deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 00:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into apps-in-windows-10-update

Browse Source
This commit is contained in:
Heidi Lohr 2018-02-13 14:40:19 -08:00
commit 387d0a07b9
4 changed files with 86 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/TOC.md
View File

@ -171,7 +171,7 @@
#### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md) #### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
#### [Enable Security Analytics security controls](windows-defender-atp\enable-security-analytics-windows-defender-advanced-threat-protection.md) #### [Enable Security Analytics security controls](windows-defender-atp\enable-security-analytics-windows-defender-advanced-threat-protection.md)
### [Windows Defender ATP settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md) ### [Windows Defender ATP time zone settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md) ### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md) ### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md) ### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)

78
windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.localizationpriority: high ms.localizationpriority: high
author: brianlic-msft author: brianlic-msft
ms.date: 11/02/2017 ms.date: 02/13/2018
--- ---
# Steps to Deploy Windows Defender Application Control # Steps to Deploy Windows Defender Application Control
@ -142,6 +142,11 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_ADDINPROCESS" FriendlyName="AddInProcess.exe" FileName="AddInProcess.exe" MinimumFileVersion="65535.65535.65535.65535" /> <Deny ID="ID_DENY_ADDINPROCESS" FriendlyName="AddInProcess.exe" FileName="AddInProcess.exe" MinimumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_ADDINPROCESS32" FriendlyName="AddInProcess32.exe" FileName="AddInProcess32.exe" MinimumFileVersion="65535.65535.65535.65535" /> <Deny ID="ID_DENY_ADDINPROCESS32" FriendlyName="AddInProcess32.exe" FileName="AddInProcess32.exe" MinimumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_ADDINUTIL" FriendlyName="AddInUtil.exe" FileName="AddInUtil.exe" MinimumFileVersion="65535.65535.65535.65535" /> <Deny ID="ID_DENY_ADDINUTIL" FriendlyName="AddInUtil.exe" FileName="AddInUtil.exe" MinimumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_INFINSTALL" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_LXRUN" FriendlyName="lxrun.exe" FileName="lxrun.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" /> <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
<Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" /> <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
@ -392,6 +397,46 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_D_246" FriendlyName="PowerShell 246" Hash="0C4688AACD02829850DE0F792AC06D3C87895412A910EA76F7F9BF31B3B4A3E9"/> <Deny ID="ID_DENY_D_246" FriendlyName="PowerShell 246" Hash="0C4688AACD02829850DE0F792AC06D3C87895412A910EA76F7F9BF31B3B4A3E9"/>
<Deny ID="ID_DENY_D_247" FriendlyName="PowerShell 247" Hash="6DC048AFA50B5B1B0AD7DD3125AC83D46FED730A"/> <Deny ID="ID_DENY_D_247" FriendlyName="PowerShell 247" Hash="6DC048AFA50B5B1B0AD7DD3125AC83D46FED730A"/>
<Deny ID="ID_DENY_D_248" FriendlyName="PowerShell 248" Hash="432F666CCE8CD222484E263AE02F63E0038143DD6AD07B3EB1633CD3C498C13D"/> <Deny ID="ID_DENY_D_248" FriendlyName="PowerShell 248" Hash="432F666CCE8CD222484E263AE02F63E0038143DD6AD07B3EB1633CD3C498C13D"/>
<!--pubprn.vbs-->
<!--rs2 x86fre-->
<Deny ID="ID_DENY_D_249" FriendlyName="PubPrn 249" Hash="68E96BE23748AA680D5E1E557778901F332ED5D3" />
<Deny ID="ID_DENY_D_250" FriendlyName="PubPrn 250" Hash="8FA30B5931806565C2058E565C06AD5F1C5A48CDBE609975EB31207C25214063" />
<!--rs2 amd64fre-->
<Deny ID="ID_DENY_D_251" FriendlyName="PubPrn 251" Hash="32C4B29FE428B1DF473F3F4FECF519D285E93521" />
<Deny ID="ID_DENY_D_252" FriendlyName="PubPrn 252" Hash="D44FB563198D60DFDC91608949FE2FADAD6161854D084EB1968C558AA36513C7" />
<!--rs2 amd64chk-->
<Deny ID="ID_DENY_D_253" FriendlyName="PubPrn 253" Hash="9EDBEF086D350863F29175F5AB5178B88B142C75" />
<Deny ID="ID_DENY_D_254" FriendlyName="PubPrn 254" Hash="9B22C98351F2B6DEDDCED0D805C65F5B166FF519A8DF41EB242CB909471892EB" />
<!--rs2 x86chk-->
<Deny ID="ID_DENY_D_255" FriendlyName="PubPrn 255" Hash="8A3B30F345C43246B3500721CFEEADBAC6B9D9C6" />
<Deny ID="ID_DENY_D_256" FriendlyName="PubPrn 256" Hash="37C20BF20A2BBACE50957F8D0AB3FD16174BC005E79D47E51E899AFD9E4B7724" />
<!--rs2 woafre-->
<Deny ID="ID_DENY_D_257" FriendlyName="PubPrn 257" Hash="C659DAD2B37375781E2D584E16AAE2A10B5A1156" />
<Deny ID="ID_DENY_D_258" FriendlyName="PubPRn 258" Hash="EBDACA86F10AC0446D60CC75628EC7A370B1E2236E6D20F22372F91033B6D429" />
<!--rs3 amd64chk-->
<Deny ID="ID_DENY_D_259" FriendlyName="PubPrn 259" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4" />
<Deny ID="ID_DENY_D_260" FriendlyName="PubPrn 260" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F" />
<!--rs3 amd64fre-->
<Deny ID="ID_DENY_D_261" FriendlyName="PubPrn 261" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4" />
<Deny ID="ID_DENY_D_262" FriendlyName="PubPrn 262" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F" />
<!--rs3 arm64chk-->
<Deny ID="ID_DENY_D_263" FriendlyName="PubPrn 263" Hash="763A652217A1E30F2D288B7F44E08346949A02CD" />
<Deny ID="ID_DENY_D_264" FriendlyName="PubPrn 264" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D" />
<!--rs3 arm64fre-->
<Deny ID="ID_DENY_D_265" FriendlyName="PubPrn 265" Hash="763A652217A1E30F2D288B7F44E08346949A02CD" />
<Deny ID="ID_DENY_D_266" FriendlyName="PubPrn 266" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D" />
<!--rs3 woachk-->
<Deny ID="ID_DENY_D_267" FriendlyName="PubPrn 267" Hash="60FD28D770B23A0477679311D247DA4D5C61074C" />
<Deny ID="ID_DENY_D_268" FriendlyName="PubPrn 268" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F" />
<!--rs3 woafre-->
<Deny ID="ID_DENY_D_269" FriendlyName="PubPrn 269" Hash="60FD28D770B23A0477679311D247DA4D5C61074C" />
<Deny ID="ID_DENY_D_270" FriendlyName="PubPrn 270" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F" />
<!--rs3 x86chk-->
<Deny ID="ID_DENY_D_271" FriendlyName="PubPrn 271" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A" />
<Deny ID="ID_DENY_D_272" FriendlyName="PubPrn 272" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43" />
<!--rs3 x86fre-->
<Deny ID="ID_DENY_D_273" FriendlyName="PubPrn 273" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A" />
<Deny ID="ID_DENY_D_274" FriendlyName="PubPrn 274" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43" />
</FileRules> </FileRules>
<!--Signers--> <!--Signers-->
@ -430,6 +475,11 @@ Microsoft recommends that you block the following Microsoft-signed applications
<FileRuleRef RuleID="ID_DENY_ADDINPROCESS"/> <FileRuleRef RuleID="ID_DENY_ADDINPROCESS"/>
<FileRuleRef RuleID="ID_DENY_ADDINPROCESS32"/> <FileRuleRef RuleID="ID_DENY_ADDINPROCESS32"/>
<FileRuleRef RuleID="ID_DENY_ADDINUTIL"/> <FileRuleRef RuleID="ID_DENY_ADDINUTIL"/>
<FileRuleRef RuleID="ID_DENY_WSL"/>
<FileRuleRef RuleID="ID_DENY_WSLCONFIG"/>
<FileRuleRef RuleID="ID_DENY_WSLHOST"/>
<FileRuleRef RuleID="ID_DENY_INFINSTALL"/>
<FileRuleRef RuleID="ID_DENY_LXRUN"/>
<FileRuleRef RuleID="ID_DENY_D_1" /> <FileRuleRef RuleID="ID_DENY_D_1" />
<FileRuleRef RuleID="ID_DENY_D_2" /> <FileRuleRef RuleID="ID_DENY_D_2" />
<FileRuleRef RuleID="ID_DENY_D_3" /> <FileRuleRef RuleID="ID_DENY_D_3" />
@ -678,6 +728,32 @@ Microsoft recommends that you block the following Microsoft-signed applications
<FileRuleRef RuleID="ID_DENY_D_246"/> <FileRuleRef RuleID="ID_DENY_D_246"/>
<FileRuleRef RuleID="ID_DENY_D_247"/> <FileRuleRef RuleID="ID_DENY_D_247"/>
<FileRuleRef RuleID="ID_DENY_D_248"/> <FileRuleRef RuleID="ID_DENY_D_248"/>
<FileRuleRef RuleID="ID_DENY_D_249"/>
<FileRuleRef RuleID="ID_DENY_D_250"/>
<FileRuleRef RuleID="ID_DENY_D_251"/>
<FileRuleRef RuleID="ID_DENY_D_252"/>
<FileRuleRef RuleID="ID_DENY_D_253"/>
<FileRuleRef RuleID="ID_DENY_D_254"/>
<FileRuleRef RuleID="ID_DENY_D_255"/>
<FileRuleRef RuleID="ID_DENY_D_256"/>
<FileRuleRef RuleID="ID_DENY_D_257"/>
<FileRuleRef RuleID="ID_DENY_D_258"/>
<FileRuleRef RuleID="ID_DENY_D_259"/>
<FileRuleRef RuleID="ID_DENY_D_260"/>
<FileRuleRef RuleID="ID_DENY_D_261"/>
<FileRuleRef RuleID="ID_DENY_D_262"/>
<FileRuleRef RuleID="ID_DENY_D_263"/>
<FileRuleRef RuleID="ID_DENY_D_264"/>
<FileRuleRef RuleID="ID_DENY_D_265"/>
<FileRuleRef RuleID="ID_DENY_D_266"/>
<FileRuleRef RuleID="ID_DENY_D_267"/>
<FileRuleRef RuleID="ID_DENY_D_268"/>
<FileRuleRef RuleID="ID_DENY_D_269"/>
<FileRuleRef RuleID="ID_DENY_D_270"/>
<FileRuleRef RuleID="ID_DENY_D_271"/>
<FileRuleRef RuleID="ID_DENY_D_272"/>
<FileRuleRef RuleID="ID_DENY_D_273"/>
<FileRuleRef RuleID="ID_DENY_D_274"/>
</FileRulesRef> </FileRulesRef>
</ProductSigners> </ProductSigners>
</SigningScenario> </SigningScenario>

BIN
windows/security/threat-protection/windows-defender-atp/images/atp-time-zone.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 851 B

17
windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
View File

@ -1,5 +1,5 @@
--- ---
title: Windows Defender Advanced Threat Protection settings title: Windows Defender Advanced Threat Protection time zone settings
description: Use the menu to configure the time zone and view license information. description: Use the menu to configure the time zone and view license information.
keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -8,12 +8,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.author: macapara ms.author: macapara
author: DulceMV author: mjcaparas
ms.localizationpriority: high ms.localizationpriority: high
ms.date: 10/30/2017 ms.date: 02/13/2018
--- ---
# Windows Defender Advanced Threat Protection settings # Windows Defender Advanced Threat Protection time zone settings
**Applies to:** **Applies to:**
@ -27,7 +27,7 @@ ms.date: 10/30/2017
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-settings-abovefoldlink) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-settings-abovefoldlink)
Use the **Settings** menu ![Settings icon](images/settings.png) to configure the time zone and view license information. Use the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png) to configure the time zone and view license information.
## Time zone settings ## Time zone settings
The aspect of time is important in the assessment and analysis of perceived and actual cyberattacks. The aspect of time is important in the assessment and analysis of perceived and actual cyberattacks.
@ -36,7 +36,7 @@ Cyberforensic investigations often rely on time stamps to piece together the seq
Windows Defender ATP can display either Coordinated Universal Time (UTC) or local time. Windows Defender ATP can display either Coordinated Universal Time (UTC) or local time.
Your current time zone setting is shown in the Windows Defender ATP menu. You can change the displayed time zone in the **Settings** menu ![Settings icon](images/settings.png). Your current time zone setting is shown in the Windows Defender ATP menu. You can change the displayed time zone in the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png).
### UTC time zone ### UTC time zone
Windows Defender ATP uses UTC time by default. Windows Defender ATP uses UTC time by default.
@ -55,7 +55,7 @@ The Windows Defender ATP time zone is set by default to UTC.
Setting the time zone also changes the times for all Windows Defender ATP views. Setting the time zone also changes the times for all Windows Defender ATP views.
To set the time zone: To set the time zone:
1. Click the **Settings** menu ![Settings icon](images/settings.png). 1. Click the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png).
2. Select the **Timezone UTC** indicator. 2. Select the **Timezone UTC** indicator.
3. Select **Timezone UTC** or your local time zone, for example -7:00. 3. Select **Timezone UTC** or your local time zone, for example -7:00.
@ -88,5 +88,4 @@ The following date and time formats are currently not supported:
**Decimal symbol used in numbers**<br> **Decimal symbol used in numbers**<br>
Decimal symbol used is always a dot, even if a comma is selected in the **Numbers** format settings in **Region** settings. For example, 15,5K is displayed as 15.5K. Decimal symbol used is always a dot, even if a comma is selected in the **Numbers** format settings in **Region** settings. For example, 15,5K is displayed as 15.5K.
## License
Click the license link in the **Settings** menu to view the license agreement information for Windows Defender ATP.