diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md index 77b79508b8..10b03b87a5 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md @@ -61,7 +61,7 @@ By default, Windows Defender AV is installed and functional on Windows Server 20 If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option. -![](images/server-add-gui.png) +![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png) See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard. diff --git a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md index 8b068f6f7c..f3ad3cb57e 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md @@ -73,7 +73,7 @@ You can also manually navigate to the event area that corresponds to the Windows 3. On the left panel, under **Actions**, click **Create Custom View...** - ![Animation highlighting the create cusomt view option on the Event viewer window ](images/events-create.gif) + ![Animation highlighting the create custom view option on the Event viewer window ](images/events-create.gif) 4. Go to the XML tab and click **Edit query manually**. You'll see a warning that you won't be able to edit the query using the **Filter** tab if you use the XML option. Click **Yes**. diff --git a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index f9095299df..8b5068a19b 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -76,7 +76,7 @@ You can review the Windows event log to see events that are created when Exploit 3. On the left panel, under **Actions**, click **Import custom view...** - ![](images/events-import.gif) + ![Antimated GIF highlighting the import custom view button on the right pane ](images/events-import.gif) 4. Navigate to where you extracted *ep-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md). diff --git a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md index a4da86a4bc..aa5dbf53a8 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md +++ b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md @@ -66,16 +66,16 @@ When you have configured Exploit protection to your desired state (including bot ### Use the Windows Defender Security Center app to export a configuration file -1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. +1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**. 2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings**: - ![](images/wdsc-exp-prot.png) + ![Highlight of the Exploit protection settings option in the Windows Defender Security Center app](images/wdsc-exp-prot.png) 3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved. - ![](images/wdsc-exp-prot-export.png) + ![Highlight of the Export Settings option](images/wdsc-exp-prot-export.png) >[!NOTE] >When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the **System settings** and **Program settings** sections - either section will export all settings. @@ -151,7 +151,7 @@ You can use Group Policy to deploy the configuration you've created to multiple 5. Expand the tree to **Windows components > Windows Defender Exploit Guard > Exploit protection**. - ![](images/exp-prot-gp.png) + ![Screenshot of the group policy setting for exploit protection](images/exp-prot-gp.png) 6. Double-click the **Use a common set of Exploit protection settings** setting and set the option to **Enabled**. diff --git a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index 57473681c2..3f78879c88 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -70,7 +70,7 @@ You can review the Windows event log to see events that are created when Network 2. On the left panel, under **Actions**, click **Import custom view...** - ![](images/events-import.gif) + ![Antimation of the import custom view option](images/events-import.gif) 3. Navigate to the Exploit Guard Evaluation Package, and select the file *np-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md). diff --git a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 804c2d9152..259af8485e 100644 --- a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -125,11 +125,11 @@ See the following links for more information on the features in the Windows Defe You can customize notifcations so they show information to users about how to get more help from your organization's help desk. -![](images/security-center-custom-notif.png) +![Sample notification that says Action blocked: Contos caused Windows Defender Security Center to block this action. Contact your IT help desk.](images/security-center-custom-notif.png) This information will also appear as a pop-out window on the Windows Defender Security Center app. -![](images/security-center-custom-flyout.png) +![Screenshot of the Windows Defender Security Center app showing sample phone number and email address to contact support on the bottom right of the app](images/security-center-custom-flyout.png) Users can click on the displayed information to get more help: - Clicking **Call** or the phone number will open Skype to start a call to the displayed number