From 1fb01046712c3c06c53333e1134b5b87f4be90f3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 19 Nov 2019 11:43:35 -0800 Subject: [PATCH] ms.custom: nextgen --- ...ed-endpoints-windows-defender-antivirus.md | 30 ++++++++----------- ...es-baselines-windows-defender-antivirus.md | 7 +++-- ...port-monitor-windows-defender-antivirus.md | 8 ++--- ...ntined-files-windows-defender-antivirus.md | 7 +++-- ...tch-up-scans-windows-defender-antivirus.md | 5 ++-- .../troubleshoot-reporting.md | 5 ++-- ...troubleshoot-windows-defender-antivirus.md | 10 +++---- ...group-policy-windows-defender-antivirus.md | 12 +++----- ...nfig-manager-windows-defender-antivirus.md | 7 +++-- ...hell-cmdlets-windows-defender-antivirus.md | 7 +++-- .../use-wmi-windows-defender-antivirus.md | 5 ++-- ...indows-defender-antivirus-compatibility.md | 5 ++-- 12 files changed, 53 insertions(+), 55 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md index ca75fa1e6f..fabe399119 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp @@ -32,7 +33,7 @@ When the user returns to work and logs on to their PC, Windows Defender Antiviru If Windows Defender Antivirus did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. This is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-windows-defender-antivirus.md). -**Use Configuration Manager to configure catch-up protection updates:** +### Use Configuration Manager to configure catch-up protection updates 1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**) @@ -45,7 +46,7 @@ If Windows Defender Antivirus did not download protection updates for a specifie 4. [Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers). -**Use Group Policy to enable and configure the catch-up update feature:** +### Use Group Policy to enable and configure the catch-up update feature 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. @@ -59,7 +60,7 @@ If Windows Defender Antivirus did not download protection updates for a specifie 6. Click **OK**. -**Use PowerShell cmdlets to configure catch-up protection updates:** +### Use PowerShell cmdlets to configure catch-up protection updates Use the following cmdlets: @@ -69,7 +70,7 @@ Set-MpPreference -SignatureUpdateCatchupInterval See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. -**Use Windows Management Instruction (WMI) to configure catch-up protection updates:** +### Use Windows Management Instruction (WMI) to configure catch-up protection updates Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: @@ -81,13 +82,11 @@ See the following for more information and allowed parameters: - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) - - ## Set the number of days before protection is reported as out-of-date You can also specify the number of days after which Windows Defender Antivirus protection is considered old or out-of-date. After the specified number of days, the client will report itself as out-of-date, and show an error to the user of the PC. It may also cause Windows Defender Antivirus to attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-windows-defender-antivirus.md#fallback-order)), such as when using MMPC as a secondary source after setting WSUS or Microsoft Update as the first source. -**Use Group Policy to specify the number of days before protection is considered out-of-date:** +### Use Group Policy to specify the number of days before protection is considered out-of-date 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. @@ -106,8 +105,6 @@ You can also specify the number of days after which Windows Defender Antivirus p 4. Click **OK**. - - ## Set up catch-up scans for endpoints that have not been scanned for a while You can set the number of consecutive scheduled scans that can be missed before Windows Defender Antivirus will force a scan. @@ -120,7 +117,7 @@ The process for enabling this feature is: This feature can be enabled for both full and quick scans. -**Use Group Policy to enable and configure the catch-up scan feature:** +### Use Group Policy to enable and configure the catch-up scan feature 1. Ensure you have set up at least one scheduled scan. @@ -140,7 +137,7 @@ This feature can be enabled for both full and quick scans. > [!NOTE] > The Group Policy setting title refers to the number of days. The setting, however, is applied to the number of scans (not days) before the catch-up scan will be run. -**Use PowerShell cmdlets to configure catch-up scans:** +### Use PowerShell cmdlets to configure catch-up scans Use the following cmdlets: @@ -152,7 +149,7 @@ Set-MpPreference -DisableCatchupQuickScan See [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus. -**Use Windows Management Instruction (WMI) to configure catch-up scans:** +### Use Windows Management Instruction (WMI) to configure catch-up scans Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: @@ -165,7 +162,7 @@ See the following for more information and allowed parameters: - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) -**Use Configuration Manager to configure catch-up scans:** +### Use Configuration Manager to configure catch-up scans 1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**) @@ -175,8 +172,7 @@ See the following for more information and allowed parameters: 4. [Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers). - -## Related topics +## Related articles - [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) - [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md index e5efd9c691..775068abed 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp @@ -24,6 +25,7 @@ manager: dansimp There are two types of updates related to keeping Windows Defender Antivirus up to date: 1. Protection updates + 2. Product updates You can also apply [Windows security baselines](https://technet.microsoft.com/itpro/windows/keep-secure/windows-security-baselines) to quickly bring your endpoints up to a uniform level of protection. @@ -34,7 +36,6 @@ Windows Defender Antivirus uses both [cloud-delivered protection](utilize-micros The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the protection updates generally occur once a day (although this can be configured). See the [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection. - ## Product updates Windows Defender Antivirus requires [monthly updates](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as "engine updates" and "platform updates"), and will receive major feature updates alongside Windows 10 releases. diff --git a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md index 41a8f3094f..72b23bfec1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp @@ -28,7 +29,6 @@ You can use System Center Configuration Manager to [monitor Windows Defender Ant Microsoft Operations Management Suite has an [Update Compliance add-in](/windows/deployment/update/update-compliance-get-started) that reports on key Windows Defender Antivirus issues, including protection updates and real-time protection settings. - If you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender client events](https://msdn.microsoft.com/library/windows/desktop/aa964766(v=vs.85).aspx). Windows events comprise several security event sources, including Security Account Manager (SAM) events ([enhanced for Windows 10](https://technet.microsoft.com/library/mt431757.aspx), also see the [Security audting](/windows/device-security/auditing/security-auditing-overview) topic) and [Windows Defender events](troubleshoot-windows-defender-antivirus.md). @@ -39,7 +39,7 @@ You can also [monitor malware events using the Malware Assessment solution in Lo For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, see the [(Deployment, management, and reporting options table)](deploy-manage-report-windows-defender-antivirus.md#ref2). -## Related topics +## Related articles - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) - [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md index 68c4accc82..f99aa7584f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 11/16/2018 ms.reviewer: manager: dansimp @@ -32,7 +33,7 @@ If Windows Defender Antivirus is configured to detect and remediate threats on y > [!NOTE] > You can also use the dedicated command-line tool [mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus) to restore quarantined files in Windows Defender AV. -## Related topics +## Related articles - [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md) - [Review scan results](review-scan-results-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index bf6852066d..e49771c6ae 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 12/10/2018 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index c4a5b85e7f..d123f26a35 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.reviewer: manager: dansimp --- diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index a371aaca96..e73f8d37d8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/11/2018 ms.reviewer: manager: dansimp @@ -46,7 +47,7 @@ You can directly view the event log, or if you have a third-party security infor The table in this section lists the main Windows Defender Antivirus event IDs and, where possible, provides suggested solutions to fix or resolve the error. -**To view a Windows Defender Antivirus event** +## To view a Windows Defender Antivirus event 1. Open **Event Viewer**. 2. In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender Antivirus**. @@ -54,9 +55,6 @@ The table in this section lists the main Windows Defender Antivirus event IDs an 4. In the details pane, view the list of individual events to find your event. 5. Click the event to see specific details about an event in the lower pane, under the **General** and **Details** tabs. - - - diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md index b7114cd1fd..dcf2f5dd8d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp @@ -143,12 +144,7 @@ Threats | Specify threat alert levels at which default action should not be take Threats | Specify threats upon which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) - - - - - -## Related topics +## Related articles - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md index 0a6c5dc31a..6ed604307a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp @@ -31,7 +32,7 @@ See the [Endpoint Protection](https://docs.microsoft.com/sccm/protect/deploy-use For Microsoft Intune, consult the [Microsoft Intune library](https://docs.microsoft.com/intune/introduction-intune) and [Configure device restriction settings in Intune](https://docs.microsoft.com/intune/device-restrictions-configure). -## Related topics +## Related articles - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md index bd4a22592f..326511d75c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp @@ -38,7 +39,7 @@ You can [configure which settings can be overridden locally with local policy ov PowerShell is typically installed under the folder _%SystemRoot%\system32\WindowsPowerShell_. -**Use Windows Defender Antivirus PowerShell cmdlets:** +## Use Windows Defender Antivirus PowerShell cmdlets 1. Click **Start**, type **powershell**, and press **Enter**. 2. Click **Windows PowerShell** to open the interface. diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md index c0e86e1a2b..0e88dfd58b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index 717e08d7d4..369ebfe876 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp
Event ID: 1000