From 840bcc7b6cca660898932c8db701fd3f25ebca24 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 11 Jun 2018 10:14:47 -0700 Subject: [PATCH 1/4] added other entities for allowed blocked list settings --- ...ows-defender-advanced-threat-protection.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 4b6a427b67..f1e3dbc4a5 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 06/11/2018 --- # Manage automation allowed/blocked lists @@ -38,30 +38,31 @@ You can define the conditions for when entities are identified as malicious or s ## Create an allowed or blocked list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to create an exclusion for. You can choose any of the following entities: +2. Select the tab of the type of entity you'd like to create an exclusion for. You can choose any of the following entities: - File hash - Certificate + - IP address + - DNS + - Email + - Process memory 3. Click **Add system exclusion**. -4. For each attribute specify the exclusion type, details, and the following required values: - - - **Files** - Hash value - - **Certificate** - PEM certificate file +4. For each attribute specify the exclusion type, details, and their corresponding required values. -5. Click **Update rule**. +5. Click **Add rule**. ## Edit a list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to edit the list from. +2. Select the tab of the entity type you'd like to edit the list from. 3. Update the details of the rule and click **Update rule**. ## Delete a list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to delete the list from. +2. Select the tab of the entity type you'd like to delete the list from. 3. Select the list type by clicking the check-box beside the list type. From b4295544c7e8ccac5962e8725e34e804ec3faaac Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 14 Jun 2018 17:07:02 -0700 Subject: [PATCH 2/4] update allowed blocked lists --- ...ced-hunting-windows-defender-advanced-threat-protection.md | 4 +++- ...locked-list-windows-defender-advanced-threat-protection.md | 4 +--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index c5a0aa9147..c8d4b355cc 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 06/13/2018 --- # Query data using Advanced hunting in Windows Defender ATP @@ -54,6 +54,8 @@ We then add a filter on the _FileName_ to contain only instances of _powershell Afterwards, we add a filter on the _ProcessCommandLine_ Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**. +You have the option of expanding the screen view so you can focus on your hunting query and related results. + ### Use operators The query language is very powerful and has a lot of available operators, some of them are - diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index f1e3dbc4a5..824dbb804b 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/11/2018 +ms.date: 06/14/2018 --- # Manage automation allowed/blocked lists @@ -43,8 +43,6 @@ You can define the conditions for when entities are identified as malicious or s - Certificate - IP address - DNS - - Email - - Process memory 3. Click **Add system exclusion**. From 145451a9a405ef7d3afe8f5b510f3dc83d3f95e0 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Fri, 15 Jun 2018 12:22:38 -0700 Subject: [PATCH 3/4] Fixed link. --- .../customize-attack-surface-reduction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index f8f6992650..10bb054f45 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/30/2018 +ms.date: 06/15/2018 --- # Customize Attack surface reduction @@ -54,7 +54,7 @@ This could potentially allow unsafe files to run and infect your devices. You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode) and that allow exclusions. -Windows 10, version 1803 supports environment variables and wildcards. For information about using wildcards in Windows Defender Exploit Guard, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). +Windows 10, version 1803 supports environment variables and wildcards. For information about using wildcards in Windows Defender Exploit Guard, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). Exclusions will only be applied to certain rules. Some rules will not honor the exclusion list. This means that even if you have added a file to the exclusion list, some rules will still evaluate and potentially block that file if the rule determines the file to be unsafe. From 5cf6a869a5ad1a91b4c9c658820694cec6d2e76d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 15 Jun 2018 14:26:01 -0700 Subject: [PATCH 4/4] add browser support --- ...quirements-windows-defender-advanced-threat-protection.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index bd53b3a21d..f42a764acb 100644 --- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/04/2018 +ms.date: 06/15/2018 --- # Minimum requirements for Windows Defender ATP @@ -42,6 +42,9 @@ Windows Defender Advanced Threat Protection requires one of the following Micros For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). +### Browser requirements +Internet Explorer and Microsoft Edge are supported. Any HTML5 compliant browsers are also supported. + ### Network and data storage and configuration requirements When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.