From 3f473741494d0145044067b95368cab4e2bdadd3 Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Fri, 16 Oct 2020 10:00:24 -0700 Subject: [PATCH 01/13] Initial commit of recommended driver block policy --- .../TOC.md | 1 + ...icrosoft-recommended-driver-block-rules.md | 383 ++++++++++++++++++ 2 files changed, 384 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index a8f8114e8a..79c0d8087a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -14,6 +14,7 @@ #### [Authorize reputable apps with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md) #### [Use multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md) #### [Microsoft recommended block rules](microsoft-recommended-block-rules.md) +#### [Microsoft recommended driver block rules](microsoft-recommended-driver-block-rules.md) ### Create your initial WDAC policy #### [Example WDAC base policies](example-wdac-base-policies.md) #### [Policy creation for common WDAC usage scenarios](types-of-devices.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md new file mode 100644 index 0000000000..f934ae0258 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -0,0 +1,383 @@ +--- +title: Microsoft recommended driver block rules (Windows 10) +description: View a list of recommended block rules to block vulnerable third party drivers discovered by Mirosoft and the security research community. +keywords: security, malware, kernel mode, driver +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +audience: ITPro +ms.collection: M365-security-compliance +author: jogeurte +ms.reviewer: isbrahm +ms.author: dansimp +manager: dansimp +ms.date: 10/15/2020 +--- + +# Microsoft recommended driver block rules + +**Applies to:** + +- Windows 10 +- Windows Server 2016 and above + +One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Mirosoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is rolled out to HVCI-enabled systems and Windows 10S mode devices. + +Microsoft has strict requirements for code running in kernel. Malicious actors may exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. Unless your devices explicitly require them, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. As always, it is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. + + + +```xml + + + 10.0.19565.0 + {D2BDA982-CCF6-4344-AC5B-0B44427B6816} + {2E07F7E4-194C-4D20-B7C9-6F44A6C5A234} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 0 + + + + Microsoft Windows Driver Policy + + + + + 10.0.19565.0 + + + + +``` +
+ + +## More information + +- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md) From fb51b44174e9180018dc47b8c6aa03c9a2ffa3b8 Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Fri, 16 Oct 2020 11:03:31 -0700 Subject: [PATCH 02/13] Updated recommended driver block list to recommend enabling HVCI or 10s where applicable --- .../microsoft-recommended-driver-block-rules.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index f934ae0258..f07cf6b43a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -24,9 +24,16 @@ ms.date: 10/15/2020 - Windows 10 - Windows Server 2016 and above -One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Mirosoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is rolled out to HVCI-enabled systems and Windows 10S mode devices. +Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Mirosoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is applied to the following sets of devices: -Microsoft has strict requirements for code running in kernel. Malicious actors may exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. Unless your devices explicitly require them, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. As always, it is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. +- Hypervisor-protected code integrity (HVCI) enabled devices +- Windows 10S mode devices + +Microsoft recommends enabling [HVCI](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or Windows 10S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. + + +> [!Note] +> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. As always, it is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. From d47a92c6d506a96d3c254314b477d2861b7ea6e8 Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Fri, 16 Oct 2020 11:08:19 -0700 Subject: [PATCH 03/13] Update microsoft-recommended-driver-block-rules.md --- .../microsoft-recommended-driver-block-rules.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index f07cf6b43a..778697d2d2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -29,11 +29,11 @@ Microsoft has strict requirements for code running in kernel. Consequently, mali - Hypervisor-protected code integrity (HVCI) enabled devices - Windows 10S mode devices -Microsoft recommends enabling [HVCI](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or Windows 10S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. +Microsoft recommends enabling [HVCI](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or Windows 10S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. > [!Note] -> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. As always, it is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. +> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. From d0b9c31273ac60e4370df4f5c0234994060d98fc Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Mon, 19 Oct 2020 15:40:32 -0700 Subject: [PATCH 04/13] Update windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-recommended-driver-block-rules.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index 778697d2d2..7de5633c5b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -36,7 +36,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/en-us/windows/se > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. - ```xml From ab729bcddda7cc7dc437d068a9def16439b8e9c0 Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Mon, 19 Oct 2020 16:36:09 -0700 Subject: [PATCH 05/13] Fixed references to Windows 10 in S mode --- .../microsoft-recommended-driver-block-rules.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index 7de5633c5b..11bc4ac368 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -27,9 +27,9 @@ ms.date: 10/15/2020 Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Mirosoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is applied to the following sets of devices: - Hypervisor-protected code integrity (HVCI) enabled devices -- Windows 10S mode devices +- Windows 10 in S mode (S mode) devices -Microsoft recommends enabling [HVCI](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or Windows 10S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. +Microsoft recommends enabling [HVCI](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. > [!Note] From 1de678d0cc785d8001a80bc5b6a3c4212175a3b4 Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Mon, 19 Oct 2020 17:07:48 -0700 Subject: [PATCH 06/13] Update microsoft-recommended-driver-block-rules.md --- .../microsoft-recommended-driver-block-rules.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index 11bc4ac368..5c960685b2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -1,6 +1,6 @@ --- title: Microsoft recommended driver block rules (Windows 10) -description: View a list of recommended block rules to block vulnerable third party drivers discovered by Mirosoft and the security research community. +description: View a list of recommended block rules to block vulnerable third party drivers discovered by Microsoft and the security research community. keywords: security, malware, kernel mode, driver ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 @@ -24,7 +24,7 @@ ms.date: 10/15/2020 - Windows 10 - Windows Server 2016 and above -Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Mirosoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is applied to the following sets of devices: +Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is applied to the following sets of devices: - Hypervisor-protected code integrity (HVCI) enabled devices - Windows 10 in S mode (S mode) devices From 08a04fde1160a63b6df9a27c3409c0e4d6aecf45 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 21 Oct 2020 11:50:14 -0700 Subject: [PATCH 07/13] Added new policy --- .../mdm/policy-csp-update.md | 84 ++++++++++++++++++- 1 file changed, 83 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index fb0f2d5519..e9a6c97921 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 02/10/2020 +ms.date: 10/21/2020 ms.reviewer: manager: dansimp --- @@ -96,6 +96,9 @@ manager: dansimp
Update/DisableDualScan
+
+ Update/DisableWUfBSafeguards +
Update/EngagedRestartDeadline
@@ -2013,6 +2016,85 @@ The following list shows the supported values:
+ +**Update/DisableWUfBSafeguards** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark5
Businesscheck mark5
Enterprisecheck mark5
Educationcheck mark5
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows Update for Business (WUfB) devices running Windows 10, version 1809 and above and installed with October 2020 security update. This policy setting specifies that a WUfB device should skip safeguards. + +Safeguard holds prevent a device with a known compatibility issue from being offered a new OS version. The offering will proceed once a fix is issued and is verified on a held device. The aim of safeguards is to protect the device and user from a failed or poor upgrade experience. + +The safeguard holds protection is provided by default to all the devices trying to update to a new Windows 10 Feature Update version via Windows Update. + +IT admins can, if necessary, opt devices out of safeguard protections using this policy setting or via the “Disable safeguards for Feature Updates” Group Policy. + +> [!NOTE] +> Opting out of the safeguards can put devices at risk from known performance issues. We recommend opting out only in an IT environment for validation purposes. Further, you can leverage the Windows Insider Program for Business Release Preview Channel in order to validate the upcoming Windows 10 Feature Update version without the safeguards being applied. +> +> The disable safeguards policy will revert to “Not Configured” on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update. +> +> Disabling safeguards does not guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you are bypassing the protection given by Microsoft pertaining to known issues. + + + +ADMX Info: +- GP English name: *Disable safeguards for Feature Updates* +- GP name: *DisableWUfBSafeguards* +- GP path: *Windows Components/Windows Update/Windows Update for Business* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0 (default) - Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared. +- 1 - Safeguards are not enabled and upgrades will be deployed without blocking on safeguards. + + + + +
+ **Update/EngagedRestartDeadline** From cc6dace3df30a4ce797537c2a65f57238c4e47fc Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 21 Oct 2020 16:15:57 -0700 Subject: [PATCH 08/13] device impact --- .../next-gen-threat-and-vuln-mgt.md | 2 +- .../tvm-assign-device-value.md | 17 +++++++++++++---- .../tvm-dashboard-insights.md | 1 + .../tvm-end-of-support-software.md | 1 - .../microsoft-defender-atp/tvm-exception.md | 1 + .../tvm-exposure-score.md | 1 + .../tvm-hunt-exposed-devices.md | 1 + .../tvm-microsoft-secure-score-devices.md | 2 +- .../microsoft-defender-atp/tvm-prerequisites.md | 1 + .../microsoft-defender-atp/tvm-remediation.md | 1 + 10 files changed, 21 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index 2e96df8aa4..54a1538ebe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: conceptual +ms.topic: overview --- # Threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md index 9c96e86336..8dfec3f344 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md @@ -23,10 +23,10 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) @@ -54,14 +54,23 @@ Examples of devices that should be assigned a high value: 1. Navigate to any device page, the easiest place is from the device inventory. 2. Select **Device value** from three dots next to the actions bar at the top of the page. - ![Example of the device value dropdown.](images/tvm-device-value-dropdown.png) -

+ ![Example of the device value dropdown.](images/tvm-device-value-dropdown.png) 3. A flyout will appear with the current device value and what it means. Review the value of the device and choose the one that best fits your device. ![Example of the device value flyout.](images/tvm-device-value-flyout.png) +## How device value impacts your exposure score + +The exposure score is a weighted average across all devices. If you have device groups, you can also filter the score by device group. + +- Normal devices have a weight of 1 +- Low value devices have a weight of 0.75 +- High value devices have a weight of NumberOfAssets / 10. + - If you have 100 devices, each high value device will have a weight of 10 (100/10) + ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) -- [APIs](next-gen-threat-and-vuln-mgt.md#apis) +- [Exposure Score](tvm-exposure-score.md) +- [APIs](next-gen-threat-and-vuln-mgt.md#apis) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index debae585fc..004ad94602 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -25,6 +25,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md index cbc9cc0924..7d2f8da30c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md @@ -22,7 +22,6 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md index 8b0dad82a1..f8f6565174 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md @@ -23,6 +23,7 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** + - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index 9d0f0c2f8a..184d1740b8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -26,6 +26,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md index 694318d1d4..d530052017 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md @@ -26,6 +26,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md index 5bf4c26a63..ea67db383d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md @@ -22,10 +22,10 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >[!NOTE] > Configuration score is now part of threat and vulnerability management as Microsoft Secure Score for Devices. diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md index 437ee5c49d..9aba0d42d1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md @@ -24,6 +24,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 72f2ad5028..83f4fa34f0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -24,6 +24,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) From dd2e31a886078749e0b46335cd33ef4bdc2ecf47 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Oct 2020 16:33:32 -0700 Subject: [PATCH 09/13] Corrected contributor's user name, removed `/en-us` from a URL --- .../microsoft-recommended-driver-block-rules.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index 5c960685b2..d181f745f5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: jogeurte +author: jgeurten ms.reviewer: isbrahm ms.author: dansimp manager: dansimp @@ -29,7 +29,7 @@ Microsoft has strict requirements for code running in kernel. Consequently, mali - Hypervisor-protected code integrity (HVCI) enabled devices - Windows 10 in S mode (S mode) devices -Microsoft recommends enabling [HVCI](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. +Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. > [!Note] From a791a02db0957ca308c5ce23bb370041e1639014 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Oct 2020 16:39:56 -0700 Subject: [PATCH 10/13] Minor corrections in order to have something to push --- .../microsoft-recommended-driver-block-rules.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index d181f745f5..70b5806db3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -24,9 +24,9 @@ ms.date: 10/15/2020 - Windows 10 - Windows Server 2016 and above -Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is applied to the following sets of devices: +Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is applied to the following sets of devices: -- Hypervisor-protected code integrity (HVCI) enabled devices +- Hypervisor-protected code integrity (HVCI) enabled devices - Windows 10 in S mode (S mode) devices Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. From 05eb749c650f05ea50e5da1581fa4f290150e5b1 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 21 Oct 2020 16:45:57 -0700 Subject: [PATCH 11/13] Updated what's new --- .../mdm/change-history-for-mdm-documentation.md | 2 +- .../mdm/new-in-windows-mdm-enrollment-management.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index 698c4fa9b7..bfa2ec836d 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -20,7 +20,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |New or updated article | Description| |--- | ---| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [WindowsSandbox/AllowAudioInput](policy-csp-windowssandbox.md#windowssandbox-allowaudioinput)
- [WindowsSandbox/AllowClipboardRedirection](policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection)
- [WindowsSandbox/AllowNetworking](policy-csp-windowssandbox.md#windowssandbox-allownetworking)
- [WindowsSandbox/AllowPrinterRedirection](policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection)
- [WindowsSandbox/AllowVGPU](policy-csp-windowssandbox.md#windowssandbox-allowvgpu)
- [WindowsSandbox/AllowVideoInput](policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [Update/DisableWUfBSafeguards](policy-csp-update.md#update-disablewufbsafeguards)
- [WindowsSandbox/AllowAudioInput](policy-csp-windowssandbox.md#windowssandbox-allowaudioinput)
- [WindowsSandbox/AllowClipboardRedirection](policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection)
- [WindowsSandbox/AllowNetworking](policy-csp-windowssandbox.md#windowssandbox-allownetworking)
- [WindowsSandbox/AllowPrinterRedirection](policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection)
- [WindowsSandbox/AllowVGPU](policy-csp-windowssandbox.md#windowssandbox-allowvgpu)
- [WindowsSandbox/AllowVideoInput](policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) | ## September 2020 diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 4bacaba62e..9f14f29625 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -61,7 +61,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s | New or updated article | Description | |-----|-----| -|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings in Windows 10, version 1809:
- ApplicationManagement/LaunchAppAfterLogOn
- ApplicationManagement/ScheduleForceRestartForUpdateFailures
- Authentication/EnableFastFirstSignIn (Preview mode only)
- Authentication/EnableWebSignIn (Preview mode only)
- Authentication/PreferredAadTenantDomainName
- Browser/AllowFullScreenMode
- Browser/AllowPrelaunch
- Browser/AllowPrinting
- Browser/AllowSavingHistory
- Browser/AllowSideloadingOfExtensions
- Browser/AllowTabPreloading
- Browser/AllowWebContentOnNewTabPage
- Browser/ConfigureFavoritesBar
- Browser/ConfigureHomeButton
- Browser/ConfigureKioskMode
- Browser/ConfigureKioskResetAfterIdleTimeout
- Browser/ConfigureOpenMicrosoftEdgeWith
- Browser/ConfigureTelemetryForMicrosoft365Analytics
- Browser/PreventCertErrorOverrides
- Browser/SetHomeButtonURL
- Browser/SetNewTabPageURL
- Browser/UnlockHomeButton
- Defender/CheckForSignaturesBeforeRunningScan
- Defender/DisableCatchupFullScan
- Defender/DisableCatchupQuickScan
- Defender/EnableLowCPUPriority
- Defender/SignatureUpdateFallbackOrder
- Defender/SignatureUpdateFileSharesSources
- DeviceGuard/ConfigureSystemGuardLaunch
- DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
- DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
- DeviceInstallation/PreventDeviceMetadataFromNetwork
- DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
- DmaGuard/DeviceEnumerationPolicy
- Experience/AllowClipboardHistory
- Experience/DoNotSyncBrowserSettings
- Experience/PreventUsersFromTurningOnBrowserSyncing
- Kerberos/UPNNameHints
- Privacy/AllowCrossDeviceClipboard
- Privacy/DisablePrivacyExperience
- Privacy/UploadUserActivities
- Security/RecoveryEnvironmentAuthentication
- System/AllowDeviceNameInDiagnosticData
- System/ConfigureMicrosoft365UploadEndpoint
- System/DisableDeviceDelete
- System/DisableDiagnosticDataViewer
- Storage/RemovableDiskDenyWriteAccess
- TaskManager/AllowEndTask
- Update/EngagedRestartDeadlineForFeatureUpdates
- Update/EngagedRestartSnoozeScheduleForFeatureUpdates
- Update/EngagedRestartTransitionScheduleForFeatureUpdates
- Update/SetDisablePauseUXAccess
- Update/SetDisableUXWUAccess
- WindowsDefenderSecurityCenter/DisableClearTpmButton
- WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
- WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
- WindowsLogon/DontDisplayNetworkSelectionUI | +|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings in Windows 10, version 1809:
- ApplicationManagement/LaunchAppAfterLogOn
- ApplicationManagement/ScheduleForceRestartForUpdateFailures
- Authentication/EnableFastFirstSignIn (Preview mode only)
- Authentication/EnableWebSignIn (Preview mode only)
- Authentication/PreferredAadTenantDomainName
- Browser/AllowFullScreenMode
- Browser/AllowPrelaunch
- Browser/AllowPrinting
- Browser/AllowSavingHistory
- Browser/AllowSideloadingOfExtensions
- Browser/AllowTabPreloading
- Browser/AllowWebContentOnNewTabPage
- Browser/ConfigureFavoritesBar
- Browser/ConfigureHomeButton
- Browser/ConfigureKioskMode
- Browser/ConfigureKioskResetAfterIdleTimeout
- Browser/ConfigureOpenMicrosoftEdgeWith
- Browser/ConfigureTelemetryForMicrosoft365Analytics
- Browser/PreventCertErrorOverrides
- Browser/SetHomeButtonURL
- Browser/SetNewTabPageURL
- Browser/UnlockHomeButton
- Defender/CheckForSignaturesBeforeRunningScan
- Defender/DisableCatchupFullScan
- Defender/DisableCatchupQuickScan
- Defender/EnableLowCPUPriority
- Defender/SignatureUpdateFallbackOrder
- Defender/SignatureUpdateFileSharesSources
- DeviceGuard/ConfigureSystemGuardLaunch
- DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
- DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
- DeviceInstallation/PreventDeviceMetadataFromNetwork
- DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
- DmaGuard/DeviceEnumerationPolicy
- Experience/AllowClipboardHistory
- Experience/DoNotSyncBrowserSettings
- Experience/PreventUsersFromTurningOnBrowserSyncing
- Kerberos/UPNNameHints
- Privacy/AllowCrossDeviceClipboard
- Privacy/DisablePrivacyExperience
- Privacy/UploadUserActivities
- Security/RecoveryEnvironmentAuthentication
- System/AllowDeviceNameInDiagnosticData
- System/ConfigureMicrosoft365UploadEndpoint
- System/DisableDeviceDelete
- System/DisableDiagnosticDataViewer
- Storage/RemovableDiskDenyWriteAccess
- TaskManager/AllowEndTask
- Update/DisableWUfBSafeguards
- Update/EngagedRestartDeadlineForFeatureUpdates
- Update/EngagedRestartSnoozeScheduleForFeatureUpdates
- Update/EngagedRestartTransitionScheduleForFeatureUpdates
- Update/SetDisablePauseUXAccess
- Update/SetDisableUXWUAccess
- WindowsDefenderSecurityCenter/DisableClearTpmButton
- WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
- WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
- WindowsLogon/DontDisplayNetworkSelectionUI | | [BitLocker CSP](bitlocker-csp.md) | Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro. | | [Defender CSP](defender-csp.md) | Added a new node Health/ProductStatus in Windows 10, version 1809. | | [DevDetail CSP](devdetail-csp.md) | Added a new node SMBIOSSerialNumber in Windows 10, version 1809. | From 0e7903ec59f5cfaa6ead2cb5cfded56779456dfc Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 21 Oct 2020 16:51:33 -0700 Subject: [PATCH 12/13] Updated policy index page --- .../mdm/policy-configuration-service-provider.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 11bb156559..9ff8a03ab1 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -5225,6 +5225,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Update/DisableDualScan
+
+ Update/DisableWUfBSafeguards +
Update/EngagedRestartDeadline
From 2356735f91014ebc72ddd2ecb6fa9516a9a59eff Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Oct 2020 18:18:21 -0700 Subject: [PATCH 13/13] Acrolinx grammar: "third party" as an adjective --- .../microsoft-recommended-driver-block-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index 286c0dcbe3..7d56cdbe9e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -1,6 +1,6 @@ --- title: Microsoft recommended driver block rules (Windows 10) -description: View a list of recommended block rules to block vulnerable third party drivers discovered by Microsoft and the security research community. +description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community. keywords: security, malware, kernel mode, driver ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10