Merged PR 7205: merge Master changes into atp-rs4

windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md

@@ -119,62 +119,63 @@ Microsoft recommends that you block the following Microsoft-signed applications
   <EKUs />
   <!--File Rules-->
   <FileRules>
-    <Deny  ID="ID_DENY_BGINFO"            FriendlyName="bginfo.exe"                  FileName="BGINFO.Exe" MinimumFileVersion = "4.21.0.0" />
-    <Deny  ID="ID_DENY_CBD"               FriendlyName="cdb.exe"                     FileName="CDB.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_KD"                FriendlyName="kd.exe"                      FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_KD_KMCI"           FriendlyName="kd.exe"                      FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_NTKD"              FriendlyName="ntkd.exe"                    FileName="ntkd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_WINDBG"            FriendlyName="windbg.exe"                  FileName="windbg.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_MSBUILD"           FriendlyName="MSBuild.exe"                 FileName="MSBuild.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_CSI"               FriendlyName="csi.exe"                     FileName="csi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_DBGHOST"           FriendlyName="dbghost.exe"                 FileName="DBGHOST.Exe" MinimumFileVersion = "2.3.0.0" /> 
-    <Deny  ID="ID_DENY_DBGSVC"            FriendlyName="dbgsvc.exe"                  FileName="DBGSVC.Exe" MinimumFileVersion = "2.3.0.0" />    
-    <Deny  ID="ID_DENY_DNX"               FriendlyName="dnx.exe"                     FileName="dnx.Exe" MinimumFileVersion = "65535.65535.65535.65535" />   
-    <Deny  ID="ID_DENY_RCSI"              FriendlyName="rcsi.exe"                    FileName="rcsi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_NTSD"              FriendlyName="ntsd.exe"                    FileName="ntsd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_LXSS"              FriendlyName="LxssManager.dll"             FileName="LxssManager.dll" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_BASH"              FriendlyName="bash.exe"                    FileName="bash.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_FSI"               FriendlyName="fsi.exe"                     FileName="fsi.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_FSI_ANYCPU"        FriendlyName="fsiAnyCpu.exe"               FileName="fsiAnyCpu.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_MSHTA"             FriendlyName="mshta.exe"                   FileName="mshta.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_VISUALUIAVERIFY"   FriendlyName="visualuiaverifynative.exe"   FileName="visualuiaverifynative.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_RUNSCRIPTHELPER"   FriendlyName="runscripthelper.exe"         FileName="runscripthelper.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_ADDINPROCESS"      FriendlyName="AddInProcess.exe"            FileName="AddInProcess.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_ADDINPROCESS32"    FriendlyName="AddInProcess32.exe"          FileName="AddInProcess32.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_ADDINUTIL"         FriendlyName="AddInUtil.exe"               FileName="AddInUtil.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_WSL"               FriendlyName="wsl.exe"                     FileName="wsl.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_WSLCONFIG"         FriendlyName="wslconfig.exe"               FileName="wslconfig.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_WSLHOST"           FriendlyName="wslhost.exe"                 FileName="wslhost.exe" MinimumFileVersion = "65535.65535.65535.65535" />   
-    <Deny  ID="ID_DENY_INFINSTALL"        FriendlyName="infdefaultinstall.exe"       FileName="infdefaultinstall.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_LXRUN"             FriendlyName="lxrun.exe"                   FileName="lxrun.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_PWRSHLCUSTOMHOST"  FriendlyName="powershellcustomhost.exe"    FileName="powershellcustomhost.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_BGINFO"            FriendlyName="bginfo.exe"                  FileName="BGINFO.Exe" MinimumFileVersion = "4.21.0.0"/>
+    <Deny  ID="ID_DENY_CBD"               FriendlyName="cdb.exe"                     FileName="CDB.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_KD"                FriendlyName="kd.exe"                      FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_KD_KMCI"           FriendlyName="kd.exe"                      FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_NTKD"              FriendlyName="ntkd.exe"                    FileName="ntkd.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_WINDBG"            FriendlyName="windbg.exe"                  FileName="windbg.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_MSBUILD"           FriendlyName="MSBuild.exe"                 FileName="MSBuild.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_CSI"               FriendlyName="csi.exe"                     FileName="csi.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_DBGHOST"           FriendlyName="dbghost.exe"                 FileName="DBGHOST.Exe" MinimumFileVersion = "2.3.0.0"/> 
+    <Deny  ID="ID_DENY_DBGSVC"            FriendlyName="dbgsvc.exe"                  FileName="DBGSVC.Exe" MinimumFileVersion = "2.3.0.0"/>    
+    <Deny  ID="ID_DENY_DNX"               FriendlyName="dnx.exe"                     FileName="dnx.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>   
+    <Deny  ID="ID_DENY_RCSI"              FriendlyName="rcsi.exe"                    FileName="rcsi.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_NTSD"              FriendlyName="ntsd.exe"                    FileName="ntsd.Exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_LXSS"              FriendlyName="LxssManager.dll"             FileName="LxssManager.dll" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_BASH"              FriendlyName="bash.exe"                    FileName="bash.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_FSI"               FriendlyName="fsi.exe"                     FileName="fsi.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_FSI_ANYCPU"        FriendlyName="fsiAnyCpu.exe"               FileName="fsiAnyCpu.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_MSHTA"             FriendlyName="mshta.exe"                   FileName="mshta.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_VISUALUIAVERIFY"   FriendlyName="visualuiaverifynative.exe"   FileName="visualuiaverifynative.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_RUNSCRIPTHELPER"   FriendlyName="runscripthelper.exe"         FileName="runscripthelper.exe" MinimumFileVersion="65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_ADDINPROCESS"      FriendlyName="AddInProcess.exe"            FileName="AddInProcess.exe" MinimumFileVersion="65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_ADDINPROCESS32"    FriendlyName="AddInProcess32.exe"          FileName="AddInProcess32.exe" MinimumFileVersion="65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_ADDINUTIL"         FriendlyName="AddInUtil.exe"               FileName="AddInUtil.exe" MinimumFileVersion="65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_WSL"               FriendlyName="wsl.exe"                     FileName="wsl.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_WSLCONFIG"         FriendlyName="wslconfig.exe"               FileName="wslconfig.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_WSLHOST"           FriendlyName="wslhost.exe"                 FileName="wslhost.exe" MinimumFileVersion = "65535.65535.65535.65535"/>   
+    <Deny  ID="ID_DENY_INFINSTALL"        FriendlyName="infdefaultinstall.exe"       FileName="infdefaultinstall.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_LXRUN"             FriendlyName="lxrun.exe"                   FileName="lxrun.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_PWRSHLCUSTOMHOST"  FriendlyName="powershellcustomhost.exe"    FileName="powershellcustomhost.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
+    <Deny  ID="ID_DENY_WMIC"              FriendlyName="wmic.exe"                    FileName="wmic.exe" MinimumFileVersion = "65535.65535.65535.65535"/>
 
-    <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
-    <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
-    <Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40" />
-    <Deny ID="ID_DENY_D_4" FriendlyName="Powershell 4" Hash="29DF1D593D0D7AB365F02645E7EF4BCCA060763A" />
-    <Deny ID="ID_DENY_D_5" FriendlyName="Powershell 5" Hash="2E3C47BBE1BA99842EE187F756CA616EFED61B94" />
-    <Deny ID="ID_DENY_D_6" FriendlyName="Powershell 6" Hash="38DC1956313B160696A172074C6F5DA9852BF508F55AFB7FA079B98F2849AFB5" />
-    <Deny ID="ID_DENY_D_7" FriendlyName="Powershell 7" Hash="513B625EA507ED9CE83E2FB2ED4F3D586C2AA379" />
-    <Deny ID="ID_DENY_D_8" FriendlyName="Powershell 8" Hash="71FC552E66327EDAA72D72C362846BD80CB65EECFAE95C4D790C9A2330D95EE6" />
-    <Deny ID="ID_DENY_D_9" FriendlyName="Powershell 9" Hash="72E4EC687CFE357F3E681A7500B6FF009717A2E9538956908D3B52B9C865C189" />
-    <Deny ID="ID_DENY_D_10" FriendlyName="Powershell 10" Hash="74E207F539C4EAC648A5507EB158AEE9F6EA401E51808E83E73709CFA0820FDD" />
-    <Deny ID="ID_DENY_D_11" FriendlyName="Powershell 11" Hash="75288A0CF0806A68D8DA721538E64038D755BBE74B52F4B63FEE5049AE868AC0" />
-    <Deny ID="ID_DENY_D_12" FriendlyName="Powershell 12" Hash="7DB3AD53985C455990DD9847DE15BDB271E0C8D1" />
-    <Deny ID="ID_DENY_D_13" FriendlyName="Powershell 13" Hash="84BB081141DA50B3839CD275FF34854F53AECB96CA9AEB8BCD24355C33C1E73E" />
-    <Deny ID="ID_DENY_D_14" FriendlyName="Powershell 14" Hash="86DADE56A1DBAB6DDC2769839F89244693D319C6" />
-    <Deny ID="ID_DENY_D_15" FriendlyName="Powershell 15" Hash="BD3139CE7553AC7003C96304F08EAEC2CDB2CC6A869D36D6F1E478DA02D3AA16" />
-    <Deny ID="ID_DENY_D_16" FriendlyName="Powershell 16" Hash="BE3FFE10CDE8B62C3E8FD4D8198F272B6BD15364A33362BB07A0AFF6731DABA1" />
-    <Deny ID="ID_DENY_D_17" FriendlyName="Powershell 17" Hash="C1196433541B87D22CE2DD19AAAF133C9C13037A" />
-    <Deny ID="ID_DENY_D_18" FriendlyName="Powershell 18" Hash="C6C073A80A8E76DC13E724B5E66FE4035A19CCA0C1AF3FABBC18E5185D1B66CB" />
-    <Deny ID="ID_DENY_D_19" FriendlyName="Powershell 19" Hash="CE5EA2D29F9DD3F15CF3682564B0E765ED3A8FE1" />
-    <Deny ID="ID_DENY_D_20" FriendlyName="Powershell 20" Hash="D027E09D9D9828A87701288EFC91D240C0DEC2C3" />
-    <Deny ID="ID_DENY_D_21" FriendlyName="Powershell 21" Hash="D2CFC8F6729E510AE5BA9BECCF37E0B49DDF5E31" />
-    <Deny ID="ID_DENY_D_22" FriendlyName="Powershell 22" Hash="DED853481A176999723413685A79B36DD0F120F9" />
-    <Deny ID="ID_DENY_D_23" FriendlyName="Powershell 23" Hash="DFCD10EAA2A22884E0A41C4D9E6E8DA265321870" />
-    <Deny ID="ID_DENY_D_24" FriendlyName="Powershell 24" Hash="F16E605B55774CDFFDB0EB99FAFF43A40622ED2AB1C011D1195878F4B20030BC" />
-    <Deny ID="ID_DENY_D_25" FriendlyName="Powershell 25" Hash="F29A958287788A6EEDE6035D49EF5CB85EEC40D214FDDE5A0C6CAA65AFC00EEC" />
-    <Deny ID="ID_DENY_D_26" FriendlyName="Powershell 26" Hash="F875E43E12685ECE0BA2D42D55A13798CE9F1FFDE3CAE253D2529F4304811A52" />
+    <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6"/>
+    <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF"/>
+    <Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40"/>
+    <Deny ID="ID_DENY_D_4" FriendlyName="Powershell 4" Hash="29DF1D593D0D7AB365F02645E7EF4BCCA060763A"/>
+    <Deny ID="ID_DENY_D_5" FriendlyName="Powershell 5" Hash="2E3C47BBE1BA99842EE187F756CA616EFED61B94"/>
+    <Deny ID="ID_DENY_D_6" FriendlyName="Powershell 6" Hash="38DC1956313B160696A172074C6F5DA9852BF508F55AFB7FA079B98F2849AFB5"/>
+    <Deny ID="ID_DENY_D_7" FriendlyName="Powershell 7" Hash="513B625EA507ED9CE83E2FB2ED4F3D586C2AA379"/>
+    <Deny ID="ID_DENY_D_8" FriendlyName="Powershell 8" Hash="71FC552E66327EDAA72D72C362846BD80CB65EECFAE95C4D790C9A2330D95EE6"/>
+    <Deny ID="ID_DENY_D_9" FriendlyName="Powershell 9" Hash="72E4EC687CFE357F3E681A7500B6FF009717A2E9538956908D3B52B9C865C189"/>
+    <Deny ID="ID_DENY_D_10" FriendlyName="Powershell 10" Hash="74E207F539C4EAC648A5507EB158AEE9F6EA401E51808E83E73709CFA0820FDD"/>
+    <Deny ID="ID_DENY_D_11" FriendlyName="Powershell 11" Hash="75288A0CF0806A68D8DA721538E64038D755BBE74B52F4B63FEE5049AE868AC0"/>
+    <Deny ID="ID_DENY_D_12" FriendlyName="Powershell 12" Hash="7DB3AD53985C455990DD9847DE15BDB271E0C8D1"/>
+    <Deny ID="ID_DENY_D_13" FriendlyName="Powershell 13" Hash="84BB081141DA50B3839CD275FF34854F53AECB96CA9AEB8BCD24355C33C1E73E"/>
+    <Deny ID="ID_DENY_D_14" FriendlyName="Powershell 14" Hash="86DADE56A1DBAB6DDC2769839F89244693D319C6"/>
+    <Deny ID="ID_DENY_D_15" FriendlyName="Powershell 15" Hash="BD3139CE7553AC7003C96304F08EAEC2CDB2CC6A869D36D6F1E478DA02D3AA16"/>
+    <Deny ID="ID_DENY_D_16" FriendlyName="Powershell 16" Hash="BE3FFE10CDE8B62C3E8FD4D8198F272B6BD15364A33362BB07A0AFF6731DABA1"/>
+    <Deny ID="ID_DENY_D_17" FriendlyName="Powershell 17" Hash="C1196433541B87D22CE2DD19AAAF133C9C13037A"/>
+    <Deny ID="ID_DENY_D_18" FriendlyName="Powershell 18" Hash="C6C073A80A8E76DC13E724B5E66FE4035A19CCA0C1AF3FABBC18E5185D1B66CB"/>
+    <Deny ID="ID_DENY_D_19" FriendlyName="Powershell 19" Hash="CE5EA2D29F9DD3F15CF3682564B0E765ED3A8FE1"/>
+    <Deny ID="ID_DENY_D_20" FriendlyName="Powershell 20" Hash="D027E09D9D9828A87701288EFC91D240C0DEC2C3"/>
+    <Deny ID="ID_DENY_D_21" FriendlyName="Powershell 21" Hash="D2CFC8F6729E510AE5BA9BECCF37E0B49DDF5E31"/>
+    <Deny ID="ID_DENY_D_22" FriendlyName="Powershell 22" Hash="DED853481A176999723413685A79B36DD0F120F9"/>
+    <Deny ID="ID_DENY_D_23" FriendlyName="Powershell 23" Hash="DFCD10EAA2A22884E0A41C4D9E6E8DA265321870"/>
+    <Deny ID="ID_DENY_D_24" FriendlyName="Powershell 24" Hash="F16E605B55774CDFFDB0EB99FAFF43A40622ED2AB1C011D1195878F4B20030BC"/>
+    <Deny ID="ID_DENY_D_25" FriendlyName="Powershell 25" Hash="F29A958287788A6EEDE6035D49EF5CB85EEC40D214FDDE5A0C6CAA65AFC00EEC"/>
+    <Deny ID="ID_DENY_D_26" FriendlyName="Powershell 26" Hash="F875E43E12685ECE0BA2D42D55A13798CE9F1FFDE3CAE253D2529F4304811A52"/>
     <!--System.Management.Automation.dll -->
     <Deny ID="ID_DENY_D_27" FriendlyName="PowerShell 27" Hash="720D826A84284E18E0003526A0CD9B7FF0C4A98A"/>
     <Deny ID="ID_DENY_D_28" FriendlyName="PowerShell 28" Hash="CB5DF9D0D25571948C3D257882E07C7FA5E768448E0DEBF637E110F9FF575808"/>
@@ -400,56 +401,56 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Deny ID="ID_DENY_D_248" FriendlyName="PowerShell 248" Hash="432F666CCE8CD222484E263AE02F63E0038143DD6AD07B3EB1633CD3C498C13D"/>
     <!--pubprn.vbs-->
     <!--rs2 x86fre-->
-    <Deny ID="ID_DENY_D_249" FriendlyName="PubPrn 249" Hash="68E96BE23748AA680D5E1E557778901F332ED5D3" />
-    <Deny ID="ID_DENY_D_250" FriendlyName="PubPrn 250" Hash="8FA30B5931806565C2058E565C06AD5F1C5A48CDBE609975EB31207C25214063" />
+    <Deny ID="ID_DENY_D_249" FriendlyName="PubPrn 249" Hash="68E96BE23748AA680D5E1E557778901F332ED5D3"/>
+    <Deny ID="ID_DENY_D_250" FriendlyName="PubPrn 250" Hash="8FA30B5931806565C2058E565C06AD5F1C5A48CDBE609975EB31207C25214063"/>
     <!--rs2 amd64fre-->
-    <Deny ID="ID_DENY_D_251" FriendlyName="PubPrn 251" Hash="32C4B29FE428B1DF473F3F4FECF519D285E93521" />
-    <Deny ID="ID_DENY_D_252" FriendlyName="PubPrn 252" Hash="D44FB563198D60DFDC91608949FE2FADAD6161854D084EB1968C558AA36513C7" />
+    <Deny ID="ID_DENY_D_251" FriendlyName="PubPrn 251" Hash="32C4B29FE428B1DF473F3F4FECF519D285E93521"/>
+    <Deny ID="ID_DENY_D_252" FriendlyName="PubPrn 252" Hash="D44FB563198D60DFDC91608949FE2FADAD6161854D084EB1968C558AA36513C7"/>
     <!--rs2 amd64chk-->
-    <Deny ID="ID_DENY_D_253" FriendlyName="PubPrn 253" Hash="9EDBEF086D350863F29175F5AB5178B88B142C75" />
-    <Deny ID="ID_DENY_D_254" FriendlyName="PubPrn 254" Hash="9B22C98351F2B6DEDDCED0D805C65F5B166FF519A8DF41EB242CB909471892EB" />
+    <Deny ID="ID_DENY_D_253" FriendlyName="PubPrn 253" Hash="9EDBEF086D350863F29175F5AB5178B88B142C75"/>
+    <Deny ID="ID_DENY_D_254" FriendlyName="PubPrn 254" Hash="9B22C98351F2B6DEDDCED0D805C65F5B166FF519A8DF41EB242CB909471892EB"/>
     <!--rs2 x86chk-->
-    <Deny ID="ID_DENY_D_255" FriendlyName="PubPrn 255" Hash="8A3B30F345C43246B3500721CFEEADBAC6B9D9C6" />
-    <Deny ID="ID_DENY_D_256" FriendlyName="PubPrn 256" Hash="37C20BF20A2BBACE50957F8D0AB3FD16174BC005E79D47E51E899AFD9E4B7724" />
+    <Deny ID="ID_DENY_D_255" FriendlyName="PubPrn 255" Hash="8A3B30F345C43246B3500721CFEEADBAC6B9D9C6"/>
+    <Deny ID="ID_DENY_D_256" FriendlyName="PubPrn 256" Hash="37C20BF20A2BBACE50957F8D0AB3FD16174BC005E79D47E51E899AFD9E4B7724"/>
     <!--rs2 woafre-->
-    <Deny ID="ID_DENY_D_257" FriendlyName="PubPrn 257" Hash="C659DAD2B37375781E2D584E16AAE2A10B5A1156" />
-    <Deny ID="ID_DENY_D_258" FriendlyName="PubPRn 258" Hash="EBDACA86F10AC0446D60CC75628EC7A370B1E2236E6D20F22372F91033B6D429" />
+    <Deny ID="ID_DENY_D_257" FriendlyName="PubPrn 257" Hash="C659DAD2B37375781E2D584E16AAE2A10B5A1156"/>
+    <Deny ID="ID_DENY_D_258" FriendlyName="PubPRn 258" Hash="EBDACA86F10AC0446D60CC75628EC7A370B1E2236E6D20F22372F91033B6D429"/>
     <!--rs3 amd64chk-->
-    <Deny ID="ID_DENY_D_259" FriendlyName="PubPrn 259" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4" />
-    <Deny ID="ID_DENY_D_260" FriendlyName="PubPrn 260" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F" />
+    <Deny ID="ID_DENY_D_259" FriendlyName="PubPrn 259" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4"/>
+    <Deny ID="ID_DENY_D_260" FriendlyName="PubPrn 260" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F"/>
     <!--rs3 amd64fre-->
-    <Deny ID="ID_DENY_D_261" FriendlyName="PubPrn 261" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4" />
-    <Deny ID="ID_DENY_D_262" FriendlyName="PubPrn 262" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F" />
+    <Deny ID="ID_DENY_D_261" FriendlyName="PubPrn 261" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4"/>
+    <Deny ID="ID_DENY_D_262" FriendlyName="PubPrn 262" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F"/>
     <!--rs3 arm64chk-->
-    <Deny ID="ID_DENY_D_263" FriendlyName="PubPrn 263" Hash="763A652217A1E30F2D288B7F44E08346949A02CD" />
-    <Deny ID="ID_DENY_D_264" FriendlyName="PubPrn 264" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D" />
+    <Deny ID="ID_DENY_D_263" FriendlyName="PubPrn 263" Hash="763A652217A1E30F2D288B7F44E08346949A02CD"/>
+    <Deny ID="ID_DENY_D_264" FriendlyName="PubPrn 264" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D"/>
     <!--rs3 arm64fre-->
-    <Deny ID="ID_DENY_D_265" FriendlyName="PubPrn 265" Hash="763A652217A1E30F2D288B7F44E08346949A02CD" />
-    <Deny ID="ID_DENY_D_266" FriendlyName="PubPrn 266" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D" />
+    <Deny ID="ID_DENY_D_265" FriendlyName="PubPrn 265" Hash="763A652217A1E30F2D288B7F44E08346949A02CD"/>
+    <Deny ID="ID_DENY_D_266" FriendlyName="PubPrn 266" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D"/>
     <!--rs3 woachk-->
-    <Deny ID="ID_DENY_D_267" FriendlyName="PubPrn 267" Hash="60FD28D770B23A0477679311D247DA4D5C61074C" />
-    <Deny ID="ID_DENY_D_268" FriendlyName="PubPrn 268" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F" />
+    <Deny ID="ID_DENY_D_267" FriendlyName="PubPrn 267" Hash="60FD28D770B23A0477679311D247DA4D5C61074C"/>
+    <Deny ID="ID_DENY_D_268" FriendlyName="PubPrn 268" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F"/>
     <!--rs3 woafre-->
-    <Deny ID="ID_DENY_D_269" FriendlyName="PubPrn 269" Hash="60FD28D770B23A0477679311D247DA4D5C61074C" />
-    <Deny ID="ID_DENY_D_270" FriendlyName="PubPrn 270" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F" />
+    <Deny ID="ID_DENY_D_269" FriendlyName="PubPrn 269" Hash="60FD28D770B23A0477679311D247DA4D5C61074C"/>
+    <Deny ID="ID_DENY_D_270" FriendlyName="PubPrn 270" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F"/>
     <!--rs3 x86chk-->
-    <Deny ID="ID_DENY_D_271" FriendlyName="PubPrn 271" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A" />
-    <Deny ID="ID_DENY_D_272" FriendlyName="PubPrn 272" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43" />
+    <Deny ID="ID_DENY_D_271" FriendlyName="PubPrn 271" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A"/>
+    <Deny ID="ID_DENY_D_272" FriendlyName="PubPrn 272" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43"/>
     <!--rs3 x86fre-->
-    <Deny ID="ID_DENY_D_273" FriendlyName="PubPrn 273" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A" />
-    <Deny ID="ID_DENY_D_274" FriendlyName="PubPrn 274" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43" />
+    <Deny ID="ID_DENY_D_273" FriendlyName="PubPrn 273" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A"/>
+    <Deny ID="ID_DENY_D_274" FriendlyName="PubPrn 274" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43"/>
     <!--rs3 sxs amd64-->
-    <Deny ID="ID_DENY_D_275" FriendlyName="PubPrn 275" Hash="663D8E25BAE20510A882F6692BE2620FBABFB94E" />
-    <Deny ID="ID_DENY_D_276" FriendlyName="PubPrn 276" Hash="649A9E5A4867A28C7D0934793F33B545F9441EA23872715C84826D80CC8EC576" />
+    <Deny ID="ID_DENY_D_275" FriendlyName="PubPrn 275" Hash="663D8E25BAE20510A882F6692BE2620FBABFB94E"/>
+    <Deny ID="ID_DENY_D_276" FriendlyName="PubPrn 276" Hash="649A9E5A4867A28C7D0934793F33B545F9441EA23872715C84826D80CC8EC576"/>
     <!--rs3 sxs arm64-->
-    <Deny ID="ID_DENY_D_277" FriendlyName="PubPrn 277" Hash="226ABB2FBAEFC5A7E2A819D9D708F826C00FD215" />
-    <Deny ID="ID_DENY_D_278" FriendlyName="PubPrn 278" Hash="AC6B35C904D388FD12C07C2F6A1A07F337D31895713BF01DCCE7A7F187D7F4D9" />
+    <Deny ID="ID_DENY_D_277" FriendlyName="PubPrn 277" Hash="226ABB2FBAEFC5A7E2A819D9D708F826C00FD215"/>
+    <Deny ID="ID_DENY_D_278" FriendlyName="PubPrn 278" Hash="AC6B35C904D388FD12C07C2F6A1A07F337D31895713BF01DCCE7A7F187D7F4D9"/>
     <!--rs3 sxs woa-->
-    <Deny ID="ID_DENY_D_279" FriendlyName="PubPrn 279" Hash="071D7849941E43144839988971255FE34690A747" />
-    <Deny ID="ID_DENY_D_280" FriendlyName="PubPrn 280" Hash="5AF75895BDC11A6B68C816A8677D7CF9692BF25A95C4378A43FBDE740B18EEB1" />
+    <Deny ID="ID_DENY_D_279" FriendlyName="PubPrn 279" Hash="071D7849941E43144839988971255FE34690A747"/>
+    <Deny ID="ID_DENY_D_280" FriendlyName="PubPrn 280" Hash="5AF75895BDC11A6B68C816A8677D7CF9692BF25A95C4378A43FBDE740B18EEB1"/>
     <!--rs3 sxs x86-->
-    <Deny ID="ID_DENY_D_281" FriendlyName="PubPrn 281" Hash="9FBFF074C201BFEBE37710CB453EFF9A14AE3BFF" />
-    <Deny ID="ID_DENY_D_282" FriendlyName="PubPrn 282" Hash="A0C71A925850D2D481C7E520F5D5A83305EC169EEA4C5B8DC20C8D8AFCD8A512" />
+    <Deny ID="ID_DENY_D_281" FriendlyName="PubPrn 281" Hash="9FBFF074C201BFEBE37710CB453EFF9A14AE3BFF"/>
+    <Deny ID="ID_DENY_D_282" FriendlyName="PubPrn 282" Hash="A0C71A925850D2D481C7E520F5D5A83305EC169EEA4C5B8DC20C8D8AFCD8A512"/>
   </FileRules>
   <!--Signers-->
   <Signers />
@@ -458,7 +459,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Driver Signing Scenarios">
       <ProductSigners>
         <FileRulesRef>
-          <FileRuleRef RuleID="ID_DENY_KD_KMCI" />
+          <FileRuleRef RuleID="ID_DENY_KD_KMCI"/>
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>
@@ -468,21 +469,21 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_BGINFO"/>
           <FileRuleRef RuleID="ID_DENY_CBD"/>
           <FileRuleRef RuleID="ID_DENY_KD"/>
-          <FileRuleRef RuleID="ID_DENY_NTKD" />
-          <FileRuleRef RuleID="ID_DENY_WINDBG" />
-          <FileRuleRef RuleID="ID_DENY_MSBUILD" />
-          <FileRuleRef RuleID="ID_DENY_CSI" />
-          <FileRuleRef RuleID="ID_DENY_DBGHOST" />
-          <FileRuleRef RuleID="ID_DENY_DBGSVC" />
-          <FileRuleRef RuleID="ID_DENY_DNX" />
-          <FileRuleRef RuleID="ID_DENY_RCSI" />
-          <FileRuleRef RuleID="ID_DENY_NTSD" />
-          <FileRuleRef RuleID="ID_DENY_LXSS" />
-          <FileRuleRef RuleID="ID_DENY_BASH" />
-          <FileRuleRef RuleID="ID_DENY_FSI" />
-          <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU" />
-          <FileRuleRef RuleID="ID_DENY_MSHTA" />
-          <FileRuleRef RuleID="ID_DENY_VISUALUIAVERIFY" />
+          <FileRuleRef RuleID="ID_DENY_NTKD"/>
+          <FileRuleRef RuleID="ID_DENY_WINDBG"/>
+          <FileRuleRef RuleID="ID_DENY_MSBUILD"/>
+          <FileRuleRef RuleID="ID_DENY_CSI"/>
+          <FileRuleRef RuleID="ID_DENY_DBGHOST"/>
+          <FileRuleRef RuleID="ID_DENY_DBGSVC"/>
+          <FileRuleRef RuleID="ID_DENY_DNX"/>
+          <FileRuleRef RuleID="ID_DENY_RCSI"/>
+          <FileRuleRef RuleID="ID_DENY_NTSD"/>
+          <FileRuleRef RuleID="ID_DENY_LXSS"/>
+          <FileRuleRef RuleID="ID_DENY_BASH"/>
+          <FileRuleRef RuleID="ID_DENY_FSI"/>
+          <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU"/>
+          <FileRuleRef RuleID="ID_DENY_MSHTA"/>
+          <FileRuleRef RuleID="ID_DENY_VISUALUIAVERIFY"/>
           <FileRuleRef RuleID="ID_DENY_RUNSCRIPTHELPER"/>
           <FileRuleRef RuleID="ID_DENY_ADDINPROCESS"/>
           <FileRuleRef RuleID="ID_DENY_ADDINPROCESS32"/>
@@ -493,32 +494,33 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_INFINSTALL"/>
           <FileRuleRef RuleID="ID_DENY_LXRUN"/>
           <FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST"/>
-          <FileRuleRef RuleID="ID_DENY_D_1" />
-          <FileRuleRef RuleID="ID_DENY_D_2" />
-          <FileRuleRef RuleID="ID_DENY_D_3" />
-          <FileRuleRef RuleID="ID_DENY_D_4" />
-          <FileRuleRef RuleID="ID_DENY_D_5" />
-          <FileRuleRef RuleID="ID_DENY_D_6" />
-          <FileRuleRef RuleID="ID_DENY_D_7" />
-          <FileRuleRef RuleID="ID_DENY_D_8" />
-          <FileRuleRef RuleID="ID_DENY_D_9" />
-          <FileRuleRef RuleID="ID_DENY_D_10" />
-          <FileRuleRef RuleID="ID_DENY_D_11" />
-          <FileRuleRef RuleID="ID_DENY_D_12" />
-          <FileRuleRef RuleID="ID_DENY_D_13" />
-          <FileRuleRef RuleID="ID_DENY_D_14" />
-          <FileRuleRef RuleID="ID_DENY_D_15" />
-          <FileRuleRef RuleID="ID_DENY_D_16" />
-          <FileRuleRef RuleID="ID_DENY_D_17" />
-          <FileRuleRef RuleID="ID_DENY_D_18" />
-          <FileRuleRef RuleID="ID_DENY_D_19" />
-          <FileRuleRef RuleID="ID_DENY_D_20" />
-          <FileRuleRef RuleID="ID_DENY_D_21" />
-          <FileRuleRef RuleID="ID_DENY_D_22" />
-          <FileRuleRef RuleID="ID_DENY_D_23" />
-          <FileRuleRef RuleID="ID_DENY_D_24" />
-          <FileRuleRef RuleID="ID_DENY_D_25" />
-          <FileRuleRef RuleID="ID_DENY_D_26" />
+          <FileRuleRef RuleID="ID_DENY_WMIC"/>
+          <FileRuleRef RuleID="ID_DENY_D_1"/>
+          <FileRuleRef RuleID="ID_DENY_D_2"/>
+          <FileRuleRef RuleID="ID_DENY_D_3"/>
+          <FileRuleRef RuleID="ID_DENY_D_4"/>
+          <FileRuleRef RuleID="ID_DENY_D_5"/>
+          <FileRuleRef RuleID="ID_DENY_D_6"/>
+          <FileRuleRef RuleID="ID_DENY_D_7"/>
+          <FileRuleRef RuleID="ID_DENY_D_8"/>
+          <FileRuleRef RuleID="ID_DENY_D_9"/>
+          <FileRuleRef RuleID="ID_DENY_D_10"/>
+          <FileRuleRef RuleID="ID_DENY_D_11"/>
+          <FileRuleRef RuleID="ID_DENY_D_12"/>
+          <FileRuleRef RuleID="ID_DENY_D_13"/>
+          <FileRuleRef RuleID="ID_DENY_D_14"/>
+          <FileRuleRef RuleID="ID_DENY_D_15"/>
+          <FileRuleRef RuleID="ID_DENY_D_16"/>
+          <FileRuleRef RuleID="ID_DENY_D_17"/>
+          <FileRuleRef RuleID="ID_DENY_D_18"/>
+          <FileRuleRef RuleID="ID_DENY_D_19"/>
+          <FileRuleRef RuleID="ID_DENY_D_20"/>
+          <FileRuleRef RuleID="ID_DENY_D_21"/>
+          <FileRuleRef RuleID="ID_DENY_D_22"/>
+          <FileRuleRef RuleID="ID_DENY_D_23"/>
+          <FileRuleRef RuleID="ID_DENY_D_24"/>
+          <FileRuleRef RuleID="ID_DENY_D_25"/>
+          <FileRuleRef RuleID="ID_DENY_D_26"/>
           <FileRuleRef RuleID="ID_DENY_D_27"/>
           <FileRuleRef RuleID="ID_DENY_D_28"/>
           <FileRuleRef RuleID="ID_DENY_D_29"/>

windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md

@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
 ---
 
 # Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus
@@ -24,20 +24,34 @@ ms.date: 11/20/2017
 
 - Enterprise security administrators
 
-Cloud-delivered protection for Windows Defender Antivirus, also referred to as Microsoft Advanced Protection Service (MAPS), provides you with strong, fast protection in addition to our standard real-time protection.
+Microsoft next-gen technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.  
 
+To take advantage of the power and speed of these next-gen technologies, Windows Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense. 
 
 
 >[!NOTE] 
 >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates.
 
-Enabling cloud-delivered protection helps detect and block new malware - even if the malware has never been seen before - without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver, while our cloud service can deliver updated protection in seconds. 
-
-The following video describes how it works:
+With cloud-delivered protection, next-gen technologies provide rapid identification of new threats, sometimes even before a single machine is infected. Watch the following video about Microsoft AI and Windows Defender Antivirus in action: 
+ 
+<iframe 
+src="https://www.microsoft.com/en-us/videoplayer/embed/RE1Yu4B" width="768" height="432" allowFullScreen="true" frameBorder="0" scrolling="no"></iframe>
 
+To understand how next-gen technologies shorten protection delivery time through the cloud, watch the following video: 
+ 
 <iframe 
 src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc62c59" width="768" height="432" allowFullScreen="true" frameBorder="0" scrolling="no"></iframe>
 
+Read the following blogposts for detailed protection stories involving cloud-protection and Microsoft AI: 
+
+- [Why Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/) 
+- [Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/)
+- [How artificial intelligence stopped an Emotet outbreak](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/)
+- [Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/)
+- [Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware](https://cloudblogs.microsoft.com/microsoftsecure/2017/07/18/windows-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware/) 
+ 
+## Get cloud-delivered protection 
+
 Cloud-delivered protection is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies.
 
 >[!TIP]

windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md

@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
 ---
 
 # Windows Defender Antivirus in Windows 10 and Windows Server 2016
@@ -38,7 +38,7 @@ It can be configured with:
 - Group Policy
 
 Some of the highlights of Windows Defender AV include:
-- [Cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for near-instant detection and blocking of new and emerging threats
+- [Cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus. 
 - [Always-on scanning](configure-real-time-protection-windows-defender-antivirus.md), using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection")
 - [Dedicated protection updates](manage-updates-baselines-windows-defender-antivirus.md) based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research