deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #1143 from MicrosoftDocs/user/tudobril/passive-mode

Browse Source 
Add passive mode documentation; update privacy
This commit is contained in:
Tami Fosmark
2019-09-19 11:09:17 -07:00
committed by GitHub
parent 7b7bbe71f1 f3b96587d9
commit 6422a0b826
2 changed files with 94 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
View File

@ -62,6 +62,23 @@ Whether real-time protection (scan files as they are accessed) is enabled or not
| **Data type** | Boolean |
| **Possible values** | true (default) <br/> false |
#### Enable / disable passive mode
Whether the antivirus engine runs in passive mode or not. In passive mode:
- Real-time protection is turned off
- On demand scanning is turned on
- Automatic threat remediation is turned off
- Security intelligence updates are turned on
- Status menu icon is hidden
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | passiveMode |
| **Data type** | Boolean |
| **Possible values** | false (default) <br/> true |
| **Comments** | Available in Microsoft Defender ATP version 100.67.60 or higher. |
#### Scan exclusions
Entities that have been excluded from the scan. Exclusions can be specified by full paths, extensions, or file names.
@ -213,6 +230,28 @@ Determines whether suspicious samples (that are likely to contain threats) are s
| **Data type** | Boolean |
| **Possible values** | true (default) <br/> false |
### User interface preferences
The *userInterface* section of the configuration profile is used to manage the preferences of the user interface of the product.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | userInterface |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
#### Show / hide status menu icon
Whether the status menu icon (shown in the top right corner of the screen) is hidden or not.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | hideStatusMenuIcon |
| **Data type** | Boolean |
| **Possible values** | false (default) <br/> true |
## Recommended configuration profile
To get started, we recommend the following configuration profile for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.
@ -357,6 +396,8 @@ The following configuration profile contains entries for all settings described
<dict>
<key>enableRealTimeProtection</key>
<true/>
<key>passiveMode</key>
<false/>
<key>exclusions</key>
<array>
<dict>
@ -411,6 +452,11 @@ The following configuration profile contains entries for all settings described
<key>automaticSampleSubmission</key>
<true/>
</dict>
<key>userInterface</key>
<dict>
<key>hideStatusMenuIcon</key>
<false/>
</dict>
</dict>
</plist>
```
@ -465,6 +511,8 @@ The following configuration profile contains entries for all settings described
<dict>
<key>enableRealTimeProtection</key>
<true/>
<key>passiveMode</key>
<false/>
<key>exclusions</key>
<array>
<dict>
@ -519,6 +567,11 @@ The following configuration profile contains entries for all settings described
<key>automaticSampleSubmission</key>
<true/>
</dict>
<key>userInterface</key>
<dict>
<key>hideStatusMenuIcon</key>
<false/>
</dict>
</dict>
</array>
</dict>

72
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md
View File

@ -116,6 +116,7 @@ The following fields are collected:
| Field | Description |
| --------------------------------------------------- | ----------- |
| antivirus_engine.enable_real_time_protection | Whether real-time protection is enabled on the device or not. |
| antivirus_engine.passive_mode | Whether passive mode is enabled on the device or not. |
| cloud_service.enabled | Whether cloud delivered protection is enabled on the device or not. |
| cloud_service.timeout | Time out when the application communicates with the Microsoft Defender ATP cloud. |
| cloud_service.heartbeat_interval | Interval between consecutive heartbeats sent by the product to the cloud. |
@ -123,6 +124,8 @@ The following fields are collected:
| cloud_service.diagnostic_level | Diagnostic level of the device (required, optional). |
| cloud_service.automatic_sample_submission | Whether automatic sample submission is turned on or not. |
| edr.early_preview | Whether the machine should run EDR early preview features. |
| edr.group_id | Group identifier used by the detection and response component. |
| edr.tags | User-defined tags. |
| features.\[optional feature name\] | List of preview features, along with whether they are enabled or not. |
#### Product and service performance data events
@ -230,37 +233,44 @@ The following fields are collected:
| Field | Description |
| ------------------------------ | ----------- |
| pkt_ack_timeout | The following properties are aggregated numerical values, representing count of events that happened since kernel extension startup. |
| pkt_ack_conn_timeout | |
| ipc.ack_pkts | |
| ipc.nack_pkts | |
| ipc.send.ack_no_conn | |
| ipc.send.nack_no_conn | |
| ipc.send.ack_no_qsq | |
| ipc.send.nack_no_qsq | |
| ipc.ack.no_space | |
| ipc.ack.timeout | |
| ipc.ack.ackd_fast | |
| ipc.ack.ackd | |
| ipc.recv.bad_pkt_len | |
| ipc.recv.bad_reply_len | |
| ipc.recv.no_waiter | |
| ipc.recv.copy_failed | |
| ipc.kauth.vnode.mask | |
| ipc.kauth.vnode.read | |
| ipc.kauth.vnode.write | |
| ipc.kauth.vnode.exec | |
| ipc.kauth.vnode.del | |
| ipc.kauth.vnode.read_attr | |
| ipc.kauth.vnode.write_attr | |
| ipc.kauth.vnode.read_ex_attr | |
| ipc.kauth.vnode.write_ex_attr | |
| ipc.kauth.vnode.read_sec | |
| ipc.kauth.vnode.write_sec | |
| ipc.kauth.vnode.take_own | |
| ipc.kauth.vnode.denied | |
| ipc.kauth.file_op.mask | |
| ipc.kauth_file_op.open | |
| ipc.kauth.file_op.close | |
| pkt_ack_conn_timeout | |
| ipc.ack_pkts | |
| ipc.nack_pkts | |
| ipc.send.ack_no_conn | |
| ipc.send.nack_no_conn | |
| ipc.send.ack_no_qsq | |
| ipc.send.nack_no_qsq | |
| ipc.ack.no_space | |
| ipc.ack.timeout | |
| ipc.ack.ackd_fast | |
| ipc.ack.ackd | |
| ipc.recv.bad_pkt_len | |
| ipc.recv.bad_reply_len | |
| ipc.recv.no_waiter | |
| ipc.recv.copy_failed | |
| ipc.kauth.vnode.mask | |
| ipc.kauth.vnode.read | |
| ipc.kauth.vnode.write | |
| ipc.kauth.vnode.exec | |
| ipc.kauth.vnode.del | |
| ipc.kauth.vnode.read_attr | |
| ipc.kauth.vnode.write_attr | |
| ipc.kauth.vnode.read_ex_attr | |
| ipc.kauth.vnode.write_ex_attr | |
| ipc.kauth.vnode.read_sec | |
| ipc.kauth.vnode.write_sec | |
| ipc.kauth.vnode.take_own | |
| ipc.kauth.vnode.denied | |
| ipc.kauth.file_op.mask | |
| ipc.kauth_file_op.open | |
| ipc.kauth.file_op.close | |
| ipc.kauth.file_op.close_modified | |
| ipc.kauth.file_op.move | |
| ipc.kauth.file_op.link | |
| ipc.kauth.file_op.exec | |
| ipc.kauth.file_op.remove | |
| ipc.kauth.file_op.fork | |
| ipc.kauth.file_op.create | |
## Resources