deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

tweaks

Browse Source
This commit is contained in:
iaanw
2017-02-27 14:43:08 -08:00
parent b542e8f036
commit 68522d1af4
5 changed files with 77 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/keep-secure/WDAV-working/configure-block-at-first-sight-windows-defender-antivirus.md
View File

@ -26,12 +26,18 @@ author: iaanw
- Enterprise security administrators - Enterprise security administrators
**Manageability available with**
- Group Policy
- Windows Settings
Block at First Sight is a feature of Windows Defender cloud protection that provides a way to detect and block new malware within seconds. Block at First Sight is a feature of Windows Defender cloud protection that provides a way to detect and block new malware within seconds.
It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention.
You can also [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file.
## How it works ## How it works
When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. The following video describes how this feature works. When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. The following video describes how this feature works.

15
windows/keep-secure/WDAV-working/configure-cloud-block-timeout-period-windows-defender-antivirus.md
View File

@ -24,9 +24,15 @@ author: iaanw
- Enterprise security administrators - Enterprise security administrators
**Manageability available with**
- Group Policy
When Windows Defender Antivirus is suspicious of a file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud-protection service](utilize-microsoft-cloud-protection-windows-defender-antivirus.md). When Windows Defender Antivirus is suspicious of a file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud-protection service](utilize-microsoft-cloud-protection-windows-defender-antivirus.md).
The default period that the file will be blocked for is 10 seconds. You can specify an additional period of time to wait before the file is allowed to run. This can help ensure there is enough time to receive a proper determination from the Windows Defendre Antivirus cloud. The default period that the file will be [blocked](configure-block-at-first-sight-windows-defender-antivirus.md) for is 10 seconds. You can specify an additional period of time to wait before the file is allowed to run. This can help ensure there is enough time to receive a proper determination from the Windows Defendre Antivirus cloud.
## Prerequisites to use the extended cloud block timeout ## Prerequisites to use the extended cloud block timeout
@ -34,12 +40,7 @@ The [Block at First Sight](configure-block-at-first-sight-windows-defender-antiv
## Specify the extended timeout period ## Specify the extended timeout period
You can use System Center Configuration Manager or Group Policy to specify an extended timeout for cloud checks. You can use Group Policy to specify an extended timeout for cloud checks.
**Use Configuration Manager to specify an extended timeout period**
>[!NOTE]
>Not sure if this is being doc'd on SCCM side. Will check with Nathan. What about PowerShell cmdlets? Are there any that cover this?
**Use Group Policy to specify an extended timeout period:** **Use Group Policy to specify an extended timeout period:**

48
windows/keep-secure/WDAV-working/deployment-guide-vdi-windows-defender-antivirus.md Normal file
View File

@ -0,0 +1,48 @@
---
title:
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
---
# H1
**Applies to:**
- Windows 10
- Windows 10, version 1703
**Audience**
- Network administrators
- IT professionals
- IT administrators
**Manageability available with**
- Group Policy
- Windows Settings
When you enable endpoint protection for your clients, it will install an additional management layer on Windows Defender to manage the in-box Windows Defender agent. While the client user interface will still appear as Windows Defender, the management layer for Endpoint Protection will be listed in the **Add/Remove Programs** control panel, though it will appear as if the full product is installed.
## Related topics
- [Windows Defender Antivirus in Windows 10](windows-defender-in-windows-10.md)
- [Configure Windows Defender Antivirus features](configure-windows-defender-antivirus-features.md)
- [Deploy and enable Windows Defender Antivirus protection](deploy-windows-defender-antivirus.md)
- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
- [Monitor and report on Windows Defender Antivirus protection](report-monitor-windows-defender-antiviirus.md)

2
windows/keep-secure/WDAV-working/enable-cloud-protection-windows-defender-antivirus.md
View File

@ -69,8 +69,6 @@ See [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus]
See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for details on configuring System Center Configuration Manager (current branch). See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for details on configuring System Center Configuration Manager (current branch).
>[!NOTE] I can't see options for 2012, guessing it doesn't exist?
**Use PowerShell cmdlets to enable cloud-delivered protection:** **Use PowerShell cmdlets to enable cloud-delivered protection:**

18
windows/keep-secure/WDAV-working/specify-cloud-protection-level-windows-defender-antivirus.md
View File

@ -24,17 +24,18 @@ author: iaanw
- Enterprise security administrators - Enterprise security administrators
**Manageability available with**
- Group Policy
- System Center Configuration Manager (current branch)
You can specify the level of cloud-protection offered by Windows Defender Antivirus with Group Policy and System Center Configuration Manager. You can specify the level of cloud-protection offered by Windows Defender Antivirus with Group Policy and System Center Configuration Manager.
>[!NOTE] >[!NOTE]
>The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates. >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates.
See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for a comparison of the availble levels.
>[!NOTE]
>This lists four settings, and the GP only has two settings, but not description (it says go to the documentation site).
**Use Group Policy to specify the level of cloud-delivered protection:** **Use Group Policy to specify the level of cloud-delivered protection:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -46,17 +47,16 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht
5. Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine**. 5. Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine**.
1. Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection: 1. Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection:
1. **Default Windows Defender Antivirus blocking level**. 1. Setting to **Default Windows Defender Antivirus blocking level** will provide strong detection without increasing the risk of detecting legitimate files.
2. **High blocking level**. 2. Setting to **High blocking level** will apply a strong level of detection. While unlikely, some legitimate files may be detected (although you will have the option to unblock or dispute that detection).
1. Click **OK**. 1. Click **OK**.
**Use Configuration Manager to specify the level of cloud-delivered protection:** **Use Configuration Manager to specify the level of cloud-delivered protection:**
See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for details on configuring System Center Configuration Manager (current branch). 1. See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for details on configuring System Center Configuration Manager (current branch).
>[!NOTE] I can't see options for 2012 [here](https://technet.microsoft.com/en-us/library/hh508785.aspx#BKMK_List), guessing it doesn't exist?
@ -64,6 +64,6 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht
- [Windows Defender Antivirus in Windows 10](windows-defender-in-windows-10.md) - [Windows Defender Antivirus in Windows 10](windows-defender-in-windows-10.md)
- [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) - [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md)
-[How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) - [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service)