From 1218b3099c5686503809cbd31612e204213be8ad Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 3 Apr 2019 10:57:08 -0600 Subject: [PATCH 1/3] Added Note on #1593 --- .../attack-surface-reduction-exploit-guard.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 2e78745404..28a743ec00 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -175,7 +175,9 @@ This rule blocks the following file types from launching unless they either meet >[!NOTE] >You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule. -Intune name: Executables that don't meet a prevalence, age, or trusted list criteria +>[!IMPORTANT] The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25, it's owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly. +>You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. +Intune name: Executables that don't meet a prevalence, age, or trusted list criteria. SCCM name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria From a903df9dc80bec369abf9514ac3b7b018ba11fbd Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 4 Apr 2019 08:35:56 -0700 Subject: [PATCH 2/3] fixed note --- .../attack-surface-reduction-exploit-guard.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 28a743ec00..acadbc2c45 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -175,8 +175,11 @@ This rule blocks the following file types from launching unless they either meet >[!NOTE] >You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule. ->[!IMPORTANT] The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25, it's owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly. +>[!IMPORTANT] +>The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses Microsoft Cloud's Protection to update its trusted list regularly. It uses cloud-delivered protection to update its trusted list regularly. +> >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. + Intune name: Executables that don't meet a prevalence, age, or trusted list criteria. SCCM name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria From e4602ba14e7076dcb334c6e948ffabff8940bd82 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 4 Apr 2019 08:38:41 -0700 Subject: [PATCH 3/3] fix paste error --- .../attack-surface-reduction-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index acadbc2c45..e16b905b59 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -176,7 +176,7 @@ This rule blocks the following file types from launching unless they either meet >You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule. >[!IMPORTANT] ->The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses Microsoft Cloud's Protection to update its trusted list regularly. It uses cloud-delivered protection to update its trusted list regularly. +>The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. > >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.