deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 23:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #1880 from MicrosoftDocs/master

Browse Source 
Publish 1/17/2020 10:31 AM PST
This commit is contained in:
Thomas Raya 2020-01-17 12:40:14 -06:00 committed by GitHub
commit 2bb03fe03c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 29 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
View File

@ -23,11 +23,11 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
Before attempting this process, ensure you have read [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md), met all require prerequisites, and taken any other suggested troubleshooting steps.
On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process:
On at least two devices that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by taking the following steps:
1. Open an administrator-level version of the command prompt as follows:
@ -37,19 +37,15 @@ On at least two endpoints that are not reporting or showing up in Update Complia
c. Enter administrator credentials or approve the prompt.
2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:
2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`.
```Dos
cd c:\program files\windows\defender
```
3. Enter the following command and press **Enter**
3. Type the following command, and then press **Enter**
```Dos
mpcmdrun -getfiles
```
4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab.
4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.

4
windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
View File

@ -32,11 +32,11 @@ You can manage and configure Windows Defender Antivirus with the following tools
- Windows Management Instrumentation (WMI)
- The mpcmdrun.exe utility
The topics in this section provide further information, links, and resources for using these tools to manage and configure Windows Defender Antivirus.
The articles in this section provide further information, links, and resources for using these tools to manage and configure Windows Defender Antivirus.
## In this section
Topic | Description
Article | Description
---|---
[Manage Windows Defender Antivirus with Microsoft Intune and System Center Configuration Manager](use-intune-config-manager-windows-defender-antivirus.md)|Information about using Intune and System Center Configuration Manager to deploy, manage, report, and configure Windows Defender Antivirus
[Manage Windows Defender Antivirus with Group Policy settings](use-group-policy-windows-defender-antivirus.md)|List of all Group Policy settings located in ADMX templates

11
windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
View File

@ -12,7 +12,6 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
ms.date: 10/25/2018
ms.reviewer:
manager: dansimp
@ -30,11 +29,11 @@ See [Configure device restriction settings in Microsoft Intune](https://docs.mic
<a id="ref1"></a>
**Use Configuration Manager to configure scanning options:**
## Use Configuration Manager to configure scanning options:
See [How to create and deploy antimalware policies: Scan settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring System Center Configuration Manager (current branch).
**Use Group Policy to configure scanning options**
## Use Group Policy to configure scanning options
To configure the Group Policy settings described in the following table:
@ -63,15 +62,15 @@ Specify the level of subfolders within an archive folder to scan | Scan > Specif
>[!NOTE]
>If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives.
**Use PowerShell to configure scanning options**
## Use PowerShell to configure scanning options
See [Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
**Use WMI to configure scanning options**
## Use WMI to configure scanning options
For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx).
### Email scanning limitations
## Email scanning limitations
We recommend using [always-on real-time protection](configure-real-time-protection-windows-defender-antivirus.md) to protect against email-based malware.

5
windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md
View File

@ -12,7 +12,6 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
ms.date: 09/03/2018
ms.reviewer:
manager: dansimp
---
@ -127,8 +126,8 @@ See the following for more information:
3. Select **Windows Defender Offline scan** and click **Scan now**.
> [!NOTE]
> In Windows 10, version 1607, the offline scan could be run from under **Windows Settings** > **Update & security** > **Windows Defender** or from the Windows Defender client.
> [!NOTE]
> In Windows 10, version 1607, the offline scan could be run from under **Windows Settings** > **Update & security** > **Windows Defender** or from the Windows Defender client.
## Review scan results

29
windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
View File

@ -12,7 +12,6 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
ms.date: 09/03/2018
ms.reviewer:
manager: dansimp
---
@ -47,7 +46,7 @@ See the [Windows Security topic](/windows/threat-protection/windows-defender-sec
2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
![Screenshot of the Virus & threat protection settings label in the Windows Security app](images/defender/wdav-protection-settings-wdsc.png)
![Screenshot of the Virus & threat protection settings label in the Windows Security app](images/defender/wdav-protection-settings-wdsc.png)
## Comparison of settings and functions of the old app and the new app
@ -96,7 +95,7 @@ This section describes how to perform some of the most common tasks when reviewi
3. Click **Virus & threat protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version.
![Security intelligence version number information](images/defender/wdav-wdsc-defs.png)
![Security intelligence version number information](images/defender/wdav-wdsc-defs.png)
4. Click **Check for updates** to download new protection updates (if there are any).
@ -111,9 +110,9 @@ This section describes how to perform some of the most common tasks when reviewi
4. Toggle the **Real-time protection** switch to **On**.
>[!NOTE]
>If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats.
>If you install another antivirus product, Windows Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md).
>[!NOTE]
>If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats.
>If you install another antivirus product, Windows Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md).
<a id="exclusions"></a>
@ -129,18 +128,20 @@ This section describes how to perform some of the most common tasks when reviewi
4. Under the **Exclusions** setting, click **Add or remove exclusions**.
5. Click the plus icon to choose the type and set the options for each exclusion.
<a id="detection-history"></a>
### Review threat detection history in the Windows Defender Security Center app
1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
3. Click **Threat history**.
4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**).
1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or 
searching the start menu for **Defender**.
2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
3. Click **Threat history**
4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, 
**Allowed threats**).
<a id="ransomware"></a>
### Set ransomware protection and recovery options