From b7a3a81d5e086a6a5ba46bdbc2f7fbc18beb5505 Mon Sep 17 00:00:00 2001 From: JesseEsquivel <33558203+JesseEsquivel@users.noreply.github.com> Date: Fri, 10 Apr 2020 12:46:23 -0400 Subject: [PATCH 1/3] Updated documentation to reflect that quotes are not supported when using GPO Quotes are not supported for ASR exclusions, we need to make this clear to our customers, as it is very confusing to them when reading the ADMX template for the setting - because the ADMX template for this setting actually contains double quotes. Went through this with a customer until we found that quotes are not supported: https://microsoft.visualstudio.com/DefaultCollection/OS/_workitems/edit/23141041 --- .../customize-attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md index a1d4579881..40242a3fe4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md @@ -74,7 +74,7 @@ See the [attack surface reduction](attack-surface-reduction.md) topic for detail 3. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack surface reduction**. -4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. +4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. Do not use quotes as they are not supported for either the **Value name** column or the **Value** column. ### Use PowerShell to exclude files and folders From a8cfd28c22023b6137d8d4853d6440773ce7a921 Mon Sep 17 00:00:00 2001 From: JesseEsquivel <33558203+JesseEsquivel@users.noreply.github.com> Date: Mon, 13 Apr 2020 10:24:05 -0400 Subject: [PATCH 2/3] Updated additional statement to WARNING Updated additional statement to WARNING --- .../customize-attack-surface-reduction.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md index 40242a3fe4..0786bb44f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md @@ -74,7 +74,10 @@ See the [attack surface reduction](attack-surface-reduction.md) topic for detail 3. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack surface reduction**. -4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. Do not use quotes as they are not supported for either the **Value name** column or the **Value** column. +4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. + +> [!WARNING] +> Do not use quotes as they are not supported for either the **Value name** column or the **Value** column. ### Use PowerShell to exclude files and folders From b9d170a4d5f48166d8bb5738a510fff445a84d86 Mon Sep 17 00:00:00 2001 From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com> Date: Mon, 13 Apr 2020 09:35:03 -0700 Subject: [PATCH 3/3] fix space between [] and () for md link --- .../deployment/update/update-compliance-configuration-script.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index fd14c25d99..2167039e0c 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -41,7 +41,7 @@ When using the script in the context of troubleshooting, use `Pilot`. Enter `Run 2. Configure `commercialIDValue` to your CommercialID. To get your CommercialID, see [Getting your CommercialID](update-compliance-get-started.md#get-your-commercialid). 3. Run the script. The script must be run in System context. 4. Examine the Logs output for any issues. If there were issues: - - Compare Logs output with the required settings covered in [Manually Configuring Devices for Update Compliance] (update-compliance-configuration-manual.md). + - Compare Logs output with the required settings covered in [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md). - Examine the script errors and refer to the [script error reference](#script-error-reference) on how to interpret the codes. - Make the necessary corrections and run the script again. 5. When you no longer have issues, proceed to using the script for more broad deployment with the `Deployment` folder.