| Details | Originating update | Status | History |
+ | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.
Next steps: We are working on a resolution and estimate a solution will be available in late November.
Back to top | OS Build 17763.737
September 10, 2019
KB4512578 | Mitigated
| Last updated:
October 29, 2019
05:15 PM PT
Opened:
October 29, 2019
05:15 PM PT |
Microsoft Defender Advanced Threat Protection might stop runningAfter installing the optional non-security update ( KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe.
Note Microsoft Windows Defender Antivirus is not affected by this issue.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Next steps: At this time, we suggest that devices in an affected environment do not install the optional non-security update, KB4520062. We are working on a resolution and estimate a solution will be available in mid-November.
Back to top | OS Build 17763.832
October 15, 2019
KB4520062 | Investigating
| Last updated:
October 18, 2019
04:23 PM PT
Opened:
October 17, 2019
05:14 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml
index ba1a2faffc..01ae8568a1 100644
--- a/windows/release-information/status-windows-10-1903.yml
+++ b/windows/release-information/status-windows-10-1903.yml
@@ -64,6 +64,8 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
+ Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 18362.356
September 10, 2019
KB4515384 | Mitigated
| October 29, 2019
05:15 PM PT |
+ Cannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Resolved
KB4501375 | June 27, 2019
10:00 AM PT |
Unable to discover or connect to Bluetooth devices using some Qualcomm adapters
Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Resolved
KB4517389 | October 08, 2019
10:00 AM PT |
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| October 25, 2019
04:21 PM PT |
Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters
Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.
See details > | N/A
| Resolved
KB4522355 | October 24, 2019
10:00 AM PT |
@@ -73,7 +75,6 @@ sections:
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated External
| August 01, 2019
08:44 PM PT |
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| August 01, 2019
06:27 PM PT |
Intel Audio displays an intcdaud.sys notification
Devices with a range of Intel Display Audio device drivers may experience battery drain.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| May 21, 2019
04:47 PM PT |
- Cannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| May 21, 2019
04:47 PM PT |
"
@@ -89,6 +90,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.
Next steps: We are working on a resolution and estimate a solution will be available in late November.
Back to top | OS Build 18362.356
September 10, 2019
KB4515384 | Mitigated
| Last updated:
October 29, 2019
05:15 PM PT
Opened:
October 29, 2019
05:15 PM PT |
| Unable to discover or connect to Bluetooth devices using some Qualcomm adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.
Affected platforms: - Client: Windows 10, version 1903
- Server: Windows Server, version 1903
Resolution: This issue was resolved in KB4517389 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Resolved
KB4517389 | Resolved:
October 08, 2019
10:00 AM PT
Opened:
October 25, 2019
04:21 PM PT |
"
@@ -126,10 +128,10 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ | Cannot launch Camera app Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating: \"Close other apps, error code: 0XA00F4243.”
To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.
Affected platforms: - Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4501375 and the safeguard hold has been removed.
Back to top | OS Build 18362.116
May 21, 2019
KB4505057 | Resolved
KB4501375 | Resolved:
June 27, 2019
10:00 AM PT
Opened:
May 21, 2019
07:20 AM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.
Affected platforms: - Client: Windows 10, version 1903
- Server: Windows Server, version 1903
Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You will need to install a Realtek driver version greater than 1.5.1011.0.
Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool.
Next steps: Microsoft is working with Realtek to release new drivers for all affected system via Windows Update.
October 25, 2019 note This issue was previously grouped with the Qualcomm radio issue, which is now resolved. There is no change to this issue except to remove reference to Qualcomm.
Back to top | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| Last updated:
October 25, 2019
04:21 PM PT
Opened:
May 21, 2019
07:29 AM PT |
| Intermittent loss of Wi-Fi connectivity Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).
To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.
Affected platforms: - Client: Windows 10, version 1903
Workaround: Before updating to Windows 10, version 1903, you will need to download and install an updated Wi-Fi driver from your device manufacturer (OEM). Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.
Back to top | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated External
| Last updated:
August 01, 2019
08:44 PM PT
Opened:
May 21, 2019
07:13 AM PT |
| Gamma ramps, color profiles, and night light settings do not apply in some cases Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.
Microsoft has identified some scenarios in which these features may have issues or stop working, for example: - Connecting to (or disconnecting from) an external monitor, dock, or projector
- Rotating the screen
- Updating display drivers or making other display mode changes
- Closing full screen applications
- Applying custom color profiles
- Running applications that rely on custom gamma ramps
Affected platforms: - Client: Windows 10, version 1903
Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| Last updated:
August 01, 2019
06:27 PM PT
Opened:
May 21, 2019
07:28 AM PT |
| Intel Audio displays an intcdaud.sys notification Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8). To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809
Workaround: On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.
Note We recommend you do not attempt to update your devices until newer device drivers are installed.
Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.
Back to top | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:47 PM PT
Opened:
May 21, 2019
07:22 AM PT |
- | Cannot launch Camera app Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating: \"Close other apps, error code: 0XA00F4243.”
To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.
Affected platforms: - Client: Windows 10, version 1903
Workaround: To temporarily resolve this issue, perform one of the following:
- Unplug your camera and plug it back in.
or - Disable and re-enable the driver in Device Manager. In the Search box, type \"Device Manager\" and press Enter. In the Device Manager dialog box, expand Cameras, then right-click on any RealSense driver listed and select Disable device. Right click on the driver again and select Enable device.
or - Restart the RealSense service. In the Search box, type \"Task Manager\" and hit Enter. In the Task Manager dialog box, click on the Services tab, right-click on RealSense, and select Restart.
Note This workaround will only resolve the issue until your next system restart.
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:47 PM PT
Opened:
May 21, 2019
07:20 AM PT |
"
diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index 1fbf4b6b35..20f5db2632 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -11,6 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
+audience: ITPro
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
@@ -21,76 +22,93 @@ manager: dansimp
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge)
-The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can detect and block PUAs on endpoints in your network.
+Potentially unwanted applications are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. _PUA_ can also refer to an application that has a poor reputation, as assessed by Microsoft Defender ATP, due to certain kinds of undesirable behavior.
-These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation.
+For example:
-Typical PUA behavior includes:
+* **Advertising software:** Software that displays advertisements or promotions, including software that inserts advertisements to webpages.
+* **Bundling software:** Software that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualify as PUA.
+* **Evasion software:** Software that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.
-- Various types of software bundling
-- Ad injection into web browsers
-- Driver and registry optimizers that detect issues, request payment to fix the errors, but remain on the endpoint and make no changes or optimizations (also known as "rogue antivirus" programs)
+For more examples and a discussion of the criteria we use to label applications for special attention from security features, see [How Microsoft identifies malware and potentially unwanted applications](../intelligence/criteria.md).
-These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications.
-
->[!TIP]
->You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up.
## How it works
-Windows Defender Antivirus blocks detected PUA files and attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantined.
+### Microsoft Edge
-When a PUA is detected on an endpoint, Windows Defender Antivirus presents a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as normal threat detections (prefaced with "PUA:").
+The next major version of Microsoft Edge, which is Chromium-based, blocks potentially unwanted application downloads and associated resource URLs. This feature is provided via [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
-They will also appear in the usual [quarantine list in the Windows Security app](windows-defender-security-center-antivirus.md#detection-history).
+#### Enable PUA protection in Chromium-based Microsoft Edge
-## View PUA events
+Although potentially unwanted application protection in Microsoft Edge (Chromium-based) is off by default, it can easily be turned on from within the browser.
-PUA events are reported in the Windows Event Viewer, but not in System Center Configuration Manager or Intune.
+1. From the tool bar, select **Settings and more** > **Settings**
+1. Select **Privacy and services**
+1. Under the **Services** section, you can toggle **Potentially unwanted app blocking** on or off
-You can turn on email notifications for PUA detections.
+> [!TIP]
+> If you are running Microsoft Edge (Chromium-based), you can safely explore the URL-blocking feature of PUA protection by testing it out on one of our Windows Defender SmartScreen demo pages.
-See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID 1160.
+
-## Configure PUA protection
+### Windows Defender Antivirus
-You can enable PUA protection with Microsoft Intune, System Center Configuration Manager, Group Policy, or PowerShell cmdlets.
+The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can detect and block PUAs on endpoints in your network.
-You can also use the PUA audit mode to detect PUA without blocking them. The detections will be captured in the Windows event log.
+> [!NOTE]
+> This feature is only available in Windows 10.
-This feature is useful if your company is conducting an internal software security compliance check and you'd like to avoid any false positives.
+Windows Defender Antivirus blocks detected PUA files, and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine.
-**Use Intune to configure PUA protection**
+When a PUA is detected on an endpoint, Windows Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as other threat detections. The notification will be prefaced with _PUA:_ to indicate its content.
+
+The notification will appear in the usual [quarantine list within the Windows Security app](windows-defender-security-center-antivirus.md#detection-history).
+
+#### Configure PUA protection in Windows Defender Antivirus
+
+You can enable PUA protection with Microsoft Intune, System Center Configuration Manager, Group Policy, or via PowerShell cmdlets.
+
+You can also use the PUA audit mode to detect PUAs without blocking them. The detections will be captured in the Windows event log.
+
+> [!TIP]
+> You can visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com/Page/UrlRep) to confirm that the feature is working, and see it in action.
+
+PUA audit mode is useful if your company is conducting an internal software security compliance check and you'd like to avoid any false positives.
+
+##### Use Intune to configure PUA protection
See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
-**Use Configuration Manager to configure PUA protection:**
+##### Use Configuration Manager to configure PUA protection
-PUA protection is enabled by default in System Center Configuration Manager (current branch), including version 1606 and later.
+PUA protection is enabled by default in the System Center Configuration Manager (current branch), starting with version 1606.
See [How to create and deploy antimalware policies: Scheduled scans settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) for details on configuring System Center Configuration Manager (current branch).
For Configuration Manager 2012, see [How to Deploy Potentially Unwanted Application Protection Policy for Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508770.aspx#BKMK_PUA).
> [!NOTE]
-> PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager.
+> PUA events blocked by Windows Defender Antivirus are reported in the Windows Event Viewer and not in System Center Configuration Manager.
-**Use Group Policy to configure PUA protection:**
+##### Use Group Policy to configure PUA protection
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure, and select **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
3. Expand the tree to **Windows components > Windows Defender Antivirus**.
4. Double-click **Configure protection for potentially unwanted applications**.
-5. Click **Enabled** to enable PUA protection.
+5. Select **Enabled** to enable PUA protection.
-6. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting will work in your environment. Click **OK**.
+6. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting will work in your environment. Select **OK**.
-**Use PowerShell cmdlets to configure PUA protection:**
+##### Use PowerShell cmdlets to configure PUA protection
Use the following cmdlet:
@@ -98,12 +116,24 @@ Use the following cmdlet:
Set-MpPreference -PUAProtection
```
-Setting the value for this cmdlet to `Enabled` will turn the feature on if it has been disabled.
+Setting the value for this cmdlet to `Enabled` will turn the feature on if it has been disabled.
-Setting `AuditMode` will detect PUAs but will not block them.
+Setting `AuditMode` will detect PUAs without blocking them.
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
+#### View PUA events
+
+PUA events are reported in the Windows Event Viewer, but not in System Center Configuration Manager or in Intune.
+
+You can turn on email notifications to receive mail about PUA detections.
+
+See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID **1160**.
+
+#### Allow-listing apps
+
+Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed. See [How to Configure Endpoint Protection in Configuration Manager](https://docs.microsoft.com/previous-versions/system-center/system-center-2012-R2/hh508770(v=technet.10)#to-exclude-specific-files-or-folders) for information on allowing files which are currently blocked by PUA protection in Windows Defender Antivirus.
+
## Related topics
- [Next gen protection](windows-defender-antivirus-in-windows-10.md)
diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
index 9d214a2b3c..475ce2cff3 100644
--- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
@@ -7,38 +7,41 @@ ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
+ms.author: macapara
+audience: ITPro
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.reviewer:
manager: dansimp
-ms.author: macapara
---
# Windows Defender SmartScreen
+
**Applies to:**
- Windows 10
- Windows 10 Mobile
-Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files.
+Windows Defender SmartScreen protects against phishing or malware websites, and the downloading of potentially malicious files.
**SmartScreen determines whether a site is potentially malicious by:**
-- Analyzing visited webpages looking for indications of suspicious behavior. If it finds suspicious pages, SmartScreen shows a warning page, advising caution.
+- Analyzing visited webpages, looking for indications of suspicious behavior. If SmartScreen determines that a page is suspicious, it will show a warning page to advise caution.
-- Checking the visited sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
+- Checking visited sites against a dynamic list of reported phishing and malicious software sites. If SmartScreen finds a match, it will show a warning indicating that the site might be malicious.
**SmartScreen determines whether a downloaded app or app installer is potentially malicious by:**
-- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
+- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If SmartScreen finds a match, it will show a warning indicating that the site might be malicious.
-- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, SmartScreen shows a warning, advising caution.
+- Checking downloaded files against a list of files that are well-known and downloaded by many Windows users. If the file isn't on that list, SmartScreen shows a warning, advising caution.
- >[!NOTE]
- >Before Windows 10, version 1703 this feature was called the SmartScreen Filter when used within the browser and Windows SmartScreen when used outside of the browser.
+ > [!NOTE]
+ > Before Windows 10, version 1703, this feature was called _the SmartScreen Filter_ when used within the browser and _Windows SmartScreen_ when used outside of the browser.
## Benefits of Windows Defender SmartScreen
-Windows Defender SmartScreen helps to provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
+
+Windows Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
- **Anti-phishing and anti-malware support.** SmartScreen helps to protect your employees from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly-used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see [Evolving Microsoft SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97)
@@ -50,28 +53,27 @@ Windows Defender SmartScreen helps to provide an early warning system against we
- **Management through Group Policy and Microsoft Intune.** SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md).
+- **Blocking URLs associated with potentially unwanted applications.** In the next major version of Microsoft Edge (based on Chromium), SmartScreen will blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md).
+
## Viewing Windows Defender SmartScreen anti-phishing events
+
When Windows Defender SmartScreen warns or blocks an employee from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx).
-
## Viewing Windows event logs for SmartScreen
+
SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Event Viewer.
> [!NOTE]
> For information on how to use the Event Viewer, see [Windows Event Viewer](https://docs.microsoft.com/host-integration-server/core/windows-event-viewer1).
-|EventID | Description |
-| :---: | :---: |
-|1000 | Application SmartScreen Event|
-|1001 | Uri SmartScreen Event|
-|1002 | User Decision SmartScreen Event|
+EventID | Description
+-|-
+1000 | Application SmartScreen Event
+1001 | Uri SmartScreen Event
+1002 | User Decision SmartScreen Event
## Related topics
+
- [SmartScreen Frequently Asked Questions (FAQ)](https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx)
-
- [Threat protection](../index.md)
-
- [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings)
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
- --
- --
- --
- --
- --
- --
- --
- --
- --
- --