diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index 45adf2a6af..9acab9ce56 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -54,7 +54,7 @@ You can also [customize the message displayed on users' desktops](https://docs.m When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. -In Windows 10, version 1803, the Block at first sight feature can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. +In Windows 10, version 1803, the Block at First Sight feature can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file. diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png index 854e2b209d..f55eea0b2c 100644 Binary files a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png and b/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc-defs.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc-defs.png index 42864aafbb..85c2948477 100644 Binary files a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc-defs.png and b/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-wdsc-defs.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index a3b17974a0..dc9a8ef5b0 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -54,6 +54,8 @@ Read the following blog posts for detailed protection stories involving cloud-pr Cloud-delivered protection is enabled by default. However, you may need to re-enable it if it has been disabled as part of previous organizational policies. +Organizations running Windows 10 E5, version 1803 can also take advantage of emergency dynamic intelligence updates, which provide near real-time protection from emerging threats. When you turn cloud-delivered protection on, we can deliver a fix for a malware issue via the cloud within minutes instead of waiting for the next update. + >[!TIP] >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index 6df6d94b98..ae39992504 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -52,7 +52,7 @@ Some of the highlights of Windows Defender AV include: ## What's new in Windows 10, version 1803 - The [Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. -- The [Virus & threat protection area in the Windows Defender Security Center](windows-defender-security-center-antivirus.md) now includes a section for Ransomware protection. It includes Controlled folder access settings and ransomware recovery settings. +- The [Virus & threat protection area in the Windows Defender Security Center](windows-defender-security-center-antivirus.md) now includes a section for Ransomware protection. It includes Controlled folder access settings and Ransomware recovery settings. ## What's new in Windows 10, version 1703 diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index c26f399d5e..e7349b1a3f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -87,9 +87,9 @@ This section describes how to perform some of the most common tasks when reviewi 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). -3. Click **Quick scan**. +3. Click **Scan now**. -4. Click **Advanced scan** to specify different types of scans, such as a full scan. +4. Click **Run a new advanced scan** to specify different types of scans, such as a full scan. **Review the definition update version and download the latest updates in the Windows Defender Security Center app** @@ -97,7 +97,7 @@ This section describes how to perform some of the most common tasks when reviewi 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). -3. Click **Protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version. +3. Click **Virus & threat protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version. ![Definition version number information](images/defender/wdav-wdsc-defs.png) @@ -138,7 +138,7 @@ This section describes how to perform some of the most common tasks when reviewi 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). -3. Click **Scan history**. +3. Click **Threat history**. 4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**). diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index c42df2d787..dd2413afa8 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -67,10 +67,8 @@ You can use the Windows Defender Security Center app or Group Policy to add and 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label: +2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**: - ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center](../windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png) - 3. Under the **Controlled folder access** section, click **Protected folders** 4. Click **Add a protected folder** and follow the prompts to add apps. @@ -134,10 +132,8 @@ When you add an app, you have to specify the app's location. Only the app in tha 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label: +2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**. - ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center](../windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png) - 3. Under the **Controlled folder access** section, click **Allow an app through Controlled folder access** 4. Click **Add an allowed app** and follow the prompts to add apps. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index c4b394bf14..34dc3e27f0 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -127,10 +127,8 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection** label: - - ![App & browser control screen in the Windows Defender Security Center](images/wdsc-exp-prot.png) - +2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**. + 3. Under the **System settings** section, find the mitigation you want to configure and select one of the following. Apps that aren't configured individually in the **Program settings** section will use the settings configured here: - **On by default** - The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section - **Off by default** - The mitigation is *disabled* for apps that don't have this mitigation set in the app-specific **Program settings** section @@ -154,11 +152,8 @@ Exporting the configuration as an XML file allows you to copy the configuration 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection settings** at the bottom of the screen: +2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings** at the bottom of the screen. - ![Screenshot showing the Exploit protection label highlighted in the Windows Defender Security Center App & browser settings section](images/wdsc-exp-prot.png) - - 3. Go to the **Program settings** section and choose the app you want to apply mitigations to: 1. If the app you want to configure is already listed, click it and then click **Edit** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 1a43752ea6..3f1013add6 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -64,13 +64,10 @@ For further details on how audit mode works, and when you might want to use it, 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label: +2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**. - ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center](../windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png) - -3. Set the switch for the feature to **On** +3. Set the switch for **Controlled folder access** to **On**. - ![Screenshot of the CFA feature switched to On](images/cfa-on.png) ### Use Group Policy to enable Controlled folder access diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index eac14b3d74..64c306467a 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 12/12/2017 +ms.date: 04/30/2018 --- @@ -21,7 +21,7 @@ ms.date: 12/12/2017 **Applies to:** -- Windows 10, version 1709 +- Windows 10, version 1709 and later @@ -38,6 +38,10 @@ There are four features in Windows Defender EG: - [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV. - [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware. Requires Windows Defender AV. +Windows 10, version 1803 provides additional protections: + +- New Attack surface reduction rules +- Controlled folder access can now block disk sectors You can evaluate each feature of Windows Defender EG with the guides at the following link, which provide pre-built PowerShell scripts and testing tools so you can see the features in action: - [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-security-center/TOC.md b/windows/security/threat-protection/windows-defender-security-center/TOC.md index 1bb541cc85..2d3318c2a7 100644 --- a/windows/security/threat-protection/windows-defender-security-center/TOC.md +++ b/windows/security/threat-protection/windows-defender-security-center/TOC.md @@ -1,11 +1,15 @@ # [The Windows Defender Security Center app](windows-defender-security-center.md) -## [Customize the Windows Defender Security Center app for your organization](wdsc-customize-contact-information.md) -## [Hide Windows Defender Security Center app notifications](wdsc-hide-notifications.md) -## [Virus and threat protection](wdsc-virus-threat-protection.md) -## [Device performance and health](wdsc-device-performance-health.md) -## [Firewall and network protection](wdsc-firewall-network-protection.md) -## [App and browser control](wdsc-app-browser-control.md) -## [Family options](wdsc-family-options.md) +## [Customize the Windows Defender Security Center app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md) +## [Hide Windows Defender Security Center app notifications](windows-defender-security-center/wdsc-hide-notifications.md) +## [Manage Windows Defender Security Center in Windows 10 in S mode](windows-defender-security-center\wdsc-windows-10-in-s-mode.md) +## [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md) +## [Account protection](windows-defender-security-center\wdsc-account-protection.md) +## [Firewall and network protection](windows-defender-security-center\wdsc-firewall-network-protection.md) +## [App and browser control](windows-defender-security-center\wdsc-app-browser-control.md) +## [Device security](windows-defender-security-center\wdsc-device-security.md) +## [Device performance and health](windows-defender-security-center\wdsc-device-performance-health.md) +## [Family options](windows-defender-security-center\wdsc-family-options.md) + diff --git a/windows/security/threat-protection/windows-defender-security-center/images/security-center-custom-flyout.png b/windows/security/threat-protection/windows-defender-security-center/images/security-center-custom-flyout.png index ea5b039dd9..bf7a3e3910 100644 Binary files a/windows/security/threat-protection/windows-defender-security-center/images/security-center-custom-flyout.png and b/windows/security/threat-protection/windows-defender-security-center/images/security-center-custom-flyout.png differ diff --git a/windows/security/threat-protection/windows-defender-security-center/images/security-center-home.png b/windows/security/threat-protection/windows-defender-security-center/images/security-center-home.png index 8dc14b82c1..13d6f59afc 100644 Binary files a/windows/security/threat-protection/windows-defender-security-center/images/security-center-home.png and b/windows/security/threat-protection/windows-defender-security-center/images/security-center-home.png differ diff --git a/windows/security/threat-protection/windows-defender-security-center/images/security-center-taskbar.png b/windows/security/threat-protection/windows-defender-security-center/images/security-center-taskbar.png index a35daeb1f4..0d1acbe82c 100644 Binary files a/windows/security/threat-protection/windows-defender-security-center/images/security-center-taskbar.png and b/windows/security/threat-protection/windows-defender-security-center/images/security-center-taskbar.png differ diff --git a/windows/security/threat-protection/windows-defender-security-center/images/settings-windows-defender-security-center-areas.PNG b/windows/security/threat-protection/windows-defender-security-center/images/settings-windows-defender-security-center-areas.PNG new file mode 100644 index 0000000000..ab123cc49b Binary files /dev/null and b/windows/security/threat-protection/windows-defender-security-center/images/settings-windows-defender-security-center-areas.PNG differ diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md index 58ee13233a..5d7d2ce96b 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md @@ -22,7 +22,11 @@ ms.date: 04/30/2018 - Windows 10, version 1703 and later -The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products. In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in the event of a ransomware attack. IT administrators and IT pros can get more information and documentation about configuration from the following: +The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products. + +In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in the event of a ransomware attack. + +IT administrators and IT pros can get more information and documentation about configuration from the following: - [Windows Defender Antivirus in the Windows Defender Security Center app](../windows-defender-antivirus/windows-defender-security-center-antivirus.md) - [Windows Defender Antivirus documentation library](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 7ef7a8af90..1e73cabd12 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -75,12 +75,15 @@ You can find more information about each section, including options for configur ## Open the Windows Defender Security Center app -- Right-click the icon in the notification area on the taskbar and click **Open**. +- Click the icon in the notification area on the taskbar. ![Screen shot of the icon for the Windows Defender Security Center app on the Windows task bar](images/security-center-taskbar.png) - Search the Start menu for **Windows Defender Security Center**. ![Screen shot of the Start menu showing the results of a search for the Windows Defender Security Center app, the first option with a large shield symbol is selected](images/security-center-start-menu.png) +- Open an area from Windows **Settings**. + + ![Screen shot of Windows Settings showing the different areas available in the Windows Defender Security Center](images/settings-windows-defender-security-center.png) > [!NOTE] diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md index 508f23802e..fadcf8e301 100644 --- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md +++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md @@ -28,8 +28,6 @@ Starting with Windows 10, version 1703 your employees can use Windows Defender S **To use Windows Defender Security Center to set up Windows Defender SmartScreen on a device** 1. Open the Windows Defender Security Center app, and then click **App & browser control**. - ![Windows Defender Security Center](images/windows-defender-security-center.png) - 2. In the **App & browser control** screen, choose from the following options: - In the **Check apps and files** area: