From 898801a8e9ebc05c4fa6c1a09eee77481f73666d Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Thu, 6 Jun 2019 11:23:05 -0500 Subject: [PATCH 01/11] Update attack-surface-reduction-exploit-guard.md --- .../attack-surface-reduction-exploit-guard.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index e16b905b59..b0d428705d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -20,7 +20,7 @@ ms.date: 04/02/2019 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, version 1709 or later, Windows Server 2016 1803 or later, or Windows Server 2019. +Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, versions 1704 and 1709 or later, Windows Server 2016 1803 or later, or Windows Server 2019. To use attack surface reduction rules, you need a Windows 10 Enterprise E3 license or higher. A Windows E5 license gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the M365 Security Center. These advanced capabilities aren't available with an E3 license, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment. @@ -58,6 +58,8 @@ Event ID | Description 1121 | Event when rule fires in Block-mode 1122 | Event when rule fires in Audit-mode +The engine version of the attack surface reduction events in the event log, is part of the Widnows Defender product, not of the Oeprating System, but because Windows Defender is integrated with Windows 10 Operating System, this feature works on all machines with Windows 10 installled. + ## Attack surface reduction rules @@ -269,3 +271,5 @@ GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c - [Enable attack surface reduction rules](enable-attack-surface-reduction.md) - [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) +- [Compatibility of Windows Defender with other antivirus/antimalware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility) + From ca7a70f4750dfee91806c2d876bbf3b53b6c9fa0 Mon Sep 17 00:00:00 2001 From: illfated Date: Sat, 8 Jun 2019 11:01:36 +0200 Subject: [PATCH 02/11] Windows/Configuration: correct HTML code to XML tags The XML code block contains HTML code instead of the expected XML tags. Converting these to proper XML format should at least make it readable. Also replaced "ps" with "xml" as the correct code block syntax name. Ref. #3819 ([LOC]"<"needs to be replaced with"<", ">"needs to be replaced with">") (Should close issue ticket #3819 after migration to docs.microsoft.com/en-us/ and later updated to the Japanese page.) --- windows/configuration/kiosk-mdm-bridge.md | 98 +++++++++++------------ 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md index 33cf15dabb..b08ebebd2c 100644 --- a/windows/configuration/kiosk-mdm-bridge.md +++ b/windows/configuration/kiosk-mdm-bridge.md @@ -31,59 +31,59 @@ Here’s an example to set AssignedAccess configuration: 3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell. 4. Execute the following script: -```ps +```xml $nameSpaceName="root\cimv2\mdm\dmmap" $className="MDM_AssignedAccess" $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className $obj.Configuration = @" -<?xml version="1.0" encoding="utf-8" ?> -<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"> - <Profiles> - <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"> - <AllAppsList> - <AllowedApps> - <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> - <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> - <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> - <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> - <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> - <App DesktopAppPath="%windir%\system32\mspaint.exe" /> - <App DesktopAppPath="C:\Windows\System32\notepad.exe" /> - </AllowedApps> - </AllAppsList> - <StartLayout> - <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> - <LayoutOptions StartTileGroupCellWidth="6" /> - <DefaultLayoutOverride> - <StartLayoutCollection> - <defaultlayout:StartLayout GroupCellWidth="6"> - <start:Group Name="Group1"> - <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> - <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> - <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> - <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> - <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> - </start:Group> - <start:Group Name="Group2"> - <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" /> - <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" /> - </start:Group> - </defaultlayout:StartLayout> - </StartLayoutCollection> - </DefaultLayoutOverride> - </LayoutModificationTemplate> - ]]> - </StartLayout> - <Taskbar ShowTaskbar="true"/> - </Profile> - </Profiles> - <Configs> - <Config> - <Account>MultiAppKioskUser</Account> - <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/> - </Config> - </Configs> -</AssignedAccessConfiguration> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]> + + + + + + + MultiAppKioskUser + + + + "@ Set-CimInstance -CimInstance $obj From 91fdef5a9ccfe9df775ac46ede16c3725b8974f5 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 8 Jun 2019 15:07:41 +0500 Subject: [PATCH 03/11] Update feature-update-mission-critical.md --- windows/deployment/update/feature-update-mission-critical.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/feature-update-mission-critical.md b/windows/deployment/update/feature-update-mission-critical.md index a155145546..f3cf3adf07 100644 --- a/windows/deployment/update/feature-update-mission-critical.md +++ b/windows/deployment/update/feature-update-mission-critical.md @@ -29,7 +29,7 @@ Devices and shared workstations that are online and available 24 hours a day, 7 You can use Configuration Manager to deploy feature updates to Windows 10 devices in two ways. The first option is to use the software updates feature. The second option is to use a task sequence to deploy feature updates. There are times when deploying a Windows 10 feature update requires the use of a task sequence—for example: -- **LTSC feature updates.** With the LTSC servicing branch, feature updates are never provided to the Windows clients themselves. Instead, feature updates must be installed like a traditional in-place upgrade. +- **Upgrade to the next LTSC release.** With the LTSC servicing branch, feature updates are never provided to the Windows clients themselves. Instead, feature updates must be installed like a traditional in-place upgrade. - **Additional required tasks.** When deploying a feature update requires additional steps (e.g., suspending disk encryption, updating applications), you can use task sequences to orchestrate the additional steps. Software updates do not have the ability to add steps to their deployments. - **Language pack installs.** When deploying a feature update requires the installation of additional language packs, you can use task sequences to orchestrate the installation. Software updates do not have the ability to natively install language packs. From b010082da9df536963ddc7d397dfd5264e32c3ad Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 8 Jun 2019 18:42:26 +0500 Subject: [PATCH 04/11] Update policy-csp-bitlocker.md --- windows/client-management/mdm/policy-csp-bitlocker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 544d40112c..e3c5f7726c 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -89,6 +89,8 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. +- 5 - Added in Windows 10, version 1809. +- 6 - Added in Windows 10, version 1903. From 8909002f18797ff02fa64d73c0fb0976690322bf Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 9 Jun 2019 20:07:14 +0500 Subject: [PATCH 05/11] Update policy-csp-localpoliciessecurityoptions.md --- .../mdm/policy-csp-localpoliciessecurityoptions.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index b730a05ff6..75991eb59d 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -2638,6 +2638,9 @@ GP Info: **LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon** +> [!Warning] +> Starting in the version 1803 of Windows, this policy is deprecated. + From 9b7f4317abca95323886ff079533aa532824ab3b Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 10 Jun 2019 19:07:21 +0500 Subject: [PATCH 06/11] Update policy-csp-bitlocker.md --- windows/client-management/mdm/policy-csp-bitlocker.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index e3c5f7726c..80fc060f2f 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -83,6 +83,9 @@ The following list shows the supported values:
+> [!NOTE] +> To manage encryption of PCs and devices, use [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) + Footnote: - 1 - Added in Windows 10, version 1607. From 4ed781e19d5633a25367ee964d7802f8c1ea7e31 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 10 Jun 2019 19:26:52 +0500 Subject: [PATCH 07/11] Update policy-csp-localpoliciessecurityoptions.md --- .../mdm/policy-csp-localpoliciessecurityoptions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 75991eb59d..731e1b2f8d 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -2639,7 +2639,7 @@ GP Info: **LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon** > [!Warning] -> Starting in the version 1803 of Windows, this policy is deprecated. +> Starting with Windows 10 version 1803, this policy is deprecated.
From a0ac0ed5d415cec180901d79fa894e9c439560b4 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 10 Jun 2019 17:52:03 -0500 Subject: [PATCH 08/11] Update windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../attack-surface-reduction-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index b0d428705d..5ba8a4fe28 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -58,7 +58,7 @@ Event ID | Description 1121 | Event when rule fires in Block-mode 1122 | Event when rule fires in Audit-mode -The engine version of the attack surface reduction events in the event log, is part of the Widnows Defender product, not of the Oeprating System, but because Windows Defender is integrated with Windows 10 Operating System, this feature works on all machines with Windows 10 installled. +The "engine version" of attack surface reduction events in the event log, is generated by Windows Defender ATP, not the operating system. Windows Defender ATP is integrated with Windows 10, so this feature works on all machines with Windows 10 installed. ## Attack surface reduction rules From d53a67c41a76abc7faa988df9b3d015e170d1658 Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 02:44:57 +0200 Subject: [PATCH 09/11] How to Move MBAM 2.5 Databases: file name correction Copy-Paste error correction: The file name "MBAM Recovery Database Data.bak" was incorrectly replaced by "MBAM Compliance Status Database Data.bak" in one line. This commit resolves the issue, making the number of occurrences of those 2 file names equal and appropriate for their separate sections in this article page. Closes #3988 --- mdop/mbam-v25/how-to-move-the-mbam-25-databases.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md index 590fce21ac..2500ec0e02 100644 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md +++ b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md @@ -142,7 +142,7 @@ Stop-Website "Microsoft BitLocker Administration and Monitoring" ### Move the Recovery Database from Server A to Server B -Use Windows Explorer to move the **MBAM Compliance Status Database Data.bak** file from Server A to Server B. +Use Windows Explorer to move the **MBAM Recovery Database Data.bak** file from Server A to Server B. To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: From 46e46cb7889631353a977b89ebd4a4ca34bf36f2 Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 03:03:15 +0200 Subject: [PATCH 10/11] Microsoft Store for Business and Education: Typo Typo in "Acquire apps in Microsoft Store for Business and Education" - The shopping experience is not availalbe (available) Closes #4000 --- store-for-business/acquire-apps-microsoft-store-for-business.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md index e6907467fb..3b6a6ab7cf 100644 --- a/store-for-business/acquire-apps-microsoft-store-for-business.md +++ b/store-for-business/acquire-apps-microsoft-store-for-business.md @@ -38,7 +38,7 @@ There are a couple of things we need to know when you pay for apps. You can add ## Allow users to shop **Allow users to shop** controls the shopping experience in Microsoft Store for Education. When this setting is on, **Purchasers** and **Basic Purchasers** can purchase products and services from Microsoft Store for Education. If your school chooses to closely control how purchases are made, admins can turn off **Allow users to shop**. When the setting is off: -- The shopping experience is not availalbe +- The shopping experience is not available - **Purchasers** and **Basic Purchasers** can't purchase products and services from Microsoft Store for Education - Admins can't assign shopping roles to users - Products and services previously purchased by **Basic Purchasers** can be managed by admins. From defc8ae6b626d4ef4da8a3317b498153c5907d16 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Wed, 12 Jun 2019 17:09:16 -0500 Subject: [PATCH 11/11] Update attack-surface-reduction-exploit-guard.md --- .../attack-surface-reduction-exploit-guard.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 5ba8a4fe28..f52c8b4c77 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -18,11 +18,11 @@ ms.date: 04/02/2019 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, versions 1704 and 1709 or later, Windows Server 2016 1803 or later, or Windows Server 2019. -To use attack surface reduction rules, you need a Windows 10 Enterprise E3 license or higher. A Windows E5 license gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the M365 Security Center. These advanced capabilities aren't available with an E3 license, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment. +To use attack surface reduction rules, you need a Windows 10 Enterprise E3 license or higher. A Windows E5 license gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the M365 Security Center. These advanced capabilities aren't available with an E3 license, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment. Attack surface reduction rules target behaviors that malware and malicious apps typically use to infect computers, including: @@ -32,7 +32,7 @@ Attack surface reduction rules target behaviors that malware and malicious apps You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks similar to malware. By monitoring audit data and [adding exclusions](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity. -Triggered rules display a notification on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays in the Windows Defender Security Center and in the Microsoft 365 securty center. +Triggered rules display a notification on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays in the Microsoft Defender Security Center and in the Microsoft 365 securty center. For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md). @@ -58,7 +58,7 @@ Event ID | Description 1121 | Event when rule fires in Block-mode 1122 | Event when rule fires in Audit-mode -The "engine version" of attack surface reduction events in the event log, is generated by Windows Defender ATP, not the operating system. Windows Defender ATP is integrated with Windows 10, so this feature works on all machines with Windows 10 installed. +The "engine version" of attack surface reduction events in the event log, is generated by Microsoft Defender ATP, not the operating system. Microsoft Defender ATP is integrated with Windows 10, so this feature works on all machines with Windows 10 installed. ## Attack surface reduction rules @@ -203,7 +203,7 @@ GUID: c1db55ab-c21a-4637-bb3f-a12568109d35 ### Block credential stealing from the Windows local security authority subsystem (lsass.exe) -Local Security Authority Subsystem Service (LSASS) authenticates users who log in to a Windows computer. Windows Defender Credential Guard in Windows 10 normally prevents attempts to extract credentials from LSASS. However, some organizations can't enable Credential Guard on all of their computers because of compatibility issues with custom smartcard drivers or other programs that load into the Local Security Authority (LSA). In these cases, attackers can use tools like Mimikatz to scrape cleartext passwords and NTLM hashes from LSASS. This rule helps mitigate that risk by locking down LSASS. +Local Security Authority Subsystem Service (LSASS) authenticates users who log in to a Windows computer. Microsoft Defender Credential Guard in Windows 10 normally prevents attempts to extract credentials from LSASS. However, some organizations can't enable Credential Guard on all of their computers because of compatibility issues with custom smartcard drivers or other programs that load into the Local Security Authority (LSA). In these cases, attackers can use tools like Mimikatz to scrape cleartext passwords and NTLM hashes from LSASS. This rule helps mitigate that risk by locking down LSASS. >[!NOTE] >In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that overly enumerates LSASS, you need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat. @@ -271,5 +271,5 @@ GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c - [Enable attack surface reduction rules](enable-attack-surface-reduction.md) - [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) -- [Compatibility of Windows Defender with other antivirus/antimalware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility) +- [Compatibility of Microsoft Defender with other antivirus/antimalware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility)