From 1de656cdd5829ecb6f0aa4730c3d85019ca3d731 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Mon, 26 Aug 2019 15:07:34 -0400 Subject: [PATCH 1/2] More details on Allowed and Not Allowed Worked with Defender AV PM to explain what Allowed and Not Allowed do for the following CSPs: Defender/AllowArchiveScanning Defender/AllowBehaviorMonitoring Defender/AllowCloudProtection Defender/AllowEmailScanning Defender/AllowFullScanOnMappedNetworkDrives Defender/AllowFullScanRemovableDriveScanning Defender/AllowRealtimeMonitoring Defender/AllowScanningNetworkFiles Defender/AllowUserUIAccess --- .../mdm/policy-csp-defender.md | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index f796a9ae53..90365c5163 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 01/26/2019 +ms.date: 08/26/2019 ms.reviewer: manager: dansimp --- @@ -205,8 +205,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed turns off scanning on archived files. +- 1 (default) – Allowed scans the archive files. @@ -267,8 +267,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed turns off behavior monitoring. +- 1 (default) – Allowed turns on Real-time behavior monitoring. @@ -330,8 +330,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed turns off the Microsoft Active Protection Service. +- 1 (default) – Allowed turns on the Microsoft Active Protection Service. @@ -392,8 +392,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Not allowed. -- 1 – Allowed. +- 0 (default) – Not allowed turns off email scanning. +- 1 – Allowed turns on email scanning. @@ -454,8 +454,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Not allowed. -- 1 – Allowed. +- 0 (default) – Not allowed disables scanning on mapped network drives. +- 1 – Allowed scans mapped network drives. @@ -502,7 +502,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -Allows or disallows a full scan of removable drives. +Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. @@ -516,8 +516,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed turns off scanning on removable drives. +- 1 (default) – Allowed scans removable drives. @@ -756,8 +756,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed turns off the real-time monitoring service. +- 1 (default) – Allowed turns on, and runs the real-time monitoring service. @@ -818,8 +818,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed turns off scanning of network files. +- 1 (default) – Allowed scans network files. @@ -934,8 +934,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed. -- 1 (default) – Allowed. +- 0 – Not allowed prevents users from accessing UI. +- 1 (default) – Allowed lets users access UI. From 37c25279ae40d331f6ffde58ecdb9906fe132024 Mon Sep 17 00:00:00 2001 From: Manika Dhiman Date: Wed, 28 Aug 2019 14:56:12 -0700 Subject: [PATCH 2/2] Update policy-csp-defender.md --- .../mdm/policy-csp-defender.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 90365c5163..b7840b2c6f 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -205,8 +205,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed turns off scanning on archived files. -- 1 (default) – Allowed scans the archive files. +- 0 – Not allowed. Turns off scanning on archived files. +- 1 (default) – Allowed. Scans the archive files. @@ -267,8 +267,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed turns off behavior monitoring. -- 1 (default) – Allowed turns on Real-time behavior monitoring. +- 0 – Not allowed. Turns off behavior monitoring. +- 1 (default) – Allowed. Turns on real-time behavior monitoring. @@ -330,8 +330,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed turns off the Microsoft Active Protection Service. -- 1 (default) – Allowed turns on the Microsoft Active Protection Service. +- 0 – Not allowed. Turns off the Microsoft Active Protection Service. +- 1 (default) – Allowed. Turns on the Microsoft Active Protection Service. @@ -392,8 +392,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Not allowed turns off email scanning. -- 1 – Allowed turns on email scanning. +- 0 (default) – Not allowed. Turns off email scanning. +- 1 – Allowed. Turns on email scanning. @@ -454,8 +454,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Not allowed disables scanning on mapped network drives. -- 1 – Allowed scans mapped network drives. +- 0 (default) – Not allowed. Disables scanning on mapped network drives. +- 1 – Allowed. Scans mapped network drives. @@ -516,8 +516,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed turns off scanning on removable drives. -- 1 (default) – Allowed scans removable drives. +- 0 – Not allowed. Turns off scanning on removable drives. +- 1 (default) – Allowed. Scans removable drives. @@ -756,8 +756,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed turns off the real-time monitoring service. -- 1 (default) – Allowed turns on, and runs the real-time monitoring service. +- 0 – Not allowed. Turns off the real-time monitoring service. +- 1 (default) – Allowed. Turns on and runs the real-time monitoring service. @@ -818,8 +818,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed turns off scanning of network files. -- 1 (default) – Allowed scans network files. +- 0 – Not allowed. Turns off scanning of network files. +- 1 (default) – Allowed. Scans network files. @@ -934,8 +934,8 @@ ADMX Info: The following list shows the supported values: -- 0 – Not allowed prevents users from accessing UI. -- 1 (default) – Allowed lets users access UI. +- 0 – Not allowed. Prevents users from accessing UI. +- 1 (default) – Allowed. Lets users access UI.