EUN=kFC__Kl6Cr8}KZ)#4t48-cT@^E`55wxB6O@(3Ua-YB(^KSg{s zZzk2#St&yfkpNua4jNL_o3#pc?K^H?1+cp^ks`yiy!|};o%&)pN-oOyHiG1%psc(B z+k4z316%2}o!?S>q~|!u2~Rv=K9x=bx6W28#|z2|2)v;762k<2WDhvOYRKf8I5cH>8omHq7FcYtj-& zE}_Y9YP!P&VP@7<;d*Tp1X^^-7$}mQbxdx{e9R`;s*ZS%x3`IN%7TlEx69{5akljm z?OPVtl+S<6=+x{7V0?BNAf@xgGy|U&$E^UN6^m#B;S{uy)cj-XS`8Og1j(;!BNSA{ zCtYR|_?s(pw>D>ZoOU6o2InFYjn8V_IhHu$@$Yn2T$fZrF8g$sSC$G^?*48V?IU%* zVoO?FK3+AYyVi2uZL>0TZhiP=$&MJ@@{X4yK1uEkMEt-Qgs@belynoDx)Sv<=;M$- zfklhT4JgO{dW|iiJraxW`V?y;4Yo?oUB8Zksf9|SOA7dx-1{KMI zI}s~Jc%sCeq<+LBcuS7pwLER`;PdIjTBRD=*7AM2!QvWf-U?T&`J+=5HC3AvOaNma zeTxW!%y?6rjH3b)E357bp3_u)QaJbdd#G}KGM2~jpDN#H7neynQ?)l=dS3=-vq@WV zP@yw|dw2RD=)84$AK^j=2%+4`=^82Mc|7-M(w|O# zn5tp7(&F*e4>7M)o8tlXK1q051f|KVmTy{Ca&(<1b!ms{e97 z7PrFvj&$ctg=)_cqh_QbRaO)hC$X;WVe?7x^w*r#z1<*QHP%$lrtHz$_*~rhb%%Vh zm{PEpV6?-{An+t+Hlv&&&-Fa!4>=Yxu$D^EpW;rgTZPJs%>#+ zdrB?O+Tq;Lq1oDEXDlhAy1FTT&PZB!ub@o9(k%mHjh3vLFBVag7W_OQrp{Y18xfAn zb@ADW%GqC_?9&(x2Hkah7E`Rd`&Czr`F8`|V5{xMdkJ=r2ha%iQe2mXkV3CIl@?bF z*b&zQSfg*Pgf5-K)wX4>*%;I);{k!ri8oHrjhB!rxO1VT>3WHV;1A~cjw#lV4S0Pg&K^$_j|I z%X+EftI#xDO=^tNmvKRmAX_w;C0Zf=KBj#G3b_PS(aID?Rz}!cl&jT-^h|)1FuLBz zB5%t*%)8K6m=FdwIwl}H;R~^ONKsa~xj7yfjD|tIK8r!Tyu+x{@x)`*5i@j6k1ns0KO4Tz?#l4a<1hFDt%@TM^;dCbAG$Kk0qn{>kI$^G7FR+Vk! z(&2^#(|s#^{%!0S>FY_#=Z&BQmKW>7PMi`5xgDO#g3Hdu@MQYeYN*AL`v4M z`*#)*qZj9ApeKMTj~9!C5-MLq$Zoaa$If7}iPJ4e|5R5 zN#eNXz-^AVn>Dy5xAFquEwkop)Q_cl8akyyuN&RPK9j@w!6=sPhF`|0>Tv{4`U0!1 zdbz_|ZUxvSAdc6Phi?McgjX;5q4rPo`l#(xJ$_oxV1{LjQ)ZsKbT>TKrI=)_^z3YI zKO&$sx2ufQEDi@VpZD*U7A3Jh(kKx`*WX{Blw6LyF%4lErFCQF-;s0=DaoNlm*r z(S}^KIITFh$?i|wpG=dxzbU1wY6Ubq64gsL$MvRcr8-Tj)=*l%JanWxNMdnBf!^$) z;CK=)LLOJRuJK;pKA9z~jK;crr!aBG&ylXZzRZbn*_igQKVS37Qw1F?l@dU>ruEE` zATrp!4TtO&-W8K2G96-7J*A4A8w#%_@`OY4Kns9_dh16wE6W{iuNH77N>qnpn>7VB zb=*(KY^bPfCiX}8ZcGzIYVuCV=BT}YUtF`91EsCZNV@YBCGX7cp%-1rFH(Rb1=E?c zrsPE+ISRFdci$8`bP2g_c=^K!l$g`2r3?%*t<&r3M)IH*g_m&o&+7BP!K}S{} z!Lv6phtpt&tnmqq$~Mr7ECp2o^Fj|AHY z11>ca7~PGb-PQ2-;%EU4ma_mF4*`Xh2Xw;D4wpu9X1TRGz}nAcUr|}Y?K22t`ktjW|&Tt5DDAtqxWTNQYr-I z5OKGE)^YJ5!|GV7p(dhj24$_f+8ssmz@=X^FAsNAm#3z=B~R#d_}`cnD7qUCIV_t* z?(ao!CQLPYdOa>4Kb#C}^vuE_D4ppj3;n2`3=<}K6>p?v*T_Z7hfv~uqgxl2(Yb7K zxfu^&31perk5XP>sbM~EYYA}_NMJlnMljCxOZA6=!^YMx--{^^fgvGsuYc#9ft;VJ zlX6SGZ~uz~!GZL~lv1)n#lZ9nq0Bu*hBCS0rTX~b8(7RHVBLY2VEl-`EQbUGfuOG; z>s5?B$1j&`b^OUg=*Hv);(Gu`90K9eTy%(kb%9FXLqzBjirkY8WE@QW&P;ha0Khd6~3Z%sWH|)Z)>nbx_g=`Mh0wZ zm$JpU-k|b!<6$aK&4W8)H!ZfPqc%=4!sEf*K7%E9I}TH;PaFik;ryN4m;{yH;J$30 z7hC)==dLc$fi{BYf)z?fSkDrbn#|;JLzJa<<*ss0nEw$eb2otxTp?PlZw(VT)4XYV zum!R!3_ZNMHJE?@O7;zaW`VP8oUSz7w)B%SwCiT&G+)3Q^3(=sgsX%nU7X&XjtLF$ z70j^-TUxI>+5Rp}UWSk@PAXb`M4uAwabnEYdBsnlrQCyhEprUVJ^DS|pz>|};TdQ+ z0>y+4(tYCC6Oh&{i;NbDCKTWjk1Iy4qS@aw*{{6Q5-|3#^&+L#l!(Rb)DJ3(<|Zbj zUs*;#v2sCf15GchRludd9cHC3TX!Ryt`|#Ux@g@Cjo{Ls)a;jXKuKPl&C)@Mk~e7JU0L zz%|IdNv@~Y@{JEym+tm#KGR8jo}Tzh4yh_HZ2GO{(=%$ZcPr>xPr) z$(D9nzu9DAOW!ZJVg#FhN;aPImc3U$l|tdGr3G}?5yFxzuqN`(0uTg;Z6LQ2!(o$3 zmLBkGA5RaLGBe*;L5EI2(zxY%*{Wi6tp%B=DNP$fQwWpznWhN;S>sbj+f>pPA$-xx zYUepAb#{A9T0F_zpIS0CeZK6}zCL>2u#(`P)xi$DNhMGYh{#g?={1%co19u-OQj`> zh}z#`3Tuqjf1|kh;ThO)F_S3tAHmKRI@t1Ji;45pDIS}wmaDCj7D?L5917-b{^V>C zlf!i!*{f-iXH~Jm)T=6nV;xTuoUY2p^0btp!L%b-b|;lp6Z-i8+F`R-UtAMMX%5hr z>rHTbEm?Pa=_TIvbB1T60;|=W(B6_i8hL)N;_Q5rqg|G8XR^gKPO^}_T73B`wpHDQ zJ%9ZRM5R^VfyT)=p-(+z{l) zTnq8uV2-+7hBerNv9|4<0&Qz=naPu{^&3&-7mA2XcAl!%)6J+N*KA=~W}g->c?>gZ z0&#^wZnlK8sOZzvF-zoGO=k3{z`>*mO2aCBIGR>=k<*M^Pb@GLfYpsrW;dtsqOO2E zXblfW-0@eWbU8{dJm66qDe))xlWw0meKZhTJKky4_@2IN?7G?+eK=2dxAj@y6h+}V z$G8SavZiH%0}`g-e2=;QQz$Fp5I$Zgj5j$1Sh;;G?A(Giq-yWKyVKBBQdAI*2ho-f%$Wkh)kHl`iVhtXtUIVgUP*$ z5^?i_!rPLPO+RXDZ!JhTb&u^2n2!js0NZHI&L?je1*W|I22SAyCkFe|6F+4SWwPhR zoVhQXPGexAvGIUu*tN4^9JrnG=lYft1{*cT!34G8snIDuqvu__+*cPDHVxzf?A&<1 zLo&D!4#>ZKH7PeEaBX;`qZN)LXRytoV0=k4ekG_6HeBj8yjCi^xbN-i3y0dc>CU`` z^|G_}N@ll&{qg8X*a7tKGR9cW0FGBLoh#mA@Kk*pJ&&J41d zhUq8iIU^{~S)maBIU^;`jWn400q=hybd1+v&~H*39rVSbKdR;NvUw!U8ZxeYtvfBk z)Ab|y-)XUW!3VkB+(0F;AFd?Lxc1&`XOA+$A7?(7yXXgrXh&3-?SwQ_Tc;rLv~2wYYd(`Bt;Odyl4TT8}WJ&GtEgRN+k;qU*RAGTiSxZf1HXp6|bu zQ1k89I;8b?R0|51`ts;z+?$hgtvvk4soHf!3JMD{Nv%)*sIrfTFr$wmxR#1>R zrMD%@4YPHf z-lo?BNnQl`8AqHERVg1T)hG02GvW|l&!GBtMtW;)qbh8U%ck$D)X)gM{Lbo%3iC6R zF)DwLwg?dvn*QA4OF~P)Hwz#%-5m*(<1%krQ!`hRpNV5kW~lP>+;4p!WNY!+Usn^b zAndv7kKdBvjf*KI{gQjr^qzc~ z9_eTgYiaQX&o)d%~`3rSK)1FGNU3mVaLq=U z5&qWGGKS4|96>ak2o}e^=Gb6W43`6H&eN&>((X3a#H3)T{CH+5@|)hzb_25!)o{J! zV?`i@3pEgVjOp)~c(;^r~H)_roW!PsfhF>sVD8)NGIS|JhLINB`Gdx*2&r^qX=yN8DsO|CWQSP}j z_xCu<^xRF932AUNn(Ka}Ff&};>4R)f}(D3P{QTmxmkO&UEtDSyMyN zO}?o%*}mt*{N*;D#-1+u*;-Z_cF1J4>;rck0U5|qineVevpEqaq)xxbn2Ltak>Lo- zent7mmy{`L>d5k^2Viu$uBUKT&mp}p6;dzp?t)m@YcGDQT zVcnHBCeQ-}K;C&tagk)>VT9V){1N?lvZ9hnDy1R z4;=p7EXoChKZaaEC^BI)$8iSieZru(SqU8RaQ_k`c|V!!qSj=3J!vwF3YXCh5{gM= zv?NE+_@?%L`JoJ#da;McWWJo-GSgIHZ{{cftdZoocC(#W-@~fWRc!Aw~F0YCfF+lp^5v< zc%CwtB%gOYbT3Ip3lifh#>eYZjzKT0vxNc24pYUJeNcOucLIsG#nxW>dZ(!I2`7mc z9pRN79j#5x`p479y+Ta84mL>;d2h>C+ONMAmXhbKC<=Um2h@g-1c2h0+Y0J^T1l7_ z<)^H%cR0`tPaK&Qg#yVZ*ukLxV*wnVWpU(;qV-Xkh(QE?z9?B2jFiBj z69uq~@o%yP#G1oiG13=xqvDZwZAWA>=T2n)yvG!(H+6OyD{VPC8|i}XkGb}3Zx}|9 z`?aq^pEp%wL*we8q4c*RKiWfRR%MFO8k4D@*08sFRbEwUYNx}5@l8;0#^949QIec> zGO=lq*`LAp`omyIu7+2bRII{+R~m%DN0%++yAffgfeL_x{G}-M^L>1l)7}*MIKRWC zr?^=(7|b@2Vi2f_A}d2JTM9yLMkpWl*SFuQIP$Wmnam6XYQd?wa){UWxW}TR$sdBE z=Q3$nr8KO>1Wm;kw15(Fdc@4_6zqH73YQm>A--{x!!uN%=T)5LlcXqAiI9d)50lk! zjI2ujiVz6l+Z)ntNw`_As9u&P&6q6sBVjnAGbv;=Q}GH~5%&qfNhP%Vu*Y~Rdv@7I z#q;TGgMwF3wKmXiOe}`Gh zpS*+OPhP%ENjh*w`PAZaxF;quhf)Qm3#x~%S_*w`;a9CFdq`jMt2 z^v*>T1Fb(*+6aGJ`Jxh@-G{Q}3s2&%q9T^d%D*kisDYgynPJ&yI7J!kZT5)%B>z8{bNdiWkZAAd2CNVzccfUc=x?R^0I zfu3x4OEGgjh@lb02}b&cK(Wx#)j4r^EOW}@1$u?76X;y?uo9puRTQttkYn~@NCCWQ zYzIHFFZC2mYF8hb#OcX0ygOPZ2fP&wEp`4$MPzAGz41>O2V{rvj&Jm#8>XcQ7590m zf1O4Oh`?3@z)HRK7FK1Z?LK!&mar#uN&CQ3Y+co$nX|qc z5GYqxvy6pg({0KW?_feoo1F`mzZ>xB)nXsa{z}Pn`4E#W&{=&0vcy8d^q`3U4iqTP z){75LFP$=(CXZtZM4FZL#>cmcbz+&Ta+YE~UV#z%bUVgKS828M9vYd&(;*a;)Q)Kf zWU-j8de2|}eR2OgcQR_Rpz#3y!!JVl%8Uh}F@KmkyJ%O<%Y&#2-jm^$Qh^VUz=QoHLdB?9O# zHY6YN2kJylsd1f!7VplyNd&kWL0JEwFmGyfAF2h`asb2DWD%ZnLpz5ssWY}-t@)~4 zt`S9zGv?rh@v=f{#p+hq7q*={7-z6=5B)6L7?2h%_in;Q)cWW^EzVYC}+I@@im zq#JXKcf8q*aKvAR|IjWEv>!VjA7$86#v3!&FF@8|$ESjV;0qtxzWrV#SJo?ARZ7bI znpj^}IP0)f?RHU*F;Mi-&*QrX7nl4D_}*W4vwe{$b*y5O^fjQkU)_8V(AxAuh>!LcAo|a-5gG^Xg^bZTCr-Nh@uv)se4;*)) zG=ys_)Tr#FjGRZJ0~>DtcJQ@^No1{oEK6+Qq8gT=n?sn2oWE>to*D#qw~Vc|W*}-6 zqo;w`aRk3OEd77|kpPTWI=aAAMEOirS7&!Xo<#y(JA+tIFA@v7kn{XTu0?$Mivpg> zhm=}1dQPg5B(;&Pa#U=LBU!Xx7mWL7_G;%;h&Wl;VnRP%KyOr^`JYK5nQ^R9i`3br zp~2CTi|>$R@5aPJBQI(4pT7U=L=EFx>?eEsshq~7IDgHxRTS-Z%8|1na-lV1Ep(v` zYgC1|ClazkX&8!PnP~NkvNyL^)q*2je>JeFNt8jRL!Gx>vfAM+aP0kdKRA)7zz?G0 zA0Fr(=U~)zjF%*>x|w6qu48;C?K2N`=%2j^N(s?5?Jrhr!CEx%MDqy}bF)MZ=#g&e21u8k@;l&sdOk zs;#o0t&<<2a;%(8DuY+_l(kQYaWoVZe4{X0k`gn#{Ou0-U|^IkDm}a3a^^*+m(UBN z>$A!~#L&A`4Um~asr72MsY9HQ21!CxaF=#bSvWd2n%s4fBL}Kg33S9JPV|EIE#tqC zo|i40IM|_mh|!IFV^b*7LsvonAMEz~C!5Zn@BcOWO2+VC1bt+jF!H~6(wENQP-2+j ze_1IX6x`cMgBHktn5}QpsQPF*QsQDhS&>)1#KCM9|JiA!FAz3qyc5JHd|X&+a6DJq zqenmK@b5iubpu-@=%HEj$A>e8D5NpLf(*fP#&ppsG4ctVGAjQj$d4D07-@_#6ZYUB4o^!tp6~tFP$(TU{}| zN;ViVf2CqR@jfx)cXhW9nH8vNv@}34F-a7%P1hx{9D~aV{ETVM5y6o{uppPs3bWAe zYmoyfl`y=Rm|Ph)h$W>to*BkRI%KX05wSviRT{n`&R`3{M8SM zo^4{;oJr%!g6N)Y8?e^kI9RTD(tRD;fl#4MDQ*QLm>A}8{_X+-Oe|J|DTOY%^o>Ug z6~u=>57W{XIb|sFB%CvuMJUbXJ=I5y(i0LlwjNqc^$(H@V)oX!vGd(|liD8>lNV}(K?XNwrcP(Xo zzstUN+1QMza5@tf2n=v;IXk2dO*Uo|WTMcS!HEs51kYth>3$XXg$$quD*9yd{>Fvp z7|k%6h*kiMC^3H2H}=mIB39U*{+e30&+DK-k|^-h2TG8}9E2%RLBS{sVa3s~YI+4F zf_sf;Y`IK@Expou!`an)7_Y62CaOEx-kQrr(y4ZXS@99KKR|=Vl?HCj z2{kbZhs^jbVq_bB?@v)*4|WFkXbF?TkU-=`pGpB@YzJhRV%f9DUcVgbxYCLF*RTN^ zG+b{#Y{Uq$3$lu)gh0G-91w;%;oI`($bdAoeC~n#@wNVFMSN-OiKx->(e1|Z)|%55 z>_9&B%_{Avae7fU1lP1=W8&-}>)O4*TYVDZ+Ryo`9Zw1S^!so94?B?|;do2Yrh-U3 z{p$%;{1QK4ovoD{t><08eVjgUDjk;mwNmBk0n(a5yn}$Sa1L-kpFu=TtQ$pMFOh>-;-t-lsnS z$QDWm@51yNGwCoSRjA;pF#lRhV)Zsb^az;M>9?H7n#G|{kxCpjyy2h*{&aPw9?oz9 zy{2PMMq4>Q`a7}XD&));?_y}ek#agp{KYU-7oX-KddyV!UES<4sjs@rKslVuh6v>; z?aN#q1`n5M_n9rnu>xJDrf`nJ4Hyn4hfvZrBc#jwe`e&%mZx%J;|a^Jx(uU)QK9d! zOP0=3&XZ@9^W`h9we1Fr?uIUTrL{Fqx6ad=v?@IE69Gd*1_MP-cx%C=s-uf5t z9L=k41=Ih6znZq9h0>25<>xaTEy1jK?yrutIDDCxa{s$Z&y5g+lqQ{1lP^wPpRbwZ zy!(y==W5S^M;Zzds<|~9XmoudOti1T<1?+cpPlgTxWj?^T`?N0&`uE3*oJ36#5`>E z3bh?kp5*#HW^%71ooaJ1rA&V#vpC7)o&T))71$S+G@y5W`kO(ul2d(!(~*3B<(kK} z`tjLg(88dE0A=V>Hj5cEPVZyMJ4_e?sG4eedjRhW2bEKm#+P4+(GWdl<**Gd1J#-; zzSb5@%zCZq*KJs1l0O?-S_Nktj_;RW4Y{o&3kG%?cbMB~Pt9CRJYjnTm0F_l@H$bRr(n3$zVEm%dA3A^>G zV&d?quUJ!UK0{0lG;5gSJ}M^+*Ax~!y+>ztXHN zX7$L$#3AtNT%}#FR%A@G$U-?VWh3~A>6MohIfFX*v}T66^B!w&|f0A&6;PyPOofo-*|icXIT zkuByksECS>^5KiO78CQ798|Im>dUNyTd$+0a?^vrkU4^J?++=Tt17RHHkJ7?7%Q-T zJuW;=tXK(^L}mDG{*U@rzjn2b9dLrUHn9eIb{5Sq+VvzH^`wtYaTm=G8GFjEimup4 z5SasxgZb=Ammjl2%>r}A6ix}JC@5hl8nBgTZ#!LbP%Gx>{zjw5MKOZs3XsZyegNB( z`Nut5_jeon%uxG_3d>P(u+TI{Roe0B_Yjp^zb=+u;;(hhYn=(=h5evEME#uELOncB zORGAlR4RyDI_J%?nNw7R+-gaC?%otkia`UGpO+`E5OW?5y%gRuzOi*P)K+qVA%#v{D_LmI59a$|i zQJElZsNk3H;`7Ayij$(9H2bys)f6_Rgu9IwJoD$puB_gqc%ft|5eth?F}(;#h`YNq zxmKl0&`^s|SM0-xMD07j~QQ=}&+o3+QhC*n!vW^8`;)nuIn7$wVjqqFZ0RSZo zKm<1|wpBM@ix8^K`VkP61*5iXmTuV-B-9}>yZ%mw37zLQ6-8^S2Qqet1Bt%peA@)a zkNK8uR#Hw)D0}u&Cm`sVZ67^jG|`cy#*#DJ@^k-hk3EG?m+6oW+J!mbuz z8$OCO^rXZ{7=`c$#KP{Frlv|ln8$V`iAc1g)fDE89!x2Ni)-w8wsCFkl93(as;u^< zUsMBw$vC%V1|%Y?J~2@!CCjXPLOVT)rOs7iXe@yVNoI|8HN`1Cj7uFE7*9m;c`pU8 zo+~vqPXx?tv{?#8iH{g8pAazQfGLA32Jbs9c~G$HiNiwkQlzD-7>4QVpC}IG$CPv9 z6MisHYL8u8L0_`VBM$2pj1^X*#n=+3jHXv$?j$3r@)R7emP_AxKvTXU@|W z>zD_yq3xpeFe6k=h4~TM>_QHl)AXXq=~M&hQ>ayL06vjC=OK|unk}kdW*oM zDjLN#QLok{X8>sIYKUS!fdzR!St*~eRC9Bd@1M(MR1GD+@)LuKIIgoN7(f05!=7qw zeJUtfJdPbCC+Q9Djw+J0cbli$Zk&guU#!J_d!p2B6=rZdVgqt~Eb44&tvvR)DL^6b zIA9GJa5K4A76z40$yugq4nMv&|9QIw@GL6%s-h7!Pd~1(>3wCXeuF06@#5qX7x7dQ z=-Tg1T?*2a!gFRVH4v#G``GoA(=+W5qfS$)HQkz|;~-9T46H)k<*o?uzo*%_ZvACW z-OPB>B_HHo9e=Li*pho(See%CF)duR4RTAWHK*QGNi{SIH+pKg7MoS5e##Y5tuTk* zOpKd*rO_Lkk*E~DyBH{G{-`LR_$ALmlqYGVU`0mIc2B?iY^K6?i?CKNak8S)Lvt%9 z98sn{a6zx`DE$59*Q2YC`^DWe>Mp#lc6s~-0p=daFj?zt4(*0n0pMq1qndUY%MCKU4Es6}yUaGkW@7D@R8zBuGv->6U(Aq3}3 zl}jWsU7GK(J1#>b+O1Dp$pTY4CieL8Q$2`|R>$q8Us$c7vs3L4^)1_~So{0}|7?k} z7SI9lz-)LbyCzGC-6Zny+2!0Ro7d-iU7iu!bjCqoedKG5%NLF7#|A1NG4UUSe26Lscg_L4vLq^i@PF;<3;@R$n};jy?j)r*v^_I@8Cplf<@2aX-_O)Ee^ znjnN-xrZjO5@ZZjAvz%kB^x`e)k?M-enOY>6Q%NAGw#!$&HTP(!zORdVKG!|N<|tC zfL8KIL`+ZYtfs6(x+p$yKBSgxE8=xTnK^q7^S@u~4-l}CJfy~AxBIov$~v5*h}9mF z5gM!TVrWmgaJ`3X>3+vKmc-_Lhd|Usg_gqNIhwrM>+E}PYv7KNQ-(GER~kz+I>h-g zzXT{h(CP8qXl0nFBcEqu8Hzc+=7n=^S=y;Bxt|L2z2T__cdq>vv%IY2XS+#QZE@Q+ z*z8REq&IEi>BYejt`sS7T1-5IkL4kHDHF2vDlHK?(8c48sD$;#;7rO0W#NKQp5P_y z48@Rc2UX>*gGy7aIzy#LvYgUNf5Ak!#FX2`rBT6LtCt9|O|0i*dH7mF94BqK#-x5K zhYy>$+x=?99AB+6?Qi|(9Q2jW+_dS%>qWUet~=PcS)lC_g8q}hd{pH#gyHHlu^NI) zCDX}ZX|?6fOaP1f8YYxRP`PqzcT==3*eEXxz>#4iZ}rRS9%rO!U&k@FZ_wO}rGBIV zWT{&CW3BJz7Yh5tmFZcEC#1>OZ+*!9?kzB1eRy$ZwXjBsXW3zgNRRc?9@ksVm=UQx z{kW4_Rq33_4a!&gedg==&GDu!lcm7hXd{WtF?PxMy0pfE`z-Lrb2>lu%JBuC_X_Qg zSVL5=(QU?e7#CkhEF?W2P+G>|s9Z~R{U6zx#CXwozH5vT2*%v}SXOH54{2?-uHyiO z!|y^HN9!9C(9!^V0-L||m?2zDfLO1j4J7hLQ~D;RIddr2hL6WbjXG0Oj9HD5r!CuJ zr=0fb442H9IL%O5H9T1SWkz+*LOIEoE|FPBoa4ghsdlmki4HZjMFJBrEL)PHm0TO# z=TKJW7>8E%NH3SdzvbT?3TtYbK_L?KUPz4P$X}}`*YJkIuxbd^?@{>idm>k2YUeq% zr&k9#}5FTx(IBD%)kD?8Yw?*@>sl3qyc4w9@jOEC14N$HhVsY&m zTDG|U7-eKQoH%C)&~WBxWCvkd&z@2xxwTt{GNb@wmUe zFk8VVM>3y_yN_NYq==Jm#cyuJ=mlf#gD&ZvRQKd6p6y! zF}L+v;%Z4xTfP*q1kUbmBuZj=#y4D}OI$eeSGRkv9@0!t;z@>Xhh;E*A`0Ur3WPuB z8J+K?0XVu3PUQ|qxx#H8@sVB55>>mHD>83v4W{%}TvTJu^FC3{*A;5tH7q}DS;t1; zr*_F}9bj^sprgFoU>~}o!8bdBZ5%0S(&_w*pICKYryi+P?ntUgmzsv@0!V#;G1 zb;q=XoVdiOTwBB%^-KWTX;C>JeTJ+T-ol_CX@m^(yc|(D=p}ipy)j8H8Zta>RfEvvplAU zW2_god+ezikKP@)Imo`rTgXXjuL~dYYkh0itsZIhvI~?9%_|vE(=KxO9KZ)C<)fl5 zGHtnPl9D1)?@iROxfEJS;G9-TWT~U|W*yJPjx}8`V>9Z2X!{#KRhW5GKQ{A3mHOAv zHSAX}#u~5uWrlc#$=dB7!V#E~no1-_wVpnR^XFuaHaxj)fNX=@1zYH;R(a@)glh{; z0K6pL!D^n_DuONI<&_!j#ho`qLkp5_EwdjAaVxh&~M8n&F4x z+AuAl1NN|k04?!4a(BHUvs3FUlt2nc0f&mPSW-mZHuRKqDM^bBJz{%P%JrFRTvTiF z@ABq@+rHkGw?j)ytEJczD!kV51HR{t&nzq>8;VvJ|#_8sX&K!#dg9QYY4S7UMPSmW2&|tbTxy8l!C1|{#i6RQDWd_iOU_{rZM#i z(d7;`Rl{w%TEb3WK(M1NeO}WA}De^;z-J|%>%UID4u;%1*L4rOzYIKa-&^mu7>c*EKj%7bZKmBd_*xE=V~oc z9S54lmu5TZerrcP#(XTtX!r#k-H*Azv?I0m!W5gby#*8PBG^ew%HlIcyRQ3iX6(vU z?UxT-D`dhhAZqWiMM(G!G#!(U8pz(vU5aC{ZL3nbfcqeulY>84Nly$&na;9PJ6cq# zvb|Pyl~MbBjUixhU=icd-6 z-~T6WiM+USL)t-3X){+7h<>}>eRPD!_c~&)du!@$M5TbCq+Jjg##xv$=v8i?JhLz#GBJ5$YXb6x^?5SS`dxAaJILoRBVHYR{xoYDq#y6q1oA zvk}=0S*?XFERNa21PXS|o`ac$cH+*?7;6YN3ar!7-Cf}g?oB95@oVsr3W{s>W zq-R6~wl8Gpw7=@X?{W>MaCD|GmZ6^$s_>n-SiBFf_vqie*Yu$>wpLBHAGQWu2z}!) zRyENWCWpu~=`SFM!m0i^Dl1Ye<>To&3S`cuTgoVe+Lq4ICRR?-A zFsBP{zVvLPpHpL)+nudb;8Ar+TWbRns2B4$W7`kF4wnr#As=+d9M!nKEYW@#T{q6a;hbx!nRJ@l7< zuM-efIrKZr!jb?s4pveq*7-${;)eyol=}XcE^9`Br>6VPpKHGUXagOR2dWQt; z^~kU#>tqzS;>cWPu!-D;tK_RI(@>-+y<>PKUDvLCcX!aS?T&3H zE1jfc+bgz{j@7a4tk|~Mv2EK}vGL`7p7-8+fAzO&)EtGQYR-Y{^t0?N7ETPUT#;1C zF6Zc$WuS;cb|Fs$BK3O+>_#SMnvA88Hyg}`cI7ZC6#@br-?(_3kNdWg1qS2SKsZEz z@PoO--@_KtMf$e(edT1@M1InjmvJxlZDq{MXU!GtJ2m=(zA!qo6nhYRjEZT6v6%V? zo*EKcer9>}p-i8`z7LnW+LrGMzrZLhu!%oXQ!bf=@=$-}b^R6HLOSyhg8$yluX)gO z5Ud*Q`PWx?HRbu2V+&z#gamNjXqfX=29Twxg40+?0-?vGoz4^5> z9AvUP;c_*0dstFcX7I86V@(#CMJN9eG)Oym`tSqI2)pHL%UW>T#GNKdAEH93JoWtJ zx--YbdkCM02M2>|h8Pi{P@6h}idhK4>^5C_wsg!vf-mQtc(;d0QumQPn%mtxr$)Oz z8W>=YW|Jqer2Fmr27Q=9LXgnV@Er-R*cXa)Z;P&8SESBLt?J9J>7n%E);55{P%X z!=ljVG4|*v<>m}rG!-cJSx(#DJOvJ&43MgfX7D!UPi9GOJibT5MWAPBlC(zVMU(cN z7PgiP@jXuk1fkJA>^?kKqNj_1OMkZKhUYPmWPZ1WG>uAD)N(nV^ZilY4U^9f+w1fU zL0R^7(NYQlpV1CEGwGLW2wIgK`N^*^+VeF&=P$IGp~kOM!B06;e%ct(niN2j_2mF z13#eaor>)&E zUQgf~Dn3{xb+BZbb~2E8Y@s8jQyI+nHR5YL(h-%f_{-&xh~scA3>T|rgt6`Z z>NHAMgg$Z=*j@4}G?vS>TUfq_-9Mp6wbDCc3ozC4WY@(EsJ`PcxebzH%nN z$h&!W8&$e*{N_QoY^uD<$Z&3aLRz|OjpN0cM3^Q1+~|?W0~=#_VOP%uX`4oqHz}UW zSwU%gz_o>?4t*Z>Z!sbZPM=^`7bGWJs0Va!u|I5)>G2Mcw^dPR z_hm1vu*R;JS=Ak~BQl6&jn5+I0bjPdP#(k%(+U z@HhogA>xnv&*-8u?;&?>NOqThWj8#|5Yh#$o2wixdv@B--ppZ4VO?qsjw#Rh32?QdSQJBmUUaZhDGV=Sj{%J{bPo-`)Hntk!9XY8I&|j$~svga4=>Y59nyOuO zztD1f8}Z*@T2Z_Y_|}KB)}HE-6gMcpwzQ4W*uQws;Hotu zsZ%>QoGdKxo@Z(8Rqz=zSosAL%+~#N`u^XWCxx z<$&ly2LAjOO_y)z{_KBpOs8cKOF|a&m&O69O>QUqp+=}y9UTxb#m6gsQbv_bN9;Xb zi)UJ=%L1c}!5uwG{=83~8^0G+3z=WvZPaDKMw`G7^Dr=Uxy9`7tMt2P7!`I6FumdVIP z^O%zDPmatjG91x|Gm$#f=2v&q8M-j zx;>qWNW%zqW_Uy*G3JbTO_fG(B&2tB4nwly!bGU@vCkq}6r5=>zvE7MAI*pHWfMU| zC+^TV3+L@mBP^wo9L)P~kW?T9J-uXQh1uupJb$;XM6lhElbOmQ!+Y%KbTpA_McY5y zP3R2S=NO1N@sY9%g~Q;8AVI$pTgs}SURW^t7npBBpT6dmuyqDp+t8RC!TH#UC*Q2m zpT%hfJmJdSn#sPEqlak9=;}#k9`2L+z~XVD0shA&HM6D!LJ_E(`nv9f_#?8E6+j8 z3K=8$$4W=*eDQq|->*A?f1AW46~qc-Q{sdl2-ibvu+%H~GKMByGI-8H(^)c)pVZCbC9NAAJ4KKAb2|)x5eh6uKTo8A>Qd*HlJ-KfKf^Om>! z0etOOZc1a4x#-9r9CL4BpwT!T(OSpVX)5lo(d&^EOJY}7!b?4Pv%3e{ zJ;FU^8yv}LZ&K=ychP$pP7aF+sqnTq!>PRLF- zHn3v)liga0>!vLvw39`K%m&t~vzn{UIW!&9NztoOf3GjTQQ!=%Bl4vod#V(1ySAo1LUG2R z>K`s`@Tag{8F5tNhM2&Mb+0S@q{ztJ=~Ld0yE^w0oz zTZy3xW`Pa?M^4RUvW`?;X(9R2afZsS=?rTD$S4d&wU=a&hZcQi{R$eKQ%oG+lgIru z@dEa5nWJ!D*~~T~sIn09)^Q$JinXabuiyr0a?c|cX$PuMc4o|kdSke0x#~HyvX9tU zSPZH`R>ch@M{IyFxjp;ZAz6c6x*gKIX-o8kOun&HSkkm&HV4HYS8iXY%>owWOH#9fV+&SQWfTdFP}?$zVIL3zv+6MbeHD&o07z>flQ z8CJvY^KMg4dDqfEG@yvRLV9s{453%y>Ynk?UN?3B-C@aa!DHv0tKsj62*T%8drLWJ z%G?b`9OFWiSkLP&sVaeVQ_YWjJ8Vl<5xj*Ekur0o0yr{zAflt-CrjJ-KQ~)b zjHwdQ$PgpvZoYVM5_Y++nOD*0H5X&oiAhKc2|LW(anT{7^UycOq2Y5`QnYC>*u!#) z7OBb4C?xo#*J@%hr;ZOrzztYbZzaQJP0R1NJpHOjl1nKDGNZFP82>eqshCGAueU$@ zt590uovVm9&7>M$QvN3ovY^=TWVYF!r~9!OpeEjZ?0MFTuE}N|0yOD0bKFT@6#11j z3^NO*;B|ui1VwZliHBC^Kf)TkthSY{V8ePM1|5zvqT`LRWHsbJZ@>gtX0KyUh>2-N z&yXGbh6GRBLeUfPC_|#cwB4HBN(<1ICDBU>lh61HS`Hb{qo9)x9x?4VyF$sG%_)6} zOBl2nuyP?)E1n7r3=1m%>?LT@5;QA5$i-cwY#z-;&-3At5#^(yZzU#|mC6V&q(gpF z37ILIJ&kF@PZ{U%9Qkuey5tma;uq5*okBn(Bn-Kz4kucsRnI+jEc{IY+KW)zPsSJd z0CF}|`zh=(4 zQ%6(5+Dzs5;a`)|Z#-Go#yXjl} zaD*;SfGS>CAp>{L1P2Hdb7|*y8in}kjYQ#(Q-zGcp-$8c_kG70NYW!U zx}ussy)#3Xm4<@0sEBETj-RGknGOgv|8`EBxx>wjO=pmANOA;{$1m#r5yiayA_k0x zw>G1~O_cKl+7Vy{U{nC3H3{uNE-TV0R@oT24$zPTp}pi0B+IsMTQ_;At73Pch}|25 zChVHlw_-M-`U_3IFge;UXhcBJyy;k3V#{l<&xJUrY|Vjq~+w-MXHz>&t+>ev0lWG z%LBOyamhsCond$9swkw1%vjrH=`cZ$en0wVr-OsCV_Hci2Xi`iyY(8( zEo-@)5ogge&;IQn)!shp69P7)0u`gW!#9i(ppTNS_l)+B1@*V{oUV;%AJQx-aEn9K zM?c%g2-oYV;ak;1)Bl9R!LMozdQR5q&0hEqO=Iz& zRI)K~?Jn^X@Bawaent87ft2uH3fJe89SQ){qMgf%yB0F;>vhL8N5Ie|GghO z&ms)TISD$w#cmEQ_^HxCn~X5Z|F!vG!@AeYnsixj>>w7Rsxtl(FrZYToGVWX!}h-i z;A27HfX0J_a*#iK_;(&&AoLHiuzmzUp#`M)LnApnUh1DYw^2>~ub;21-(ewxdj&t+ z2acz5zR4D$RV{kxz_Kq&vyzJY&d+}~#_z|1K(z0=GZX(cc?FYxr?Y7SZEfkr#l`)C z^v_mr27dnC#vtdD26suAnPc^PgF<~i_75So@U|nsAFSJA6l%mbFYl@y#w^_o5?n|f znJbb(LM6x*E$xJpBJ0~9HabQ_7_e7{#(=8e4?4J1vzUX2r%Kuz_f+jrAv>5$_p5g_ zM=1(1YNHUMszKV8AKI2iU6EQ@x&Vz~JHx~$#95KI z&IoPoy2$#v|DmY!%7BL%jHMFtS=lL&iUsf-QqVSyytv_JO64#1cY=5muHtqM$BEVs z2FMlkhf_QXtjD}-c*^q57aUTTP!*N729-*p70(ax z$>IaKS>)L9Iv>Nny5OgV=J>Q&1-7ZxS#T_V*KPMEcg!!y(jw{qg`gFW8TRLMR&yxk)1)?U-^d5Jdsy9}o>Tgsybc zQH>DgrSg~8skK~x5J;l3hqHI_v8 znfi_>j3d&2SW;Zte{zXd4u`oB@hK*j=z)3jT+aB|@>e!*ZQ$r5ocGV>X^*mosDuX2 z{yqk_j%5AHR=8jFqJFoYbMBnkdv(;u>Z2DBUzOG-3qMiOchPuIuX;ON&%i{S3qb z1skRSrN}~TK1#QDFV&z(b$o!Izp_sox(_qjeWmWefDq)d#PsX>4bhGZaTa>? zYm=j9Z`>_1F%6W;@{So1_>#(cMOn|SgS~PqG{~bN-~tP`K=`*ZLdd2h*E=}2o$np- z2b)jBO~n|9$+w>z=JsU8H)SgOqZkU%=Ig||vG<2J_!x-|wJKx1Hi1%XtnjVNO{~ za9#8yomn5V5`dmN2PhpEyzM*$5H`Q4_Uy?w-wS7|n{Dks&6?pkS#RX=H;{YY-Gi_- z0sSewbyOQQVS|+PhJR_nH+IR70$vLaHk^*Y#}G6JZo)R0_-{gY`j2!JEVdp2rkU8{ zJ)2faN*mGb&$nU`=B@(cJ&V^XkK}yIw-jmQCyWUxv!^Ckd#||f4c7=pT8GT08Gfc4 zgd#H-CG(fv&4=px;(2OK+CPNf$FI%=2K}zko+^hViy6Mx^~?T}0{r>f$5*Kt8n z$#URRy@*p)K~lHt0^{K#>sq=d!6trj>ofJ{R;9SU!`mG*JFq3xMAA+2ar}Eo`2e-)B&so0}V^S$E@tAZ-LoX6W`e06*wyXyLqA1Nk}cDsz6mP;9;`Aj>h^bi{j3ULqAV-^&dHRd=O zu^lym5R+Q^F?Ar4a)8CQJnbH6AL)`sATX0}jP|CWH7&f|jN0{e#CnBhAN0y&*D z-W2e0Ed?GUAyLhsR=b5zeT-s+7QUJPz4du++`bA+ScYCr)>42&3c;A2L%WMMb6#G` z$tiNFP*(UeYe8qcesAcjNb4UG5lSq6w>ki>NiD7{?(xp4JDD2b+^(!aOW`v|Qr zTUC<@Mya|!p+#${Qp5XkQvcPvEjDdLaxHT-Yw)mJRm->AtkYE@C!CC(Hp5Qv@_X11 zc2*qgOGv@V;QoW3g)rnSG=9WZ=}TANbU&(nzv_o^=_EgV)KsN3Ri=0wirtJEx=hnC ztJgo=q?8piV>j0>zN(KkD8rmC6u`8EEj{j17;*dKyqv-D3FI;^I1ycMJ@%_PzkuyD z0vjuZ*vu1Yzr!L36XAMFaCfMW&12Iy(h@o27FRIqnq(b1wUsb17A+XORJ;Q85on8M z&X5;ZCwie~rG5Nl0_R<;q*Zo&Q1%<@TW{ckGI2ACQ`G?vP8>tf*Kc7DM`WD{h4Hib z2rjUBq8A6Nixf4bWQmJFpA`4lNbwnqr8;-UdJEbSBNPdQqx98869wieQ#Pd_@a_fq z=<>BN-H0UZ1uCJq1%}!Ihd{dN>@d7@*&$@6| z>a<)=XAmbB(RMDD&df>4HxBd@xfCB+L3} zhJGgV8x_`;=CM9~qUNm+j;|+md?2LBU|~VURbo^Rh9j?7Z3?C+ff$C&DG9+K>KNwq zuz;z|68>m&N6YewdE;OY>WNHGbTOU@f5_!;4j8^!wCkJ^ihq}5Hj$^Shh;px_a3c( zP}RE*jB(yQZ|7=7(u6P1eEAaIx#>^+BV1oD+R)C1k2a}tP#O4ljGD2gATv`5+G>ug z%dl^WIMdVYpK%^G!?*k16rxk1Vz8RY#7o+x$HC>ESJRJ90Si9Wga+N^^!Xd_ z-`8=6xNFR*1@ONgbQgiM?~`qpYA0n~)nRyDRP@R=L=p?az`%^42jAc$jjA9(R2JSzDCzwcQeEoZlO|0CPueX(KWp^wzP1NP3dXgc#u{{_Kri1)gxkIb zYnl0nqMi zeC-!%+sXA1_IyHu=ldeD+~~SMD7qxW@=d*+&JxC%3PA+0v}dreF($f1MatzFl|#=b zd-I{zZo!J<04G%3dfZdFGU)-S_ghR$p^M`?KA8!@*ZC1 zF7(f|J8HFVq>Hqo&eQ=5l!7u3nxai*yHq12yL@>)c!v-k6rWEyrM-OkCy1fnW7wcJ z1d;&Od3_18);fR3L{6D#*^1{;*v?oIplu=#iWnCa_G|6j2LJbcOYabHYd=|(;UD**`LF{B3g0zme7Q#UAQHY2!juDzO-Oji!69I1f5*h zdEO16Tf7ML^m*9kUjJn&Z0~}q(-c!};!S0#XH~}6UtR=NpO8{>KcOYAT=4Ne+w7c7 z#J&N@Yq;snJmmyd8s~%^`3p9^|H6sMIbM4b3i#a7o{Pa#ika$-r$sT#2qleGJ zrP=XthWBMY5I}uZeFQ|qmAy1I(G-YAHhRO?uH?1z9+Oa13{$p9;5nc=ouvz;Ud=X5 zwGPtval^TqFMaP6pygBP8;wRX?oL8=-|!+*=m$M+HK=hb8t8xI9!I$ExLy0Rm@SY& zT8ks&(A%0E^+wOO01?0u?lItzzx7V+c>~eLU8Hfqw>b6ZS1-Qn*M~lKE6G*|M#gCO zRDU(suH%sJvG!)Ynt*q2gi%b!o%l(gz4~qRGSkkHLE7l;ON*FMqoIVJFmt`9vRyYH z5e%frv!QJSA{Nu-FYv3Tmt%Nk@&!(Lwl9TLmXkYo&BseLkSg7{umRjRjR&GQv}jWnTEMmcagbsxIkKk)$)7 z$>UM5y8W8)X{FBbN+F7UP7Rwyg0QS4`gOJ)Zc}HZM-XDJ{Sh~?*@X-*LvMp8d@w6h zL}lds_ADiA@TlN6d7kfPhHq_J=4dHDWU)|oI|d~;&L%%pAew;Jvi~|EfxBe$n1S#d zOK_u8Cw;9WQpk(r;oi)5;Ber;?@hOTyll1$4IyLFI(>9@cSG3OP>#o>2+fMlWOj`c zhws*YApGp?g&vNaU|Bd+)sd0DhTIlT#p>d1A77|L@BIu#nXeDYg`}@aTO?`6G^-=d4DrU#f`|@ z;{%xp^zxn(7&Vy%KVJs7zfMPMSK`NpLxB%YSm+8jD^GX@`m+%Q&$#VUge@_zM`+=O zTv`ROBjb5%@FFN(DkTH{#vg{v<&GBQ|4W`bmxo^)s3mMiV3-0*piaPsv zPbJNqgrSnG;XXT30#n4!C!Qi)&j_N9-C1&Vxx#@sy=A)l{%)j(gB{^KEigJZ7BclE zY1x-twFac(LuN9I6BW#0t;xsj$(pBh;{N@cwQqUL?vjFsK%Gz)94cydpfQTmPRVCd zbs?hUIc{{rP}*G&V)M|$Z2g7<-*VGv>?X_b%9To!Grnk$k+^j9ynafJ`DJ*Uj_aS; zY0W*X-!+6-7CQLDIo=C$UBTw3ld+lTBIoxle7slul7_qD=5eCh(tPLc4HS96M`KJl z>eP}xQL>qGebO}J`CeB~?p?wxAt(R)dN~AxQM^1?ZxMF02s$4pHl&U=bTv&ip8dky zmc2Q-LixOEl{&YpLpqJdbPe0d-5aHn_PZ;`ltu5qduo8~=HlaWCwRBBI>B1wkghU+Vg z^HNVsjt<(wqq%TM{Tj4st!HpSJ-hqQy44=}qw=sZBUD3+^^Bd&26rp4fTjQQflz_!$ z12!32!@&g^D&akB_`tIzg|Vq-JDZb7>}UXcCf+Fy&h0kOL_OhH_8`v=Z=R7;6C^%O z@WE#)nDH~AM^5hXPq`oVPvWD#KxhMbx(qbEbw=N2h% zul^7X;L%Gl_u8vKQsuBg8~Z+rg6vTEZeU#?q%P6cJ<>hvbK_r>WJ(`WEt5ir#Td#I zp7t(R>x)ZX?p*L>+_2Jcq+diGG)|2jwF|q%&f#t%eCkpvO4Gvfm-M$xb5_;q-G6f{xzqoBufY;=E5^KL<(k_*|Icg|L-*`0BEZWKqO~n-xm!L!azK?b97udvjiSC^d`+!%~1*rg_FA@MP*5CMg$#1R$7Z*WP}r3ItZC@G8Y~*;mFTMYge&%PG~cUDSFy)Xjz*Un4iwkMF1t zGu%F_qt0ZzPHTBOvP9vOnM_p$LR~y;+dcR1KRc{Sr*0udXj62J8D8yC+SWYEvw?kX zK1J$8g?d>Wz`EU&q$~1FE+{8>S*8ocBtL2W;J}9WVp7e!1>y>{R6z}kzfdne|2w-B zTa#wJre#?L9_2y3aGhi{Ghz@mMlLoYyQtiGK}b6fm;i2ikbIXnw{Q@Ap48~CB!2d| z-DknGR5nx$C`I)C2+$Ki?w(NEz`-yG5qo$q*d5q%OFLJ*rW$4Y5ruHzDk+z>Ri8&F zQ9^^hB0htcpNrK%M6-j68<&Rdzu*%TDJC1U(MFAg*oL9dZA$lxKqWe0N&brLC*fSo z=Y;T}1#nK{j?4>wj6idv;7J}c>E^)s(0qXKO6$+n_7% zEd|3hUf)RYqq*M}%1PQ@4M}9HbQNOju89B}BKM}MX-~Ed$qf`Bjd9jm&HIbsoAb`dfrOqH~- z)f*HRe|{-ql~EtT+hIFW>n?N*0nY87aS*yL0T>hQrXYT%~ewbbfzT zOAExIu4;&5eMBi_e2j?(JcdLIxcX|<WvB1FIMNUru@>F;)QVnNZ-j3;hGxZ*!W=mZ!6~h4)UArqdN(EEA=y_*{yS^QtnP zo3zi|NeOt&>Z2`}vZZp9Bx*%Pua{N6_OWxB)I^@cBW_hw4fZS|mK*wyq)J@M@F6HqNS*!)IFcbVkU6nz;}iX{O;YWw%KN$b#bNmz9U;;5 zCXqm(+OEsc&uCaCrrimHZVnTe_>u&$sZ|##J-Ub2 zp;Tkdo|=lgJuR25iY88a#ne4?Xz&(vp8WP~O`8I#8T+DVBV4%T2j}Z7>oE|YcHf4^!X%^qEm#`CZ#lq963ZkzGZrm;> zNX9;%;1QeR9wV%T#@*6s9%hdR@D*ZE?4XBHOma7Of91@h5tV#jlE?At8yMUvO0mfE z8*@JYB`BIbYCZnFgxin19%(md@3QI&X}aWv7^vll*+e8+YEgsz6@flpi-amc4*{P? zH{b_rWWXNWjjU{pXt%Bt%d%H{#3kmr_*ewIw%JDNS`eWu5r4mZe9}Rab8#DMVm&A= zTMgZACjVy{VqdBtQE@|Y51RVclCt3r9IjO|-Vw(m3D-aLS3B8H`o&xO6lx*9T z((jKj$?AEeEXh_w7Dx?~5(VRziIue+ps|oCfpl;5wpVj||BTUc`Gc;n7-aH`!LeX}hjCl^Eh#3NrEWv0sG@+h~{rA}8<6D9&HW@$fZ1W3xcvn}N zHhdOQnUtT=0epm=%o(eM=|j(TPX5*Qax;9gQTSBJXD08035&NW!{FZYYEr3@9Akey z6Dw`W{hRZUC%EX7JD6MBvi&k8KV~!5S8wuhEoT$6E)dggd$coWBZ&sWJO>GJaw4qH z&;25KF_a5tB@G*tB%f-n{;oHi8ZxR;yCv=15#67J<;c6%k6t|{yS+AaNFhEKu&NWD z(K1m{_!?{()nOI*fLlZrC|-*ed{7Q-kzE4%kHKT7UAB}yNT8=<9Nd@fO0(|@r>NzN zBkQ6#0}>ACheF_Y_uXilcjqKb z_+F8Bv!-I&4s>wE`dGFK-P?8QQPBCPOE7Zb_;M<6Se|WQK@G@}e+VczuX(!kTeN-G zD1|Gd$;S5k-9vTqr7Kaf>Tnk!ce~Ag__yQJR1KU!>PK=Wsv6eQDp;bmm_Ea%Apj>2 z9SfP>O7!bf?zpIP^!Rn53~W8PbQvQ2?Sy(O4A{)3LzTWaSl8vL2I|%?|4fz{1jV_5 zk5KL%q3KT;Xi4jiIN8FzBS(f#9uRmZ>Y-9$D}aoJRpF83;+WOY^1~QQ7Bn@m{fnef z_lndi#Sq^}&OGlIg3m(T0y@BvJx)eg`;(o*iF7F`TY9n!+733pnes?|#=mpG*?_*% zvjBm32~kZih2vB=L(3k{D$@pNmImB*lRQ_5*}B2qJ@ek72|t!1u`yj$EOdn^q5??? zWjiJjjATMuDg~Oqib{A)F)G64)!oVo22C&-dEKWKIn8q-Ua3g~{8@X8I_v5HQyw&m zDB_xBD2LkFWv4>e?JcRLG>b_!!$h%MwNm*C814s++7Kh}K`0#3fR;wo zxcWmoF$8WxzjA@Fo4_6UNTkpfdbj>&-y%1b!-SCgjzP zTdrYyF{A=j0Jbhr+nLg#AZ(~CLBd{N_Q}{FdhqD4qPFT`%So?6dG{V7IfZKYreV>F zVT=1dgt>A71s}(k4C1kViuibt_;S-A6+6371tO{VZveaq7K-oMK6(bEdnZ%$9shlu zW&djX<4)dhn->gs9lMNs$w2MxUhU+f>MHwH-Ao7!^19(m0$s4`lPuZsaTc)YRqt zfESHMH(I=|*N9;`8G{6tIGwsIz5PN}eE!ZPQ$qKMqJiM+-owdw%(WCCy`P5D4zZ2x zH}tsmF@ZnT{y^bPt5oc!pG)|t%^tTOhG4$zJgP;3*D)*GV;C}IR333K@mE;CC3!&< zJeph}oq9E}ZP8ohtRuPX{rt@U3~6<{fj0AU&+&01gZgXE5=(XSFr9z-Y;0m;!jpH? z_A{Jx3(3iR=VuDq)eEUHdG~2~D?y?T?|lufJghCt$}eSi`g@*dcdJLkVU<7qeO6vo z#J$b;jNQfuaot0W$B2U#igfL#iW|mu(ioDOJJG=T&UV+srtiqA#?4jP>tTlj)LA3Z z8*hDq^EU4osA)?3VcZmW2r^bF6rqyWl8_N@-j|iri2rS612XT?{+I^wU0oL)$wJ3c zB#zITZ8(*H<#kmAy@*ZTL(pPHX-3Pwdo#X}NMt+1fjH)F*73%;BIgt5I7DPdg>;@U zX=pyzshj=^>$TKn#io6a64LnGF^$`io_F14o&?TQE=#|nGT0zonxpinEP&E0XMps9 zYZldF;;x?r1^WeLLx?>#DPP#`l4GZilLv!)k2$piksr#GCSpo ziH;kFZ5JQRj1il+C^#5!xJm`YJv<&P_J9 z6eWY=nzXPJ3QhhM%{e(^4aj%9o4(WE=3MZcz@GA_9Ra?ZWmx?62R(4kH;t#0kE|i~3_oH<@0+7( znhSV-A46Gn9+WDw{VX{mIZ}PlXuOu$t8sJk)~*YOP@qEh@=D54UPYE3F&(EY{O}E_ z(DaDa#^=e=LKvmf^+Z+mb_$dEQ9ToZ z)OP3VGDJ|1B*G2DVZA0@(X~u}JWfx1qC4_B37V~J?AR`OKcTP8dO;6goG(TbdOK-y zJ+9LnkVzFP0=6h8Ga8r+C1O7X3}(IrKs7D4qgB!~7FANW-&vs96zAlYMydDwY+Ai6 z)T(jyMAqzmaar#j1T{{%t)WDi;~lho@JS>(WYDSijf6QzoUaC5TX2$!Mw{-W=v)q1 znyoR&s2SHu}%QCUG&4uJ`{D(O0O9g$=D>2O99L`4(-qq z3-GAQ{^-A)$$9q|@x81Rk%inGwy79K#?{rU0EGeT?e-MY?h(*M3FdxwC~@M_g9HF zudmT_yzZe>TyxS3XUAM`{dt`2(In@!-^Ugwh5}u+9ha+1HG!}ykXuHMI5#~Cb#CXWRF0Kx zVOK95(p~rhWvZOhA4fN4hJjeRt^v?$NV}J*(6OftY470lMt|xx2Z0;R=-gsUPF3S$ zEz5;^gR4Eoxss6Eg}A~f=|UZMG&~0WtX>MDKjb^6L*^elul$LgfXr1}%|V1{qW-=` ziYZ>4o>hw3b~96S^y!V*D7R7LQRA7jo5vGBT5OLYY4<^nxLI?mj9MKomK!P>4!bmq zHCYfML8u9P(W>S;H@XwutM85;NA0Rp;Zp3lOVzNm101ixu!DZhl9`h7uNj=6u`lWN zcOvN?!}IW);16+DK75u_vilLbLqBdxMVzJ_NY<9EgPUXBDbLZgB<=_xLe=H{AVxjy zg`hr5#qyw;b&K_s_MXd`G}oy0h1_axl)5LbtlF2NH9HtA-D_LKtY`Fva)SXm{DD7! z4t3C7MQ{10fX!ZQT6_z*boa4}T)eoK>>yJBMfZ}Oux)E|E&t-PX{QkQn;$K46#QDI z?z)hO&uatQ`2X?rm0@xAOxqQTLy_X{?(W4FDDLjA#a&8qFD{F_yK8Y>Y;kv&;tt=o z_xpVRt|Q4YnOsRGlbJI!_7uGntqGdjOR?@?fUlw#|DGKWj>pNv$>YN?zTdTt9PcY) zbjoDxct%@|bgz?*MoaK@tLcjGZWRAq!{@^qw7Hqp zq&Z-YEgx`wF@7~uPTa$+Fe!{JK6kv|WT|}b<@#EB-1IfoiO1-1*+jgQ=42IJB3^Di ze%$!B72NE4q;WQlZgS>H*`(uuzE2swy|f5!9!!p6^THZ`p2sO3!c$j64yes-zgmm9 zr@ARppKnbXX~oo%E-$rd%|-Swb5Z$jM{)|^&aOF)EpTOI_FXWB2ZrEl8eNoN+j;kf z-p51j%)1I64lh!!bqDCT<}*NHmsgWz4bSm79?m++SjYU@=*Q$WVYNy5+ion!voS&w z#XcUY%8gFC!i&y+dE?FZD}N?@s3rB~JPk=w4?%fVPiG-)PoYfBTh%YH>288W8La+e zNik!?)0(eaw(XBS0rgDd6dIj4cYRJR-g{>|&`WH#ect1OJ0_IZjlYEK)mwMDfqpRk z88v2JO|P6CJg3x*W6CaZ7rW=(7)2-JmRJNsQXR`ms1~ACf;?iwThH1|=8NfVDf}0< zBJW|SbX<|l1)cevqWR+Uiuj{P&GNvRgO0D|XUora<@M*&!1Bj8dr*nQg)^>-4K0;l zm$duF2~NF>aDhOK>jN_B;%SQa_+q=?EfT(G50!~(WnQu0cbywJfDU)^Vq#s3>k{E} z(}cp2ttIGvtrXR1M8uFIr+Sk@jhy%?SSI3YR;s$a;-V%$zcqW6_Q!iKqG6*}D7OwHj_4;hE{OE!8uuU645q9ePVVV>C{>GyAc-L zGDC3lVCMB^t;@FIBC|rm-fAi!?_^gDA@NBw0Cfhpmr#g5ZWK*W_X^&7C4>z6#qVdLuFeh z`ccYQTuyMc2Qpr)HBEP0^I#xC%WHKODC3$~07jXiBp?r`9kRpcVz!?cOg zmYOTyYmJaIao7iYc;9M_;N{ph-tqCJBhD%6p;K1KW*+KUdL$~`Kqr-#^&Nq7MU(AJ zfDZjEA7VYfjaYxRmIoswJ6_hkuWWtOa%BotMsJJBVa=ah1i;ohGQK~CI>jg@?rUeAnqN#>RSuaCRxDB|aKZbu3NlRX7uebeTmcDfP zEpD8i)d%y4uJkw1)^4=^F`>fz;nB)IA6%mSd8zqlxn4_fS|Rh*03$3z9to>+#0-^MI5i2GzaJy+Z90#d_5*M3+jO#Q_ zR&2#~u|QjbbwzEfG+5dveXOyix!m(=^=)sqyfS>Uv6?Q(!wyX0I=C2e={HQX;`K1x z%;hU*`Ss=p%OA|^Z0XL=9Aa@b#K%eH#0FPWjkcIt(;{km&^3?nRsm{`OQlXT-dLJ? zi-A;BG3=@xAW5YT4+>ye@BMV$m{lpEKII`H-exfET&1SC=!~$QqIx*ObPb?XqsEgh zDu=vs?AG~w1=DL3`{A-bg8ML*;rS{lWMN%dye~Pz8Yo4jqAsP|2Y`g&y$FWKHIj2& zGD$He#xFMMk822|C%lXZx7e24_-viOYj$ZX@S7W`UXh(k5-3nd;M4jgWxvdI6nZX6 zCAQj=hW<#VEj{V#OS#!iE0PKarR97bR!}N!0ENtKk`}$7ODB-w3#uOm9cE?kQeldn z?vf2z?Y2sVe(&B904>dGaU-{vQDBH=woSOWGNHhlPRbgbL|=pf+9TuZ6|uFXfRo4M z!8zM&RcgSP5wF^iVJQqy7lSFl$x+3xM&4-N#)n1;R=~x>};?b zseIQ11&2eju4*=W>rI3C-E|#kt;B|gOq6F z36~m1MPvFMJnR0H3LCN4_}+NZT8S>y!XHeP5M-X;Tr$I!oll$mO3Vs5=8Fih(P&5- zSt34rX1t~zvn%;wgJQSTQ)>#8;%2j$uc7;7iHVj202`$yY5!3FZXzv?@?DS75}6Lr zi>YQ~^*cE^h{KX1&zAGs=%*vjI%i89oc`5=rPt-iLX&3y%aM1T?fl*hKPd?-I0l_i zV0eOb4-$?CLTS1D7?SFBYQcWR8m8$>acCpf$FKk+3uGqS2(L-Tiie0`t5MAcZ-HCa zpq*xdgJ||za799e?r@TpkcNP>nrdGKG*Ti)U7@j_!^A!WK;ktW=N4OW5(#*Yp?CJ7>+v7`){v1gG; z-dC@y{*_BrK0=?J_AEz+H+KIZowurE50{3Jnhp+3dOM@_Lvyz6-@ea^pQ_*ZMd%;9 zj=A?sn41K>ICPbtm%X3=2tDi@-{`pS6GWb0vaMAIQ0qU#*Flg1!bPjSE%CnGLy8ML zB|3j#i`JiM4Zo|mR;M6scBlIe6envo zt+x-L+p>%g(f~r;r~T7sz9V~Zr`tq^fkdEwBwtL9@ttw##e5qktREzn)rZy>4#p;$ z?r2%inp7-8GBGU3La41Vf*6($IuWPBnoo4uMi>Q37$s1@TTbD<#@|n<&8C{({>WzM zzu&_53XFd3>WkSxknz%XJXrWqBskYpGN{#U!L=;Xjp z$VF6ot4&)c+82q&aI}Gei8)=OOr<>2w>{k}^0%8;nVA*qy2Y`*?2^btf(M;0QFMMyTxJ7}F z4BR9v!Q;z2>>lyr7W^gqvm&I8#)iHZrCHm=kZgw`cVi0w-r>c;{fKEVwAZE~b zfGCXn%U|~8PJY=?ay-zo)Y+}_Dvz0%n51+|^e{=Z93@cOfD4g2yzV$F*htMFZ3DXy zmZHbZl+Y{FLiwBz4CMMoWJ#YL6Uywsg|daAQl}Qq{|2**&Bx23E!#fAkbAk@&w6#N zFepnPipm1vs%JfsfY!{SW>S(aKtBeb3(|h`JSwNv>@AT>G{A&ZN@>sQAC1x6H`UIR zSQ$Ie4of6C+-_@+l$@|&Dj}UzUFxn}bsmJ)PvYmwlgV6U--D_ZSLCjZ)$_ zA~lBRa@vig`y=;)g$23$+uI_==3|t70*A*-dM~4Yt1E`Q!F0e-u>N7juIfVn(`~<$)YYYz!4>mp+k3S4v z@awAf3Fg6UtzEKQb?S%?=QEaTb|vNJV}x*J(0|8mFa;JP;JQ!OSpv7MAFiQZmsr2i zMlNlllOu?S4eT=I?y-ABCT_h#=BZ;&jz1NqZC&>bQf%6P@S!sf*J}a`j$-;UO*o( z)%y;G%)XooFqS?mIxb@xs4#9mOeFoNLedS7aNs4b^Fj59W=42@;--5Jio_F2KN-`q zIu^B1bNK#mVu%KjPtsnrr=0QRtkbLX{Zc}NqFMIW_!jC=tVSDAX41secTswtzQ`1^zrWV=gcs+$Y>VqeG~q~8+;dZ!%n5D%PPmf*p4fl*WG(rq(`SVjs>O<3H~(cI zigAF$1f`=kr;_&TYFf;_g-1G>S*F}N@~7(~p*R6oysujANe@}RJ$n$lOE0flvYJwZ z2M3XFLv;0CpDA0T6x@0zcQ(o4*1z4LJ*mX~PQ#Ry<~Wjx4o09pZ0ReMw`(zC{Gj@RNW0V3p-h(tP0@<0(9?iWp~?0(lrgHZOc11|lMz18tB3U7eoupTs|GP9$ zfB+#$5_9ze{(^IW2K%=U2%K#MtD&e-{Vb9X3{R8>H-MTjw~$1V)DlJgaPH{1^rt87?2`WIJdtle*?CTS(*)y;UrnGG zx6F!yFIPYy8s4y3L(z0~{4iAXiB9<|FJ}Ump+i%D^?*gOEotvDiNI#AXvn5a*U9?< zb5*n&zEG$S_ttb4l9V7`F3wdEel+3)C?F`hKNS5oMDj@O#B479VxDn;{-2CTDLFP{ zjSKu~$m*6lgrTk%`u+73-*>Nq|7uBM%tOa}t82l&`hG$0{q@SP0YZ=T*CY|^>! zq!u;5jlcbw3U)lHe}UuXO`1S{^fc#Dps^j=?0|j-C%+-I%h*#G>?s(!u(UF zC|R!KX{yABx5ggZ+*QI8iBR%Q*k@SUZZE?P%Xsv#|Lp0ke{xON0(eH!=EL=PbL7uO zNNi*>Y5Y~F^^2ZoL>Pks3&txY+CeR$#X8Gf%@7NYPfiK zvUeJGc9jol>{h5`6>3B*@~wC*b_H_YiUTv4QNNpfSS`-m=roIq36nbQE0`cH<*zr(K?!4SsKU8 zSnKFi(|=r2SxS|&IO!LZF}7*1prm9J-mUAp*w4=yCI*SrWcqi{SA#ciJbCsOwwv-z z#v;)~N8<7+&pv+U4OO5v=`6H0o>Le_K;To*Qv>i5N;EA=2IG}*8vDCA=d#bJOjo}Q z7~iPC%s_l$eZ^I!eUtS0ZTuR~+V|&mZ@b{Zc(IC9e22vc{H0!ir3XQ9zle(|m=muy zdoVyn9SZc8Kta2rBHLVIilcZ$C#|j4@Z!Sj3;$OY$dVa>en)p4fX4I@8j-nze>pGd z(}(vxo7FVrz6fct*(CW>*5}IZ-sjvo7HDnYu+_Bu_SVdNJ5(0Zzq^j_ovk?v+eqv5 z<2}c@t;Kz&ttnl_T-rKSa33))68gL|nBYqc6kJG}a%Me&2Gia=A>TihhR)!`f+a67 z7<|}w>Uw1kP5h>};P%r;frafThhBly>Ys*1#-}n?4AUp+FP*jNg~$1R6emt%l~ zLye{Eq_3qvhT(CI%KOO?*7)#B-hceao(!$YRK(kBX{BkP`;t|Z997`x{gc#gMj>IT zb8s5va9y95=ND1`)BX7Pf&UIdh+<9Lu=aQJ3QJmwjs5*4KYvY!ru=ONMN)vuLiV>v zWW| z|CMU0yknN)@%zg&aXvY1j8yWVpujEG8O*_%3Zn|&(qt3+vw)}0^2TSZm}NKP{P z-;aNWvuF+GFg4euAZMqOYx)>5r}KdsH3BWHkJ(pJ#)8+iEzyJ@u+>y(Porqku<6WO zjSVeD7M7D+GP`euJFJmlPyS7*Un8RQ-~SXsOdL&!)1x#+WubR%Kh!%>3k8spqe06h z;}xk6O4?w-B*^?U8$5L0thK`Kl1TZ5#!^E)rSZWT2DweVgobnq+u`a;Z0PU!dWd9M z4fAt>!|zr_f+0~Q!kd~eqKk@~n&IZfhu2NrqWMf|gVs=xUaM)S6W$N**~i;xjK2xI ze)1r@Gj&%dnzC!*UJ_UHZN4v{VtVUaa^$BUq={2||`d9=7h>uQRb| zYIrVM1)5KwyMqC^FQ~lH>0?vMcjWW9B-m1ExdRq8YZl9`Z3)zDQGkjUL8LhC3P74A zFS@|Lc@UCgO_dZMjf|e(FZ6w&OZPaTY1d4ZhQuNqsteY996zRKuoP=*yD&A0O-+?j zQ==q|`54m~3{%zVFJIcdc^wyDurja}}CM$f;-oV6r)-w;)H?1~@Nd4em7ky<=#|G1wnoQ_;4630qz$VgL> zk$ud1Tp5$O@(5mXHRELj0_f5Dt9dU>8@H4^$ zN}dq64{et>@#?V!nCaNP`r2}$xtdwF_m3QUUQX|EI;fn6e0>(Kr&y2TgfaQwus^FK z8hovyCyl}kf4rfj(*)JVbdhhI4*k~EDbMV}2W{uLZmWAY0+3=5wyc?@%Iephht-9v%U;-h!lt zFpWEaH6K5oPag*yf9t&r*Ww+hX#$_3c;HaUcCaImVs92o&5GiV*-|`9C$=IWm3I>xkQCbPqcrJT39I zBeZ5}&T#sC5W==5Y0@@E!)ABjHa`AW>v+}k{vItWUQa-7mJsT|jo-X_MkN2;PMBZ= zaxMuv@4AMCgn2EqK8(?MJY7em2v{SNx#EEW*E$Zlyvc(svz&%Kn&R0uzh!pb!m6z~ zP*bfrVv*VL|IG2}%pSE=cbW@yUTZ%?BAs%V{$(f4n{en70r7p4)m=fX&QJ1>3x$ep zgMvCPqgU5mXBMosyqgwvu;4LT0o*ikuB>Cst7U(ecT^|K5ypgV$@22}6R)e^JT@ad zA2T_^wp`q@d9G5NpBM3$SO9kjMGj}SZccp%sr;Tdeh1zgru>eF-QE}HAGv+bK#{o4 ze8x+QVVpsr6yTiy{?$XZ2ECBS^IuW8=?AL0aL4aj@49)L>HXbGwkOiIDkm$86oJJw zVD;i4FiUH4d36PnpvPqU==0%~xh0_R^5E*DW~~W@zRx2oR=Oj`oUeq#;HQt4)yE0t z&!KIELE(4Fb)GJSK)L{p@F{b7JM_TscSYuixHRmcs4ucs zuvv%Eh7(9*He-he_Yq{&zuXAZJ8L{4bxrq-#m3Z`)pGaA!Q3pi{(xPzl49kCm{IWY z9bl(?W7bND0Q6&tJVz3n>~Ns8K5SIjGcCe|+)m5KBM5-97@0Zu7VbF1*pP#b?$%zhq9aUfzy+E31ufbh^ zWgEI%lnN$WU+&tw-NsETp>eJ^`2{6+o5>&P6~mu(R8OMgG-bcS7-g_RoUJ*=jazKA z**>rN3wwB00&zbNukvSDUW(IPHwd{(fx%^yJEu5k?p~kc&&=23nUeUv(SP%Y!_h>G z0GbFhUZt6WEa9_5jtZVz(T77{xv@yz-`byRzva1F(|ewoRr+=WfBcLqR%?fz)hU!E z2xi*J3Xv-uX$w9~UhP4ps>;=`O>=Kz!RK;9laTlMY0bp_$#}Y3X7!C3(C+Y_YN9nR zjOX~?UYtT#_D+%Vl+`)Y>r!xhmJ8+e4{B0F)=<=744H1s{o%=2B}=Y zl{Ia`0Fg`_m-F{WEZuIuRWh8U^G^(cgU2~`7t1>KH%QG%T@xYFq+`uil&2>T=`Ncr z&)WljP8v5No`JMA*My*Y<02)S2voJisHO|^Qsa3~{J)05&8D%z3a*ioVdOD0D*<<* zm0$0(U}pp20fL$_~R`!yP7SKHf)YWa81y z-Cy8Jz^GTE<4L{?(L`5e&E>|Ze*8M*QJ>cn?8$?V3gZ|5X5qG#+Z}VSsez24F&bqY z9gDmY5(DT>&OAeMkw8%?XaYyZrpWrqel$unCCi!8$}D6Tq~=R#r~B@w_>wXHFzzt1 z^z=xZ%W0qdo7I4;nDvm7yvs0g^y?H?7AGf9*7I%Cz^F__T-L}BKw)}JbFbmtzKp-h z*)w5&V}X!3-8+dM#g)@Xr@oU;F_rWPGt0BKFE`4|UjT0Ihdhrco{=eHhzOipP@*?| z?Yi8~b0uPVa9cUB(Q96gauZYJ?0Cr9(l5W4#Oby4<>u0St=`dLT!j#mJ3Z;r|Ku>*fUymB^{z=aj+^1@M80lG z*wr6|=+S#Kb~x^N&=)2tKb9JEe&#Tgx+D1)Qn%s|qm!AD%hr(b{?oF3p^Rb7*j`*C z-%>U6JxM4UzjIr5nrqLi#o4OEJsiVoF0*;uYHH-Y$33sqiKZ0&j>@=vewXF=&xXCpBn%&sx=y64+93_N zn3vGP70~iEy`oK2Lhd#|@6K*)Xw8jdh#l}`+tq%;A^ms72+RWXjeY*(^-1Jq!?n-$ zpZ3^AM7tx3T=efwP!c}15-E8C^-nR&r(`htHykJuRn-5xThK%*{3(e#!6Nqkao;pcBdIg8f4X}@vd-q}Qt0-FM=Q`xr_zUQD; z%!P`WKYq~*xwBxmie_m<<*4{c#m08UKDvK051#Q8B6=G}t(* zEu?JgwEUtx(PXDQAJ)XLzEoaP5_`7V2CmTNx@scF#D&<2IhB;giV>=72Z|A{VTim9 z1ZVm+Rt4yAadF+BPMbVlZsu_WJnJ76u&i9nA36|f9Eoh6{G+W>jUX_!e^ph*z`?=UOHrQd zR4r3W{m|OnobnNw`$u^>z0=ARB$x2Ll(aP4U_Kh}azv_aP!J72JulpJ=@KOzIc%AKT2{FcW?$Vx3^=d&dSLV6i$MC|u=GM$ftKjfmt?0-M%6BaV)& zC}q`mu3N$8h*GL~J@`y05ERt#&_zF<}0RQsYy z5f6y(kN(d>Z4!;%5s)wcqK65$Gnx=e7s<0Pb;MY$>8Sfz%f1D~zal~4^2K(!(Y7%g z8`RM;SEWAz{N6d-aknIWu0K4Hkt@5Q7)3ZJ_U!^lmCQd`_2_+$E3)VG+NY~ zq;I@Ed%qC?YTJF=MOI=#vg(KtdQC~BQ%^Gj zKx|rfOB#23r(?WlGJ>Ty(>2oCR>?l&d_=y&H%ao%yC>2fE)G1dWgkOyKVi3BxC^+q z>#fLXUv)OG+)uZ=uP}OBTDt4Fvgh$sc2AZ!cUa!rWVe)yk&^t35ivAUqgP2SDmT*`>~9 zIZ|?=9&I2ljpi5r(SGrurHxHCjSV{jKA9XjJ|&v8Q4L=WjdgUPq0>Um;t977GCP?t zd0Jm-<7Rd01?LESempT+G)mL}i*p2x+{w349(r;k)GZ6{lUp;l3RN=Hh_uRre7k*=af-M{xUdrON?OV&ff<;l+>$)YHE8gV`$?hkVD#She)d^uo9n4nXH|1E8FEar z7$|w=xr$Cx&6`sCoCgLNYcepCx*=J+F*Uk4qY$ti@OBBnf*}xipTwXkYikVE)`UcM zi!V=Q9(YrhtbjH3C%M8vDrlhE0UcW<0U&CeaLtZY*5w}mP*zqGIA2pRWnhpQvjiHw z|I_inF1F3h#>ecq0u>In)_et#(pzcEZ6fZ(f)MQR$exZ-M+teZMRRERG$+x z>S4V0w0E1_(S<0X1>J(f$mX8$HdUa90%a(XlluNQjq~U%?$;KNE3?}brwRS*wf7&P zQz{GHN&S^WAm##HV_56VjAm4-5>1EvqO#68s1e!{g!{#2oA+5vR`SHF6B6f@qIH9o z^!mf?cj`|491^t~7ZE8p8W{00E5O#6x6$4zrmZBtDg%w^2!`|Zu`n#b;ErrA-8xYf z&Vh@9ki~i{NbnrRh2^>vNG7dP4cV+p3M_WiUJ`$=M04CbBRQ5 z!x>lGw&2V2XmX944vC#ch=OZ-iZyUd6D{W}GagtVh_~%buQQfpj4xkOFmWif_Qo@$ z&(}I|Sd0Qwd5X5`5>Q6Q$03e?|9<2!+4h^~V~aK-kZFtQ%55Lm+xe3HmUf5|Pvd^) z;dy&+g8F1B9={Q#rrAN=XXMj-XU}gx0nqGIQvgzy<911rLftart@W|l>!9=nrX|1E z9XdV#h2wa}(MDtH;6-W^8+v#Ly>>%%6Q^GPDpiz!q05SQw@s!-X7+a&m}5ceJn6g4 za`y`(Mz4yb+e%1A+v)`A%Jzi!omPaMc9`>>*31qjUUQ60pQIUEV=cxL;yBMCdQ70j z@Rx?M;%fyA^ebtFk*7K<{E9;=u+e)VEqdD)&g63?{WQ#-xuTcuIZJV^JD1pT+wvns zpC`_6kemB1osM~6ZQNL0o+6~-+4wxQTpurc{v@x(MdjDgl2xbYrkq^c3Gx}AhaYc& z@J#05=Kk8yg15nxC}QWerfb)U%d0>G)vN4;)8wX`@_x*Zz169rO{NGmTG|&aO$&>f zk>WA#uJ!MQPi6GP;t>0|OjCiQJ}ryr=t6l_6;~ErStR(FqTZL}JN<&pyq{oix}Chk zx-QnAM+v$GYpc&1Pkv*q&km0h9%0MTc#&#%&>@7bOsN4>%)7@P{Ld$&)o(%?&o_hK zN=idvPxuq4qG0Zg4c4P=+^PipzTG?i{x$TXJdv5UGhh69J=W-;yR7m0Wg??lDPvec z2OO>r{LOH#^_|eO$uB<|kqm2QZAPR4H_^zf;q6(W(=Tt3iokK?sQMO#gh#|ML@q z;BLTtive0}86@z0uFrh&Z779Lwq*OS!H;m~;JC_G&8eQ=A_KaQouafB(@90SX;b zu8K!9NL33CwVFy_Af^x9pIL24TzH(6>vyFCKnBB9SNHN^08vqFpH(jJ&S$cv8{kNS z-4UKxSfV;wfB34ICCg5D8Y-0Gey@y~WW!Z1C2FGTv?t87Q%PAFTf|}NqKs643BP~g z@(}$AC~$btso$2#;W(Y7{b4~TGqnjViwhy9iYIR;2SI*kOFeI_^HuMxYyZRJPHQnz z$r3*9`z|6U`7MWBTKDN)V!|-PDcc3@W5@i0P3Z~JQR?kY>$hRk^Va6Wu>IzzBd3GC zKu16PWYN6J(y)P~bM!EZv5oDyGU9Y5&!g0AS9Y)!zW{VLRp zIoj3Qw%XwOhH{y7D;W;#`a`a;&N&8tw{>*y&avSX0c0|PN17*jo$%sFoxoFIP;)GI;)&Uy_u+tfC-dDUw{70fHq$qqS|UuKqP4^!AL^aaT7X zm{(jpB$GIskR3KtvlG!@UJ+xfD4 zo>U4S$J-|&{4>YmN-T#}J`K0T5^-ap0B^3A!@DIn-@~Yw#?V-bCah3vu6#vgExQD9 zV$Q;X-c(tWAb8fujt)P}w&U(}x`GXfuG2_Uwc^2VJGjAywoFNwpd{%>l2Y-89tMoE zo}QiH7ux=}NVak2tgH5bZrKegu0gf9IL;)#oZ1N-v!Rat}C_h^PVR_sP&l~ba zd(^CiQVPsmDe5sA;!))xRJJ|)S(kaIhX-?3JNxhOOZj!auSMk?O=$U!AjfZ|cn(Dm z)g@Lvr1_tO7vK~N7|Tms{gvFhKEfdHRJNV51~8}^)@B)j(m3cfYXi}vg$N^PznV8~ z!>e2jQSAS5ZRdMS;rw+}Ky9FHu{bI%WtAcc7$Ih>D65j04cn^%+?Os_pNClNBYenrVThd`HQe2&rl-kt*ov1+`wK!U=P8*-q>D^D6G#bJn*A$ zxl;SdXYrP36;*vziM@yYEUshhk|mb?3^zhZl=!_>w{;GL{Zq&VEE1Q)>bSCa%ab-5 z@Chk|l%-xQ<-4GFT9dTRSm%QX^3h!F)_YCw>&wiQ+o6DT`(=DHS@&=+#?F+qj=SHj z_u_LL?Ac|g1?FIvyVx21SNg-24xHjOJ`>VGIrq51vyO!HA!0qROIs^8^Q~&jz@P8a zFEF{R*dx1gl8&e&g|2OGJr21mc|D-Zg5B>;Jop$}4$#Im{P>G91S4K zAr}%8W_@^dJWc~HGUrtnbIRva7RT0wfmG;5sek2`7)DHWB=)4+_`MX&Lt_-&LaHJQ zd}(9kNTvH}!~9sb%&y=giwg5TWaOY~!(N%>uk@H4PiqUhIA3mQ|!}G9Ug8tY#;pO0jTgpCa5_re5*;bkyv`AG}zn z4@2Kgi<^skR{w$5DsAsTfYJf?EIC{r_T+Z>oP1DIPr4ABkdaka1#wfOlQW5TFqDBCL z<%MjubW{@6X8ojYdMw3F`8(cTpZ4wP@DA{E*DDWADN@Wp}RCY;IO0}9ZNR1=eMnriu&y7<+ZHE0@oAE4UMeR$m~Brj4H~;Cwo85Zw4_JG{wSlOrb~_#lr1=7Vqz*o}WUO z=Qq^SPM|RJqRYnh`le8}K0cPpCOaC5>-LR#0(eI$>P8^CpSu@omse1&%vR!Zww7^6 zD+L5P7~e4)&;A7&RM%xMVH5bQz-gD4xN9o8b&eoqLxmstUqQ?yY41~yq)Yg$DV%5W zb3Iw3aM%XYLuZbyrWdt3S0yJ^)_?Su#%Td#etuh)Bkwj-H+!NaP3!-{9A*+~(cE&~ z7AsTD5lg%D!*W8&zqJNCiXjS`ffFJ2M^>>_R<Lg*=M2#zt_UTq_``q^*GS+QRuIS07WD9C?blVv)szL4-nQkKl(0GvdPV+DXR74 z#Rx9x6vCgDn7XzFh>?zyeO@t*7NW>jrAKBUsK_fF&Rg7;av7G}u;&HUgiNhqtlHdL z*q(v%AKf)=U5ze^d6H({Ns=R`%i+~nj9p_a+o)Z&6cl_{A&q6%XS41tKD$&avmCBl zt|(MxC5!;p7$0?DcC;Y0l|~phXoXTCI*l#T^S1UIaW3ezI+tkfLU7WC<`fkDk*y1* z2GSf;#TzmhqklkL>k4XWW&`}xb@8Q-W$>vbuFyvu4X<~eRF)u8L!i1Ax}c0l4kb`5 zVu2Y?xlu+^NLG4+(#eRW(KiW=3?xD;b;$>0?aaDvZSZP3vTAp^Bj>x7&u-w(E0xY4 zh=qSuRl~)&FB3y%NW!B~@w`2;Y|T#iwb-ch!%?C{hMGcBWh{zDCc$0dl-+st3y00} zMXR_8@TGUl!O5czRxWLV0n^8tiK1?_aW=S8yU}%6Z9==vf^Ku>nQ+uKqoqQ_IpRU@ zCiSRc&h}{Uc<$VJO)aaUv)A|O)ZAD8X0@M|47NuuMA*s|R46`4jS$sJToztd8X|YR z`u+HmPDNfhO9d9h228On9YsZ0rd)PsYHI4R;SZB$ zd_6d@_SvQKm8S7D_(dX5Q1rA7&G^Wx_?)(j3}R3PDDiR>Ht^N78rxtnRTTf&Q*$80 zGT5A-O>!f1>GSl#}#ezuo+4 z{&oJz@1S8We7WLG8-kGOA6KSjM@L2WZ zISGPiOpVoM_zxX}=~7i-jiyNZ*L5ZWPxe3X4K6C%e|B{CR;b&*kldfYMh=7&DrNry zaiB;{QU1S8J!eJ6@xwn{x}@&^z&9gCw+&C|TJ3*{LcBJHq5mJi!}ZF0YW$ak@O@hj z@3XX7Tbk{o4x8XrhH<0U9)=m!l%&nvSRgoHe0X!hx>Jvc@QM$ zt$W|5R~OiYhwE8dinD6eZ`NScpjD&c`_MG$jDT78nkVGkD`{lm%HPTEjojdar&sm4 zsaJ&cVcEwi&8*vMR#qr0M=tPD5VJwZFMVCUNn_G)3Ww`!UHsnFrt1;8AL|W>IF{Mo zvpxS|MM#^b?EHI8v6H2>U{vssYKcr!opX=?r_?v)N2c8rfoPBFYenHFF_FJ7? zRiSZ>7KliJHTL(`^@jA7A=q#4>202|t-2~#(KtH~7f)U`arO`D4*+~IR5(f$ zict8xTxwc?3^uCxdls0V4MgdACiSPOAG=GQ07nGxss{{h`C*oHhNqXi7nurKLyT zdF`I-?&W2~5ZJY9Lc`)L9(I&3aQjXAi}&h07SS3B?|!QM-b)m!-H*h|lX_U~E9vrZ z@c8hpE22nNX-q?w()Kc)9&bf-pVju`vqOsg)F<2A|MP&C= zVFLVJSq(KcJRkxiJ|B`B@*;g+4a#AW%0*T*%7YA;&_BrRYb74jUM$UCkH)wOGqaqwBV(~8- zm(x=vJCfNtOO3Mu0#zN|IPgKV;$|j!aLVO@9QtzROOYP*I?ZX@nPR*;OHkJ2GAe4! zsbkm}ITX~oQIco?hpgdZODB5D#BIFJz4-5UN@dCtrK!e&My!-|IPp`(vc-U!EqFVl zlPI@3zLwAP^`l!;T~U;Ea^F3hjyFWd5_e{(XO!Lhw;% zJ;0=`+!EKMKXB1RjI^-AfP+NBJ$qS)oI2?F&s15v;FU7wYju)Hd{7+_^YXP^UbEH) zXB1);KHMVG;C|Civf~M?aK+P_l_JGQOiGfr%)kqRmVgy3I9J%x;?v|bV8xTZ!Uit| z6qAvZhe-`vDWwWrAZKb;IIg;^N;LuC#Eo`c=rZ#fkOFddS54%5lF^;PcunZ3rkx9Qa*m!iN|ZE#DAgk}(8skjL>AI28P`3xu4sAt0l?_YQrZ2TR)to6329iiG z?>`{tG<=@guYU@pWKg^1pK=AIM1@m+8Ti&vo~uK?m@S}evDa58=9{l{YG9Nbp(#Oeh-GH5A~3BT8*SD>z-^JQTSbr3(U z8rnVN)U;hN_89ZK!!WC)+1jFGB28uPP6^b!rX#_&e$j{Q5Y(4-6A^M%^vrJ@zzcI+ zMe-a@M*}XR%~XH4>f(H!7tf{vIVh=oc{-*WKe68Oyeo5K*3|p6rw6;1S{n1d>|$K> zV%0KC%~3NpKV1@#)_gB16iNtsk*v%f8X)3h(QG+VXL!Fq$PO$+4;}F-K#J6{ zZa;l`fHA(2mNgVk7?G5d%Iu;xB@%SlQ<$3i<%AJSE&dvK4IBRh;?lEXwFoGYP05pi zw^HdL9s4YY1u#^KV_3jPw#^o(GbRD+KcsXJUVIT6ye&5!o`A6*{L0B^&wY}%D215s znkR}(P+6y!S z9CAQoDaM535-4qqm=Y7jPsK`1r^T}v`OP~QOI<>wZw4w&UnitjTFCS;^Zya`&C!uI z+t-uH#1q@L?POxxwvCA~v29Om+jcru$F}YKa_@WJ?>qnXTF+Beea=}`-KX~1n_$6m zG2b@7$oXtO=|N^z<8zdT&4hI3^d#Had@jX743C;NR zO`V3!$`AdyF)2c{XaY)A96E9|$`6Eug`jcUMeygF1$Ua@f>0hVmdeDZb;=VUWbn?q z7stH`nhkH+z7S)>Tn0L0rS=7*(J_f;3B>Ww~wfT+u@D=t++)V{W($*-A-?mXHR1 zq!nnx4f?T+G#PL|($|Dx*M6nZg#cT6`P@ZDJhWMj+9i%cV(83XpB0;>S8d{OgfRL- z9T2k$zk}?~8rs0YLMY6pVb4WFQRp8D+@2kilun0h$4zK*tJ$_!Z-koFM~V0mK(@Dn z%VuMkBqONLm=p6=-QY8sU<+B4ZBR?6O@$3#WEa+05%EMkU-^Rf8wUW38WBSV|AhPZ z8qTfc2}B{G*{oLFi%K#*)*1pm>edit>|I*|!^Gz6{l9!0$W;y~y@wjq?=z@3Lizsr z3|_fEXW6*x*v3E^PiDM&4rc>Guo6+C7oxM*tlWe6zGOQ$Ar4-Tn$jQMUtw3m`c4?E+Da|KpB8hPK;)iYt)|; zfXpNde`LwZ^dv=Hds%)*61CQB)okEd71m=J*Tnv6f}8O{x0xUer%~mi3w0$ls0(c( z3?!`mTW7gjP?bCLT&^!)C`mRU+#k3voUZ2x>wCHY8?vwY(pVk!IN_se0}LTYAaI&8 zy(x1wdHQ==nqnMej>kWd1_OF= zth0rE4)BsI_#`OgC#rsP*EXE@+BDx4S%$}k$ld}f+$(_ISXKa+HJ-opfZ57Ge=1SV zfo)!FPPAA`AX7}K9qLT^=C2hM&T;ljpOINyjrr~d`T*P3U`rQ@yC1QVt3jzfL1dIx zhlYI138S29%(i%5)KSRBdEm@`6R=(ku6V0;Cr+;=+(+?oC8#j*hyhsJTj?g5H>+W& z=f>AfhML+wxULVjK>>z5f_Ttwlx&5uGX@0S+}>k;$?vTVGQ^5|q7CQJT~5QCwZ^oy zRv}DRO=Ozsf&%omF>=U;fqyW$+5_bHvkiM?mJ8_yA)0GWAq;?LVB-59We10BMYE-;?FgZ6PuSR%l;qUD{;lBom<|$_$BSEXWUg98G=haElF( zwHNKafwmjhJRX9&5fQr3W({Ysp3TEx)@TS>zj(l5dy8-@v8k;d014PiSSwW3OLccoSY#ULj5w=E#@7Hb~D$k zcXL0s9xES{%?`VlzNi9heKR_!28Ph5iw}3b9|POSYVGAK-Wh>9>P8wgS==dL*mC;S zGnrlN8@~=kRYJ4ZC$yZ<9gi}zK8P=Jm2hD~*l2cASECsn6IHO~cBIP%GjzR=XDZP8 zZmAA?G#Byc^E?uCdHC-wPZnwrgoxZMd71fi1(WgPv2})YT<-)YHwGb?Hw?5Ch;1?4 zsMVUv{WaBpVHotW8YJF4SzKe06h~xsQUjCnr(eprTaM$MWzRMSR*(s`lf6{wp3=D3 z*T&CN$ZL+ z{i+536<~5>Ub^i?m*Vu86lzT7#c(#FpACPw-U!ii$YT(-6eS1WT=Bze=KB@(i&k53 zyPN_?mpP;w&6Yr`YV@~I$V|Nh>P?Kb!FCK#xc~WV-TkLkzErFC)k47-n6<_YE{xh4 zk$JSCxW({a!T|G3)7e02nRbc>jzhNFlZl|c7n4~m*MmiDI${AR#GmDD`K_}1q8MUy zdj{8fQ6#w|j6}8HG@eOO+F+nyvIG|KvR|}(FT5=9a?3{FIE?0+dSWHcCLebufqhCb{6jYhgh)DQ zHnC8ml_R}0$sOEjhh}eqmH|COj~I*xoK0D9e~oF)cHWUSJjp^eJHi~6;I^(gtt6D| zpAQDZco^-fQ#YPX$ILg>Yru>eE%)9!;=IkK5Rl6o6#+stDC}v%L84%w;J$25c(?#1 z{7+#`8|2$fx6oRpt|IliczxEy^ur$gIs`t?Ocg0~Mfv!t$XNx3+O5!p#G(&Z&&^o%vdpDF z3ZoTO?OV@U9_jV_)_0%SnEeXgV0m79C`>P@NjgP|$N-4IfF(VDW0^bxGwN}d%!9Ku z>5XibxaQ=Xxe4T9pVZ0JFuT}&Nt3zaDJGL4=$eq{w>0i!b`PxfdVlq(B1b#%-TbH@!3I&n3wvKc`={>vPS^ zdggj-1ka~}kJ}}fZdN;Hg0aal3~{T=NWvLqJe2KoqC<@AVJtjNrqRY8guC~#Mqlfz z+wQXj4Q-@@^|ckx^BB(>T zF0X4u-OR@DKrEFJ-~)4rQ@Gz8kJG1m*NOuir7P)_w7cJX5Z{9rb5sUI%vOG-NI{FB zwayh6@o+alLSqr9BBlG9W(uIw`vK6qKB&KRDo`In;OTM7$2ZWxLU&royL113l8g<*(u@^K51)uvzq|iVn*O% z%jsQuFrFQzhUA(pO|#zXagAa2m=(i;D%@FpqI-;Sk9r3KiATmw%~SY}7-Kp#v3ZBM zJJdY@Wkto^oi;Rg=_|zIn5srDV+fpdYO#h6X+F>Ear%=c$3MotD%Ep%I5C;E_Y_lW zJp|LiW5g;87Op03G*EK5EFUW_c+ec#=|nWn9Ki9$e|w}Ol=?R4LPW~x^*)Bo!}>^( zY7BidwH;9~U19=WjNUPN#8@30kkDX^9pCGx>=>GY=bMQy_ahA4A7`T`TDlv*zSj)| zp9VK;ESQRh`tw6Jj2~UX=_9G|i3BAgh>=WfyQudIk)td}H_6*qL*KPG{Z!?33xI~x zx-eTrhL@kCyU`gb+Bv7;T>BIDrKM$H!3RB+wXH0GrU83+GXcL@?_(`>24`T=^~(&M z%{m{H*r&_K2}$pwd{7IU@1X5Oo_#vvH9K?Yw>Ms%D1fS=#0AC(uPdTJ9}d~}V${jW z<#xMg^|;Q4kysC3!u1&=gwGwZyH^0~YNvpl!u*ZovfCT}ca+9cyY?uvUDeilF5IjY zYw_zly^~%H#ptfB@l9qm)Vc$;RQDU6Z?|h2lK}=v`6R%EtkgXiT+ zx=PC)R89MVSOq+4KTeCw{wW_Ha@dmT?K*5N9&Znz<$1Nx(HMETnBGj@?cY4Jsc~~7 z{veIt`-dIR%yubcnvx~B#AJ#BVdxsOG@u9&XFH&TsIEW|v4 zq=(Ls>z=*WQm6Sr(vGsBZu5NXdXkt*@k$q#Yfjr2Q$ zD9MbEkN`WQ8NUbXRK~Q3lhn}GsrbuB1f&l>G|)X9laGq(QLFnOa&j2eP^ zHMBt*5k*e!a|u7qy*ZgvbOg-AkT3z*Opa>-&a#2tm6i^t>vPWrr^=#@n|<+}d@s?M zqx-dKUPrV<3$|uUo^n_Feq0l}{815s4+}W}SNh1E&Os*n^9+gZWu)N7&g|ms<1th_ zxFL)0&FYE5$`uk}ELPmH5aer7`A;aw;14E!^Ox?;YOt1MtofT)qmivVu#z`a_-*yOr;oLpI>;YnLFo+q#eby-n~-8-(1>QS0} z5~oZf3A4C4R$nA_QyFu>o4HC=NdvOK1j@XI8Eo+JdQz8)m_HWPS}aHUwHFV6lGoja zHa=%VnEFnI=X=+Xb26l#$9BfSCtsTMc;eqESDy^z8H9&JQ(RMjqPF)tJAWwcZLX#$ zeO+S*EGwPHDbyDxI|}*x8Iy)qk4(n4SCO|kGX(_yG`krtcMyxB2x{F!edbU@nmU@< zx3hoU^l;itu&dus%((Mt6ekenzmUE%3247>e zO6d>9dNjSSIDioY{58zR8V6@^bm!WT*XH6d=uB8&*z;x4Yo_SF}srpKSD*0nA&;nf$1XWe-Lg|BObdwebSdN zsld7Iw{-zjO?G@sumVS2cwV?L5k+)agQXXgCccchcsrRz$zU-DI^zz5L?L&AG9Zi% z?QTcXVsvYx@yT&*;it!ug{jR*P(fKinlNuD_z{_<{Y-_0j*Q!lr%C)d+D`)t4j+G- zfU&7d+5OQ`yBhQAjM&~j)TMR7v5lDH^=l6@z+1F5DtL@%s;ZwIhSxAH&s!h)8GLc9 zC7VSTC86(+vWB8houyj48Dp+>H}tu#l`wUtEUGb5Dl1x4M7fcLq0e>=T7o$X2Zur>cTI9wF(|P+J6VSc- zP#POvJ|6qH+3sJBbyLu}48nekYP(q+XmAL>N#@#=%o<|OOzA8&V0X81aj0wO{_1F@ zH%iV`0oEGgh@k+-?h>8=U&ve3yH=VkuT8KPk*0S4o+>>b2N**FL&#w<@}y z9;9ZH%4It9DIiM)O!wQ|E$3asPu91XiStsJv-O0VJZ`uF!+c|}R#OC|MO#dM0Ly?r zUYwi4*+wz)*+yk!d+*Dl7Wm8UEkyXqM6QMslf^*y9BaaLgT)mw{ZpI^yy*~ba=xkb z08WynN||th$Ox)H$-ky@;0+S{`-Dr5Q%@2TE9o+hlBmXnTcY%p@3_!nZ1v6U~^P?|0kB*aK1rgM`%20_!a_xu!|DJdb0Rtfz zXe1hmMm(e*7{6w1!+;JqNSG5aFz;+#B-n?Dm?8WsIL9$!_zSTe5fT|rgkm)Y<)^5; zl&fxFCm!_8!fYxXLW1Dlw{`Na!6N*P1EN!1vbE`~!$WJZa@=}CKF(o7M1K&}3{rvB zIQoe5{oZf6OoN$Eyx&EIydG76TVyV82vQPz*18BuNd-s(ggLf|noV$1|Jk7o&wIjZyshfZZ>Yv)XYz4qoW`B0{X8gcRhZ zW>HdqAMUWy1#!n9%E{4u3VPig(RxHuBqAK>ltqCbz6@oY`VkHS5g`ROxd`5BecRHx zZR5i0Rn5%%{qQXZV@=YjFH||*9KlyF@EB`{rpcy2jK^)W32z&cWa3*){x`Jb%;>n( zM3l`|6J>^>K4HP$8@9toF$Gk{>{J#R3tK;Rlalo6hKX3xFV%Fgda zP`7dz6@le!wfMm}#yO?1Wid`|aE$Mx`Q@7>W{hCJyH)EKu+@ zmjuB4Y$%i+8!V35YHt2(glxdT)3fLeab1p78)}Zs*RVq*Ijtn9t4k%t*OS99%Crsrq zy?edCxH_6Z2w<`_mBD!-QM@?~;bwWF)Bt5%?;?kmD;~PG=4J2vSEv$UoKLS0gcjB6 z$@&Atvf)x()Z#~;jGNr*FMuw?bQ zimZCIDl<3$vjuiLCaZH>IIKfPqXpKr)SW(@@|H>ta8Yt7I#B9O@6;Gqp{zgz^0}&= zF7E1Lr4vHBjCWk2>dYQyV$Yl9KwX~qQG2{wouQ3tHbjXQ+?3@9bwbAj`tKHDVQf3Z z;zYa`-pLA{A=g8oOEsOUsi>Z~JlA6sOvd9U)**4+l`c-`NtnK46pLm0lV-%pfRbXXDXUT_M?Oo2o%T@HJ?>iTzFnhBmfXF-%T zov(?gs1fRYdb2pi6eJk%iAmJQ@o+St%Nm43!@!DuQ!)g##RSH@e)1)6Kky8};f-0z z;q2wI2iqUErJrp$hYBRBN%P+iw2~WY9pC_|v zY*a(e>ftVYUnSzTT@wAj)LF|lwvXaD*IuUyp`+g>atFrU->+90k%|b=`nSY;NKtQg zD^i{;-(@Fpy&^cXP8d4uxUHdu=V2gp=LFxyM4sD^IBzcR^!UG2tJXzhxR5er-7PLz zEU+5Gd&fv9MQd78zpz)loN@Q?UOidt*#&mY$Xb(0`cpL)TF#WWsCA?c=c&cZ9_B1Y z9q$gVDwEKz=`+nceG8e^N9qxUR57rA=msJ5H?mpAIDR38iyGTPqJ(@7bIpn(0ZI z35}Td%aBYHWd}7j4PgjiwtPO%ls+RB0>Rfmhfg=hN>1D6>MYQ0^=i@`^1)}T+`$Q( z!*Z1_da0UTQrJ%*yC6x}Ed=Y^6b|r9rN+@5s+($(FA$!6@Ka#Z2VxfjQoWWKx+-i4 z$k!6pa(w;cE*N=!>#(yqTZ=yc33!KOcdF=AAkomxu^3bs6O5yoJ|omxK995=A1aBL z&*|_wa|t2L_K}cQmS(}eRgJrSR1UY^Usf~TJ>)QEYfH`E8)3{elD6g~BZQR+2XV3G z^7ZGq`By&j38wfA9~s~4Tg*mbd$vD0?_?N<#4}{B%ALklJ35^rTt=TyNsz*pzy4&k zOYJGCI-W>N3*lGxhi5j*_VvrT@CjCUuP;@pOPZ^+-OcLdmEdUs>n@T^l3Yyybt;AE3r@dQ5Aeph3C*|ImTrH4 z=3WV!Pl|DLdc!FVa|d^P4_$41C3|Y*myPi*P4Cu+a1RVra@^_*v0W0xd70e33AnCL zOPFXfS_|bl$sgp6Ckw;?0|L)Y%Ve8nA%}s%LT}pw8yRBv;%J9EVMdE6P5D(+vfC?= zx`5FJ8?}tNjO2RLRRtbK2;8c+WGU?8Z6|aq2d+S2qMe>)WBLp<9{^o*M3vfOv4#iX zDLUO&v3Kjd2SY~8=AE`b*v9vnZfbwHvf$eFrnWQJI+u7UD>8B6ygELBO($Q zWHCzPAB z(hRtQEB=r^U#623NVOo&?9SmZCU%ZiDIOQW;j={$R4`LuViZqnZ+L2${N8}>*@(tc zk`rnzldlV)QcuK~5$CDNqV5gjwjz({dX8hRRbJ7V3Ag}QnuE+JUuvk*>GaL$bK$Nk zlb+AY$wd~D=KBy2StEMAY&%*x7Zks=%8p8%a8eMD3K+>YcGMg8q;u`u0XeD7Ymps2C ziLCWn{Jf&|oD8fXSt_!s9+#lm0PGBAj6(g&m#WTvEQEEyUmc3iX^OjqN?5Ex_O3Dy zL$cpRPyZDFQjc`7JPCMfaObzxZfNa5U)Nj+)q;sAT;qaH>{m-`F=h9guV9j!=+DNt7E?3Kqk9Eza_*Ly4Y~VuQQ|`K= zha^B`@wq0#&JY?i*hm35WE9-u4cNeL2awYyoW7jpP@kp8f+`uZ(`CMBlk$0+WC4Gf znVm6Xe9hrEQZ0vaxODCLsBHAYn%~ckO}L|ij*Gd6QJo|9&&xI9!t;}2bw&203+%H* z3;ljMu5t9ma}^>+f&8~=-qcSH`)oIRSa&VkSej}we;J(kA($dcR|>$6n<#+8@Qy=9 z`Ol=Z;?U?dKF8mi@M5M3^64h$Ex$6#pZgX=*UAPUv>8j6m#u6!7Gz`W6b4o12tjdm?i8S%$dm_i@`9z1M7I1|C>nMy}1K1+d-}7$;201q$fwmlt z6ompjw)BjnC1CSRn92a4(qL#Dfo*e0C=&c+;fM)6l;X}qfMLH0Gr~>M7Sv$CtwzB& zTRV(^^{@qbRbdA`Ld4_7iD9vVIsG~dzx#RhA300Za49q2TaplOUa!FX)6s{U@=kQ~@8;B!rg<3t1l>IB}l6Y+j5Qj(*7nbK_iFD;KUPQwVe?R2Y2v%6JBU372_tB zU^7H@r@5t#2)g#{bn`DmbC!ci#DGFlj7r~>>d}!F2h$S#9&8>OPXwPTvh@qwWC0oG z`5IiM!UbD#BtmRYh0m8xj>piEM_o@OrAeLRi!X>QFWrIjJY7Q!=8P;exnFlpKm+E9 zEX6A2yIY6B1QCb+fLt8A|HA$N&b`9UJu-9HFF#SD4J5Bz3{izi*%OaOGHp#kFYRSZAK#*i zWU3uggox6J(f>!K!A?lsN~tTh?A{_{=5HDI8BOjKH>A2khWlS={S zAsYnotO8DbXg1UoFKLjohcziy55f~!zr+Vg{GF3gOG{4wM6Mgmd?`ZEAzgNx79%^+ z2unCXG3G<2TjX|Vg)#Q;5?iA9{fbJ5n!}HP;A}uBDi~10DyiOiLhU_;GGv13ro|^E z1ZxLK0vTOuLvxUtN9vJ7R0vV-w(f%)ZdaY1sgU>kCK8Bkxo?-T>&rZ;q8O0L`6Pz> zi=;lcymDvDrQ~9wLcHi<{K-G)Gvo(lBbgxd?$ylD-<8Jv>qZ>Ng%EG_GCPflLKa|D zk;_-ZCT%QWE=D`bPvsQpDyYAOjLsS6CM{0k zTk0tuqus0XL@5F}jZs&`23=FKcC=TDo;&}v$*{$ZQA`qGD!danL5UO4x zwKY`b;&LOFPm|LtlkJ}iN8yWId1|Gx-fn@Ns3!)Dv}(E}iUx7bPAqqy{O-2RFr0WY zTP>D~DUXWLJGpGAo_+j?V-)$S#^B1NVtO2E2ocD0o}RpY`=}0lf8FnOPz?GU2S2-! z{kV**+P6%F|QVI<8 z3H^^y43mTne4I6^y;t_SKUicajI&Lfzv!Za98%n%qzbtueQy6k_l^6?fA|VR(o*mG ziqudb+mB0?3W9$mJt(@o<0Bi6ZC;JDjq#7#1qEPz9x1DI{d)SHK{MqU{H#E zHD#w!n9@`e?mz4MON8(M-MvNLlcZ|fLtv-O81BB4@|mg*^fARLJ9P$ z-OamkJ)ENFRoBlr*W^v1!LE01Wt>fC0ntPHV8Sx)>d#98GTYjuxx*-K1_ z%C!Jpd_u#*{oMT9Vi!r0fk`^OV}X2+i246w?oc{~J}(KC2R?m=ZKsXYj^12zA0=?J zx`}Q+|1^CG-~HDPtw{t|LocBSKk)Q zr+aSaXQdGC|7Q9aexlA)GL>KWe3gbI9MWg_0`WWh{WHO#++XQX#E|N6r4{OOdE#8d zSox1BJ!_`4k$J3+#*xRQp3zmoiN;<1m5nw!S%!8qZgoW9+&r<|s z#ro@(xQh1s`WqDG^ncg#{E2OViMWDcK#J%u4cttM<2RvBKrpRPrKU@fVrM@7XT&f_ zfg+}iv}rHXkHChA@5o^2KfymQ^{W1H-ffCt^YwopJUUXgbT;_cCyK-Y7xj7nbFh2d z46gmZKBbMfHJ$y(7o`&=BXvIJP5-)HbZO%M4R!a_{;vbEG(KQ5lm8d4+fVv7hJPbh zI`jWy#aic22l)4OU1N!uZx#QWUPFQP-*t%fF5t!^QqqNqW=?WXDaO`BQAl&$3ta6}5 zSxu8q@LcmkH-1!4<zD>&+^bPQFGI(&Iiq4SnP)oUDn?x%Fxizl8sD;Oi2tHS)sG zz^@hs!Q}Z*1>96JX-pXoq%(@#Z?-WhCDu;?c)>G=SQ# z{R#`vh09+eY`bhFRW^%DaowbM7Y2#CvswD~uLUv{!7QQ5G>vecLcF3Ph4wvOKiPZF zAM_%|v-os3sg41ZpqfV%Efplha{X5hLec~UfI79=Zd0o zi+KH~@Tt(vNo30NEz?o&Q@*&AZ3^;&B_J6r(`}vxp$ckB_hH;@IGC{^~n)QY~2g)P-9ZC3)=ravk zNns=Ag~xBg@sA%=Y-*B07{@3X2b(iXQTxs!(B4n!WX8Fg+e&A zkWiFJ;>!#fxWmxScb`3nZ{J5*D!%#;M9i5d3a6xcZ5b>QEH|#b&v@N}?WGrQEFDP) zswJEan1xwn!kLd#EF97SEmQ>>aXUqs>MX&%X(istnOlAPH3sb22fJdIyMt+`;$QWn zmUwYlSt3HpumR{P8qZ(^=z&eR_N)>F8bc)2`l!5x9Hxg2vt^&j;JNMTA58h{3O>Gq zf+AuzGln$kk!*0ZURhSJdV@zXsz{0z9A{{xLs9R5+E(kX0u=AYkgcaPLFycn+lTk z3JKk)XktmsZo8}f)tN+rNWDfSThZ|#ZiykS;ndjWvZ{JcxrYk@uDwd73@~(ZbXVekM-7#;-j-+KT;~=@~E039Rtc~;};lWdF;4GB>uo- z5_S7<{A8N^9)+9;dJCC0;Ggw<63<6VpOx*R!K8Hy-G!0ds0g6@iqt(D@3AsJA}L0% zWwgD0|Mx{)iXz)pxQ59RDUUKlN|$8Vh$W|%Wr-NR6s3Lx!>QRRjVA7l(>xlHlaMs%uop_b2tqrHBYN(p7l}O#KPmoGO>!UHn%Ft6@0~_eN+kO`= z8?C3RX!|P`ny_$LbOybD58Y3@Y)L>u(0IpdM)i=(XEX2mWHM<=f`P`=f7Cye z6@(CA*MQuPU4sC6?x2Wl(5M1FA*~dDf9Mhi#T0Gyd$zxmh~A_& zIx|%By?^@+09hkM4KQuI*{&^|J}etwb~?alf5iDKM38_Byl*MpTo^cmwq)qZZH!np z?Fh%NVn-U^7@2$IAMls{5@iX1>#Qmg>2>j0*7&7~i_HmCNt=FWdhmYz{wS*x#5yXg z>xKv4$&#S8f}#F6%FJ`WZK=E?hpKIQxFKTzwaK&gT{vODYo$BD9v9U6| zQ4O)BaYcl0!xco!ids*TFOEcAEVFZJM4QTMh87cjHg>~~XQU($`X=Pbfmt~j+HA`7 zp1oL+%^QU)$(@~6ANz6eF74|;2Luyf>v(6$xhNS@+w>jG@2@tzPV9E-S&QcL=APXz zBb4^^`H{k*+(h>gmk|9B>Au6M>vaz`+eCNJf7xtalwYwvuI@S^a%f9Sc+$HI_otqb zm)kYZCP510dYYwZV<{nLqb24LE!chQlKyt(R?a~EoiC=N4J98CCb3$Dw=}V5jFzz2 zh2OlPp0W8{6IMd4Sl8S(-|eewk7oi zbKTAGpnc78PQ;Dpt8+h;Zsb3|sFfWD80bDVOvxC-II?6Xv$(}RKi<>$ygi;>1!FP! zyjq&PU;o2aJN_#wS?qJKKzQEOEEKrkb`|0K%07ky-bVE`G z6m&Qch(?DPS?i39;`Fg>>@>e7bHlqDsL#j5{t+fgvpGzCwJ);VXusEMG zK%dTi$JRTSV{|0Q++d`wC`j^4f$ig@Bz`O-!JkW0m=`XlE(dAAG_#zWPp7@eYR5MpwcEzajp2Q@ zt-6?R~APA@+)6b*IvyE<3IsZu})=*Fc3x*#d(kw_}ND9%ThBd&w*k`U0|fh9_tjo)*$PWvI_H<54W4rjLeEo!#s)bI>H=j`fX z#S%>lzI0aI4vCS2VU^{*CE31c$%$6@<|=K-Y#SAkCi%GrhM`CKA%ym`P5OpauH*dZ zPfYpn`l5K^0H1%c0LfjbA~XQg+UYh^0#1%}s>7d*EMu1Ax38uFQ!Mja-U{groh^6Kn{i!l-Os%##nWs%EZJSV!ey@ubDCO$Emkl|pyi<* z2>Gn(BsM1E!Ypz%r07}$zrexO zf=*x5%bv8%WuC`Z{qUP(lNP%5igley%59nHH(yF7sc{Jpd0*(}7Jk9s1i$+I^bX!4 zK2PwX&ZB$?Cxnj6WDQ|5#my=zjhU;&dH zsx?&ls}OUX_Hx6*BGbt7w#{c4Wni*nlgl zC^6j}IT~-0LBiC}OOqBAF-DRfF7q(?bA!L6SnD_Zfc&iqo#`*kRNw7PXZOgzDyhA) zW>6`r%x!sr&4=AEEIUeS*%@S600Ur|6xHT2r_0%|Ofg+E3!2fAa784TO+yPOM!m8I zN-U2b>>Hjxr0`xa#d7YXE_{y7u|k$^)-vpBsoYtJ`#Cqa^`DR3(FygTY}NfP5l^!cdb^|4_&dqnD9o(` zgm@)eTkk^4GcKCkiW^-V#~gsu^f0sAqy*)Lq@w%NFl>-$zI|i7*BSiQ6WH^cH}WNZPZY6+X2gi!@sj&W!Y#6Boh8}F5I+y=JaxBV5i$7WC`kK{9e351M`3^b#R8 z_g_?tl2Te=wX)_Iu0Q5F*PD*5E%FLkqZ6DYn%HW&y5K5z++@EX_#F3bdQLOAATPxk z4lEf>ZfNbxd7g?hsYX*bZ!01=m>NA%{JuD5cM8h1>LM2X zKGGIzDZ9ady^T5FURd_W?UEajHRh=UE47INRo^s~@}(L2!bvB5GCViPq?q?~E4q%H za=DG1-29V~6%86xpvDQaAf!SMOXNFQG{5f)x*3{lbNrd*Nk$FU)9Vnnom=lEnQZ3r zZFB;;+yl|~7<_)82+!*=>gq54CDHy7@M`M(1|ng{XCB?G=2Vf(4yn2i0v|7c2@VT^ zxc=3Kbcxi}!L5_~duP%UgzWY-V*u2X|4)m|iKp!(V9xRfjYA|pbF7aM8FQ0dck8y*V0&$FHr{8p9oUA z8RIwBtYSX**f=wPZ)b1m>)krXBkO$!FvTJXP~~=9c%QxbAXeE*Fj=CZcEuD8NkU0+ zCjO=q7APz+#0}Nnr}71~1w%z*u&06`KbT7YPB+8z4KK_hGb+OE12GC=vR}p!W&hci zb54ScInWR=G|Tg8qN~@E8D2_m|12`BbhxDcyutHvy|<~6U3Or_-;%14P|k3I1vE4M z14hp~Tpm%6!+JI@=u)pP^zeu?92!a#ze~3pX0+Tqnxu` zUwc28k%?%c1s`G7$9|15vtF zBN4myb#Gy;9kZm*%IJ{Fu%3xaU*m{KOciF@fQj6O_fghXO9JkbTc>E1C5ylv@FMVP zBUtEOEamIYPZvA8x9(63?6W7J#1>r+Sr3v!W#_i`#&Deatb?U70HkeC3S&MZ?zEh(U4eyu;%$)y) zsB2_pyGb*~fJ&IVJI>l}`XK*WB(MkdOiwdT5oTLCV1%o(rGi<r!HB|y}^%8_|XJrLQ^QU*hK3!D>VT=0;MMOkgUhL1= zio|pAz!H-hUADZHbp^1LE9{+;!b^r8ok!!Ykn^DJ(K%uhr}Cmws)wJ>tvTLkSm9GRE9(iSE*Arvk*lDvzG7?=z^iL|JvqB zMIs&8q`>p0(l|i<8bw_>thVA)1xZ&W4}v;bF4nD9zDZq8{Bx))eeJ52ngfetnId$k zvSxwLprwen#jOk&Wd%KkPpVoQ1Q#Rx8Suiv^;~0Q>A)73{3)D6she0shUD=0d8^c0 zwZCc~#%mq;A3R{lEKfTJw*JS!CZ9;+HGTc?-4FT9qQXZ9?wOEb0}F9<>Q`X`={u84 z`scsZDoqOI(>H6&SPfb(@d5xEdnK$3(b3U%i)@dd zUVxcspXRGFTJIiOf6uOO+k%Nv+|BT+r6GRz=_$Bk6^xCo`l>zP#D#vcG8o%rG|!tE zc))|6o-A8HBme6MA&Q93-BuDUQmJG=?_Sc9$gsod3?*Me_I!!0qHF+%@QcqT?4MPYvuWG&5~{QhT1wg+%qNd42Z zU}F>yM0I;V)+%Xyl8)AN#{CjmQJxaW_eT>;Q{jw4kZ6y zzTaI8afKo1_g|;nM|!53no?;!v;GN#3*F9H8;wfr(3-%iYHArs;(^q4JIJb=s67L| zi|rHWwjwD^l%JfRk)qE`I;DT?C@ig{qxh9PBmN1A>C}-0GH1_f9-{wOob$!Mu`Z}2 z5)D?Nqdo;@eGoKE?d)V_V=6H2Mh8y*bV5E2k@KQ*P*a34(WP%&mUkpE1{$cO`iw^W3>-?R7e zwYzLQTRwP#34CjZyjJc(Y4SO^?cwBX(r*j(X($wNUp1lz7A9;ftZeAzWeU1W*=a$X zTJ~B2rq$Q_cB1OB{bt+-vIPefQ&uS(v?Ed2CO05bCH7>~^WAB)>N)a7_`%=9CRBT3Ld~A>pC&Mim_3z4D3O*0XJKz>;=(b<5i{Y>D)$2&+;GX!Ba;O; zhA37J4#*MWNU3Kmffr3Yj6C;{Ix{nqRqOZHsw!@4?`4JELNM+Y=!2KUE@J(j&L7-h zOK#xu-Oz@6;gc|FIhiz>($KO(XDDNMnY*B%AgxhD;$a6x4k9I=sByzN&HAv9+I#9wuY3*6Ep{dfepXwB z-*g6L`_X-tDEP>_<8At^n<1Z>4UD$+At{fo)#bH(tyoD?(8oYDuku$QHCY|n`q(DN zpf2Nzcg2UqfNQ$GgcCyXea2~_e2QMus@Vv8`1AV-wb+*G6cidtm!#PF4yufJ$Wu8bYwabwYZ74nbe z*&xE+t&csav5H{qJWh~>O|+OYS3zvfZc*p7D=(CuI1*P;*Q)8b(h%A*%ihRZc|qh& z1?;F;7s?*J$tz8}hm^v9zQ>U!?Qi7eA38Ut7kce~95wMHy~|N|PW7jLTG> zr~`5>^V{gOedJV;l<7N?=hKAR^1m(ONumvHI~`PwesFT363%uI#rqKaRx z1UtEKchk77j{naZ4s5Avf|J2W4jMr?8T-Q$Z(KQ> zCy2~LH4U75Lx=n=$a}IAl0Cugx&E#6^8UHN@q7e9nr0g$uwHM#>*3BvLs?$_6Ansy zwiuNpBYwA9IcH3yMGC6K$M5$~Vm}j2%2#f7!E1V1U9+=|IK`F6Mm4hVe8?b9FB8>O zRt*RBMFElPKhnDJj*1v7$_f}4hmJU!e;VGw$^Yc$XvSioo|>1efr-F@4%aWG#Z#Ih z<6St1I1_89y9qw@(JdqQefHzp42Vw<{|zs;*7rx8;p(JA|1K>; zF0al#xINsGnwn(AMJPL!!i>g_)CG9Eq#4QH5&iW+A?l(QMZ4;(D@l~j6mT1Px(lh; zV&S~U&K3Kr#Q1etts0l7rc9^vx(+|2@dk?HDzDm@I+V$0DvwSrq8?)#D`R0j>p{@o zvI9v#;eZ8T@mLskbxD(V?uRf|w6tO@@D)>hNE?@6=9<9r&mN9IY*n`O=lOORMc4<% z$O?}TX?OyL22MDH({od^2_;%qQ>n%$oVu}DC-VJ#yn+v?ACI*`L1kM_Wn+m!8Q%h zk7G8reT)H$!L~OTY$E8R*U_4e%d;3mmzqjkp|6%4hzPIn%Jv{&XRyT|_ZZ`p!YHR{ zzW3W?(+NK~f^;*jqnly+exvfwuAD5aIg&NVlaWX+i9$Yyt%(X{=;wN?tRgBq-8IS& zjrQAaI7>!#4j@0oXd&@?kcG~^w?alM;X~>J(nmQU8u`Gx z;&(G#ZxyU{^{4Ch>>A)DN|N_ZuLp717T+mHvGz+)@f6lB()9+5eSOo#(&eV<8`+wn zqO|LC#rtEA-=nT0?`_eN5|aqh$~iG8aq{Df?hyhlNy0(PhQgr{c6f5hZbqo3?^klH z%RF}|{GAW*w5HG101vBg0!aQKzzt!4TVABPOfPREH(vytz7qL;ecDCp-57E=l?^xZk(XP$*mJeSg@&$z%K%O-r9=;ok*M@|2YPBr6cw(G zsjk|FFm=a==)n=U;?Jxb)0#`#_9b|Eflt6dfCUBNst@FW03)x&QBhn5SJ z>ug_^b|G8Jr1ttSx+7u8Q(>Udv8vuhhkO}@2iC*o`6v;N*64f;@Aa11ZPY@dMy?CY zIV8iMD-^oeUEz51?19gizGwI78>fORPQ9VO@PUv1K)OIiM|Qyb=t#vorhuFFy_8cW z8pQHnmR`2kPNSq~mM~v7h*p5nYADV~%O-ytH|=1_%&%^2^D}ReOQW~3-=sOq z(Blr6qQtOa@|Dg#?ZvT!>kP(ZN%cE> zd3$}Ie0egh+PF1wdMOQw{cv?ser9;jeguv_>G-kvw{JdtFdY+eTXg)a;{anu!RYCoivm1#Ou+MaRFj*! zCd-YDtD<)8wCfyAWKZGy3@}BTFyrIp!2>)iSrZowrrJP^H*T^S7>-M+6D?_ayZtFQ}0>cPovdP=S)zvhf z*vla)Ls#7XKxzKLkA=bSF47mi*nCAr`ir)B{TCbBo792T_-m6835)|xg$5qkg?Z=| zbdCQa{ajtDG>6r%m)lJ?#p^Wz9xKz@0d(`^+BuHi)e+d~&u3hi{RPLvfMWCTd4Rb=`+CDx8;{qObkXT&Zi$-K zz=YB6B5SiURtNqqxOi0*Rc@NI^PUJY5uP$S^pZsu?ipnhEq_P?&SI2&l}; zzCXbtc_$XrIQm@WkNY#pM>+~<1AlaT`yWaE*f5f0LBHO$VT%B&1-Wq-U2eORe1TBaq(zy)thQ_@IweYE_toK3M7jtu>@ zOF3dZ@FXzc{sfq%c(K}T?bmQyHU5n%|0|A-6T^{!tFNcjC z0ydaLGHTvPARhRO$d6G4ZZB_UA%}7cCFl6+IvaU%DeZMJdxs6_p;Cv#xi=$gR}e=_ zHFc&vA>5@Wv%+bmRY2Q>AUEE@-YChxrR(IkbnK~qv>bZp_@&Nh=7Crn3GrB411|!G z;CGu!^@kE=x%tHKmXZ2^%O}$Jn{*BUu72adH!DGu(d($AED=x6kA zdPn8}bd;l618#OE4P5N?BU}B(Y2s(l%!#wNDr07eUCmTpza+jV#$*x zye;zTw7PZtoZe}uEdS%q_yz+jeeTCF_XCOV*#s2FzdB-tjcgAY= zOB6YWrfgfs-zkew$aTsOzjn?9yGarqA(idk!)4e;^tq7T?&ay56o0!)S!;IWO(=`G z2`rjK?$S^)Ft`T^|5EEUVM)#x&Y~vJ@4D4ASZPcqRQ_;3nBlPmC7!Am#S4-0d??>a zspsw!nT%Qc35qA;aV85T4SZA0>N4&wh-F49Jz(F?$P`6HC-oh56M}(ld`v(cy3EB+ zZne3p>GP$(9XE+l-2ewhcnWOwampW?Q~^m~eK9TJej&$efo%+-B&F zi$!?qdax(Uejd~UFn0hBjf9UappN2KO&%G`O!v^bB77s>0>@rk!bhd3untWaHga7@ zw0a_fzsIBlh`a1!9!rl|ePaaCwTiS=o1VsX#jWA>FtTl?GP|`XCiP)XJQ+A1yCb>0 zucmhJcgC#9A~qI}u9T~`@Oj4QM{nL!aJw7R>~-H$^wJbZ-pola)5x0m?Wd1rT7Van zZoJi&*&pfWWGr<7+B~0?UJTAKv2f7i+2`?@D^1p;3D1e!4&|0r;j&GxM(^|m{8&1F zUNSH+WjxR-gQkJ%z)nAhFXZ3gTrg7)@=Sb&RRYzx6-ND`4T+=*p1pb#$ zQ(2#ac6>(ChdWdhzmRvk%h}ZzB@k!{U=p8FON_O#efRNel}Wsn>T4#bqP82|H@&Fy zJ-~6Yx~l3L&HO}!d9j$6po(^URUGGzRk}c%)br)Rf@;)(K`w6Pc_G#9>ye{QWpiXy zaIGq{m($bJXM51mW)C~t;KJhKuxbTS`)DTB4J3^EEPQ!$QNEf{JxYuH*SKV-EKQC- zla@kJS$`qfO`h#?h_e7EUCSq4;6?^s7hW$A|5_TIQ2NV0D<~*BskUQ=(=A;~_qF@` zuZM_l*EbX*d<(WO`vfITm9YS4RE5CQu)}#XHU`6^G2nL;%2|S*0`oHc>fXT+JSJwE z6|G;Y*1Xx-l4Y5$^POU~+cmhyq(nMNR?>jjFF(H!;f6<{O7xk0R{!0!YL?{HtK;y(ez)26$8S?8+BuyJCJvR!u7Z!AHc3u(RsLPA0wx0R0Q zwqa0uMagf;d}Sd3pcNdCS>x*wft9M30W7hkt8w*Tic5R7x5T4gclMi;~=wv<9VXmT)Ln-06W#av!o`{uVne*n9! zKe@Ktn4FJ1>6+Ry$&X;wmvM?4A)uM-;==1=7tmQ3is?C z0KpnNizf{FNVhQeFe!F)4XuHpCc_SVdlC-PulX%Sm8X0I>PcVVDS2Wu1eDT*h7wX~ z?Dy+&^2zWp1SY#(2z z%_GXZ)E+IV8BiXx>9%Z@2Bj+kd+_0D-F-&P)hWOAoW?B%BQm+3O}LtY+p$evJb#LE z)LY|yZo@Qi@JlB}&0K028EG8^(Xfspr!bQTnySm*s9C5TSgTzGy>vslC`WWEl$e$d zG&LZ#BEO6q93UNP9WGj&mmJhCVzZOUcy<{qQsfB*_eW z3df{fnskYIM8zhGh5g%x{{SaHEFtMXh{*{{>IXhjS4JamZkFoQeu;u!P)#5ufUm@l8OKDH(f|9;pvW%sWMPGOpG`hV=X!*wAR zrQ=@}z%+p;vz+j=e=yc)r|*f;e_B|g0sX%tW_gL^kpFtdnm8gh@*jpyJ(LxV{|94J zV$6mg*}5dkqhI*QYFXtcIWhI$fXw21dU`%5|0nxa(p^jmR(X$u;LWpr#=`nG9sU3^L07fi5a0}T zs1zcXq-m90RiHuydR{6pJ?J*3_o9pQFEPm#w{vsS_-{Kxs1p|krUbOP4(?r+?obGx|+AsmJ-#~ zXo?2p**08TqkE;hFdIn+#1rf5`o(v(yqVic)xXzfxvaR82QK*OOf~M!$JCF4yQJA0 z4^5Szfy|12T_0T?wf79#0hLO111;fLG5jb=!PM*HmjDu$srTd zJaakMV9%;`$u>U`X5dqs>&uV2ymT3#YpqjpV6Ve(w<#C8aQe_{I8n1?nUC;syy)Y< zmh)&7)Q7HFAPNv7jtzLeu7V8hm~QNRt+td+VC{Mza!UzqFT%qaSIUs))xJ!F7hrp2 zu|gksK0*kLsS0p`-E6r!`bk_l#4g-Cg`Jq_j4Ixz-St%|R8&n1cr`+gFZ^>YeRSFC z3=r>+0!R-Rt8!b1yUal^-8K~LNN zti)BIwU1x7p;h$FycFU@UPM!uDf7pEKYjM{L0#hA+%ARP;WOx9QjAw5q#DlVx8JsJ zMI(*4_uKHby0YCiUGj4w9fIPWv=`q*93S3#%-oBHk+lKyq8o^wAYU?{6ePjoM&JJr DY&x_! literal 0 HcmV?d00001 From 4f05ebb82fcd1341d7ed0076cf743277e25d24cc Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 3 May 2019 11:02:44 -0700 Subject: [PATCH 09/19] Update surface-diagnostic-toolkit-business.md --- devices/surface/surface-diagnostic-toolkit-business.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md index f67a2cb1db..1623b7fd0b 100644 --- a/devices/surface/surface-diagnostic-toolkit-business.md +++ b/devices/surface/surface-diagnostic-toolkit-business.md @@ -31,7 +31,7 @@ To run SDT for Business, download the components listed in the following table. Mode | Primary scenarios | Download | Learn more --- | --- | --- | --- Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues.
Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package:
Microsoft Surface Diagnostic Toolkit for Business Installer
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) -Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:
`-DataCollector` collects all log files
`-bpa` runs health diagnostics using Best Practice Analyzer.
`-windowsupdate` checks Windows update for missing firmware or driver updates.

**Note:** Support for the ability to confirm warranty information will be available via the command `-warranty` | SDT console app:
Microsoft Surface Diagnostics App Console
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md) +Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:
`-DataCollector` collects all log files
`-bpa` runs health diagnostics using Best Practice Analyzer.
`-windowsupdate` checks Windows update for missing firmware or driver updates.
`-warranty` checks warranty information.

| SDT console app:
Microsoft Surface Diagnostics App Console
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md) ## Supported devices @@ -163,11 +163,11 @@ You can select to run a wide range of logs across applications, drivers, hardwar - [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) -# Version history -## Version 2.36.139.0 -Release date: April 26, 2019
+## Changes and updates +### Version 2.36.139.0 +*Release date: April 26, 2019*
This version of Surface Diagnostic Toolkit for Business adds support for the following: -- Advanced Setup option to unlock admin capabilities through the installer UI , without requiring command line configuration. +- Advanced Setup option to unlock admin capabilities through the installer UI, without requiring command line configuration. - Accessibility improvements. - Surface brightness control settings included in logs. - External monitor compatibility support link in report generator. From f7c5c7967597e10417127b74e14ff10d7ebb8b4e Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 3 May 2019 11:28:12 -0700 Subject: [PATCH 10/19] Update microsoft-surface-brightness-control.md --- devices/surface/microsoft-surface-brightness-control.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index b9910dfc97..e4e4b988cd 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -56,9 +56,14 @@ Full Brightness | Default: 100
Option: Range of 0-100 percent of screen b | Inactivity Timeout| Default: 30 seconds
Option: Any numeric value
Data Type: Integer
Type: REG_DWORD | This setting allows you to manage the period of inactivity before dimming the device. If you do not configure this setting, the inactivity timeout is 30 seconds.| | Telemetry Enabled | Default: 01
Option: 01, 00
Type: REG_BINARY | This setting allows you to manage the sharing of app usage information to improve software and provide better user experience. To disable telemetry, set the value to 00. If you do not configure this setting, telemetry information is shared with Microsoft in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). | +## Changes and updates + +### Version 1.12.239.0 +*Release Date: 26 April 2019*
+This version of Surface Brightness Control adds support for the following: +- Touch delay fixes. ## Related topics - [Battery limit setting](battery-limit.md) - From e7def4650de00557bda5799dc216714edddf2304 Mon Sep 17 00:00:00 2001 From: Robert Mazzoli Date: Fri, 3 May 2019 12:06:38 -0700 Subject: [PATCH 11/19] changing topic owner to robmazz --- devices/surface-hub/accessibility-surface-hub.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md index 634261a1e3..3c04327201 100644 --- a/devices/surface-hub/accessibility-surface-hub.md +++ b/devices/surface-hub/accessibility-surface-hub.md @@ -5,10 +5,9 @@ ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442 keywords: Accessibility settings, Settings app, Ease of Access ms.prod: surface-hub ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: robmazz +ms.author: robmazz ms.topic: article -ms.date: 08/16/2017 ms.localizationpriority: medium --- From 66895adc528149860e62e31d07e425e8fc5e624d Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 3 May 2019 15:50:26 -0400 Subject: [PATCH 12/19] created separate mdatp for mac logging page --- ...rosoft-defender-atp-mac-diagnostic-logging | 64 +++++++++++++++++++ ...oft-defender-atp-mac-diagnostic-logging.md | 0 2 files changed, 64 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging new file mode 100644 index 0000000000..d2ccd7fac2 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging @@ -0,0 +1,64 @@ +--- +title: Collecting diagnostic information from Microsoft Defender ATP for Mac +description: Describes how to collect diagnostic information from Microsoft Defender ATP for Mac. +keywords: microsoft, defender, atp, mac, installation, deploy, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: #w10 +ms.mktglfcycl: #deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Collecting diagnostic information + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. + +1) Increase logging level: + +```bash + mavel-mojave:~ testuser$ mdatp log-level --verbose + Creating connection to daemon + Connection established + Operation succeeded +``` + +2) Reproduce the problem + +3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. + + ```bash + mavel-mojave:~ testuser$ mdatp --diagnostic + Creating connection to daemon + Connection established + "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" + ``` + +4) Restore logging level: + + ```bash + mavel-mojave:~ testuser$ mdatp log-level --info + Creating connection to daemon + Connection established + Operation succeeded + ``` + +## Installation issues + +If an error occurs during installation, the installer will only report a general failure. + +The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md new file mode 100644 index 0000000000..e69de29bb2 From e66b83c15d43c5529561cd9942e01ea69b3e4649 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 3 May 2019 15:52:37 -0400 Subject: [PATCH 13/19] removed logging section from mdatp for mac --- .../microsoft-defender-atp-mac.md | 39 +------------------ 1 file changed, 1 insertion(+), 38 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index e05ea856f0..08918bc9be 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -557,41 +557,4 @@ Or, from a command line: - Not fully optimized for performance or disk space yet. - Full Windows Defender ATP integration is not available yet. - Mac devices that switch networks may appear multiple times in the APT portal. -- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. - -## Collecting diagnostic information - -If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. - -1) Increase logging level: - -```bash - mavel-mojave:~ testuser$ mdatp log-level --verbose - Creating connection to daemon - Connection established - Operation succeeded -``` - -2) Reproduce the problem - -3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. - - ```bash - mavel-mojave:~ testuser$ mdatp --diagnostic - Creating connection to daemon - Connection established - "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" - ``` - -4) Restore logging level: - - ```bash - mavel-mojave:~ testuser$ mdatp log-level --info - Creating connection to daemon - Connection established - Operation succeeded - ``` - -### Installation issues - -If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. +- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. \ No newline at end of file From f98baf2b4b9fd113299ad33c7a0aa3cb1e44ace0 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 3 May 2019 16:00:01 -0400 Subject: [PATCH 14/19] added text to mdatp for mac diagnostic logging --- ...rosoft-defender-atp-mac-diagnostic-logging | 64 ------------------- ...oft-defender-atp-mac-diagnostic-logging.md | 64 +++++++++++++++++++ 2 files changed, 64 insertions(+), 64 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging deleted file mode 100644 index d2ccd7fac2..0000000000 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Collecting diagnostic information from Microsoft Defender ATP for Mac -description: Describes how to collect diagnostic information from Microsoft Defender ATP for Mac. -keywords: microsoft, defender, atp, mac, installation, deploy, intune, jamf, macos, mojave, high sierra, sierra -search.product: eADQiWindows 10XVcnh -search.appverid: #met150 -ms.prod: #w10 -ms.mktglfcycl: #deploy -ms.sitesec: library -ms.pagetype: security -ms.author: v-maave -author: martyav -ms.localizationpriority: #medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Collecting diagnostic information - -**Applies to:** - -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) - ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - -If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. - -1) Increase logging level: - -```bash - mavel-mojave:~ testuser$ mdatp log-level --verbose - Creating connection to daemon - Connection established - Operation succeeded -``` - -2) Reproduce the problem - -3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. - - ```bash - mavel-mojave:~ testuser$ mdatp --diagnostic - Creating connection to daemon - Connection established - "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" - ``` - -4) Restore logging level: - - ```bash - mavel-mojave:~ testuser$ mdatp log-level --info - Creating connection to daemon - Connection established - Operation succeeded - ``` - -## Installation issues - -If an error occurs during installation, the installer will only report a general failure. - -The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md index e69de29bb2..d2ccd7fac2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md @@ -0,0 +1,64 @@ +--- +title: Collecting diagnostic information from Microsoft Defender ATP for Mac +description: Describes how to collect diagnostic information from Microsoft Defender ATP for Mac. +keywords: microsoft, defender, atp, mac, installation, deploy, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: #w10 +ms.mktglfcycl: #deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Collecting diagnostic information + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. + +1) Increase logging level: + +```bash + mavel-mojave:~ testuser$ mdatp log-level --verbose + Creating connection to daemon + Connection established + Operation succeeded +``` + +2) Reproduce the problem + +3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. + + ```bash + mavel-mojave:~ testuser$ mdatp --diagnostic + Creating connection to daemon + Connection established + "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" + ``` + +4) Restore logging level: + + ```bash + mavel-mojave:~ testuser$ mdatp log-level --info + Creating connection to daemon + Connection established + Operation succeeded + ``` + +## Installation issues + +If an error occurs during installation, the installer will only report a general failure. + +The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. \ No newline at end of file From 6a3fd9878885f1dc686aba622fa1c065ff870d05 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 3 May 2019 16:26:32 -0400 Subject: [PATCH 15/19] created uninstallation for mdatp-mac page --- ...microsoft-defender-atp-mac-uninstalling.md | 66 +++++++++++++++++++ .../microsoft-defender-atp-mac.md | 43 ------------ 2 files changed, 66 insertions(+), 43 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-uninstalling.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-uninstalling.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-uninstalling.md new file mode 100644 index 0000000000..5004b31c5b --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-uninstalling.md @@ -0,0 +1,66 @@ +--- +title: Uninstalling Microsoft Defender ATP for Mac +description: Describes how to uninstall Microsoft Defender ATP for Mac. +keywords: microsoft, defender, atp, mac, installation, deploy, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: #w10 +ms.mktglfcycl: #deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Uninstalling + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available for JAMF, it is not yet available for Intune. See [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) for updates on development. + +## Within the GUI + +- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. + +## From the command line: + +- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` + +## With a script + +Create a script in **Settings > Computer Management > Scripts**. + +![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png) + +For example, this script removes Microsoft Defender ATP from the /Applications directory: + +```bash +echo "Is WDAV installed?" +ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + +echo "Uninstalling WDAV..." +rm -rf '/Applications/Microsoft Defender ATP.app' + +echo "Is WDAV still installed?" +ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + +echo "Done!" +``` + +## With a JAMF policy + +If you are running JAMF, your policy should contain a single script: + +![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png) + +Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 08918bc9be..42b5eb2508 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -375,37 +375,6 @@ orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 - **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. -### Uninstalling Microsoft Defender ATP for Mac - -#### Uninstalling with a script - -Create a script in **Settings > Computer Management > Scripts**. - -![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png) - -For example, this script removes Microsoft Defender ATP from the /Applications directory: - -```bash -echo "Is WDAV installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Uninstalling WDAV..." -rm -rf '/Applications/Microsoft Defender ATP.app' - -echo "Is WDAV still installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Done!" -``` - -#### Uninstalling with a policy - -Your policy should contain a single script: - -![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png) - -Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. - ### Check onboarding status You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: @@ -540,18 +509,6 @@ Controlling product settings, triggering on-demand scans, and several other impo - Processor architecture - Whether the device is a virtual machine -## Uninstallation - -### Removing Microsoft Defender ATP from Mac devices - -To remove Microsoft Defender ATP from your macOS devices: - -- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. - -Or, from a command line: - -- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` - ## Known issues - Not fully optimized for performance or disk space yet. From 875aeade4e6f57d886733a9edb192206720ede3d Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 3 May 2019 16:40:02 -0400 Subject: [PATCH 16/19] rm'd 2 previous pages split from mdatp-mac & collated them into resources page alongside known issues --- ...oft-defender-atp-mac-diagnostic-logging.md | 64 ---------- .../microsoft-defender-atp-mac-resources.md | 112 ++++++++++++++++++ ...microsoft-defender-atp-mac-uninstalling.md | 66 ----------- .../microsoft-defender-atp-mac.md | 9 +- 4 files changed, 113 insertions(+), 138 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md delete mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-uninstalling.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md deleted file mode 100644 index d2ccd7fac2..0000000000 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-diagnostic-logging.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Collecting diagnostic information from Microsoft Defender ATP for Mac -description: Describes how to collect diagnostic information from Microsoft Defender ATP for Mac. -keywords: microsoft, defender, atp, mac, installation, deploy, intune, jamf, macos, mojave, high sierra, sierra -search.product: eADQiWindows 10XVcnh -search.appverid: #met150 -ms.prod: #w10 -ms.mktglfcycl: #deploy -ms.sitesec: library -ms.pagetype: security -ms.author: v-maave -author: martyav -ms.localizationpriority: #medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Collecting diagnostic information - -**Applies to:** - -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) - ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - -If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. - -1) Increase logging level: - -```bash - mavel-mojave:~ testuser$ mdatp log-level --verbose - Creating connection to daemon - Connection established - Operation succeeded -``` - -2) Reproduce the problem - -3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. - - ```bash - mavel-mojave:~ testuser$ mdatp --diagnostic - Creating connection to daemon - Connection established - "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" - ``` - -4) Restore logging level: - - ```bash - mavel-mojave:~ testuser$ mdatp log-level --info - Creating connection to daemon - Connection established - Operation succeeded - ``` - -## Installation issues - -If an error occurs during installation, the installer will only report a general failure. - -The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md new file mode 100644 index 0000000000..7f2b515f99 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -0,0 +1,112 @@ +--- +title: Microsoft Defender ATP for Mac Resources +description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, and known issues with the product. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: #conceptual +--- + +## Collecting diagnostic information + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. + +1) Increase logging level: + +```bash + mavel-mojave:~ testuser$ mdatp log-level --verbose + Creating connection to daemon + Connection established + Operation succeeded +``` + +2) Reproduce the problem + +3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. + + ```bash + mavel-mojave:~ testuser$ mdatp --diagnostic + Creating connection to daemon + Connection established + "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" + ``` + +4) Restore logging level: + + ```bash + mavel-mojave:~ testuser$ mdatp log-level --info + Creating connection to daemon + Connection established + Operation succeeded + ``` + +### Installation issues + +If an error occurs during installation, the installer will only report a general failure. + +The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. + +## Uninstalling + +There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available for JAMF, it is not yet available for Intune. + +### Within the GUI + +- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. + +### From the command line: + +- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` + +### With a script + +Create a script in **Settings > Computer Management > Scripts**. + +![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png) + +For example, this script removes Microsoft Defender ATP from the /Applications directory: + +```bash + echo "Is WDAV installed?" + ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + + echo "Uninstalling WDAV..." + rm -rf '/Applications/Microsoft Defender ATP.app' + + echo "Is WDAV still installed?" + ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + + echo "Done!" +``` + +### With a JAMF policy + +If you are running JAMF, your policy should contain a single script: + +![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png) + +Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. + +## Known issues + +- Not fully optimized for performance or disk space yet. +- Full Windows Defender ATP integration is not available yet. +- Mac devices that switch networks may appear multiple times in the APT portal. +- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-uninstalling.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-uninstalling.md deleted file mode 100644 index 5004b31c5b..0000000000 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-uninstalling.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Uninstalling Microsoft Defender ATP for Mac -description: Describes how to uninstall Microsoft Defender ATP for Mac. -keywords: microsoft, defender, atp, mac, installation, deploy, intune, jamf, macos, mojave, high sierra, sierra -search.product: eADQiWindows 10XVcnh -search.appverid: #met150 -ms.prod: #w10 -ms.mktglfcycl: #deploy -ms.sitesec: library -ms.pagetype: security -ms.author: v-maave -author: martyav -ms.localizationpriority: #medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Uninstalling - -**Applies to:** - -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) - ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - -There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available for JAMF, it is not yet available for Intune. See [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) for updates on development. - -## Within the GUI - -- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. - -## From the command line: - -- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` - -## With a script - -Create a script in **Settings > Computer Management > Scripts**. - -![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png) - -For example, this script removes Microsoft Defender ATP from the /Applications directory: - -```bash -echo "Is WDAV installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Uninstalling WDAV..." -rm -rf '/Applications/Microsoft Defender ATP.app' - -echo "Is WDAV still installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Done!" -``` - -## With a JAMF policy - -If you are running JAMF, your policy should contain a single script: - -![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png) - -Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 42b5eb2508..fe62a0b6a7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -507,11 +507,4 @@ Controlling product settings, triggering on-demand scans, and several other impo - OS version - Computer model - Processor architecture - - Whether the device is a virtual machine - -## Known issues - -- Not fully optimized for performance or disk space yet. -- Full Windows Defender ATP integration is not available yet. -- Mac devices that switch networks may appear multiple times in the APT portal. -- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. \ No newline at end of file + - Whether the device is a virtual machine \ No newline at end of file From 139958d30b4647f590ab94f33bafabf199634531 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 3 May 2019 17:11:23 -0400 Subject: [PATCH 17/19] added seperate mdatp-mac installation pages --- ...osoft-defender-atp-mac-install-manually.md | 130 ++++++ ...ft-defender-atp-mac-install-with-intune.md | 158 +++++++ ...soft-defender-atp-mac-install-with-jamf.md | 195 ++++++++ .../microsoft-defender-atp-mac.md | 428 +----------------- 4 files changed, 495 insertions(+), 416 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md new file mode 100644 index 0000000000..4fbed04668 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -0,0 +1,130 @@ +--- +title: Installing Microsoft Defender ATP for Mac with JAMF +description: Describes how to install Microsoft Defender ATP for Mac, using JAMF. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: #conceptual +--- + +# Manual deployment + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. + + ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) + +5. From a command prompt, verify that you have the two files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721152 + -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + inflating: WindowsDefenderATPOnboarding.py + ``` + +## Application installation + +To complete this process, you must have admin privileges on the machine. + +1. Navigate to the downloaded wdav.pkg in Finder and open it. + + ![App install screenshot](images/MDATP_28_AppInstall.png) + +2. Select **Continue**, agree with the License terms, and enter the password when prompted. + + ![App install screenshot](images/MDATP_29_AppInstallLogin.png) + + > [!IMPORTANT] + > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. + + ![App install screenshot](images/MDATP_30_SystemExtension.png) + +3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: + + ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png) + +The installation will proceed. + +> [!NOTE] +> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. + +## Client configuration + +1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. + + The client machine is not associated with orgId. Note that the orgid is blank. + + ```bash + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : + ``` + +2. Install the configuration file on a client machine: + + ```bash + mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py + Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) + ``` + +3. Verify that the machine is now associated with orgId: + + ```bash + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 + ``` + +After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. + + ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +## Configuring from the command line + +Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: + +|Group |Scenario |Command | +|-------------|-------------------------------------------|-----------------------------------------------------------------------| +|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` | +|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` | +|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` | +|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` | +|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`| +|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| +|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | +|Health |Check the product's health |`mdatp --health` | +|Protection |Scan a path |`mdatp scan --path [path]` | +|Protection |Do a quick scan |`mdatp scan --quick` | +|Protection |Do a full scan |`mdatp scan --full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | +|Protection |Request a definition update |`mdatp --signature-update` | \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md new file mode 100644 index 0000000000..5cd1e22a19 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -0,0 +1,158 @@ +--- +title: Installing Microsoft Defender ATP for Mac with Microsoft Intune +description: Describes how to install Microsoft Defender ATP for Mac, using Microsoft Intune. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: #conceptual +--- + +# Microsoft Intune-based deployment + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. +5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos). + + ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) + +6. From a command prompt, verify that you have the three files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721688 + -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil + -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators + inflating: intune/kext.xml + inflating: intune/WindowsDefenderATPOnboarding.xml + inflating: jamf/WindowsDefenderATPOnboarding.plist + mavel-macmini:Downloads test$ + ``` + +7. Make IntuneAppUtil an executable: + + ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil``` + +8. Create the wdav.pkg.intunemac package from wdav.pkg: + + ```bash + mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" + Microsoft Intune Application Utility for Mac OS X + Version: 1.0.0.0 + Copyright 2018 Microsoft Corporation + + Creating intunemac file for /Users/test/Downloads/wdav.pkg + Composing the intunemac file output + Output written to ./wdav.pkg.intunemac. + + IntuneAppUtil successfully processed "wdav.pkg", + to deploy refer to the product documentation. + ``` + +## Client Machine Setup + +You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp). + +1. You'll be asked to confirm device management. + +![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png) + +Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**: + +![Management profile screenshot](images/MDATP_4_ManagementProfile.png) + +2. Select the **Continue** button and complete the enrollment. + +You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned. + +3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine: + +![Add Devices screenshot](images/MDATP_5_allDevices.png) + +## Create System Configuration profiles + +1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**. +2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**. +3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above. +4. Select **OK**. + + ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png) + +5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. +6. Repeat these steps with the second profile. +7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file. +8. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**. + +After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade: + +![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png) + +## Publish application + +1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**. +2. Select **App type=Other/Line-of-business app**. +3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. +4. Select **Configure** and add the required information. +5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value. + + ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png) + +6. Select **OK** and **Add**. + + ![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png) + +7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**. + + ![Client apps screenshot](images/MDATP_10_ClientApps.png) + +8. Change **Assignment type=Required**. +9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. + + ![Intune assignments info screenshot](images/MDATP_11_Assignments.png) + +10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade: + + ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png) + +## Verify client machine state + +1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**. + + ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png) + ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png) + +2. Verify the three profiles listed there: + ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png) + +3. The **Management Profile** should be the Intune system profile. +4. wdav-config and wdav-kext are system configuration profiles that we added in Intune. +5. You should also see the Microsoft Defender icon in the top-right corner: + + ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md new file mode 100644 index 0000000000..82aaf8ffe2 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -0,0 +1,195 @@ +--- +title: Installing Microsoft Defender ATP for Mac with JAMF +description: Describes how to install Microsoft Defender ATP for Mac, using JAMF. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: #conceptual +--- + +# JAMF-based deployment + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Prerequsites + +You need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes a properly configured distribution point. JAMF has many alternative ways to complete the same task. These instructions provide you an example for most common processes. Your organization might use a different workflow. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. + + ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) + +5. From a command prompt, verify that you have the two files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721160 + -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators + inflating: intune/kext.xml + inflating: intune/WindowsDefenderATPOnboarding.xml + inflating: jamf/WindowsDefenderATPOnboarding.plist + mavel-macmini:Downloads test$ + ``` + +## Create JAMF Policies + +You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines. + +### Configuration Profile + +The configuration profile contains one custom settings payload that includes: + +- Microsoft Defender ATP for Mac onboarding information +- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run + +1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File. + + >[!NOTE] + > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain. + + ![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png) + +### Approved Kernel Extension + +To approve the kernel extension: + +1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. +2. Use **UBF8T346G9** for Team Id. + +![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png) + +#### Configuration Profile's Scope + +Configure the appropriate scope to specify the machines that will receive this configuration profile. + +Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers. + +![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png) + +Save the **Configuration Profile**. + +Use the **Logs** tab to monitor deployment status for each enrolled machine. + +### Package + +1. Create a package in **Settings > Computer Management > Packages**. + + ![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png) + +2. Upload wdav.pkg to the Distribution Point. +3. In the **filename** field, enter the name of the package. For example, wdav.pkg. + +### Policy + +Your policy should contain a single package for Microsoft Defender. + +![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png) + +Configure the appropriate scope to specify the computers that will receive this policy. + +After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine. + +## Client machine setup + +You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment. + +> [!NOTE] +> After a computer is enrolled, it will show up in the Computers inventory (All Computers). + +1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. + +![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png) +![MDM screenshot](images/MDATP_22_MDMProfileApproved.png) + +After some time, the machine's User Approved MDM status will change to Yes. + +![MDM status screenshot](images/MDATP_23_MDMStatus.png) + +You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned. + +## Deployment + +Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected. + +### Status on server + +You can monitor the deployment status in the Logs tab: + +- **Pending** means that the deployment is scheduled but has not yet happened +- **Completed** means that the deployment succeeded and is no longer scheduled + +![Status on server screenshot](images/MDATP_24_StatusOnServer.png) + +### Status on client machine + +After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile. + +![Status on client screenshot](images/MDATP_25_StatusOnClient.png) + +After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. + +![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +You can monitor policy installation on a machine by following the JAMF's log file: + +```bash +mavel-mojave:~ testuser$ tail -f /var/log/jamf.log +Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. +Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... +Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV +Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender... +Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender. +Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches... +Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. +``` + +You can also check the onboarding status: + +```bash +mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py +uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 +orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 +orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 +orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 +``` + +- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set. + +- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. + +## Check onboarding status + +You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: + +```bash +sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' +``` + +This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index fe62a0b6a7..3eb0b476e4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -37,7 +37,18 @@ We've been working hard through the private preview period, and we've heard your - Product health can be queried with JAMF or the command line. - Admins can set their cloud preference for any location, not just for those in the US. -## Prerequisites +## Installing and configuring + +There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. +In general you'll need to take the following steps: + +- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal +- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: + - [Microsoft Intune-based deployment](separate-page-url) + - [JAMF-based deployment](seperate-page-url) + - [Manual deployment](seperate-page-url) + +### Prerequisites You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine. @@ -71,424 +82,9 @@ To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/ap We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS. -## Installation and configuration overview -There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. -In general you'll need to take the following steps: -- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal -- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: - - [Microsoft Intune based deployment](#microsoft-intune-based-deployment) - - [JAMF based deployment](#jamf-based-deployment) - - [Manual deployment](#manual-deployment) -## Microsoft Intune based deployment - -### Download installation and onboarding packages - -Download the installation and onboarding packages from Windows Defender Security Center: - -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. -5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos). - - ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) - -6. From a command prompt, verify that you have the three files. - Extract the contents of the .zip files: - - ```bash - mavel-macmini:Downloads test$ ls -l - total 721688 - -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil - -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators - inflating: intune/kext.xml - inflating: intune/WindowsDefenderATPOnboarding.xml - inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ - ``` - -7. Make IntuneAppUtil an executable: - - ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil``` - -8. Create the wdav.pkg.intunemac package from wdav.pkg: - - ```bash - mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" - Microsoft Intune Application Utility for Mac OS X - Version: 1.0.0.0 - Copyright 2018 Microsoft Corporation - - Creating intunemac file for /Users/test/Downloads/wdav.pkg - Composing the intunemac file output - Output written to ./wdav.pkg.intunemac. - - IntuneAppUtil successfully processed "wdav.pkg", - to deploy refer to the product documentation. - ``` - -### Client Machine Setup - -You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp). - -1. You'll be asked to confirm device management. - -![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png) - -Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**: - -![Management profile screenshot](images/MDATP_4_ManagementProfile.png) - -2. Select the **Continue** button and complete the enrollment. - -You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned. - -3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine: - -![Add Devices screenshot](images/MDATP_5_allDevices.png) - -### Create System Configuration profiles - -1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**. -2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**. -3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above. -4. Select **OK**. - - ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png) - -5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. -6. Repeat these steps with the second profile. -7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file. -8. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**. - -After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade: - -![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png) - -### Publish application - -1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**. -2. Select **App type=Other/Line-of-business app**. -3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. -4. Select **Configure** and add the required information. -5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value. - - ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png) - -6. Select **OK** and **Add**. - - ![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png) - -7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**. - - ![Client apps screenshot](images/MDATP_10_ClientApps.png) - -8. Change **Assignment type=Required**. -9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. - - ![Intune assignments info screenshot](images/MDATP_11_Assignments.png) - -10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade: - - ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png) - -### Verify client machine state - -1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**. - - ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png) - ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png) - -2. Verify the three profiles listed there: - ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png) - -3. The **Management Profile** should be the Intune system profile. -4. wdav-config and wdav-kext are system configuration profiles that we added in Intune. -5. You should also see the Microsoft Defender icon in the top-right corner: - - ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) - -## JAMF based deployment - -### Prerequsites - -You need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes a properly configured distribution point. JAMF has many alternative ways to complete the same task. These instructions provide you an example for most common processes. Your organization might use a different workflow. - -### Download installation and onboarding packages - -Download the installation and onboarding packages from Windows Defender Security Center: - -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. - - ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) - -5. From a command prompt, verify that you have the two files. - Extract the contents of the .zip files: - - ```bash - mavel-macmini:Downloads test$ ls -l - total 721160 - -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators - inflating: intune/kext.xml - inflating: intune/WindowsDefenderATPOnboarding.xml - inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ - ``` - -### Create JAMF Policies - -You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines. - -#### Configuration Profile - -The configuration profile contains one custom settings payload that includes: - -- Microsoft Defender ATP for Mac onboarding information -- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run - -1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File. - - >[!NOTE] - > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain. - - ![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png) - -#### Approved Kernel Extension - -To approve the kernel extension: - -1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. -2. Use **UBF8T346G9** for Team Id. - -![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png) - -#### Configuration Profile's Scope - -Configure the appropriate scope to specify the machines that will receive this configuration profile. - -Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers. - -![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png) - -Save the **Configuration Profile**. - -Use the **Logs** tab to monitor deployment status for each enrolled machine. - -#### Package - -1. Create a package in **Settings > Computer Management > Packages**. - - ![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png) - -2. Upload wdav.pkg to the Distribution Point. -3. In the **filename** field, enter the name of the package. For example, wdav.pkg. - -#### Policy - -Your policy should contain a single package for Microsoft Defender. - -![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png) - -Configure the appropriate scope to specify the computers that will receive this policy. - -After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine. - -### Client machine setup - -You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment. - -> [!NOTE] -> After a computer is enrolled, it will show up in the Computers inventory (All Computers). - -1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. - -![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png) -![MDM screenshot](images/MDATP_22_MDMProfileApproved.png) - -After some time, the machine's User Approved MDM status will change to Yes. - -![MDM status screenshot](images/MDATP_23_MDMStatus.png) - -You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned. - -### Deployment - -Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected. - -#### Status on server - -You can monitor the deployment status in the Logs tab: - -- **Pending** means that the deployment is scheduled but has not yet happened -- **Completed** means that the deployment succeeded and is no longer scheduled - -![Status on server screenshot](images/MDATP_24_StatusOnServer.png) - -#### Status on client machine - -After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile. - -![Status on client screenshot](images/MDATP_25_StatusOnClient.png) - -After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. - -![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) - -You can monitor policy installation on a machine by following the JAMF's log file: - -```bash -mavel-mojave:~ testuser$ tail -f /var/log/jamf.log -Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. -Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... -Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV -Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender... -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender. -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches... -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. -``` - -You can also check the onboarding status: - -```bash -mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py -uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 -orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -``` - -- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set. - -- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. - -### Check onboarding status - -You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: - -```bash -sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' -``` - -This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. - -## Manual deployment - -### Download installation and onboarding packages - -Download the installation and onboarding packages from Windows Defender Security Center: - -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. - - ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) - -5. From a command prompt, verify that you have the two files. - Extract the contents of the .zip files: - - ```bash - mavel-macmini:Downloads test$ ls -l - total 721152 - -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - inflating: WindowsDefenderATPOnboarding.py - ``` - -### Application installation - -To complete this process, you must have admin privileges on the machine. - -1. Navigate to the downloaded wdav.pkg in Finder and open it. - - ![App install screenshot](images/MDATP_28_AppInstall.png) - -2. Select **Continue**, agree with the License terms, and enter the password when prompted. - - ![App install screenshot](images/MDATP_29_AppInstallLogin.png) - - > [!IMPORTANT] - > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. - - ![App install screenshot](images/MDATP_30_SystemExtension.png) - -3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: - - ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png) - -The installation will proceed. - -> [!NOTE] -> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. - -### Client configuration - -1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. - - The client machine is not associated with orgId. Note that the orgid is blank. - - ```bash - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : - ``` - -2. Install the configuration file on a client machine: - - ```bash - mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py - Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) - ``` - -3. Verify that the machine is now associated with orgId: - - ```bash - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 - ``` - -After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. - - ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) - -## Configuring with the command line - -Controlling product settings, triggering on-demand scans, and several other important tasks can be done from the command line with the following commands: - -|Group |Scenario |Command | -|-------------|-------------------------------------------|-----------------------------------------------------------------------| -|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` | -|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` | -|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` | -|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` | -|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`| -|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | -|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| -|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | -|Health |Check the product's health |`mdatp --health` | -|Protection |Scan a path |`mdatp scan --path [path]` | -|Protection |Do a quick scan |`mdatp scan --quick` | -|Protection |Do a full scan |`mdatp scan --full` | -|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | -|Protection |Request a definition update |`mdatp --signature-update` | ## What to expect in the ATP portal From 8b9f0da22d48315f1cddffdc025b92e2a8805288 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 3 May 2019 17:17:28 -0400 Subject: [PATCH 18/19] moved what to expect from mdatp-mac to mdatp-mac resources --- .../microsoft-defender-atp-mac-resources.md | 19 +++++++++++++ .../microsoft-defender-atp-mac.md | 27 ++----------------- 2 files changed, 21 insertions(+), 25 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 7f2b515f99..4de5bdb96c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -104,6 +104,25 @@ If you are running JAMF, your policy should contain a single script: Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. +## What to expect in the ATP portal + +- AV alerts: + - Severity + - Scan type + - Device information (hostname, machine identifier, tenant identifier, app version, and OS type) + - File information (name, path, size, and hash) + - Threat information (name, type, and state) +- Device information: + - Machine identifier + - Tenant identifier + - App version + - Hostname + - OS type + - OS version + - Computer model + - Processor architecture + - Whether the device is a virtual machine + ## Known issues - Not fully optimized for performance or disk space yet. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 3eb0b476e4..5132b03e9b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -37,7 +37,7 @@ We've been working hard through the private preview period, and we've heard your - Product health can be queried with JAMF or the command line. - Admins can set their cloud preference for any location, not just for those in the US. -## Installing and configuring +## Installing and configuring There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. In general you'll need to take the following steps: @@ -80,27 +80,4 @@ To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/ap ``` We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines. -SIP is a built-in macOS security feature that prevents low-level tampering with the OS. - - - - - -## What to expect in the ATP portal - -- AV alerts: - - Severity - - Scan type - - Device information (hostname, machine identifier, tenant identifier, app version, and OS type) - - File information (name, path, size, and hash) - - Threat information (name, type, and state) -- Device information: - - Machine identifier - - Tenant identifier - - App version - - Hostname - - OS type - - OS version - - Computer model - - Processor architecture - - Whether the device is a virtual machine \ No newline at end of file +SIP is a built-in macOS security feature that prevents low-level tampering with the OS. \ No newline at end of file From 0b8a2c84a141eee6516ae775782e75760e44de38 Mon Sep 17 00:00:00 2001 From: martyav Date: Mon, 6 May 2019 10:52:59 -0400 Subject: [PATCH 19/19] cross links within mdatp-mac pages --- ...osoft-defender-atp-mac-install-manually.md | 17 ++++++++++++++++- ...ft-defender-atp-mac-install-with-intune.md | 19 +++++++++++++++++-- ...soft-defender-atp-mac-install-with-jamf.md | 19 ++++++++++++++++--- .../microsoft-defender-atp-mac-resources.md | 13 +++++++++---- .../microsoft-defender-atp-mac.md | 12 ++++++++---- 5 files changed, 66 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 4fbed04668..27b3a8f924 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -26,6 +26,13 @@ ms.topic: #conceptual >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. +Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. + ## Download installation and onboarding packages Download the installation and onboarding packages from Windows Defender Security Center: @@ -127,4 +134,12 @@ Important tasks, such as controlling product settings and triggering on-demand s |Protection |Do a quick scan |`mdatp scan --quick` | |Protection |Do a full scan |`mdatp scan --full` | |Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | -|Protection |Request a definition update |`mdatp --signature-update` | \ No newline at end of file +|Protection |Request a definition update |`mdatp --signature-update` | + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index 5cd1e22a19..8af90fded1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -22,10 +22,17 @@ ms.topic: #conceptual **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) - + >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. +Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. + ## Download installation and onboarding packages Download the installation and onboarding packages from Windows Defender Security Center: @@ -155,4 +162,12 @@ After Intune changes are propagated to the enrolled machines, you'll see it on t 4. wdav-config and wdav-kext are system configuration profiles that we added in Intune. 5. You should also see the Microsoft Defender icon in the top-right corner: - ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) \ No newline at end of file + ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index 82aaf8ffe2..8837b3bcc5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -26,9 +26,14 @@ ms.topic: #conceptual >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -## Prerequsites +This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. +Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. -You need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes a properly configured distribution point. JAMF has many alternative ways to complete the same task. These instructions provide you an example for most common processes. Your organization might use a different workflow. +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. + +In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow. ## Download installation and onboarding packages @@ -192,4 +197,12 @@ You can check that machines are correctly onboarded by creating a script. For ex sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' ``` -This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. \ No newline at end of file +This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 4de5bdb96c..09a4dcceae 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: #conceptual --- -## Collecting diagnostic information +# Resources **Applies to:** @@ -26,6 +26,11 @@ ms.topic: #conceptual >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +This topic describes how to use, and details about, Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. +Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. + +## Collecting diagnostic information + If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. 1) Increase logging level: @@ -57,7 +62,7 @@ If you can reproduce a problem, please increase the logging level, run the syste Operation succeeded ``` -### Installation issues +## Logging installation issues If an error occurs during installation, the installer will only report a general failure. @@ -65,13 +70,13 @@ The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If y ## Uninstalling -There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available for JAMF, it is not yet available for Intune. +There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune. ### Within the GUI - Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. -### From the command line: +### From the command line - ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 5132b03e9b..af6205c2ca 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -44,9 +44,9 @@ In general you'll need to take the following steps: - Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: - - [Microsoft Intune-based deployment](separate-page-url) - - [JAMF-based deployment](seperate-page-url) - - [Manual deployment](seperate-page-url) + - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune) + - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf) + - [Manual deployment](microsoft-defender-atp-mac-install-manually) ### Prerequisites @@ -80,4 +80,8 @@ To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/ap ``` We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines. -SIP is a built-in macOS security feature that prevents low-level tampering with the OS. \ No newline at end of file +SIP is a built-in macOS security feature that prevents low-level tampering with the OS. + +## Resources + +For further information on logging, uninstalling, the ATP portal, or known issues, see our [Resources](microsoft-defender-atp-mac-resources) page. \ No newline at end of file