Merged PR 12946: 11/19 PM Publish

2025-05-17 15:57:23 +00:00 · 2018-11-19 23:25:55 +00:00 · 2018-11-19 23:25:55 +00:00 · 6495bf690c
commit 6495bf690c
parent 10cd9fb495 e760cd09b8
3 changed files with 14 additions and 10 deletions
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
@ -137,8 +137,8 @@ The filter selections will resolve as an additional query term and the results w



-## Public Advanced Hunting query GitHub repository  
-Check out the [Advanced Hunting repository](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Contribute and use example queries shared by our customers. 
+## Public Advanced hunting query GitHub repository  
+Check out the [Advanced hunting repository](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Contribute and use example queries shared by our customers. 


 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
--- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
@ -11,7 +11,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 10/10/2018
+ms.date: 11/19/2018
 ---

 # Onboard previous versions of Windows
@ -46,12 +46,13 @@ Windows Defender ATP integrates with System Center Endpoint Protection to provid
 The following steps are required to enable this integration: 
 - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) 
 - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
+- Configure your network to allow connections to the Windows Defender Antivirus cloud. For more information, see [Allow connections to the Windows Defender Antivirus cloud](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud)

 ## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP

 ### Before you begin
 Review the following details to verify minimum system requirements:
- Install the [February monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) or a later monthly update rollup.
+- Install the [February monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
  
  >[!NOTE]
  >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. 
@ -67,9 +68,9 @@ Review the following details to verify minimum system requirements:
    >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
    >Don't install .NET framework 4.0.x, since it will negate the above installation.

+- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in you environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)


- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)

 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).

@ -89,7 +90,7 @@ Once completed, you should see onboarded endpoints in the portal within an hour.

 ### Configure proxy and Internet connectivity settings
 
- Each Windows endpoint must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway).
+- Each Windows endpoint must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway).
 - If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:

 Agent Resource    |    Ports 
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 11/16/2018
+ms.date: 11/19/2018
 ---

 # Reduce attack surfaces with attack surface reduction rules 
@ -53,7 +53,7 @@ Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d3
 Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
 Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c
 Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
-Block Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869
+Block Office communication application from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869
 Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c

 ### Rule: Block executable content from email client and webmail
@ -152,12 +152,15 @@ With this rule, admins can prevent unsigned or untrusted executable files from r
 - Executable files (such as .exe, .dll, or .scr) 
 - Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)

-### Rule: Block Office communication applications from creating child processes
+### Rule: Block Office communication application from creating child processes

-Office communication apps will not be allowed to create child processes. This includes Outlook.
+Outlook will not be allowed to create child processes.

 This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.

+>[!NOTE]
+>This rule applies to Outlook only.
+
 ### Rule: Block Adobe Reader from creating child processes

 This rule blocks Adobe Reader from creating child processes.