From 28291efb0c37432c1258b840c56e74c11a32b332 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 16 Jan 2020 12:40:23 -0800 Subject: [PATCH 1/6] little fixes here and there --- .../collect-diagnostic-data-update-compliance.md | 14 +++++--------- ...agement-reference-windows-defender-antivirus.md | 4 ++-- ...vanced-scan-types-windows-defender-antivirus.md | 11 +++++------ 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md index c4c23a9ddd..1cae26190b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md +++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -23,11 +23,11 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in. +This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in. Before attempting this process, ensure you have read [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md), met all require prerequisites, and taken any other suggested troubleshooting steps. -On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process: +On at least two devices that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by taking the following steps: 1. Open an administrator-level version of the command prompt as follows: @@ -37,19 +37,15 @@ On at least two endpoints that are not reporting or showing up in Update Complia c. Enter administrator credentials or approve the prompt. -2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example: +2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`. - ```Dos - cd c:\program files\windows\defender - ``` - -3. Enter the following command and press **Enter** +3. Type the following command, and then press **Enter** ```Dos mpcmdrun -getfiles ``` -4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. +4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`. 5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md index 7bee1e3696..a76c0ab71a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md @@ -32,11 +32,11 @@ You can manage and configure Windows Defender Antivirus with the following tools - Windows Management Instrumentation (WMI) - The mpcmdrun.exe utility -The topics in this section provide further information, links, and resources for using these tools to manage and configure Windows Defender Antivirus. +The articles in this section provide further information, links, and resources for using these tools to manage and configure Windows Defender Antivirus. ## In this section -Topic | Description +Article | Description ---|--- [Manage Windows Defender Antivirus with Microsoft Intune and System Center Configuration Manager](use-intune-config-manager-windows-defender-antivirus.md)|Information about using Intune and System Center Configuration Manager to deploy, manage, report, and configure Windows Defender Antivirus [Manage Windows Defender Antivirus with Group Policy settings](use-group-policy-windows-defender-antivirus.md)|List of all Group Policy settings located in ADMX templates diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md index 5d969e79a9..1799b30b71 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md @@ -12,7 +12,6 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 10/25/2018 ms.reviewer: manager: dansimp @@ -30,11 +29,11 @@ See [Configure device restriction settings in Microsoft Intune](https://docs.mic -**Use Configuration Manager to configure scanning options:** +## Use Configuration Manager to configure scanning options: See [How to create and deploy antimalware policies: Scan settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring System Center Configuration Manager (current branch). -**Use Group Policy to configure scanning options** +## Use Group Policy to configure scanning options To configure the Group Policy settings described in the following table: @@ -63,15 +62,15 @@ Specify the level of subfolders within an archive folder to scan | Scan > Specif >[!NOTE] >If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. -**Use PowerShell to configure scanning options** +## Use PowerShell to configure scanning options See [Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. -**Use WMI to configure scanning options** +## Use WMI to configure scanning options For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx). -### Email scanning limitations +## Email scanning limitations We recommend using [always-on real-time protection](configure-real-time-protection-windows-defender-antivirus.md) to protect against email-based malware. From 9dd41a26c3f3b21dbe0815d25943bbde74a74c73 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 16 Jan 2020 13:13:24 -0800 Subject: [PATCH 2/6] little updates/fixes --- .../windows-defender-antivirus/windows-defender-offline.md | 1 - .../windows-defender-security-center-antivirus.md | 1 - 2 files changed, 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md index 4187645c2e..58aaa07a51 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md @@ -12,7 +12,6 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 ms.reviewer: manager: dansimp --- diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index 5935c90319..e93bd2c413 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -12,7 +12,6 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 ms.reviewer: manager: dansimp --- From b52f67c701bee31acd3c6240d59a923cbb259c15 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 16 Jan 2020 14:47:19 -0800 Subject: [PATCH 3/6] Made changes to correct indentation in a few places --- .../windows-defender-security-center-antivirus.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index e93bd2c413..057c8eefd0 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -46,7 +46,7 @@ See the [Windows Security topic](/windows/threat-protection/windows-defender-sec 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). -![Screenshot of the Virus & threat protection settings label in the Windows Security app](images/defender/wdav-protection-settings-wdsc.png) + ![Screenshot of the Virus & threat protection settings label in the Windows Security app](images/defender/wdav-protection-settings-wdsc.png) ## Comparison of settings and functions of the old app and the new app @@ -95,7 +95,7 @@ This section describes how to perform some of the most common tasks when reviewi 3. Click **Virus & threat protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version. -![Security intelligence version number information](images/defender/wdav-wdsc-defs.png) + ![Security intelligence version number information](images/defender/wdav-wdsc-defs.png) 4. Click **Check for updates** to download new protection updates (if there are any). @@ -110,9 +110,9 @@ This section describes how to perform some of the most common tasks when reviewi 4. Toggle the **Real-time protection** switch to **On**. ->[!NOTE] ->If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats. ->If you install another antivirus product, Windows Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md). + >[!NOTE] + >If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats. + >If you install another antivirus product, Windows Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md). @@ -132,6 +132,7 @@ This section describes how to perform some of the most common tasks when reviewi ### Review threat detection history in the Windows Defender Security Center app + 1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**. 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). From 8a4ad1ced5e921d7b32abbe1996ef058eac68853 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 16 Jan 2020 15:07:28 -0800 Subject: [PATCH 4/6] Indented a note --- .../windows-defender-antivirus/windows-defender-offline.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md index 58aaa07a51..8837f79190 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md @@ -126,8 +126,8 @@ See the following for more information: 3. Select **Windows Defender Offline scan** and click **Scan now**. -> [!NOTE] -> In Windows 10, version 1607, the offline scan could be run from under **Windows Settings** > **Update & security** > **Windows Defender** or from the Windows Defender client. + > [!NOTE] + > In Windows 10, version 1607, the offline scan could be run from under **Windows Settings** > **Update & security** > **Windows Defender** or from the Windows Defender client. ## Review scan results From d5fe2808041cc7f26dba6b54e03467ef009a9fbe Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 16 Jan 2020 15:33:29 -0800 Subject: [PATCH 5/6] Trying again to get indentation in a procedure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "Review threat detection history in the Windows Defender Security Center app" did not indent and had some strange behavior in the GitHub editor. Maybe this time we'll get indentation... --- ...windows-defender-security-center-antivirus.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index 057c8eefd0..1280b1d739 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -128,19 +128,19 @@ This section describes how to perform some of the most common tasks when reviewi 4. Under the **Exclusions** setting, click **Add or remove exclusions**. 5. Click the plus icon to choose the type and set the options for each exclusion. - ### Review threat detection history in the Windows Defender Security Center app -1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). - -3. Click **Threat history**. - -4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**). + 1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or  + searching the start menu for **Defender**. + 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). + + 3. Click **Threat history** + + 4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**). + ### Set ransomware protection and recovery options From e2308440b3f9bcfe1836a348506013ad6225faa7 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 16 Jan 2020 15:44:29 -0800 Subject: [PATCH 6/6] One more attempt at indentation... ...and then I'll let this go if it doesn't work. --- .../windows-defender-security-center-antivirus.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index 1280b1d739..be4f7240f1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -132,14 +132,15 @@ This section describes how to perform some of the most common tasks when reviewi ### Review threat detection history in the Windows Defender Security Center app - 1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or  - searching the start menu for **Defender**. + 1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or  + searching the start menu for **Defender**. - 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). + 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). - 3. Click **Threat history** + 3. Click **Threat history** - 4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**). + 4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**,  + **Allowed threats**).