deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into scenario-tagging

Browse Source
This commit is contained in:
Shannon Leavitt 2020-10-07 15:52:51 -06:00 committed by GitHub
commit 59c6473732
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
View File

@ -74,39 +74,14 @@ All our updates contain:
- serviceability improvements
- integration improvements (Cloud, Microsoft 365 Defender)
<br/>
<details>
<summary> September-2020 (Platform: 4.18.2009.x | Engine: 1.1.17500.4)</summary>
&ensp;Security intelligence update version: **1.323.2254.0**
&ensp;Released: **October 6, 2020**
&ensp;Platform: **4.18.2009.x**
&ensp;Engine: **1.1.17500.4**
&ensp;Support phase: **Security and Critical Updates**
### What's new
- Admin permissions are required to restore files in quarantine
- XML formatted events are now supported
- CSP support for ignoring exclusion merge
- New management interfaces for: <br/>
- UDP Inspection
- Network Protection on Server 2019
- IP Address exclusions for Network Protection
- Improved visibility into TPM measurements
- Improved Office VBA module scanning
### Known Issues
No known issues
<br/>
</details>
<details>
<summary> September-2020 (Platform: 4.18.2009.X | Engine: 1.1.17500.4)</summary>
<summary> September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)</summary>
&ensp;Security intelligence update version: **1.325.10.0**
&ensp;Released: **October 01, 2020**
&ensp;Platform: **4.18.2009.X**
&ensp;Platform: **4.18.2009.7**
&ensp;Engine: **1.1.17500.4**
&ensp;Support phase: **Security and Critical Updates**

6
windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
View File

@ -33,12 +33,14 @@ Check if network protection has been enabled on a local device by using Registry
1. Select the **Start** button in the task bar and type **regedit** to open Registry editor
1. Choose **HKEY_LOCAL_MACHINE** from the side menu
1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Policy Manager**
1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Windows Defender Exploit Guard** > **Network Protection**
1. Select **EnableNetworkProtection** to see the current state of network protection on the device
* 0, or **Off**
* 1, or **On**
* 2, or **Audit** mode
![networkprotection](https://user-images.githubusercontent.com/3296790/95341270-b738b280-08d3-11eb-84a0-16abb140c9fd.PNG)
## Enable network protection
@ -107,7 +109,7 @@ Confirm network protection is enabled on a local computer by using Registry edit
1. Select **Start** and type **regedit** to open **Registry Editor**.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
2. Navigate to **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection**
3. Select **EnableNetworkProtection** and confirm the value:
* 0=Off

7
windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
View File

@ -44,10 +44,12 @@ Note that prior to Windows 10, version 1709, Windows Defender Application Contro
### WDAC System Requirements
WDAC policies can only be created on devices running Windows 10 build 1903+ on any SKU, pre-1903 Windows 10 Enterprise, or Windows Server 2016 and above.
WDAC policies can be created on any client edition of Windows 10 build 1903+ or on Windows Server 2016 and above.
WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
For more information on which individual WDAC features are available on which WDAC builds, see [WDAC feature availability](feature-availability.md).
## AppLocker
AppLocker was introduced with Windows 7 and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end users from running unapproved software on their computers, but it does not meet the servicing criteria for being a security feature.
@ -65,12 +67,13 @@ AppLocker policies can be deployed using Group Policy or MDM.
## Choose when to use WDAC or AppLocker
Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. AppLocker is a legacy technology which will continue to receive security fixes but will not undergo new feature improvements.
Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements.
In some cases, however, AppLocker may be the more appropriate technology for your organization. AppLocker is best when:
- You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS.
- You need to apply different policies for different users or groups on shared computers.
- You do not want to enforce application control on application files such as DLLs or drivers.
AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where it is important to prevent some users from running specific apps.
As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions.