diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index c5a0aa9147..c8d4b355cc 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 06/13/2018 --- # Query data using Advanced hunting in Windows Defender ATP @@ -54,6 +54,8 @@ We then add a filter on the _FileName_ to contain only instances of _powershell Afterwards, we add a filter on the _ProcessCommandLine_ Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**. +You have the option of expanding the screen view so you can focus on your hunting query and related results. + ### Use operators The query language is very powerful and has a lot of available operators, some of them are - diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 4b6a427b67..824dbb804b 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 06/14/2018 --- # Manage automation allowed/blocked lists @@ -38,30 +38,29 @@ You can define the conditions for when entities are identified as malicious or s ## Create an allowed or blocked list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to create an exclusion for. You can choose any of the following entities: +2. Select the tab of the type of entity you'd like to create an exclusion for. You can choose any of the following entities: - File hash - Certificate + - IP address + - DNS 3. Click **Add system exclusion**. -4. For each attribute specify the exclusion type, details, and the following required values: - - - **Files** - Hash value - - **Certificate** - PEM certificate file +4. For each attribute specify the exclusion type, details, and their corresponding required values. -5. Click **Update rule**. +5. Click **Add rule**. ## Edit a list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to edit the list from. +2. Select the tab of the entity type you'd like to edit the list from. 3. Update the details of the rule and click **Update rule**. ## Delete a list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to delete the list from. +2. Select the tab of the entity type you'd like to delete the list from. 3. Select the list type by clicking the check-box beside the list type. diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index bd53b3a21d..f42a764acb 100644 --- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/04/2018 +ms.date: 06/15/2018 --- # Minimum requirements for Windows Defender ATP @@ -42,6 +42,9 @@ Windows Defender Advanced Threat Protection requires one of the following Micros For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). +### Browser requirements +Internet Explorer and Microsoft Edge are supported. Any HTML5 compliant browsers are also supported. + ### Network and data storage and configuration requirements When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index f8f6992650..10bb054f45 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/30/2018 +ms.date: 06/15/2018 --- # Customize Attack surface reduction @@ -54,7 +54,7 @@ This could potentially allow unsafe files to run and infect your devices. You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode) and that allow exclusions. -Windows 10, version 1803 supports environment variables and wildcards. For information about using wildcards in Windows Defender Exploit Guard, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). +Windows 10, version 1803 supports environment variables and wildcards. For information about using wildcards in Windows Defender Exploit Guard, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). Exclusions will only be applied to certain rules. Some rules will not honor the exclusion list. This means that even if you have added a file to the exclusion list, some rules will still evaluate and potentially block that file if the rule determines the file to be unsafe.