mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-28 13:17:23 +00:00
Merge branch 'master' into repo_sync_working_branch
This commit is contained in:
Gary Moore
GitHub
commit
704b984858
@ -25,7 +25,7 @@ ms.topic: article
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Microsoft Defender Antivirus is designed to keep your PC safe with built-in, trusted antivirus protection. With Microsoft Defender Antivirus, you get comprehensive, ongoing, and real-time protection against software threats like viruses, malware, and spyware across email, apps, the cloud, and the web.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Microsoft Defender AV Assessment section in the Update Compliance add-in.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you might encounter when using the Microsoft Defender AV.
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ ms.date: 08/17/2020
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can perform various Microsoft Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Microsoft Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can manage and configure Microsoft Defender Antivirus with the following tools:
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
## Use Microsoft Intune to configure scanning options
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can configure how users of the endpoints on your network can interact with Microsoft Defender Antivirus.
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection.
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ ms.date: 10/21/2020
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender ATP capabilities, including [endpoint detection and response (EDR)](../microsoft-defender-atp/overview-endpoint-detection-response.md), [attack surface reduction (ASR) rules](../microsoft-defender-atp/attack-surface-reduction.md), and [controlled folder access](../microsoft-defender-atp/controlled-folders.md). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, add them to the Microsoft Defender ATP [custom indicators](../microsoft-defender-atp/manage-indicators.md).
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
By default, Microsoft Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can configure Microsoft Defender Antivirus with a number of tools, including:
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
In Windows 10, application notifications about malware detection and remediation are more robust, consistent, and concise.
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can exclude files that have been opened by specific processes from Microsoft Defender Antivirus scans. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Microsoft Defender Antivirus uses several methods to provide threat protection:
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ ms.custom: nextgen
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Always-on protection consists of real-time protection, behavior monitoring, and heuristics to identify malware based on known suspicious and malicious activities.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
When Microsoft Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Microsoft Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Microsoft Defender Antivirus scans.
|
||||
|
||||
|
||||
@ -16,24 +16,24 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
---
|
||||
|
||||
# Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation
|
||||
# Customize, initiate, and review the results of Microsoft Defender Antivirus scans & remediation
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Microsoft Defender Antivirus scans.
|
||||
|
||||
## In this section
|
||||
|
||||
Topic | Description
|
||||
---|---
|
||||
[Configure and validate file, folder, and process-opened file exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) | You can exclude files (including files modified by specified processes) and folders from on-demand scans, scheduled scans, and always-on real-time protection monitoring and scanning
|
||||
[Configure Microsoft Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) | You can configure Microsoft Defender Antivirus to include certain types of email storage files, back-up or reparse points, and archived files (such as .zip files) in scans. You can also enable network file scanning
|
||||
[Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) | Configure what Microsoft Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder
|
||||
[Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) | Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans
|
||||
[Configure and run scans](run-scan-microsoft-defender-antivirus.md) | Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app
|
||||
[Review scan results](review-scan-results-microsoft-defender-antivirus.md) | Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app
|
||||
| Article | Description |
|
||||
|:---|:---|
|
||||
|[Configure and validate file, folder, and process-opened file exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) | You can exclude files (including files modified by specified processes) and folders from on-demand scans, scheduled scans, and always-on real-time protection monitoring and scanning |
|
||||
|[Configure Microsoft Defender Antivirus scanning options](configure-advanced-scan-types-microsoft-defender-antivirus.md) | You can configure Microsoft Defender Antivirus to include certain types of email storage files, back-up or reparse points, and archived files (such as .zip files) in scans. You can also enable network file scanning |
|
||||
|[Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md) | Configure what Microsoft Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder |
|
||||
|[Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) | Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans |
|
||||
|[Configure and run scans](run-scan-microsoft-defender-antivirus.md) | Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app |
|
||||
|[Review scan results](review-scan-results-microsoft-defender-antivirus.md) | Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app |
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can deploy, manage, and report on Microsoft Defender Antivirus in a number of ways.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Depending on the management tool you are using, you may need to specifically enable or configure Microsoft Defender Antivirus protection.
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
In addition to standard on-premises or hardware configurations, you can also use Microsoft Defender Antivirus in a remote desktop (RDS) or virtual desktop infrastructure (VDI) environment.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge)
|
||||
|
||||
> [!NOTE]
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Use this guide to determine how well Microsoft Defender Antivirus protects you from viruses, malware, and potentially unwanted applications.
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Microsoft Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Microsoft Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis.
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Microsoft Defender Antivirus lets you determine when it should look for and download updates.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ ms.date: 10/21/2020
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
There are two types of updates related to keeping Microsoft Defender Antivirus up to date:
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Mobile devices and VMs may require additional configuration to ensure performance is not impacted by updates.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ ms.date: 09/28/2020
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
## Overview
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
In Windows 10, version 1703 and later, the Windows Defender app is part of the Windows Security.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can use Group Policy to prevent users on endpoints from seeing the Microsoft Defender Antivirus interface. You can also prevent them from pausing scans.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
With Microsoft Defender Antivirus, you have several options for reviewing protection status and alerts. You can use Microsoft Endpoint Configuration Manager to [monitor Microsoft Defender Antivirus](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-configure-alerts). Or, you can monitor protection using [Microsoft Intune](https://docs.microsoft.com/intune/introduction-intune).
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
If Microsoft Defender Antivirus is configured to detect and remediate threats on your device, Microsoft Defender Antivirus quarantines suspicious files. If you are certain a quarantined file is not a threat, you can restore it.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
After a Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can run an on-demand scan on individual endpoints. These scans will start immediately, and you can define parameters for the scan, such as the location or type.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
> [!NOTE]
|
||||
> By default, Microsoft Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) to override this default.
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
If you encounter a problem with Microsoft Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution.
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> On March 31, 2020, the Microsoft Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
|
||||
|
||||
@ -22,7 +22,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can use [Group Policy](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx) to configure and manage Microsoft Defender Antivirus on your endpoints.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
If you are using Microsoft Endpoint Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Microsoft Defender Antivirus scans.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration. You can read more about it at the [PowerShell hub on MSDN](https://docs.microsoft.com/previous-versions/msdn10/mt173057(v=msdn.10)).
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings.
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@ ms.custom: asr
|
||||
# Configure Microsoft Defender Application Guard policy settings
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ ms.custom: asr
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization.
|
||||
|
||||
|
||||
@ -72,8 +72,9 @@ Field numbers match the numbers in the images below.
|
||||
> | | LogOnUsers | sourceUserId | contoso\liz-bean; contoso\jay-hardee | The domain and user of the interactive logon user/s at the time of the event. Note: For devices on Windows 10 version 1607, the domain information will not be available. |
|
||||
> | | InternalIPv4List | No mapping | 192.168.1.7, 10.1.14.1 | List of IPV4 internal IPs for active network interfaces. |
|
||||
> | | InternalIPv6List | No mapping | fd30:0000:0000:0001:ff4e:003e:0009:000e, FE80:CD00:0000:0CDE:1257:0000:211E:729C | List of IPV6 internal IPs for active network interfaces. |
|
||||
| | LinkToMTP | flexString1 | `https://security.microsoft.com/alert/da637370718981685665_16349121` | Value available for every Detection.
|
||||
| | IncidentLinkToMTP | flexString1 | `"https://security.microsoft.com/incidents/byalert?alertId=da637370718981685665_16349121&source=SIEM` | Value available for every Detection.
|
||||
| | LinkToMTP | No mapping | `https://security.microsoft.com/alert/da637370718981685665_16349121` | Value available for every Detection.
|
||||
| | IncidentLinkToMTP | No mapping | `"https://security.microsoft.com/incidents/byalert?alertId=da637370718981685665_16349121&source=SIEM` | Value available for every Detection.
|
||||
| | IncidentLinkToWDATP | No mapping | `https://securitycenter.windows.com/incidents/byalert?alertId=da637370718981685665_16349121&source=SIEM` | Value available for every Detection.
|
||||
> | Internal field | LastProcessedTimeUtc | No mapping | 2017-05-07T01:56:58.9936648Z | Time when event arrived at the backend. This field can be used when setting the request parameter for the range of time that detections are retrieved. |
|
||||
> | | Not part of the schema | deviceVendor | | Static value in the ArcSight mapping - 'Microsoft'. |
|
||||
> | | Not part of the schema | deviceProduct | | Static value in the ArcSight mapping - 'Microsoft Defender ATP'. |
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user