diff --git a/windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md index 48dcf3df40..e1043e17fc 100644 --- a/windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md +++ b/windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md @@ -40,9 +40,9 @@ This topic describes how to configure exclusion lists for the following: Exclusion | Example ---|--- -Any file on the machine that is opened by any process with a specific file name | Specifying "*test.exe*" would exclude files opened by: -Any file on the machine that is opened by any process under a specific folder | Specifying "*c:\test\sample\\**" would exclude files opened by: -Any file on the machine that is opened by a specific process in a specific folder | Specifying "*c:\test\process.exe*" would exclude files only opened by *c:\test\process.exe* +Any file on the machine that is opened by any process with a specific file name | Specifying "test.exe" would exclude files opened by: +Any file on the machine that is opened by any process under a specific folder | Specifying "c:\test\sample\\*" would exclude files opened by: +Any file on the machine that is opened by a specific process in a specific folder | Specifying "c:\test\process.exe" would exclude files only opened by c:\test\process.exe When you add a process to the process exclusion list, Windows Defender AV will not scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-windows-defender-antivirus.md). @@ -162,7 +162,7 @@ The following table describes how the wildcards can be used in the process exclu Wildcard | Use | Example use | Example matches ---|---|---|--- -\* (asterisk) | Replaces any number of characters | | +\* (asterisk) | Replaces any number of characters | | ? (question mark) | Not available | \- | \- Environment variables | The defined variable will be populated as a path when the exclusion is evaluated | | diff --git a/windows/keep-secure/deployment-vdi-windows-defender-antivirus.md b/windows/keep-secure/deployment-vdi-windows-defender-antivirus.md index 54535d3ef1..7af1a0688c 100644 --- a/windows/keep-secure/deployment-vdi-windows-defender-antivirus.md +++ b/windows/keep-secure/deployment-vdi-windows-defender-antivirus.md @@ -86,9 +86,7 @@ After creating the image, you should ensure it is fully updated. See [Configure ### Seal the base image When the base image is fully updated, you should run a quick scan on the image. This “sealing” or “locking” of the image helps Windows Defender AV build a cache of known-good files and avoid scanning them again on your VMs. In turn, this can help ensure performance on the VM is not impacted. - >[!NOTE] >Quick scan versus full scan @@ -115,7 +113,7 @@ The following references provide ways you can create and deploy the base image a ## Manage your VMs and base image How you manage your VDI will affect the performance impact of Windows Defender AV on your VMs and infrastructure. -Because Windows Defender AV downloads protection updates every day, or based on your protection update settings, network bandwidth can be a problem if multiple VMs attempt to download updates at the same time. +Because Windows Defender AV downloads protection updates every day, or [based on your protection update settings](manage-protection-updates-windows-defender-antivirus.md), network bandwidth can be a problem if multiple VMs attempt to download updates at the same time. Following the guidelines in this means the VMs will only need to download “delta” updates, which are the differences between an existing definition set and the next one. Delta updates are typically much smaller (a few kilobytes) than a full definition download (which can average around 150 mb). @@ -125,9 +123,9 @@ Following the guidelines in this means the VMs will only need to download “del If you are using a persistent VDI, you should update the base image monthly, and set up protection updates to be delivered daily via a file share, as follows: 1. Create a dedicated file share location on your network that can be accessed by your VMs and your VM host (or other, persistent machine, such as a dedicated admin console that you use to manage your VMs). 2. Set up a scheduled task on your VM host to automatically download updates from the MMPC website or Microsoft Update and save them to the file share (the [SignatureDownloadCustomTask PowerShell script](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4/DisplayScript) can help with this). -3. Configure the VMs to pull protection updates from the file share. +3. [Configure the VMs to pull protection updates from the file share](manage-protection-updates-windows-defender-antivirus.md). 4. Disable or delay automatic Microsoft updates on your VMs. See [Update Windows 10 in the enterprise](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-update-windows-10) for information on managing operating system updates with WSUS, SCCM, and others. -5. On or just after each Patch Tuesday (the second Tuesday of each month), update your base image with the latest protection updates from the MMPC website, WSUS, or Microsoft Update. Also apply all other Windows patches and fixes that were delivered on the Patch Tuesday. You can automate this by following the instructions in [Orchestrated offline VM Patching using Service Management Automation](https://blogs.technet.microsoft.com/privatecloud/2013/12/06/orchestrated-offline-vm-patching-using-service-management-automation/). +5. On or just after each Patch Tuesday (the second Tuesday of each month), [update your base image with the latest protection updates from the MMPC website, WSUS, or Microsoft Update](manage-protection-updates-windows-defender-antivirus.md) Also apply all other Windows patches and fixes that were delivered on the Patch Tuesday. You can automate this by following the instructions in [Orchestrated offline VM Patching using Service Management Automation](https://blogs.technet.microsoft.com/privatecloud/2013/12/06/orchestrated-offline-vm-patching-using-service-management-automation/). 5. [Run a quick scan](run-scan-windows-defender-antivirus.md) on your base image before deploying it to your VMs. A benefit to aligning your image update to the monthly Microsoft Update is that you ensure your VMs will have the latest Windows security patches and other important Microsoft updates without each VM needing to individually download them. @@ -138,8 +136,8 @@ A benefit to aligning your image update to the monthly Microsoft Update is that If you are using a non-persistent VDI, you can update the base image daily (or nightly) and directly apply the latest updates to the image. An example: -1. Every night or other time when you can safely take your VMs offline, update your base image with the latest protection updates from the MMPC website, WSUS, or Microsoft Update. -2. Run a quick scan on your base image before deploying it to your VMs. +1. Every night or other time when you can safely take your VMs offline, update your base image with the latest [protection updates from the MMPC website, WSUS, or Microsoft Update](manage-protection-updates-windows-defender-antivirus.md). +2. [Run a quick scan](run-scan-windows-defender-antivirus.md) on your base image before deploying it to your VMs. @@ -161,7 +159,7 @@ These settings can be configured as part of creating your base image, or as a da Windows Defender AV supports the randomization of scheduled scans and signature updates. This can be extremely helpful in reducing boot storms (especially when used in conjuction with [Disable scans from occuring after every update](#disable-scans-after-an-update) and [Scan out-of-date machines or machines that have been offline for a while](#scan-vms-that-have-been-offline). -Scheduled scans run in addition to real-time protection and scanning. +Scheduled scans run in addition to [real-time protection and scanning](configure-real-time-protection-windows-defender-antivirus.md). The start time of the scan itself is still based on the scheduled scan policy – ScheduleDay, ScheduleTime, ScheduleQuickScanTime. @@ -183,7 +181,7 @@ The start time of the scan itself is still based on the scheduled scan policy See [How to create and deploy antimalware policies: Advanced settings]( https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#advanced-settings) for details on configuring System Center Configuration Manager (current branch). - +See [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) for other configuration options available for scheduled scans. ### Use quick scans @@ -205,9 +203,7 @@ Quick scans are the preferred approach as they are designed to look in all place See [How to create and deploy antimalware policies: Scheduled scans settings]( https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scheduled-scans-settings) for details on configuring System Center Configuration Manager (current branch). - ### Prevent notifications