mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 14:57:23 +00:00
updates for compat and custom notifs
This commit is contained in:
Iaan D'Souza-Wiltshire
parent
83a5b9440e
commit
6dc218d2ae
@ -34,7 +34,7 @@ ms.date: 08/25/2017
|
||||
- Windows Defender Security Center app
|
||||
|
||||
|
||||
Block at First Sight is a feature of Windows Defender Antivirus cloud-delivered protection that provides a way to detect and block new malware within seconds.
|
||||
Block at first sight is a feature of Windows Defender Antivirus cloud-delivered protection that provides a way to detect and block new malware within seconds.
|
||||
|
||||
It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. You can use group policy settings to confirm the feature is enabled.
|
||||
|
||||
|
||||
@ -0,0 +1,7 @@
|
||||
<svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'>
|
||||
<title>Check mark no</title>
|
||||
<polygon
|
||||
fill='#d83b01'
|
||||
points='95.2 12.2 83 0 47.6 35.4 12.2 0 0 12.2 35.4 47.6 0 83 12.2 95.2 47.6 59.9 83 95.2 95.2 83 59.9 47.6 95.2 12.2'
|
||||
/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 302 B |
@ -0,0 +1,7 @@
|
||||
<svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'>
|
||||
<title>Check mark yes</title>
|
||||
<path
|
||||
fill='#0E8915'
|
||||
d='M129 20L55 94 21 60 10 71l45 45 85-85z'
|
||||
/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 222 B |
@ -60,17 +60,29 @@ Windows Server 2016 | Windows Defender AV | No | Active mode
|
||||
|
||||
This table describes what each of the three states do:
|
||||
|
||||
State | Description | Real-time protection and cloud-delivered protection | Limited periodic scanning | File scanning and detection information | Threat remediation | Threat definition updates
|
||||
-|-|-|-|-|-|-
|
||||
Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
||||
Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
||||
Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your confirmation tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
State | Description | Real-time protection and cloud-delivered protection | Limited periodic scanning | File scanning and detection information | Threat remediation | Threat definition updates
|
||||
-|-|-|-|-|-
|
||||
Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | N | Y | Y | N | Y
|
||||
Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | [!include[Check mark no](images/svg/check-no.md)]N | Y | Y | N | Y
|
||||
Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | N | Y | N | N | N
|
||||
Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your confirmation tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | Y | N | Y | Y | Y
|
||||
|
||||
|
||||
|
||||
Passive mode is enabled if you are enrolled in Windows Defender ATP because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
|
||||
|
||||
Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app.
|
||||
|
||||
In passive and automatic disabled mode, you can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
|
||||
In passive and automatic disabled mode, you can still [manage updates for Windows Defender AV](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
|
||||
|
||||
If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
|
||||
|
||||
|
||||
@ -154,7 +154,7 @@ The following table lists the services for Windows Defender and the dependent se
|
||||
|--------|---------|--------|
|
||||
|Windows Defender Service (Windefend)|C:\Program Files\Windows Defender\MsMpEng.exe|This is the main Windows Defender Antivirus service that needs to be running at all times.|
|
||||
|Windows Error Reporting Service (Wersvc)|C:\WINDOWS\System32\svchost.exe -k WerSvcGroup|This service sends error reports back to Microsoft.|
|
||||
|Windows Firewall (MpsSvc)|C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork|We recommend leaving the Windows Firewall service enabled.|
|
||||
|Windows Defender Firewall (MpsSvc)|C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork|We recommend leaving the Windows Defender Firewall service enabled.|
|
||||
|Windows Update (Wuauserv)|C:\WINDOWS\system32\svchost.exe -k netsvcs|Windows Update is needed to get definition updates and antimalware engine updates|
|
||||
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ In Windows 10, version 1703 (also known as the Creators Update), the Windows Def
|
||||
Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
|
||||
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
|
||||
|
||||
> [!WARNING]
|
||||
> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
|
||||
|
||||
@ -29,25 +29,20 @@ ms.date: 08/25/2017
|
||||
|
||||
In Windows 10, version 1703 we introduced the new Windows Defender Security Center app, which brings together common Windows security features into one easy-to-use app.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Many settings that were previously part of the individual features and main Windows Settings have been combined and moved to the new app, which is installed out-of-the-box as part of Windows 10, version 1703.
|
||||
|
||||
The app includes the settings and status for the following security features:
|
||||
|
||||
- Virus & threat protection, including settings for Windows Defender Antivirus and Controlled folder access
|
||||
- Device performance & health, which includes information about drivers, storage space, and general Windows Update issues
|
||||
- Firewall & network protection, including Windows Firewall
|
||||
- Firewall & network protection, including Windows Defender Firewall
|
||||
- App & browser control, covering Windows Defender SmartScreen settings and Exploit protection mitigations
|
||||
- Family options, which include a number of parental controls along with tips and information for keeping kids safe online
|
||||
|
||||
- Family options, which includes access to parental controls along with tips and information for keeping kids safe online
|
||||
|
||||
In Windows 10, version 1709, we increased the scope of the app to also show information from third-party antivirus and firewall apps.
|
||||
|
||||
The Windows Defender Security Center app uses the [Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on third-party antivirus and firewall products that are installed on the device.
|
||||
|
||||
@ -55,13 +50,13 @@ The Windows Defender Security Center app uses the [Security Center service](http
|
||||
>[!IMPORTANT]
|
||||
>Windows Defender AV and the Windows Defender Security Center app use similarly named services for specific purposes.
|
||||
>
|
||||
>The Windows Defender Security Center app uses the Windows Defender Security Center Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Firewall, and other security protection.
|
||||
>The Windows Defender Security Center app uses the Windows Defender Security Center Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Defender Firewall, and other security protection.
|
||||
>
|
||||
>These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product.
|
||||
>
|
||||
>Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
|
||||
>
|
||||
>Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).
|
||||
>Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).
|
||||
|
||||
> [!WARNING]
|
||||
> If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
|
||||
@ -97,9 +92,12 @@ Disabling any of the individual features (through Group Policy or other manageme
|
||||
> [!IMPORTANT]
|
||||
> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center app.
|
||||
|
||||
For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
|
||||
For example, using a third-party antivirus will disable Windows Defender Antivirus. However, the Windows Defender Security Center app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall.
|
||||
|
||||
The presence of the third-party antivirus will be indicated under the **Virus & threat protection** section and third-party firewalls will be shown under the **Firewall & network protection** section in the Windows Defender Security Center app.
|
||||
|
||||
See the [Windows Defender Antivirus compatibility](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility) topic for more information on how Windows Defender AV works with other antivirus apps, and what options are availble.
|
||||
|
||||
The presence of the third-party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center app.
|
||||
|
||||
|
||||
|
||||
@ -112,32 +110,38 @@ See the following links for more information on the features in the Windows Defe
|
||||
- Device performance & health
|
||||
- It administrators and IT pros can [configure the Load and unload device drivers security policy setting](https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/load-and-unload-device-drivers), and learn how to [deploy drivers during Windows 10 deployment using System Center Configuration Manager](https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager)
|
||||
- Home users can learn more at the [Track your device and performance health in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012986/windows-defender-track-your-device-performance-health)
|
||||
- Windows Firewall
|
||||
- IT administrators and IT pros can get configuration guidance from the [Windows Firewall with Advanced Security documentation library](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security)
|
||||
- Windows Defender Firewall
|
||||
- IT administrators and IT pros can get configuration guidance from the [Windows Defender Firewall with Advanced Security documentation library](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security)
|
||||
- Home users can learn more at the [Firewall & network protection in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012988/windows-10-firewall-network-protection-windows-defender-security-center)
|
||||
- Windows Defender SmartScreen
|
||||
- IT administrators and IT pros can get configuration guidance from the [Windows Defender SmartScreen documentation library](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
|
||||
- Home users can learn more at the [App & browser control in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4013218/windows-10-app-browser-control-in-windows-defender)
|
||||
- Family options, which include a number of parental controls along with tips and information for keeping kids safe online
|
||||
- Family options, which includes access to parental controls along with tips and information for keeping kids safe online
|
||||
- Home users can learn more at the [Help protection your family online in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4013209/windows-10-protect-your-family-online-in-windows-defender)
|
||||
|
||||
## Customize notifications from the Windows Defender Security Center
|
||||
<a id="customize-notifications-from-the-windows-defender-security-center"></a>
|
||||
## Customize the Windows Defender Security Center app for your organization
|
||||
|
||||
You can customize notifcations so they show information to users about how to get more help from your organization's help desk.
|
||||
|
||||
|
||||
|
||||
This information will also appear as a pop-out window on the Windows Defender Security Center app.
|
||||
You can add information about your organization in a contact card to the Windows Defender Security Center app. This can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
|
||||
|
||||
|
||||
|
||||
Users can click on the displayed information to get more help:
|
||||
This information will also be shown in some enterprise-specific notifications (including those for [Windows Defender Exploit Guard](/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md), the [Block at first sight feature](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md), and [potentially unwanted applications](/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md).
|
||||
|
||||
|
||||
|
||||
|
||||
Users can click on the displayed information to easily initiate a support request:
|
||||
- Clicking **Call** or the phone number will open Skype to start a call to the displayed number
|
||||
- Clicking **Email** or the email address will create a new email in the machine's default email app address to the displayed email
|
||||
- Clicking **Help portal** or the website URL will open the machine's default web browser and go to the displayed address
|
||||
|
||||
|
||||
### Use Group Policy to customize the notification
|
||||
### Use Group Policy to enable and customize contact information
|
||||
|
||||
There are two stages to using the contact card and customized notifications. First, you have to enable the contact card or custom notifications (or both), and then you must specify at least a name for your organization and one piece of contact information.
|
||||
|
||||
This can only be done in Group Policy.
|
||||
|
||||
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
|
||||
|
||||
@ -147,11 +151,15 @@ Users can click on the displayed information to get more help:
|
||||
|
||||
5. Expand the tree to **Windows components > Windows Defender Security Center > Enterprise Customization**.
|
||||
|
||||
6. Open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**.
|
||||
6. You enable the contact card and the customized notifications by configuring two separate Group Policy settings. They will both use the same source of information (explained in Steps 7 and 8), and you can enable both or only one or the other:
|
||||
|
||||
7. Open the **Specify contact company name** setting and set it to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**.
|
||||
1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**.
|
||||
|
||||
8. To ensure the custom notification appear, you must also configure at least one of the following settings by opening them, setting them to **Enabled** and adding the contact information in the field under **Options**:
|
||||
2. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Click **OK**.
|
||||
|
||||
7. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**.
|
||||
|
||||
8. To ensure the custom notifications or contact card appear, you must also configure at least one of the following settings by opening them, setting them to **Enabled** and adding the contact information in the field under **Options**:
|
||||
1. Specify contact email address of Email ID
|
||||
2. Specify contact phone number or Skype ID
|
||||
3. Specify contact website
|
||||
@ -159,6 +167,9 @@ Users can click on the displayed information to get more help:
|
||||
9. Click **OK** after configuring each setting to save your changes.
|
||||
|
||||
|
||||
>[!IMPORTANT]
|
||||
>You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply: the contact card will not show, and notifications will not be customized.
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>The Windows Defender Security Center app is a client interface on Windows 10, version 1703. It is not the Windows Defender Security Center web portal that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user