deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

policheck changes

Browse Source
This commit is contained in:
Iaan D'Souza-Wiltshire 2017-12-12 14:20:25 -08:00
parent 723cf1580d
commit 60c07e01b8
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
View File

@ -130,9 +130,9 @@ You can specify if certain apps should always be considered safe and given write
You can use the Windows Defender Security Center app or Group Policy to add and remove apps that should be allowed to access protected folders. You can use the Windows Defender Security Center app or Group Policy to add and remove apps that should be allowed to access protected folders.
When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the whitelist and may be blocked by Controlled folder access. When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by Controlled folder access.
### Use the Windows Defender Security app to whitelist specific apps ### Use the Windows Defender Security app to allow specific apps
1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**. 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
@ -146,7 +146,7 @@ When you add an app, you have to specify the app's location. Only the app in tha
![Screenshot of the add an allowed app button](images/cfa-allow-app.png) ![Screenshot of the add an allowed app button](images/cfa-allow-app.png)
### Use Group Policy to whitelist specific apps ### Use Group Policy to allow specific apps
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -160,13 +160,13 @@ When you add an app, you have to specify the app's location. Only the app in tha
### Use PowerShell to whitelist specific apps ### Use PowerShell to allow specific apps
1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
2. Enter the following cmdlet: 2. Enter the following cmdlet:
```PowerShell ```PowerShell
Add-MpPreference -ControlledFolderAccessAllowedApplications "<the app that should be whitelisted, including the path>" Add-MpPreference -ControlledFolderAccessAllowedApplications "<the app that should be allowed, including the path>"
``` ```
For example, to add the executable *test.exe*, located in the folder *C:\apps*, the cmdlet would be as follows: For example, to add the executable *test.exe*, located in the folder *C:\apps*, the cmdlet would be as follows:
@ -186,7 +186,7 @@ Continue to use `Add-MpPreference -ControlledFolderAccessAllowedApplications` to
### Use MDM CSPs to whitelist specific apps ### Use MDM CSPs to allow specific apps
Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-guardedfoldersallowedapplications) configuration service provider (CSP) to allow apps to make changes to protected folders. Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-guardedfoldersallowedapplications) configuration service provider (CSP) to allow apps to make changes to protected folders.

2
windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
View File

@ -35,7 +35,7 @@ There are four features in Windows Defender EG:
- [Exploit protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps - [Exploit protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps
- [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware - [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware
- [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity on your organization's devices - [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices
- [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware - [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware