deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #5946 from MicrosoftDocs/repo_sync_working_branch

Browse Source 
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Diana Hanson 2021-11-10 10:19:37 -07:00 committed by GitHub
commit 36d459da26
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/intelligence/submission-guide.md
View File

@ -23,7 +23,7 @@ If you have a file that you suspect might be malware or is being incorrectly det
## How do I send a malware file to Microsoft?
You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/wdsi/filesubmission).
You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission).
We receive a large number of samples from many sources. Our analysis is prioritized by the number of file detections and the type of submission. You can help us complete a quick analysis by providing detailed information about the product you were using and what you were doing when you found the file.
@ -31,7 +31,7 @@ After you sign in, you will be able to track your submissions.
## Can I send a sample by email?
No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/wdsi/filesubmission).
No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission).
## Can I submit a sample without signing in?
@ -43,7 +43,7 @@ The [Software Assurance ID (SAID)](https://www.microsoft.com/licensing/licensing
### How do I dispute the detection of my program?
[Submit the file](https://www.microsoft.com/wdsi/filesubmission) in question as a software developer. Wait until your submission has a final determination.
[Submit the file](https://www.microsoft.com/en-us/wdsi/filesubmission) in question as a software developer. Wait until your submission has a final determination.
If youre not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary.
@ -51,7 +51,7 @@ We encourage all software vendors and developers to read about [how Microsoft id
## How do I track or view past sample submissions?
You can track your submissions through the [submission history page](https://www.microsoft.com/wdsi/submissionhistory).
You can track your submissions through the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory).
## What does the submission status mean?
@ -63,7 +63,7 @@ Each submission is shown to be in one of the following status types:
* Closed—a final determination has been given by an analyst
You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/wdsi/submissionhistory).
You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory).
## How does Microsoft prioritize submissions

44
windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
View File

@ -10,7 +10,7 @@ ms.reviewer: jogeurte
ms.author: jogeurte
ms.manager: jsuther
manager: dansimp
ms.date: 04/14/2021
ms.date: 11/06/2021
ms.technology: windows-sec
ms.topic: article
ms.localizationpriority: medium
@ -32,7 +32,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
> [!NOTE]
> To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
## Script-based deployment process for Windows 10 version 1903 and above
## Deploying policies for Windows 10 version 1903 and above
1. Initialize the variables to be used by the script.
@ -56,23 +56,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
& $RefreshPolicyTool
```
### Deploying signed policies
In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically.
1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt:
```powershell
mountvol J: /S
J:
mkdir J:\EFI\Microsoft\Boot\CiPolicies\Active
```
2. Copy the signed policy binary as `{PolicyGUID}.cip` to `J:\EFI\Microsoft\Boot\CiPolicies\Active`.
3. Reboot the system.
## Script-based deployment process for Windows 10 versions earlier than 1903
## Deploying policies for Windows 10 versions earlier than 1903
1. Initialize the variables to be used by the script.
@ -93,3 +77,25 @@ In addition to the steps outlined above, the binary policy file must also be cop
```powershell
Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary}
```
## Deploying signed policies
In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically.
1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt:
```powershell
$MountPoint = 'C:\EFI'
$EFIDestinationFolder = "$MountPoint\Microsoft\Boot\CiPolicies\Active"
$EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
mkdir $EFIDestinationFolder
mountvol $MountPoint $EFIPartition
```
2. Copy the signed policy to the created folder:
```powershell
Copy-Item -Path $PolicyBinary -Destination $EFIDestinationFolder -Force
```
3. Restart the system.