From 93b54ce6c62a1001ef9959fb2814a7c7a091006a Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 12:36:46 -0400 Subject: [PATCH 01/34] Exploit Guard - Edition Table Edition tbale for what feature is supposed to work in each edition --- .../windows-defender-exploit-guard.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index d75309c31b..a0ab7e3166 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -68,6 +68,13 @@ Attack surface reduction | [Real-time protection](../windows-defender-antivirus/ Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console +| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 Enterprise | Windows 10 Education | +|-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | +| Exploit Protection | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | +| Attack surface reduction | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | +| Network Protection | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | +| Controlled Folder Access | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | + > [!NOTE] > Each feature's requirements are further described in the individual topics in this library. From 8ffcdf8be23a972599a83abf8e3ed2aa081d0eb1 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 12:38:17 -0400 Subject: [PATCH 02/34] green check mark - transparent --- .../images/check-yes.png | Bin 0 -> 1253 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-exploit-guard/images/check-yes.png diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/check-yes.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/check-yes.png new file mode 100644 index 0000000000000000000000000000000000000000..548ce771c052cbae47e532c220e9c9e2889d7ab0 GIT binary patch literal 1253 zcma)4c~Db#5Pk*_2tmhC`^J9S3aH;0c1( ztCU(m7>fvKJ+XoUm3qLm$?x|Om}AY+uixTot@b|$zn!% zk{6K?1o4cCj$jiQNca*rCnA3DW)va_iO-5pjC430cDvnXwQCJ3huwjjr!5wf#b&Y+ zExThJ*Nho7xN%xHqc&NLcB?}-qngBZ7Ms~*Ga5~}**0snS;p{To7JYpm3Eus?Tl*F zpnQuDSuAE9t|n$r%xWDrht+C*XVjRjrWv!rXr6gLs~%O)Q6=vu*eN0l%OOU&Y`afgIkR<5Bhi+UjmkZ}| zASpqH>{HMiR3*wu@ZIaQ9ncGf?kGkl7D4?(bDH+VWK76cPiSnQu z3m_uQujgGWQ;HNSLRHg!7luUfQUryRWazO^5qeK^@rvpION#Iy`HXUB?4L;W@ZJZb zRcz@TK6FK)XMrN5Lw7YD`&aoqr=_$`CGa5w2jte z$v@=)CpJKeUv8G`yG4CVlAtpmdNimHb&g%#E+dw4=L2#&T*L#er<6R&Kx}s33Z+3R zfD4k~T%ODwPIlhXR`4-$&G5cs0|{&ylCM}RmM@Q&At;!yc;DTxe^LC`)}8Rf{fhA3 z@mA#&{Ia{ch?k8-^Jb) zcTYE8ZkN=ZyIs0^?b0<5O|M^VjNjPab};9l%{hO=neNSg)MpzQPr^dty((Nwx|V(N zd0U-tUAl0}#9^%2Y>-%G6)p1@W|C=q* zwO^mj{e|&S%*ll@E8-gOH2LnnR?rgSBqE)?*3fi>%u`_74k-HjdW5v*T3KkrHJ{!b zajpSpX6dz0M(SH81_$vaVSaIs*57*e@aBzgN!*_k3ZF%j#nn$bYN-8TjK|kJ+`jyI(fF@39ft~( z9fvtSlK0y(_4Qkyp1INxS(P~1-8B-F;!)bxUOJLHP`>`2_kM<+vNE1rt~|QaN21#^ z+VJ3L5#G3f_0;cS-ebx5VM)n(8r3(vSgoaXz3}$NDzd%m%3=}3N3-XvEwfAS5;qDc zjN}()q!sQ8Pv5(X03?`7V+2t{f`aLZG+H=4IGj$D^l&P5b;%mRzXZ8?8Di0a{}v?o SUmPR^NK7O%qGfC9k-q^t0&4UC literal 0 HcmV?d00001 From 25fb5b83c502127b801f8c32e839f282c56d258e Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:04:20 -0400 Subject: [PATCH 03/34] check mark blue --- .../images/check-blue.png | Bin 0 -> 20441 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-exploit-guard/images/check-blue.png diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/check-blue.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/check-blue.png new file mode 100644 index 0000000000000000000000000000000000000000..d5c703760fb073475c417f8a730a8ded321ae830 GIT binary patch literal 20441 zcmeI4c|4Ts`^O(CYedl|ov|dzn8i91BgUF7jL>S#JjR5XF(zvZm25>)*&-?tQBgWV zsU%UPO+t>4D4a-&@O^A0qdDh%f8XEo`n_geui38a{#^Hczn^=#?&psuY@?;Ih|qE& z002ZxO$=2A~3czgiBLXF&6_jKI#WsY> zq}EAV-xfDCoGVqH63QDH8F*OIT6uoB&`bVSnKO|G&W46p3^fOwb$d}X@b=NjwOU;J z#lEDxYW@;|`6o?OtOp)rDe^nD(i!UeNtKvzE+8-;Kw5_euL0%;08Zs{a=yU9ctFCa*IxVM+8nWVC5Tjf zu6BVu#xQ7$0Nj(`-d<&;VwLHVwGtY{ImCqZDtG+im!X5y7W~oo5CBr5C86H-4f|G! z=2TT_MCOa`fOp>F8&?yCV0@f;cb-hx9h^A-=v?)mYO;jI4DW9STFR9G)Oqyhfb3X z(?7Q6-l`{~Q+&98W+rJYyS)_p{k*F$Y%3n*jjmEu`OmrYOK0=z5^J z+Gn&!ci1>(6%goRddw35wj0Q+5GwL??+XBcK}wL)Wj(1+x0foH@U6H#ui>`vHz$pQ z`tqfB^u_dr$bl=EPHQgi*H=9B=(4nu6XMx=X|)n-*F!N3QI$J(zl-WH77P*vl5Z;( z1qsg8D;HQqlzA1(;~efF7b&nLKKP5wZIihRBjjNZLM5za&7##!P&VNNn4O7quMTq# zCS!S}NuGBMeFn6$gX_5h3A+IL>N>Edf_n`Hi)v_@eW>*z%h<`0z>WoH(IG8BQ zy;vBv2q6{_iZ9iaUl@i*uP!(`$MniM!jpwhjGoYJ)D-6uxZRlC5Wp> zZPw3D&9}K^9g?v~ZC3*3(SgOLW@*`HPCQ-iy2N#Wdg&eOhIr$Nm6oxO?VnV37{7~s z$NR}=zQ`fT1NTEIipvt0@-L+<^I3W+&iwqcrxDBU6Ofvy_i^p<3*zZ^4odk-yCtJ5 zgidTYp>RS<2|>7!c|P-Xrm$U~T_qvv!gkv|IYxG>wk;O~pPkII%S_t%-d4(%a$#LY zNG2tNPS8EK*Ks(E&+)GLT`T-K>y#@yT8heG!lY$+zREIgB3Xxa1*w-RTzOQt+gqtH zZdkf7LMQV=Dh98*LDfFbrti3mE`Lj$=a*9~OTl)<^w_?=;jbln*1TCGbzaT900nM! z%RCu-(jm(v%R0;WeX&MPS9;Rs+yP7Zd+&Dm@bsQ*g^-} zpQDoLmL`>2Xy9{;mfjtgd~ z-&6ObYfB^U*MGFeZ@ar5pGG`EjBP#`T~MQa_PNm!qXmblWm{Y1TRh4<%FZhADaa_8 zS#(--C)ijNoL_T(o%uTR`;Q(zI`im7yn3Pzsutaz*q&IM*mT`#v+ri*{EYnHLDSsU z&F3Av^NVP~n=y`Q4tATj>nc+My9xU`q3Tq(?w)&} zPIe$D4%K4SFI8Le7geq)r6$=XJ~gH+p%i!>=nIVqGuvOO5{pwwlqzd1FK*qy>i68% z?Ej=cDKRhcPFF_#rEZOGYIjJ(>4$2k*CactdOf~dj{n2DtwvY)^a-R})5X13c&i}F zwRSlK2@!3dU3>X@nos5cv1bYHGmd$>1=pgj`5OJ&amPc=lI!KyE3NL*lXnC+;rGdn zl1KeVYk>5?RXh~lupqslEpvvx`0tjv6{(A@2S4Z5b?F^WDbSPDi`t*PzwLImjBELa zquDY8?QvDnRaDX7jeFm{c+5|HON_X?cmC?&kYM{mx{-`fhvhY>SaqM82E133!JxrO zgV%`^lojR@e1p0YE>mTv_AAXBYBzMtR9qY%K6glRFm*Rufl*P)(V)5CZ2H#K7xE_Q zjc`lAk~l>9Hilnn)tyhl>5DI@EL6sxTyGv~sdfBMJu#(>#fMk*F7jCwDdcxY`VK`F zQKL~4`VzlYX{BYaiIRo?u@BKj>VER~RMV8(3J$KmaJ0x=#Jn*Po4h!|8|H!5!4{(q z9E(2csh=rh5tC2pq`Yv$t5m-@+|u`|XPTx3BTIy%)96SMf7B5 z?AusTnn>NNt0GOCu6Ff*Hmpa)K2oeNJdlqsID1R`_aZR;LDi#mx`cCtPlQ2&M)#A( zYsA_ww3=?IfTGW8AD-85DH<5YJ-AtK$75&l+~qkqWIB{Lpqmqx+41G%kjJ)cOApVk z`@Bzhhxz41^J@#9J(qr>L$HZ@vG%>O=>6YrjwJQ?z(q7f?2eo&dn3m%@N4ZD5NsM) zDT00FeK_D^Gyl`yyrn79h@JWgy$ME%wh2R9oVVPtdWfre(fQi{n{oYb3r?wNJNj+t zBRrtK>e&A@hSFPoIO#;vp1mqx8=UITLf99F1sSSG2BbYwz!@ z-rV}OMfShjCtSkr@aSZ9YLCP`wYpz;sxTp^V5?g}w}0`q0GELdsbtNn#!tn59~Y0l zc%F>WX)NyZrw`m4=xj&JGsYI3zg@{*A=Bb7Nz z79;k4dH%k(swS=`HMTc4=9b6qwBgQ@_scHTm)$8_dGmp|8AOsB$bvb86e>+ewx{rxER0Ilk+oO1Kw2>HpexnHp9$LfTM|hAZX^s@ zRu?Cv?Tdv1cz`S-%-6%6=7sguksXhVg?^8j5wfuHA}lu@S-r6eVGb4>VR$+dgsH2j z!%0Xq3Z{usL8+@@P$*>>8i`UxppXbO2982u)ikjv4cO#M7AFM#(q@ufur>xplhr~0 zbYxvwECv>V@bU3c@ljQwGbsoZ27^H$(Fime4wZm=`O#QJUpUQ6ZX(E390Smc#H2D< zR5}ed7MJKu-^J3Al^v_-`)jga9t;bM?^V&fCh0*O5xztQ0;PgPcz7UYQ+lxsy`i9! zjht2KMet*Q2piCgzKcl$4ZT4cOK$d1HsFu`{*6#j@mT|rN#7g9*u``oXGSI=KzGms zs@n_d4rMvwto(b9b zn3}lM+ECjpEU*T2(ylQGrUp25HGMP&t&hgzjSRKaP$+#A9;2$Ng-7e7kZKxwXl(?W zPuDaHJ*{ ziJS^GUh3CDyyz}0A0iXfqdCc`I zWOVXB$$BOlG)*#FMEbvzolHcYMf#(LDZ&OnKu+7tw8k|i!tk*8;dcm1Aic z8Sf9BNubl+|9+zLy?c|wX)(vLd#veLQeaOdvs`f+V@cOc9(2WCm@dD+(`8W-Nz=>xMrq( zrp{sPpy0l1qLo@&NazLK27q3Z`sx0eTF1Z8PWR8${*cF}Bbh77#a8e41%y>2Y`t22|)EI$nt?X0nQzj#-6{(}WPf z@wSZ%r#U8t6N7BpeUS0-KVgOLvOqU@5Z~|c{5&;gWHSG;zdw5P9}CGIh+7Fe6Al(G zE)H`XXVxVSjLVRvzHu`}Ud;o{-|huy`+#mh6Al(GE)HVv%nUCK`4QN*I! zj}Na3TvK+0mF}PSRX8P6coR(0pv6XT^Im@U+@Op_)wNRh;1bK_@XxePmkN5?STF26 z7uM9EdBi;CxV}WKH!k7X$CuZ1T8OAM1nb3O&{HO|9B;;-4R~GLeu|pwQMf6quKIey zhtV_3BX-7Ld)N}1gN<@LZytOt*B?M!XxN^=6^?PQZOo#kKk0}d-AXPx_Gjp`sGz&Y z?NSWSDVpGxuINhMUfB(bZuPKDy6)?@v+L30KTwYJ6Rb@>Mq!X&Y0{bSWM?^(AEw7tyS*NsZ@Z*T*d|Y&{0}06pe=B}< zk;9_5-6tvx2L`UWpO{0+3bh&}C)t(AES`7ma}Ujc5-wsL7T#YPL`E_?M-J@Y4AZ`K ztWv`u(L8I=)LnAds%7)E=3kt1QAp9Gs$an?_=C7)4LbYrhrz+_=AK&Rp}aqrcUlgn zQ9|2HVcMr3P?E!qx|&jRdd}%CFYM{K(HI}6^J!7)$1WF{j=Lq!6-tb)JQDKK&0o!N z0S5h}*pK(Kn#?g3%-q$fIxn$|ZUqU;jK@m0>1KSq3(Mfr4X#lX2|s+4ux z>N=M?8fiBZoKT>ht9ZX{s=+82(d@yUNe24aYxlX~_@`XYeu|9u!z`?n96iYIW z+of96Y+m(B>elaaw=ITL%4U(VlNcJFXf&aon}fPRuIjypcy` zv9h@1R+{KST|PeEEI`iflJVf~+|L6$d*zV{%u{vhgr{n{k!9kys#Qa7uYG?QqN#j- zWl-|hovu&I>vq-Zd7N>Jvh0^HI#WetD7@&%wW#^FFn+6=yJn}Dp@f3BxYf7bZN{Hh z6dUgDjrh}$6m7F^OxfteW>1O+ME_1y&=8N%6nwACFAVK3IHui(2?4CP=4$Q ODW-;&208jp`~L;FEFlm8 literal 0 HcmV?d00001 From 9eddeeb5d9ff43c951f76ffcd1da201678bb0f7b Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:28:02 -0400 Subject: [PATCH 04/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index a0ab7e3166..cac0327da7 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -68,14 +68,20 @@ Attack surface reduction | [Real-time protection](../windows-defender-antivirus/ Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console -| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 Enterprise | Windows 10 Education | +![not supported](./images/check-no.png) (X) = not supported
+![supported, limited](./images/check-blue.png) (blue checkmark) = supported, limited functionality and manual reporting
+![supported](./images/check-yes.png) (green checkmark) = supported, full functionality and full reporting in the Windows Defender ATP console + +| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | |-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | -| Exploit Protection | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | -| Attack surface reduction | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | -| Network Protection | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | -| Controlled Folder Access | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | ![supported](./images/check-yes.png) | +| Exploit Protection | ![supported](./images/check-yes.png) | ![supported, limited](./images/check-blue.png)1,2 | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | +| Attack surface reduction | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) | +| Network Protection | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | +| Controlled Folder Access | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | > [!NOTE] +> 1 - Exploit Protection is better shielded with [HVCI protection] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity) in Windows 10 Enterprise. +> 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console > Each feature's requirements are further described in the individual topics in this library. From 29f041d8c79b99e6d60177fd9a6bdb67acc23d03 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:30:06 -0400 Subject: [PATCH 05/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index cac0327da7..4d1691e73d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -69,8 +69,8 @@ Network protection | [Real-time protection](../windows-defender-antivirus/config Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console ![not supported](./images/check-no.png) (X) = not supported
-![supported, limited](./images/check-blue.png) (blue checkmark) = supported, limited functionality and manual reporting
-![supported](./images/check-yes.png) (green checkmark) = supported, full functionality and full reporting in the Windows Defender ATP console +![supported, limited](./images/check-blue.png) (blue checkmark) = supported, limited reporting
+![supported](./images/check-yes.png) (green checkmark) = supported, full reporting in the Windows Defender ATP console | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | |-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | From eb01c32edbac7bfc1f13b4a8160a88d3da7f47fe Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:32:30 -0400 Subject: [PATCH 06/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 4d1691e73d..8357dea48f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -80,7 +80,7 @@ Controlled folder access | [Real-time protection](../windows-defender-antivirus/ | Controlled Folder Access | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | > [!NOTE] -> 1 - Exploit Protection is better shielded with [HVCI protection] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity) in Windows 10 Enterprise. +> 1 - Exploit Protection is better shielded in Windows 10 Enterprise because of the additional [HVCI protection] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity) functionality. > 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console > Each feature's requirements are further described in the individual topics in this library. From 9d9e69aab6e871b6805c79407a962f653adfdde7 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:32:59 -0400 Subject: [PATCH 07/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 8357dea48f..78df6787e8 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -80,7 +80,7 @@ Controlled folder access | [Real-time protection](../windows-defender-antivirus/ | Controlled Folder Access | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | > [!NOTE] -> 1 - Exploit Protection is better shielded in Windows 10 Enterprise because of the additional [HVCI protection] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity) functionality. +> 1 - Exploit Protection is better shielded in Windows 10 Enterprise because of the additional [HVCI protection] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). > 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console > Each feature's requirements are further described in the individual topics in this library. From fc1487ddcc3754654b0a52dba3063b6ecac20c6f Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:37:40 -0400 Subject: [PATCH 08/34] check blue added transparency --- .../images/check-blue.png | Bin 20441 -> 1234 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/check-blue.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/check-blue.png index d5c703760fb073475c417f8a730a8ded321ae830..b68169219ccd252992b2c7615b2a12325a07f4f2 100644 GIT binary patch literal 1234 zcma)4X;4!K5KagL42RZ6#Ex1}0TtvDoB*RO1q@6mFoK*?As|yJC{vknsG~(?+EUJ( zG!f)Vi=qkPkU$eakt1BmdoRj;*c3>(&jfS#@v}cV)1BG<_WE{z?B<1s;w>?sVGsy} zWpGfy6&M|1J#L1A?QdqgL-9RVUbeYl&>NKM9gRk%(W$g>N^e+E zEG})yl)F2N+j5m=SFbh5w`Cj3WsOd)((Uf5lxp2atxmJJBiCtla~pEK&LG>8&8^SN zw&WjH7Bw0*JbP8SY|t6BTJ5r8QLR-e)Z4pi#n#95nWY6@zk=PZXdB*szL8;JMTT7K*bdblu}zb?_3JOYcKAbEG3+K}iP(f9*+&D>6bMa~ zpeP`+NE}}~RNOl{IzLZr8N)siV(6eH9kQT-#$+g(+g#isEo_&5$>f?+C6=Y2ISo8f zAs~0o=5@%enL;EPvY5Dr`Oj%9I%u|+1kB+%Gyp{c_R|4U|9D)>lo?fm zECF1fz2tN&<5&Zei}DoS6f$3ANe3-T!I&BmvuEx{mK0em!cZiMEz_v{zFc7svvt*o zBr>CeRx~h{HBc%1>r_=cmLUXYS31F+{iUD@6+)84!PKT}%~Pm+A(0~pui+WNi=MOJ z&#$(N6{X!1u}u@kWXU0>kTg@qc{GV52z=TAN!JcBglMt^LlN_b z6{NNe4E5cwtl{`J0fGdCRrmOpb5TY82WUW-WM^=4>1spc@d|!iO>KR*(!5X4fgkHk z)|Jo*82_I*YC6;4P9%|l4?z54ax4fA_GJde-hpw?4?zh^SI5@-kUbXuL{}a?T>3HP5Dl) zpS$o?(^D5iF18Eqr{C8ZXZn`(d|?ZSd{2*gpNc$CY?|BEb@EaB$zwIu$s4K&+y$3Q zcJ61q?XMcwH#R@Zy1iamFyt(#a$s81Y_M1=sr+#?Bj(mOnH_f@W>n#GC*`^b7n?3Ri6x{r`_6AhNfpw-Y&3|MU|B! zq1mCkFdX6DC#6 z$aiwa%7(>Z*SMLW)ZRojBO=f;(G!jHPxEG+qButAvh6ghvH=_FDDIx)f-m}Tfav;* zN3PZ*?Aem*A666G?)~i`Xz1aNXA?3X5X0X^X$Nc~dER)@z-)(qVU7=ayqteD{qDLQ ztKebMdWX)`>R?pw>&mr1{0cnIA`wy3X)5iSCjmZ@eO6#hR!UOV4WH!iZ@_@?aC66< zbMrjs;T7rb<>PkVXD@^uw@qnb$iD~~w^MGWX8$)Kr_*Z#CLn?XLjyQpB|iEGNKkcT literal 20441 zcmeI4c|4Ts`^O(CYedl|ov|dzn8i91BgUF7jL>S#JjR5XF(zvZm25>)*&-?tQBgWV zsU%UPO+t>4D4a-&@O^A0qdDh%f8XEo`n_geui38a{#^Hczn^=#?&psuY@?;Ih|qE& z002ZxO$=2A~3czgiBLXF&6_jKI#WsY> zq}EAV-xfDCoGVqH63QDH8F*OIT6uoB&`bVSnKO|G&W46p3^fOwb$d}X@b=NjwOU;J z#lEDxYW@;|`6o?OtOp)rDe^nD(i!UeNtKvzE+8-;Kw5_euL0%;08Zs{a=yU9ctFCa*IxVM+8nWVC5Tjf zu6BVu#xQ7$0Nj(`-d<&;VwLHVwGtY{ImCqZDtG+im!X5y7W~oo5CBr5C86H-4f|G! z=2TT_MCOa`fOp>F8&?yCV0@f;cb-hx9h^A-=v?)mYO;jI4DW9STFR9G)Oqyhfb3X z(?7Q6-l`{~Q+&98W+rJYyS)_p{k*F$Y%3n*jjmEu`OmrYOK0=z5^J z+Gn&!ci1>(6%goRddw35wj0Q+5GwL??+XBcK}wL)Wj(1+x0foH@U6H#ui>`vHz$pQ z`tqfB^u_dr$bl=EPHQgi*H=9B=(4nu6XMx=X|)n-*F!N3QI$J(zl-WH77P*vl5Z;( z1qsg8D;HQqlzA1(;~efF7b&nLKKP5wZIihRBjjNZLM5za&7##!P&VNNn4O7quMTq# zCS!S}NuGBMeFn6$gX_5h3A+IL>N>Edf_n`Hi)v_@eW>*z%h<`0z>WoH(IG8BQ zy;vBv2q6{_iZ9iaUl@i*uP!(`$MniM!jpwhjGoYJ)D-6uxZRlC5Wp> zZPw3D&9}K^9g?v~ZC3*3(SgOLW@*`HPCQ-iy2N#Wdg&eOhIr$Nm6oxO?VnV37{7~s z$NR}=zQ`fT1NTEIipvt0@-L+<^I3W+&iwqcrxDBU6Ofvy_i^p<3*zZ^4odk-yCtJ5 zgidTYp>RS<2|>7!c|P-Xrm$U~T_qvv!gkv|IYxG>wk;O~pPkII%S_t%-d4(%a$#LY zNG2tNPS8EK*Ks(E&+)GLT`T-K>y#@yT8heG!lY$+zREIgB3Xxa1*w-RTzOQt+gqtH zZdkf7LMQV=Dh98*LDfFbrti3mE`Lj$=a*9~OTl)<^w_?=;jbln*1TCGbzaT900nM! z%RCu-(jm(v%R0;WeX&MPS9;Rs+yP7Zd+&Dm@bsQ*g^-} zpQDoLmL`>2Xy9{;mfjtgd~ z-&6ObYfB^U*MGFeZ@ar5pGG`EjBP#`T~MQa_PNm!qXmblWm{Y1TRh4<%FZhADaa_8 zS#(--C)ijNoL_T(o%uTR`;Q(zI`im7yn3Pzsutaz*q&IM*mT`#v+ri*{EYnHLDSsU z&F3Av^NVP~n=y`Q4tATj>nc+My9xU`q3Tq(?w)&} zPIe$D4%K4SFI8Le7geq)r6$=XJ~gH+p%i!>=nIVqGuvOO5{pwwlqzd1FK*qy>i68% z?Ej=cDKRhcPFF_#rEZOGYIjJ(>4$2k*CactdOf~dj{n2DtwvY)^a-R})5X13c&i}F zwRSlK2@!3dU3>X@nos5cv1bYHGmd$>1=pgj`5OJ&amPc=lI!KyE3NL*lXnC+;rGdn zl1KeVYk>5?RXh~lupqslEpvvx`0tjv6{(A@2S4Z5b?F^WDbSPDi`t*PzwLImjBELa zquDY8?QvDnRaDX7jeFm{c+5|HON_X?cmC?&kYM{mx{-`fhvhY>SaqM82E133!JxrO zgV%`^lojR@e1p0YE>mTv_AAXBYBzMtR9qY%K6glRFm*Rufl*P)(V)5CZ2H#K7xE_Q zjc`lAk~l>9Hilnn)tyhl>5DI@EL6sxTyGv~sdfBMJu#(>#fMk*F7jCwDdcxY`VK`F zQKL~4`VzlYX{BYaiIRo?u@BKj>VER~RMV8(3J$KmaJ0x=#Jn*Po4h!|8|H!5!4{(q z9E(2csh=rh5tC2pq`Yv$t5m-@+|u`|XPTx3BTIy%)96SMf7B5 z?AusTnn>NNt0GOCu6Ff*Hmpa)K2oeNJdlqsID1R`_aZR;LDi#mx`cCtPlQ2&M)#A( zYsA_ww3=?IfTGW8AD-85DH<5YJ-AtK$75&l+~qkqWIB{Lpqmqx+41G%kjJ)cOApVk z`@Bzhhxz41^J@#9J(qr>L$HZ@vG%>O=>6YrjwJQ?z(q7f?2eo&dn3m%@N4ZD5NsM) zDT00FeK_D^Gyl`yyrn79h@JWgy$ME%wh2R9oVVPtdWfre(fQi{n{oYb3r?wNJNj+t zBRrtK>e&A@hSFPoIO#;vp1mqx8=UITLf99F1sSSG2BbYwz!@ z-rV}OMfShjCtSkr@aSZ9YLCP`wYpz;sxTp^V5?g}w}0`q0GELdsbtNn#!tn59~Y0l zc%F>WX)NyZrw`m4=xj&JGsYI3zg@{*A=Bb7Nz z79;k4dH%k(swS=`HMTc4=9b6qwBgQ@_scHTm)$8_dGmp|8AOsB$bvb86e>+ewx{rxER0Ilk+oO1Kw2>HpexnHp9$LfTM|hAZX^s@ zRu?Cv?Tdv1cz`S-%-6%6=7sguksXhVg?^8j5wfuHA}lu@S-r6eVGb4>VR$+dgsH2j z!%0Xq3Z{usL8+@@P$*>>8i`UxppXbO2982u)ikjv4cO#M7AFM#(q@ufur>xplhr~0 zbYxvwECv>V@bU3c@ljQwGbsoZ27^H$(Fime4wZm=`O#QJUpUQ6ZX(E390Smc#H2D< zR5}ed7MJKu-^J3Al^v_-`)jga9t;bM?^V&fCh0*O5xztQ0;PgPcz7UYQ+lxsy`i9! zjht2KMet*Q2piCgzKcl$4ZT4cOK$d1HsFu`{*6#j@mT|rN#7g9*u``oXGSI=KzGms zs@n_d4rMvwto(b9b zn3}lM+ECjpEU*T2(ylQGrUp25HGMP&t&hgzjSRKaP$+#A9;2$Ng-7e7kZKxwXl(?W zPuDaHJ*{ ziJS^GUh3CDyyz}0A0iXfqdCc`I zWOVXB$$BOlG)*#FMEbvzolHcYMf#(LDZ&OnKu+7tw8k|i!tk*8;dcm1Aic z8Sf9BNubl+|9+zLy?c|wX)(vLd#veLQeaOdvs`f+V@cOc9(2WCm@dD+(`8W-Nz=>xMrq( zrp{sPpy0l1qLo@&NazLK27q3Z`sx0eTF1Z8PWR8${*cF}Bbh77#a8e41%y>2Y`t22|)EI$nt?X0nQzj#-6{(}WPf z@wSZ%r#U8t6N7BpeUS0-KVgOLvOqU@5Z~|c{5&;gWHSG;zdw5P9}CGIh+7Fe6Al(G zE)H`XXVxVSjLVRvzHu`}Ud;o{-|huy`+#mh6Al(GE)HVv%nUCK`4QN*I! zj}Na3TvK+0mF}PSRX8P6coR(0pv6XT^Im@U+@Op_)wNRh;1bK_@XxePmkN5?STF26 z7uM9EdBi;CxV}WKH!k7X$CuZ1T8OAM1nb3O&{HO|9B;;-4R~GLeu|pwQMf6quKIey zhtV_3BX-7Ld)N}1gN<@LZytOt*B?M!XxN^=6^?PQZOo#kKk0}d-AXPx_Gjp`sGz&Y z?NSWSDVpGxuINhMUfB(bZuPKDy6)?@v+L30KTwYJ6Rb@>Mq!X&Y0{bSWM?^(AEw7tyS*NsZ@Z*T*d|Y&{0}06pe=B}< zk;9_5-6tvx2L`UWpO{0+3bh&}C)t(AES`7ma}Ujc5-wsL7T#YPL`E_?M-J@Y4AZ`K ztWv`u(L8I=)LnAds%7)E=3kt1QAp9Gs$an?_=C7)4LbYrhrz+_=AK&Rp}aqrcUlgn zQ9|2HVcMr3P?E!qx|&jRdd}%CFYM{K(HI}6^J!7)$1WF{j=Lq!6-tb)JQDKK&0o!N z0S5h}*pK(Kn#?g3%-q$fIxn$|ZUqU;jK@m0>1KSq3(Mfr4X#lX2|s+4ux z>N=M?8fiBZoKT>ht9ZX{s=+82(d@yUNe24aYxlX~_@`XYeu|9u!z`?n96iYIW z+of96Y+m(B>elaaw=ITL%4U(VlNcJFXf&aon}fPRuIjypcy` zv9h@1R+{KST|PeEEI`iflJVf~+|L6$d*zV{%u{vhgr{n{k!9kys#Qa7uYG?QqN#j- zWl-|hovu&I>vq-Zd7N>Jvh0^HI#WetD7@&%wW#^FFn+6=yJn}Dp@f3BxYf7bZN{Hh z6dUgDjrh}$6m7F^OxfteW>1O+ME_1y&=8N%6nwACFAVK3IHui(2?4CP=4$Q ODW-;&208jp`~L;FEFlm8 From 0ba922112d210794e44932b63d3943d2a6c80db3 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:42:22 -0400 Subject: [PATCH 09/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 78df6787e8..761a240132 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -81,7 +81,7 @@ Controlled folder access | [Real-time protection](../windows-defender-antivirus/ > [!NOTE] > 1 - Exploit Protection is better shielded in Windows 10 Enterprise because of the additional [HVCI protection] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -> 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console +> 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console. > Each feature's requirements are further described in the individual topics in this library. From 8e4402ce349a284315f9752a97a3dedec7fa4123 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:49:23 -0400 Subject: [PATCH 10/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 761a240132..6c6b84bcb0 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -61,13 +61,6 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e Each of the features in Windows Defender EG have slightly different requirements: -Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | [Windows Defender Advanced Threat Protection license](../windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md) --|-|-|- -Exploit protection | No requirement | Required for reporting in the Windows Defender ATP console -Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console -Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console -Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console - ![not supported](./images/check-no.png) (X) = not supported
![supported, limited](./images/check-blue.png) (blue checkmark) = supported, limited reporting
![supported](./images/check-yes.png) (green checkmark) = supported, full reporting in the Windows Defender ATP console @@ -84,6 +77,12 @@ Controlled folder access | [Real-time protection](../windows-defender-antivirus/ > 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console. > Each feature's requirements are further described in the individual topics in this library. +Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) +-|-|-|- +Exploit protection | No requirement +Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled +Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled +Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled ## In this library From 795e6f0787b260925c5650cc82c0382d2e32b62a Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:50:11 -0400 Subject: [PATCH 11/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 6c6b84bcb0..a4b58b7625 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -75,7 +75,7 @@ Each of the features in Windows Defender EG have slightly different requirements > [!NOTE] > 1 - Exploit Protection is better shielded in Windows 10 Enterprise because of the additional [HVCI protection] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). > 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console. -> Each feature's requirements are further described in the individual topics in this library. + Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -|-|-|- @@ -84,6 +84,9 @@ Attack surface reduction | [Real-time protection](../windows-defender-antivirus/ Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled +> [!NOTE] +> Each feature's requirements are further described in the individual topics in this library. + ## In this library Topic | Description From cfd49d29b4c313e7a66836f9546ab1ed8b0bfbdb Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:55:59 -0400 Subject: [PATCH 12/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index a4b58b7625..4ae3f62a94 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -78,7 +78,7 @@ Each of the features in Windows Defender EG have slightly different requirements Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) --|-|-|- +-|-|- Exploit protection | No requirement Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled From b16292929b98fbcebe85ed26e85c2b68f2c688d8 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 15:58:34 -0400 Subject: [PATCH 13/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 4ae3f62a94..d09244ac19 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -77,12 +77,12 @@ Each of the features in Windows Defender EG have slightly different requirements > 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console. -Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) --|-|- -Exploit protection | No requirement -Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled -Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled -Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled +| Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) +|-----------------| ------------------------------------ | +| Exploit protection | No requirement | +| Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | +| Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | +| Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | > [!NOTE] > Each feature's requirements are further described in the individual topics in this library. From 178b84a5f11edffead79dda7b6a69cb43f0994e4 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:17:00 -0400 Subject: [PATCH 14/34] Delete check-blue.png --- .../images/check-blue.png | Bin 1234 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-exploit-guard/images/check-blue.png diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/check-blue.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/check-blue.png deleted file mode 100644 index b68169219ccd252992b2c7615b2a12325a07f4f2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1234 zcma)4X;4!K5KagL42RZ6#Ex1}0TtvDoB*RO1q@6mFoK*?As|yJC{vknsG~(?+EUJ( zG!f)Vi=qkPkU$eakt1BmdoRj;*c3>(&jfS#@v}cV)1BG<_WE{z?B<1s;w>?sVGsy} zWpGfy6&M|1J#L1A?QdqgL-9RVUbeYl&>NKM9gRk%(W$g>N^e+E zEG})yl)F2N+j5m=SFbh5w`Cj3WsOd)((Uf5lxp2atxmJJBiCtla~pEK&LG>8&8^SN zw&WjH7Bw0*JbP8SY|t6BTJ5r8QLR-e)Z4pi#n#95nWY6@zk=PZXdB*szL8;JMTT7K*bdblu}zb?_3JOYcKAbEG3+K}iP(f9*+&D>6bMa~ zpeP`+NE}}~RNOl{IzLZr8N)siV(6eH9kQT-#$+g(+g#isEo_&5$>f?+C6=Y2ISo8f zAs~0o=5@%enL;EPvY5Dr`Oj%9I%u|+1kB+%Gyp{c_R|4U|9D)>lo?fm zECF1fz2tN&<5&Zei}DoS6f$3ANe3-T!I&BmvuEx{mK0em!cZiMEz_v{zFc7svvt*o zBr>CeRx~h{HBc%1>r_=cmLUXYS31F+{iUD@6+)84!PKT}%~Pm+A(0~pui+WNi=MOJ z&#$(N6{X!1u}u@kWXU0>kTg@qc{GV52z=TAN!JcBglMt^LlN_b z6{NNe4E5cwtl{`J0fGdCRrmOpb5TY82WUW-WM^=4>1spc@d|!iO>KR*(!5X4fgkHk z)|Jo*82_I*YC6;4P9%|l4?z54ax4fA_GJde-hpw?4?zh^SI5@-kUbXuL{}a?T>3HP5Dl) zpS$o?(^D5iF18Eqr{C8ZXZn`(d|?ZSd{2*gpNc$CY?|BEb@EaB$zwIu$s4K&+y$3Q zcJ61q?XMcwH#R@Zy1iamFyt(#a$s81Y_M1=sr+#?Bj(mOnH_f@W>n#GC*`^b7n?3Ri6x{r`_6AhNfpw-Y&3|MU|B! zq1mCkFdX6DC#6 z$aiwa%7(>Z*SMLW)ZRojBO=f;(G!jHPxEG+qButAvh6ghvH=_FDDIx)f-m}Tfav;* zN3PZ*?Aem*A666G?)~i`Xz1aNXA?3X5X0X^X$Nc~dER)@z-)(qVU7=ayqteD{qDLQ ztKebMdWX)`>R?pw>&mr1{0cnIA`wy3X)5iSCjmZ@eO6#hR!UOV4WH!iZ@_@?aC66< zbMrjs;T7rb<>PkVXD@^uw@qnb$iD~~w^MGWX8$)Kr_*Z#CLn?XLjyQpB|iEGNKkcT From 4acb908ef3057d3721ea68ec17d51bdaaf923d15 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:17:08 -0400 Subject: [PATCH 15/34] Delete check-yes.png --- .../images/check-yes.png | Bin 1253 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-exploit-guard/images/check-yes.png diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/check-yes.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/check-yes.png deleted file mode 100644 index 548ce771c052cbae47e532c220e9c9e2889d7ab0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1253 zcma)4c~Db#5Pk*_2tmhC`^J9S3aH;0c1( ztCU(m7>fvKJ+XoUm3qLm$?x|Om}AY+uixTot@b|$zn!% zk{6K?1o4cCj$jiQNca*rCnA3DW)va_iO-5pjC430cDvnXwQCJ3huwjjr!5wf#b&Y+ zExThJ*Nho7xN%xHqc&NLcB?}-qngBZ7Ms~*Ga5~}**0snS;p{To7JYpm3Eus?Tl*F zpnQuDSuAE9t|n$r%xWDrht+C*XVjRjrWv!rXr6gLs~%O)Q6=vu*eN0l%OOU&Y`afgIkR<5Bhi+UjmkZ}| zASpqH>{HMiR3*wu@ZIaQ9ncGf?kGkl7D4?(bDH+VWK76cPiSnQu z3m_uQujgGWQ;HNSLRHg!7luUfQUryRWazO^5qeK^@rvpION#Iy`HXUB?4L;W@ZJZb zRcz@TK6FK)XMrN5Lw7YD`&aoqr=_$`CGa5w2jte z$v@=)CpJKeUv8G`yG4CVlAtpmdNimHb&g%#E+dw4=L2#&T*L#er<6R&Kx}s33Z+3R zfD4k~T%ODwPIlhXR`4-$&G5cs0|{&ylCM}RmM@Q&At;!yc;DTxe^LC`)}8Rf{fhA3 z@mA#&{Ia{ch?k8-^Jb) zcTYE8ZkN=ZyIs0^?b0<5O|M^VjNjPab};9l%{hO=neNSg)MpzQPr^dty((Nwx|V(N zd0U-tUAl0}#9^%2Y>-%G6)p1@W|C=q* zwO^mj{e|&S%*ll@E8-gOH2LnnR?rgSBqE)?*3fi>%u`_74k-HjdW5v*T3KkrHJ{!b zajpSpX6dz0M(SH81_$vaVSaIs*57*e@aBzgN!*_k3ZF%j#nn$bYN-8TjK|kJ+`jyI(fF@39ft~( z9fvtSlK0y(_4Qkyp1INxS(P~1-8B-F;!)bxUOJLHP`>`2_kM<+vNE1rt~|QaN21#^ z+VJ3L5#G3f_0;cS-ebx5VM)n(8r3(vSgoaXz3}$NDzd%m%3=}3N3-XvEwfAS5;qDc zjN}()q!sQ8Pv5(X03?`7V+2t{f`aLZG+H=4IGj$D^l&P5b;%mRzXZ8?8Di0a{}v?o SUmPR^NK7O%qGfC9k-q^t0&4UC From 72bb444133d78d2aa3e1cc1ecd782737979c2c6e Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:17:32 -0400 Subject: [PATCH 16/34] added ball images --- .../images/ball_empty.png | Bin 0 -> 879 bytes .../images/ball_full.png | Bin 0 -> 929 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-exploit-guard/images/ball_empty.png create mode 100644 windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_empty.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_empty.png new file mode 100644 index 0000000000000000000000000000000000000000..6291c3665347b490c3cdbd9cb2ae0497683fbf5d GIT binary patch literal 879 zcmV-#1CacQP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGxh5!H^h5=oo6M+B#02y>eSaefwW^{L9 za%BKPWN%_+AW3auXJt}lVPtu6$z?nM00Q4hL_t(YOYPTdNK*kE1@PlEH#J>MwA8Y| z2c(8ft;`+<5s?%^Vnu>NfrJtDp&$wDgH(_ZkrWZ7^uQ2N0|_ma9%`i4D$NH>(fM5J z)Rx0FAODQ|ryO@1Q-^)1AB=Gh8)w_)Zg);J2Y-Qt@0Z=bH@x6u+%Rf{TBpa*=on_F zXCRk*VS~3EN*_;nyYPeTVAt^E-0kj14N4y6!_PQ|@HO68yV?g*sTAYiC(u2rN2f`G z^|8BgB0dJ;UarCuZTU59OU2*>#huBb%=70+H#oqpWi^%0DdSo$W!JTFW1Y?6o1c4W zN76CsY-#4kK1IbPlwMlH$ug_MPdY|u*P){{J!#-(VLmi8(8;HDoWv{+_Zw#^GVL_! z2Ku;JoHwc_%6?JL$(+U0DYK*+r=o+P@C)E(ads*nmO|96oHHMR8gst<(`!+Qv zfoQnDuNNVqp`08eaMen*4`?|FM8ihY6x`h0I61}&i3CGqdQJk-u)Bu`W~Qe(ImU>= z2r12Q5{QO#(xlueMCRTtoaWI*I4QaWwq`vr9TaXF`jYaZ4U;u5K~@f|njtPT^+Qu3u7+JCEvv;B%&x(VA7 z=~-a`H)1x11s8H|kW*SFmA7fQv2JM6M9M391Z6xmysYHbGP|z1KE16)O726n&blG> zz&<2I1S8m20cVL5w0Z+-I(m^`Rg1ybRX7_Tf$LWAhn zbm_jqGPx#1ZP1_K>z@;j|==^1poj532;bRa{vGxh5!H^h5=oo6M+B#02y>eSaefwW^{L9 za%BKPWN%_+AW3auXJt}lVPtu6$z?nM00R+8L_t(YOXZeLNK{c2$Nz6WbjFVvGgDJj zBm%>-#EK}ZMMW00$QCUkS_SQLRbU%il}ihPA{T)LLC~g>7Ll2=h$1O91hGkT)X9%= zW*pzVnfKmw-n?tm@aEGQbkPqEGn{+R`QLNTeeXUlL|_BZvEOy){}WED$G)J5L8lv& z9v;i|U!lNgK()n;#xg7N>3^!EBs{&$A(L=*E=+a`bGi({U88A3o5 z*JOI?{_wm9FFp^mtkJ}*_`8H)@0N+erW-fr6o*3MI+q2y#gLSd)uvC z9=d5e>Kpbj1r?3(rKUQ}d404}Wwn``hbnF~NyslwQt{sEt*9w9ga4m6)S!!k#Rdplj}>c*o{CpMXKm?u5_ zh8z@q?Zar#eOOA%nKwfG`&d{(%dNY3GbbY7Z2bGhksJ;_&VZtk0od+b$Ig8RnLnC@ z9|8#QxO%$_55|^&LJM-KF%-ZCqY2SX7UcAhyk zOMK&L+pWcbURlBF@t|;t%I)Ike^K@KO`%FqpIGe Date: Wed, 25 Apr 2018 16:18:29 -0400 Subject: [PATCH 17/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index d09244ac19..dfe26a4f8f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -61,19 +61,15 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e Each of the features in Windows Defender EG have slightly different requirements: -![not supported](./images/check-no.png) (X) = not supported
-![supported, limited](./images/check-blue.png) (blue checkmark) = supported, limited reporting
-![supported](./images/check-yes.png) (green checkmark) = supported, full reporting in the Windows Defender ATP console - | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | |-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | -| Exploit Protection | ![supported](./images/check-yes.png) | ![supported, limited](./images/check-blue.png)1,2 | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | -| Attack surface reduction | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) | +| Exploit Protection | ![supported](./images/check-yes.png) | ![supported, limited](./images/check-blue.png) | ![supported, limited](./images/check-blue.png)1,2 | ![supported](./images/ball_full.png) | +| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) | | Network Protection | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | | Controlled Folder Access | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | > [!NOTE] -> 1 - Exploit Protection is better shielded in Windows 10 Enterprise because of the additional [HVCI protection] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). +> 1 - Includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). > 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console. From 2bb3ab0796b92ee64c7ccdbec17c20e1f5ee37b4 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:19:51 -0400 Subject: [PATCH 18/34] resized image --- .../images/ball_full.png | Bin 929 -> 1531 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png index 155428d87dceeeb638949fa9e96aab96f0cad068..a3d5596e4de6e0823e26233c7f1ed8297b79b840 100644 GIT binary patch delta 1462 zcmV;n1xfm$2m1>liBL{Q4GJ0x0000DNk~Le0000o0000o2nGNE03JVxv5_HJe+6qv zL_t(&L+zMrY!p=#$N#f4`|6w0(xyOZu?gi_gV6*O1dW6uG1O?37~?0Si5kBcLr}jE zQ=%qfFhmm*d6Aq$lciy?Sh6kHZoAvvot>Fo&)wc8)}7g%?QVA$ z(qD2i**i0L&;Oo#&b@bpD1rL`e+$3f^UMj!H|B)o8~2TnjF;c;yFT=LCve*r#7Ibi z#=92<0p$)WYKom`C@aLuisD#%rpSnpn_~fV+!#V9iLi+lNaVC=5hlYe#2x|YUm|qT zB2lRHmtie})g-2QX%&`~7EC^q25AZL_(S;W>dn}-z$(E?&ZmMxq5_JFf9fI!UR_fc zyUvsu3;CvN0OtqpqLii!i$FTC2#wJ++*n(Imsi#D*3_7hkay2srIFO<kW=8G@=t zkrnar6Ki;jc~TOh(7b-L<1%cLg{IN$6g(vofviSwVCz~~Dc{VJl91Qie}_bQAkLDA zDKrwJQvQ6o?IH5e+<%!CfAZehE4VWeidCg-5GEm|6!}lKG|_5j<*mk;@~Yi62=}ND ztSG6m(VBg;P`&m9!#H@Mi%Pe~Ju${qM4ml%4&_c8(kxChVl1p-&#DSEE?>@D^hqk@ zi{Gx{yxRi@Rg+wx&?;Id%GkZ>K@`lJ&s*b3Dx~?)X;c*2`LEnCf38NcYq5xRk8R*B z@g&TV_P$$Gr6?~nEvF_?zMOUsBRD?BJ&Pxykki+1flVlt){k5oA{u&S3;w#%Kk1kb z358txdzkiotTQ#I7NMy8BNd>}b)9<_kD-tODz{)eRh<#azESz5RPOSOAgZd|!|50b zagUDE%afhtgGFg=f4S`s!tbX6*1=H72(988>x4FP`C!Z!FYS;66MpXDbPR=z2AGii zi3k(olNHDznR_@LLm|a>D-@cKdY$IPXlg0JfZ^`KP)M26fe;B%sFQp!b~L7Nz-HG! zMH&jJFE2(YtmuzU4vdMh$vza9mU0iLV<@DdavlP5SU2%{ia;e8L4cTLViSVbYc7E zjfNr^NzWslf7e`S+W$QkmawmZ**_x6b|>o396|ecZKznVfVakzFd~fAOKb6BV+}?_ zEGjyQIEy9=7Koh}@yd?v2}LkWo!M{qU&D&ePrxEtW1oYvL6nwog(~LezMs(6-T_IH z_#J(cMubsQ{{X&zaz$+a#TF)w4mz`GY&#O5BVFBve>Uv>^s}TQ7^Z|kl+e6s1NN?| zfOkTUZ5Q+sGZV%>Y)=SQEIM}#dq3EX#+9qM6Nxc3wWjb6d$8~DQS5Q~VYl016->Ws z3e6%yp*5r7;&HUT^EO&u*vaoCCnX^a@7+5%c<3>yXHt)2tx_WIMwzoT01V{S8Fxkpy<%q-jZThETL746g!hw_xysb zm3Dl%Z$B0;Ud*2`&y0jj;db@m*pb6H*gc5;q8gx(cBVAlm>_|T^Z&YLjAr%8;l*ojyoG0;d!9d;I%x@+!qwf0f0M`C@Z;rfbcQVO7S4xOTn^Z15&iE; zC>(%w!iyrW2i3kItY1=vmYpx*=^ZU}Grb9#5g}8A=sexic@=;DaS5*8UJMTnVJxi1 zj;TeWfReH@)YjFbY3*7(vTi-*FR0>grcXwN$L( Q3;+NC07*qoM6N<$f)?q&rvLx| delta 855 zcmV-d1E~D_3!w)giBL{Q4GJ0x0000DNk~Le0000U0000U2nGNE06Q?QqLCq4e*+Oo zL_t(YOXZeLNK{c2$Nz6WbjFVvGgDJjBm%>-#EK}ZMMW00$QCUkS_SQLRbU%il}ihP zA{T)LLC~g>7Ll2=h$1O91hGkT)X9%=W*pzVnfKmw-n?tm@aEGQbkPqEGn{+R`QLNT zeeXUlL|_BZvEOy){}WED$G)J5e?g}klO7(+^k1RCXh5~ajK(r6^67u7q$E7O%;U+( z6zuL5m<&4TISw2fQ-UQ*;TL7pTJvzRz6uouW_2(DNrfK|P2j_?d02CeFpyv(L`vlr zf;h6R1ebT$FmG%U3U~AmV|Lk(yfn5@VTIaIUSLAU(Ot}=C9ZI%?K{R6f4ndo^~{qV zyeOfTdVlj+1M@@^^Hkd=f8&c|o_ZNVKor+xdg}i0yaz8n53{V%#H{$jvpzaRdgzk$ zG#N@_pAbOziF#PJl&MaJrsDpev*F1>TD1@iW@G^}F~p(g;}FXpK_lEdIssis4hLn! zAd487T7=~DG6fZl@TW;9ea4m6)S!!k#Rdplj}>c*o{CpMXKm?u5_h8z@q?Zar#eOOA%nKwfG`&d{(%dNY3 zGbbY7Z2bGhksJ;_f6joSkpbB5T*uCR2bn*bgdYM3@VI)r3lGMYfI;OdS9XK=}Ua$Y1^&EfL>X_>hYj(iOlOl>4F{Y zC->vpjdnH`pOl1G860?z=WqLA8=u0A#|K%KvDsuqQ&kDhEgm|6me%uhTvPi@N=rDK h#C)9AgAEb}{s2z8pxLaoLHhsz002ovPDHLkV1hOMg*X5J From afee8ae6a2f6f61e9f13f8c5346da2487c2eede0 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:25:44 -0400 Subject: [PATCH 19/34] reduced image --- .../images/ball_full.png | Bin 1531 -> 1392 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png index a3d5596e4de6e0823e26233c7f1ed8297b79b840..93feb1560270fef2728c61ae82bdbda2afcc31a1 100644 GIT binary patch delta 1321 zcmV+^1=jle3-AgdiBL{Q4GJ0x0000DNk~Le0000e0000e2nGNE0F3^)ZIK~ae+1x3 zL_t(oN9~whXdG1($Nw|?G1>2Yv>Vb!v1v_2qLfs{wiKj6P>Rr}s-Oia_#g-tLHnSf z;8T66NFRK#qE(Q-v=7qS2esG_TdO6}gtpr>1+z(;ug!kV?9S}Wj_2;)y4mb(GP~K8 zJoFDIo7|Z__jk`d_uP9Um?W%We~J8a&FTT*YPIG8SG`D5nvPgjLt53Lb5~A5fM0T= zy~T}y+gWI(=_6-g}zMKfTa=*j^BUbh25w+o#<3EMhDc&sB(cvh=w z2Aow?9KAM9k;}oLZ?b4PM1gWeAaDF7YR}UTBX1U>>Y#Q8`_@1Y)_W!Xf08}f24t@t zANdETB2(BD^1(?^wMZw}I|&(kdpF?q{)ZvZ!0gBtpiFsoK@}iH#|i z$)Ts!i+7&sh0jKQ+5-IWm%lKT&LAMUStxmHoubI4R1IBz4?cPBiNfE@X+^*fejdU^ zB7-2U%2lHMCx(>F=?K$+e?NU;Td}chPe%p`F$e|oRj`4U+I4&R-} z==1{nE;Je?8)-9)`8El1#t?Dw#%=0MJ0!}4m#1)0=o%P5YYqTRdTo|34Mpn&o zf|4u&qw#d16ck2kl{*bJnkLHg3EE}i$y5ByFn)10ED3P7hQ!b`h`O1V*(f_nn-|XEj6;WyQ12^WC2RvSC2n8GyI-Eb$vg9iIlMq11d;t$ zfll5c!QOYoy3G?*o)SMVQ1Yka5ND%!R?_g%z8CTQEBlKt+E7h^OuC%HrOUtJyPq!M z^w4!ge+>y}>m*p(rX1`dPIxBmt#XoX>C^DWCa|-o3;PFmVQ_Fax*pkFbYxRC1Kw9Y zn?Y=D7H7}>ipy87U@USAv+S5=(e9Cv0qRPDgq00000NkvXXu0mjfgu8-~ delta 1462 zcmV;n1xfnw3i}HoiBL{Q4GJ0x0000DNk~Le0000o0000o2nGNE03JVxv5_HJe+6qv zL_t(&L+zMrY!p=#$N#f4`|6w0(xyOZu?gi_gV6*O1dW6uG1O?37~?0Si5kBcLr}jE zQ=%qfFhmm*d6Aq$lciy?Sh6kHZoAvvot>Fo&)wc8)}7g%?QVA$ z(qD2i**i0L&;Oo#&b@bpD1rL`e+$3f^UMj!H|B)o8~2TnjF;c;yFT=LCve*r#7Ibi z#=92<0p$)WYKom`C@aLuisD#%rpSnpn_~fV+!#V9iLi+lNaVC=5hlYe#2x|YUm|qT zB2lRHmtie})g-2QX%&`~7EC^q25AZL_(S;W>dn}-z$(E?&ZmMxq5_JFf9fI!UR_fc zyUvsu3;CvN0OtqpqLii!i$FTC2#wJ++*n(Imsi#D*3_7hkay2srIFO<kW=8G@=t zkrnar6Ki;jc~TOh(7b-L<1%cLg{IN$6g(vofviSwVCz~~Dc{VJl91Qie}_bQAkLDA zDKrwJQvQ6o?IH5e+<%!CfAZehE4VWeidCg-5GEm|6!}lKG|_5j<*mk;@~Yi62=}ND ztSG6m(VBg;P`&m9!#H@Mi%Pe~Ju${qM4ml%4&_c8(kxChVl1p-&#DSEE?>@D^hqk@ zi{Gx{yxRi@Rg+wx&?;Id%GkZ>K@`lJ&s*b3Dx~?)X;c*2`LEnCf38NcYq5xRk8R*B z@g&TV_P$$Gr6?~nEvF_?zMOUsBRD?BJ&Pxykki+1flVlt){k5oA{u&S3;w#%Kk1kb z358txdzkiotTQ#I7NMy8BNd>}b)9<_kD-tODz{)eRh<#azESz5RPOSOAgZd|!|50b zagUDE%afhtgGFg=f4S`s!tbX6*1=H72(988>x4FP`C!Z!FYS;66MpXDbPR=z2AGii zi3k(olNHDznR_@LLm|a>D-@cKdY$IPXlg0JfZ^`KP)M26fe;B%sFQp!b~L7Nz-HG! zMH&jJFE2(YtmuzU4vdMh$vza9mU0iLV<@DdavlP5SU2%{ia;e8L4cTLViSVbYc7E zjfNr^NzWslf7e`S+W$QkmawmZ**_x6b|>o396|ecZKznVfVakzFd~fAOKb6BV+}?_ zEGjyQIEy9=7Koh}@yd?v2}LkWo!M{qU&D&ePrxEtW1oYvL6nwog(~LezMs(6-T_IH z_#J(cMubsQ{{X&zaz$+a#TF)w4mz`GY&#O5BVFBve>Uv>^s}TQ7^Z|kl+e6s1NN?| zfOkTUZ5Q+sGZV%>Y)=SQEIM}#dq3EX#+9qM6Nxc3wWjb6d$8~DQS5Q~VYl016->Ws z3e6%yp*5r7;&HUT^EO&u*vaoCCnX^a@7+5%c<3>yXHt)2tx_WIMwzoT01V{S8Fxkpy<%q-jZThETL746g!hw_xysb zm3Dl%Z$B0;Ud*2`&y0jj;db@m*pb6H*gc5;q8gx(cBVAlm>_|T^Z&YLjAr%8;l*ojyoG0;d!9d;I%x@+!qwf0f0M`C@Z;rfbcQVO7S4xOTn^Z15&iE; zC>(%w!iyrW2i3kItY1=vmYpx*=^ZU}Grb9#5g}8A=sexic@=;DaS5*8UJMTnVJxi1 zj;TeWfReH@)YjFbY3*7(vTi-*FR0>grcXwN$L( Q3;+NC07*qoM6N<$g6l!Q`2YX_ From b92a7a64a8d5c22a869cce583bb988810967b243 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:41:35 -0400 Subject: [PATCH 20/34] adjusted harvey balls --- .../images/ball_50.png | Bin 0 -> 1092 bytes .../images/ball_75.png | Bin 0 -> 1034 bytes .../images/ball_full.png | Bin 1392 -> 1065 bytes 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-exploit-guard/images/ball_50.png create mode 100644 windows/security/threat-protection/windows-defender-exploit-guard/images/ball_75.png diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_50.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_50.png new file mode 100644 index 0000000000000000000000000000000000000000..8cb16808bc77a58a666e804be4674d173d2b9f9d GIT binary patch literal 1092 zcmV-K1iSl*P)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGxh5!H^h5=oo6M+B#02y>eSaefwW^{L9 za%BKPWN%_+AW3auXJt}lVPtu6$z?nM00Xp1L_t(YOXZedOjB1J$G`1u*YdA)6d}ft zh!5IPlj$BXOZ*cDV}HW_6!z-oTnu9mllZV0V~mT58g+@pCu5?{WP2d}p-3o#K0X=*F z&w2L5>zd<*h=j+{I0SPsEJnb(j-Ow!_z!;wJzgJ17nZ3PU@R)Z@RhSLS8YPlT8TXk zO?bO*Gwhb*^7wIfR^wW_Po)Ig_&ve_V%FHJCD+x zyK%Cq9#(_WKNoq$KhG?p^WGS&CL;tAW+Fm>GdzyQx87kHg+A90xIVFjcITVeRaM5a zJUM4)*tdiW1CL;#DwD}1V)4Y{(w>3aw>eIr*UQDy28BX15fp)W1R*@hiB zE z5h1xw%S;@8*@3Ty#^_U0NiaC^PoBSMF(uTi%nV6lJ@O+^#LXp`o}5$?3{LEsUqXWB zR#lb}k zj8w&}j~1d7M?7n4I592f)J7wqg@&DR5#(bp=9^i0bfWM_7!o zUis-CxPv;oowXD=akHZqOUoh+C+$voLath0z#RWJAAn)ji`o|)ETh1Q5AAXwNDEB9 zvD)0O234%NgAg5EE___SjkVJ7b1WF}Y5i8r1;gC_oEh>W)Z*9qAlzSniO)KYuuK|W zOq^?Z1s22+j7qCJRd&e3t@Su<|KtR^+FBtLm$FP6RWXW6;Xd>_f`I@+^eCuROfPg{ z?lXk(qmwwY5okSdkY(1QE+!l=?!e%OjSvF<)cHzE(0_17(DsHT{e5Qh?V~B^nhxUV z^UJu@*~zjznnxd>X9NenxC++-HOk7N6ZFdd8w$h!`TMBYvNd(xwL8D#=#5(t@BN7H zj<@60ci&6pb5ZbN@3z~8^S8dI1K%7%LJ?pvVaw(kc;wCB>w$ek3641%@j+WVU9G*^ z3l^^u6)`?Cf>}D?iS$TS+HA1b)xl)3vI`31pNpRoITzQz3-APXXt|ox9iOZK0000< KMNUMnLSTYRNBIl@ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_75.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_75.png new file mode 100644 index 0000000000000000000000000000000000000000..36e798c49e85ab6b76ee8f22f230938968348821 GIT binary patch literal 1034 zcmV+l1oiugP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGxh5!H^h5=oo6M+B#02y>eSaefwW^{L9 za%BKPWN%_+AW3auXJt}lVPtu6$z?nM00VkSL_t(YOXZerNK;W5$N$%Dd8c!xj%ixS zio&QYv7$F4iKv7E4UC8=f}$^>pR)W^k)`w{3#4}lMo}a|l+_1G!^*;l%s}#G1!~z! z-NxMR>pF8s#=3WRv!XuqyF6UZbMABg=k+<42@voPNTBb(&i^Mor8V{w>u~ze`)v%P zE*FxGMwkpb%r+ZQkeP~PgFf_O9Krn7#L2A>9}jo@87Qk!50WY~3R2Q4)1?oqX{D zz1Pm*!R?!>qCo^vR5b$w47j|gY3-z6Dp3`F?i@$c*;8n=U#A{*I6(kUgw#xj0J^@p zakrz3ejSOb@X^b5)a@%L3!$SPbtZ(#v_`W;GV&WeU*UER(}*w%;g-QsnEE?Ww5f!8 zqQmjRgm^ULiHQLQ_LuKyL>Pr|W5;{!TwOp*+W2YXS_WA}+rS7UuZKp3PzblTx1)Id zI$F|(<9RYNQPTt>J|yYkaP-rt5DMW`J%gM%^JqyMe{iZ}Sa8%FIk1kw&onAT#5oqF z07|ah!>ZgYaAap{!RmE*)cujXW2Z^C7{HP20LshBhNUPHi0#Bxm`OHb$P){eQqG8u%#(PsK)f85_7ktX0W^QLn}Q^;dDFdpP30oeF;a zG)#Znf^K^Q%+@UG4HNx7=Ekx4_&GdwisTo^5Xa$~gn^gQWBU6xJgYs71klRf5c#uE*4o&ClkTWlj)+*5!raXE00F^iH zqti#GJvANB1$!{LJxDmoc<_wE`rU!*jmuF{RZZ)n6PNHLZ`xXMr}-(K^$p;&+Y4Ei zk--{JIMafyt5;xi*>iWdHyG literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png index 93feb1560270fef2728c61ae82bdbda2afcc31a1..f0dd0c220fdfbd0943cf9baad844c27cbf96c4f6 100644 GIT binary patch delta 992 zcmV<610VeG3aJPoiBL{Q4GJ0x0000DNk~Le0000U0000U2nGNE06Q?QqLCq4e*>9G zL_t(YOU0E-XcIvg$N#%&k~V2;XiaRj)+o~Y4B|yluY%w~@E~~5gQy6Co}?EKR@93} zQBm;K9xNydf+!-Wmx7Pt69gYkE!JvkleC-HzWru*M7Mb~Y1IDU&%(^k{O9{-<{QBz zFbjzM``?*0;~Ayepdm~QQ4lOue@aEhgUJjjjaWuTR@JPwI(H31J};I8{3M^%Rt{wu zkCD;E*FzZ3s?bdXFlmPbKFp+O1p_WYM01@Rdm>@XrG-pKNn_U4^JW;mZ$Bdv48X)mRd{RxQG=)$I^UY(YumQ~mGoc1*%NzXz%@ZDK6kqJZyde+8?84LH1h zId9FUsB!nB*Z7!7AyDgKq4U-fIu8ii#W^ zq>4mi{4N2{#}er2f5B&Uk{7Wgt2lJ$3GJ6ra*xV_hHI*dlN&nF-qyw&ZSo=>`0@ks zbOxHPL(#OVq*C;fqT})Ve_^`(I(M*fM68h6k$cbZ^6NMnYTeeUt_sSSteXfZlQ_L~ zBbw&5@{TDHGvjYkitZ|{m{L?Iii$*Y7Fb$+&t^08~fSYzo1~2JT`rC1MZOwuO+Q)Z{2d zIZAmolBtkP&|wXkIfNI?=Pou5W5$MXD-61GY_*D3on%ULnrcF%$&Z$n7Vcn^XS}&{ zAr*R9sZ!}g&RD8We?`bdYBG*3%ffK`{oKK(;3M%N`UxFf7Z7Z3rK)FIPhMr15JVSZ zstfxj25|n;MQU@#SoC$;cKkGM4J8n0^s%2RG8aV=NnM2N>3vAo&%wJO%zJ*5m+D_! z-M<~{=pZIz5>z^wI#o4R474I*ee55D9+$XGufx*^xP5qce?e15(TFXSG>)FRg6{q( z&`=N2>qQMMRj>;FuVJ(q6rmy1K%;_zNeP?G5nMagh2~`u{!c!ojV%oH_T9kc{+D<- zI0|^?0L^phTT7$ayQffE52Yv>Vb!v1v_2qLfs{wiKj6P>Rr}s-Oia_#g-tLHnSf z;8T66NFRK#qE(Q-v=7qS2esG_TdO6}gtpr>1+z(;ug!kV?9S}Wj_2;)y4mb(GP~K8 zJoFDIo7|Z__jk`d_uP9Um?W%We~J8a&FTT*YPIG8SG`D5nvPgjLt53Lb5~A5fM0T= zy~T}y+gWI(=_6-g}zMKfTa=*j^BUbh25w+o#<3EMhDc&sB(cvh=w z2Aow?9KAM9k;}oLZ?b4PM1gWeAaDF7YR}UTBX1U>>Y#Q8`_@1Y)_W!Xf08}f24t@t zANdETB2(BD^1(?^wMZw}I|&(kdpF?q{)ZvZ!0gBtpiFsoK@}iH#|i z$)Ts!i+7&sh0jKQ+5-IWm%lKT&LAMUStxmHoubI4R1IBz4?cPBiNfE@X+^*fejdU^ zB7-2U%2lHMCx(>F=?K$+e?NU;Td}chPe%p`F$e|oRj`4U+I4&R-} z==1{nE;Je?8)-9)`8El1#t?Dw#%=0MJ0!}4m#1)0=o%P5YYqTRdTo|34Mpn&o zf|4u&qw#d16ck2kl{*bJnkLHg3EE}i$y5ByFn)10ED3P7hQ!b`h`O1V*(f_nn-|XEj6;WyQ12^WC2RvSC2n8GyI-Eb$vg9iIlMq11d;t$ zfll5c!QOYoy3G?*o)SMVQ1Yka5ND%!R?_g%z8CTQEBlKt+E7h^OuC%HrOUtJyPq!M z^w4!ge+>y}>m*p(rX1`dPIxBmt#XoX>C^DWCa|-o3;PFmVQ_Fax*pkFbYxRC1Kw9Y zn?Y=D7H7}>ipy87U@USAv+S5=(e9Cv0qRPDgq00000NkvXXu0mjf&I5ux From d5740d38a39d2bbbef13c4c6ea8d4d6166da7f9e Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:41:51 -0400 Subject: [PATCH 21/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index dfe26a4f8f..6617e905e4 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -62,15 +62,15 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e Each of the features in Windows Defender EG have slightly different requirements: | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | -|-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | -| Exploit Protection | ![supported](./images/check-yes.png) | ![supported, limited](./images/check-blue.png) | ![supported, limited](./images/check-blue.png)1,2 | ![supported](./images/ball_full.png) | -| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported](./images/check-yes.png) | -| Network Protection | ![not supported](./images/check-no.png) | ![not supported](./images/check-no.png) | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | -| Controlled Folder Access | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported, limited](./images/check-blue.png)2 | ![supported](./images/check-yes.png) | +| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | +| Exploit Protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | +| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, full reporting](./images/ball_full.png) | +| Network Protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | +| Controlled Folder Access | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_75.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | > [!NOTE] -> 1 - Includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -> 2 - Limited reporting functionality through Event Viewer. Windows 10 E5 is required for automated reporting in the Windows Defender ATP console. +> ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). +> ![supported, limited reporting](./images/ball_75.png) On Windows 10 E5, includes full reporting capabilities to Windows Defender ATP console. | Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) From 6158263aac49f83c977e30d400d27dee2e55c45d Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:43:49 -0400 Subject: [PATCH 22/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 6617e905e4..d8651f9838 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -69,8 +69,9 @@ Each of the features in Windows Defender EG have slightly different requirements | Controlled Folder Access | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_75.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | > [!NOTE] +> ![supported](./images/ball_50.png) Exploit Guard provides exploit protection capabilities to help prevent vulnerabilities that are discovered in apps from being exploitable. In addition it includes controlled folder access to block ransomware from accessing user data. > ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -> ![supported, limited reporting](./images/ball_75.png) On Windows 10 E5, includes full reporting capabilities to Windows Defender ATP console. +> ![supported, full reporting](./images/ball_75.png) On Windows 10 E5, includes full reporting capabilities to Windows Defender ATP console. | Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) From 45f7d5dd8de3b944a898f55186b40d89152135b3 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:47:17 -0400 Subject: [PATCH 23/34] balls added transparency --- .../images/ball_75.png | Bin 1034 -> 1022 bytes .../images/ball_full.png | Bin 1065 -> 1124 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_75.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_75.png index 36e798c49e85ab6b76ee8f22f230938968348821..a369f1b534211618cbcf1e5eff3bf04be2ec43cc 100644 GIT binary patch delta 1011 zcmeC;_{Tm$vYwfNfq~~;+yn*&#@_)xA+G=b|Ns8~|Ce9CU;O_6^z*kLpFe$k{qq06 zKObMc`19q{??3;(ynX%g<@5hPzW)FD?f>83hhKf0f9+Y{@#`}$JXm`5@!`jB8V+8z z%_@(}DQIbGymWY9&c3T9`z{ymy_C80Lf45~3vRu#NY3wWX-eICrflz}`l3A-leeB( zaOpwWo(o=~5%C*O7VbKqzV&qd!OP9ZZU#j~N3A`Yv+Z>9rV}j(E*^dL)iNwTc*TLV zO~)hF9A0<&vR&)ULp!$mEZ&{4_Hg{#!y(J|?tk*mD>>VB?zYGk`vR8ko4R>-&W6K_ z=gzU6u`zh@&Va?cBB!r3spx)k_mml?sh>^g0*mcP=*XTc+8uc-_hsX5CA4 z+vXc|EHvm`q);*8-Ndl&d_R}qtUuRDK7u~!)IIty~=gdr5ff0r{!qYPL(L1 zC|fyMrn-JAPh#ca9a|5dyTFjvB3{xjUfR!9I@v!eE@i?ThKyFhf^N=|iIT2??v?Ef zDb3uu9Xue^$(YwG=p1$$@Rsv4T?W7F!@{G(NTBh5qOvI>i~uU?^c@Ub#5 zMF^Ax`2_=M6djC6&7I;J!18ET3gTd`&wjEG`oTrOph{pNk z1PPgjK!*U22$w0Gt5r77*wM0N%9frrb8NVmt!Y{$q&*=htUfR>Ff`bG`qc|5%$K8X zDJ)prt+jeNf2xE;Q{zO#O=~(et*4}>@iB@`^SBgt&0t!uF3XLZ#RpPlWghydr)v}x zws!B_d3dJWynqK!&vFWX{@CjM`=_&`LxO;hj>N;R2>}`$-2Dw)g{^LGj*cZhIy^^? z9^Rs&qIS^1NM^~BLrdx}UotjuNDDLbu~IkZXMQ4HaCixKcbB1qr{v^sQJw^DwT4} znq`;#Y|YKBTZ^Bao4ubQJ1J&I#>YuZPfuI_AbkNp1H*zFEpI&cptHiB= T>GiUgKn)C@u6{1-oD!M<{3y?w delta 1023 zcmV)dxw#%EE}uK=Ne;YS~KN#@z1fI&(+Hx_5W8qCWJy zJY3Fm?sNX<^*NUb5bzI3pzpuV|0g`9HTDzhaQe{uZ49F>7m|%em<&41HXBipnTlkC zKJ;N6#3ei|0)H2tccJ-~9kv7x^Q~#vR$PQjLMB+qkVq4LQHCuw3A+}~M7GIDBcl^j z_rn7#L2A>9}jo@87Qk!50WY~3R2Q4)1?oqv4s0lnAG;KA*is-i&zQB*Yp z0}QylsA=t_Un)@*e(oGc)7evKv|pzlbvQu)PlVJ=hXA_1xpB9ni+&x6s_@avcGT@F zCkvsY9(5*!$+SkZL^ARlJzwE=4%3J*3gMQ)QJDHWQM9RqdZNSe!i0D<OwB(uU)CGBQ!q1R_2p z>EUqn)2I*%;Z!|?oH_GoNgID~s$*Di)Eqgmj=|3~Dn!IN7Nr16uH3__+$?ZpXKKOf zb$HbMk-TH4Nw*llk?a7<%gKhNC=!V6#8sF{Hh*Hs6APB)>3DGS5^8J)l$P(H9+j!K zCb0-e66ui~)6}L`VPu_sW8aZuwNQl+3gNYLv*Gq}irx9E7Q8$Xh8$R!zl17;PzdiX z%!AY8B|Q!H_V>+AMqI#3NKTJ2;-#}^AUB1Dm*Yu~)iYAO#z`{VpZZW)wuQDHMj;&J zQh(_hd>QqG8u%#(PsK)f85_7ktX0W^QLn}Q^;dDFdpP30oeF;aG)#Znf^K^Q%+@UG z4HNx7=Ekx4_&GdwisTo^5Xa$~gn^gQWBU6xJgYs71klRf5c#uE*4o&Clka#mMkJc*D7N$IT_yCnR?xWL3rad(s&;@%i zxjjfY$$0RL!us8T>W#}$QB_Urq7#?!ByZYUai{qyp7jmjv)c<2-)31l8dsqMf002ovPDHLkV1iFP;B^21 diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png index f0dd0c220fdfbd0943cf9baad844c27cbf96c4f6..b58555b46f73ed158c732c2b51cd2b9d94535cfe 100644 GIT binary patch literal 1124 zcmeAS@N?(olHy`uVBq!ia0vp^av;pX3?zBp#Z6#fV6qMH332`Z|Nq~A|9=1dd-wg< zS6_d;{`%wJzki>8{QCd*&(A-9-oAMD`RC6UpT69C{o&Q8ub+SX{PpF_pC8|WntnXF z|LOIM|3AO{ef#pu+c*FJ|J!~4)zYhv=Ulkoe*8wszRQJsFBa|rl9v`-eBiwFVBxNd zC3`NG?z!l+^kCP~YjGP+mhL`Zu=8BQ{);i|j^=DTowM~+?E0fsyUuUB^~8SOj*QL6 zQ#KsS*mTTo>Arj)D)YYOc9T}xPF!g>Wvxcdl*Q}TyG&W7*SW~Ncd6Ngm5RmP zYd3FopSoJLakfFnLW7P4`n}6#vg!{VJXE>ypk&1qji%Wejk7hIW-BzzHp(o2bmz{N zi?_tfCMwoWQv#y8>7u0*6RMkJDke%*Op>jfEL$;Iu6i10dj0Cfi*DV!!w^~~THG&I z+$Rb`y<(*k7z!q*B_;$mPhv=J6e#Q#Ea(y_=n^XGVao4gwe&DAXk>`40#CoQTHnyxb_Karsj3&0MR+j8ehLk3Tuu|91 zs5jRyE?U0QF}ISzJAolEpCP50A*-7qyN4mYjUl|0!7*GbJh`T+<@(J{_1 ztWDH;l5e1Aq^l@T$ds!hH!m!?YHG6efkUvfY-m`tdpJMmi&xSLr=_GMXD?s~HZE?_ z+1qm6bwf&x($^J;9;cJ$<@B(43O*U%q`+KG4!R zxn<&FpOjBiR$g9qo}u~W<+O9NY}ri@xjsKPdw;^iMMt~Ebt8A>{Op?gVx?!s)mNt3 z*Vo?PP_G^0m=XX delta 1055 zcmV+)1mOGR2&o8=8Gi-<0028MuA%?{00DDSM?wIu&K&6g000DMK}|sb0I`n?{9y$E z000SaNLh0L03C(^03C(_U7{0#0000PbVXQnQ*UN;cVTj606}DLVr3vnZDD6+Qe|Oe zd2z{QJOBU#nMp)JR7gw3l}l(7K^VvXyJ?a(X=`XrY_--X(tr94;zdxeg5W{$Ab8M& zs0f0dq!$lX)Qd+^QSj9sEGPn8^I(n3yA#t-+p%%o@q11>>CbDbM|B4Ny>g-l0DW7gI4 zW*EJ1KO+(hz{UJ{-&EKnI<4u|SQ5KdEyAwV?GQ?AK}q9N{qOL0Ou{_B2dXh`Vl3RE zfbVGqtAY(UynZ=v&8Mhw_oLVNm`EW|>tUhu)-s_;Cx2uG3;jNv*tCW>Iw^Ra?tU1- z!{{jL-6C>|iX0uJibP}lE&V5 z*2Wuc@**Di@&oa72AZxz(X^_hQuLCdFSJ3;QMpaQ@OoYIDX|^mW>H{4{P2B@k%zv7ah37ex_CU4-lDeMr~O z!Mh;Ldw!Fb>R(*lza8u7ASPoHR63bDRW()&v?5}C>>q<3m$*!?!_x=2eRy|4Q%2E< zEtE8lp1FeV{wUB;57FyI4J}o$3jVKQw0{{Cp&`^jqk@4+37gCjTszi<=4BE7Pd=rM zEe!Pb-N5Dkmv}fh3V7xK&2#BnOQYGlr%+lFKx`N*LiO0TaxuCO?1k7A;^PZbhOtdL zK90d?6leQx;>o}Z3{mZ6SEe=4h{*B|9Nf7BD>|1V*w#*ePyddWZTz<>dbs{IvlwIy Z`~-}Alb$d|*_!|W002ovPDHLkV1mPq>~#PD From 7a1d89e315ededd464f60452a9be610684f81188 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:49:17 -0400 Subject: [PATCH 24/34] Add files via upload --- .../images/ball_50.png | Bin 1092 -> 1147 bytes .../images/ball_empty.png | Bin 879 -> 843 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_50.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_50.png index 8cb16808bc77a58a666e804be4674d173d2b9f9d..b1df96bb866330249067989424449bb287b28018 100644 GIT binary patch literal 1147 zcmZ{iYcQK>6o6m1DwWmQN?B7@?J{P_PF!MJ9lNCxu_B~JX;HVRup%U-WetN^DY`D} zQi@oYb=#0HiG+OaL!{VfC^b{9?F`1avu&y9x9QKF*?niudCr-0oJ9nV1g!;hY2QO zK{u^Un%S=i?Hq~f8Vll$_Y3&cwtgbFH>7=t(mFgKj6Z1Y?NnkVV)d&xY zppc5+Z?#Ch>qNd>v3qS#P#v`Tdg)SW2eBF=)<7I=9}Xxb;eLt8GEch*+2=mNzstTj$g|JZy9n>#0^g`XHF+aVUpQ|04IiFf;omFj=Rv{JepKt7$`-bY#3(V8Yzf3Pju}Y*u z2w&cj$IeY{;+v+H=q47Z@{5SelMM~)$# z1E{&M2-1$sNTk!{qr+#yQovodUVNT@d>)9*>VvwWg*O0yCxw~3zO+b)V}T$Rpyp`A zvbAH`AS8WjX|Yy5Z%E5Ig>&!g>X5;`6dJ?ehugp>8c^ablkx#27B~=WJSp6&@|Vh) zu|6>@gl1%87jfhT^~W+{T_@jA^FLob%8acZXheE@dVqW#GorfDV-SOxYJRGTfFO_m zPQ5_%@^JIFQACBC*kzS)9_v&-$!+>oSlIal*0eqE<&3wYq62XEPNkrHFrTr46U;(g zEoQz2Nd`rQ6siwtddh8R-iVj zH*Mx#D)luIwy^w1WDjl%F7?_~LsFmE*W@Bb`F(_?38~ru{n!D0`Du$!z5O}unCZOT zwJChj?t=qkyAWaQvo}^2e=4by&&nnrmUjep1xx9!TBCVIHO`LV*_hkngx7rL!nSKV z{)=u+e#Wuk1*5xMQvlFt7I}du`=~yy6$>B4ijH7WU80hyY5)hU{Ur?63FCnCw|922 rcXF}6jKShuuvj_jn_vDVBqT=DVjldzAn~hkR13fhPxj!shiCr-T@xLr delta 1082 zcmV-A1jYON2*e1G8Gi-<0028MuA%?{00DDSM?wIu&K&6g000DMK}|sb0I`n?{9y$E z000SaNLh0L03C(^03C(_U7{0#0000PbVXQnQ*UN;cVTj606}DLVr3vnZDD6+Qe|Oe zd2z{QJOBU#v`IukR7gwZmS0R$R~*N`?QPfcuXGe4#*l~)+J8}#=^ijk{1XRbf5QG0 z_Uh(b3}X+I_^=pbjEjjHb&13$W1`Mvdm!^^OU4S#!gxUZ6Q=Bs<4>Vs8&D`p`pI@-}4}X6MJzgJ17nZ3PU@R)Z@RhSLS8YPlT8TXkO?bO*Gwhb*^7wIfR^wW_Po)Ig_&ve_V%FHJCD+xyK%Cq9#(_WKNoq$KhG?p z^WGS&CL;tAW+Fm>GdzyQx87kHg+A90xIVFjcITVeRex2+vOGCwXV|xd3j>c}p(>Nf zBx3Qz+K9zdm1ncB=`~z-?nPI(8@HzyS(ZmtEG3dS-8W1NM~_${P9i>{6sl&TtZE}J zwCu;t{`>gbuP#>=pXqxDGkqghCQ)VT5hHI7Goddn$JvG*IOQG!5;2xd!-@UN5e!cG zutLKdrGJ~}42i_Ky(!9Vm3XP98r^pvuuK|G{LL>DFk(fe!nF}0xlYSW9Ddn>uZG6x zQ&LGVIPp)Ozi2Tf)T_)4Nn$hNYqSd6e<`RO0HgF3sNwG=pU zv!fPE%OVXY?M`_@u3BHf9RD^SfMM2)+7}!wqriy|?Q$SU3rxPT+T5-NRjj##5FK4E ze1BZOjkVJ7b1WF}Y5i8r1;gC_oEh>W)Z*9qAlzSniO)KYuuK|WOq^?Z1s22+j7qCJ zRd&e3t@Su<|KtR^+FBtLm$FP6RWXW6;Xd>_f`I@+^eCuROfPg{?lXk(qmwwY5okSd zkY(1QE+!l=?!e%OjSvF<)cHzE(0_17(0}%ZB>jD6^X;Q4=$a1V==00C)Y-|hJeo%z zpJxOIzPJk40yWCYp%e7V{u>Iz|M~l<*s?Ws-L*TvFk#E)8hGT*-|K;WLkW&K8}UI~J6)~4+6xx15*0B%GBbi% zI^c=)NLAWwu-DbWWU;af3ge%PpAtD2*S`z!1a@e-n$sPhtN;K207*qoM6N<$f=#^q AjsO4v diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_empty.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_empty.png index 6291c3665347b490c3cdbd9cb2ae0497683fbf5d..6c68dec8292b92babdc689da260e56d4f1fb2dda 100644 GIT binary patch literal 843 zcmeAS@N?(olHy`uVBq!ia0vp^av;pX3?zBp#Z6#fU~CTX332`Z|Nooc|G)kJ|MvN_ zKi|JT{qgVZvnP+f{(AfM$A_2C-#&f(;p_Kj&tLri|L@iJU;n;;{rTy`$+zE^+*;gmVw<3hTo&^O_nP=gpY5bpG6_lO~onGzV3+7H&Fv<>SvC&%apZ z*HxC59NxV%t7~%e(d&~gKDG&tx_kBV>b2|A)*oJe=Z#%Z#Mx7)GBzC5kIy}H?o#uv zlX1&-&zdx$YU{D9w{9E7Wo6A@H}T}n`sS9H#oJyzdJr~y{h?hu+74XUwsW_2{iNp) z?k%}+r*HmZcO|@;AG4=Sh`rb)Fv(}}r-Zyv7?5@3MmTliHl~H%~>?x<# z>1Ut6lkIh+L^k;On7#P(otJDF_?Q*U}1~ zBY1CK@G&-Wdo*K4(vG8NWX`2*KTx98t~w_(wfE>^vuy^`=Guy7vb#&1J}KF~rCYn_ z>9J1NTX&g{eR^_8>FrbA>)23pBJCkNlj}M3li3y4di#ynV zbTQA=(5t3fOTY3m@qA%q5ILfdt)(Ee5a?Ug64!{5l*E!$tK_0oAjM#0U}&LhV4`be x8e(W>WoTk$3gntv85q1a&_0NwAvZrIGp!Q0hFQ6jYk?XVJYD@<);T3K0RW_Elym?9 delta 867 zcmV-p1DyQJ2JZ%t8Gi-<0028MuA%?{00DDSM?wIu&K&6g000DMK}|sb0I`n?{9y$E z000SaNLh0L03C(^03C(_U7{0#0000PbVXQnQ*UN;cVTj606}DLVr3vnZDD6+Qe|Oe zd2z{QJOBU!-$_J4R7gwh*K0^q0UQPJ<1{xlT}-spvcLzVhJQ@0%pL|2krYB=MS?#huBb%=70+H#oqpWi^%0DdSo$W!JTFW1Y?6o1c4WN76CsY-#4kK1IbPlwMlH z$ug_MPdY|u*P){{J!#-(VLmi8(8;HDoWv{+_Zw#^GJowf=?40^S)4bjCdz(M&&iy{ z(H_b6PruyA*mC8HRf`+z3R&bxp0Ahnbm_jqG Date: Wed, 25 Apr 2018 16:51:35 -0400 Subject: [PATCH 26/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index d8651f9838..9c4f1ddefa 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -69,7 +69,6 @@ Each of the features in Windows Defender EG have slightly different requirements | Controlled Folder Access | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_75.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | > [!NOTE] -> ![supported](./images/ball_50.png) Exploit Guard provides exploit protection capabilities to help prevent vulnerabilities that are discovered in apps from being exploitable. In addition it includes controlled folder access to block ransomware from accessing user data. > ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). > ![supported, full reporting](./images/ball_75.png) On Windows 10 E5, includes full reporting capabilities to Windows Defender ATP console. From 9d90fdc3a3591213662ec00758c3a764e7ae5f8c Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:52:28 -0400 Subject: [PATCH 27/34] Add files via upload --- .../images/ball_empty.png | Bin 843 -> 843 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_empty.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_empty.png index 6c68dec8292b92babdc689da260e56d4f1fb2dda..2d9573c7ff4ac6a6a0bdc5b4d66a112bcfa1703d 100644 GIT binary patch delta 52 ycmX@jcA9MgGoOW(p|P%ksg;32x#L9t$$ZSpQV1b78O_fOK;Y@>=d#Wzp$Pz8;0*x) delta 52 ycmX@jcA9MgGoOi-sfDhAsg;4jYXj|rllhpHr4T~1awpd^0D-5gpUXO@geCxcmJU+@ From 995be7b1103bf0c9bcd91f8da861826b11f36a76 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 16:54:13 -0400 Subject: [PATCH 28/34] Add files via upload --- .../images/ball_empty.png | Bin 843 -> 1477 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_empty.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_empty.png index 2d9573c7ff4ac6a6a0bdc5b4d66a112bcfa1703d..97f905f5ea496980e72b3da4837dab0daa4515dc 100644 GIT binary patch delta 1411 zcmV-}1$_F;2E_}I8Gi-<0028MuA%?{00v@9M??Vs0RI60puMM)00009a7bBm0000; z0000;07l7cJ^%m(14%?dR7l6|mTOE?XBfx-=k&Ba6zCO@BG)pofI~qB%TT9AW#XLI zFk;+df)2N_#l*xdyEr$OWh^f07yaPWY>O_Lahn&MIt^Y>RDTd~SSpAh0!3^Kr7gXm z^X`MvRJlX4FWWyk$$Ro%e$VAR?{k3v^)HDU%OXO^z)%1{N&tlmU3PdmC(p_bNlu8{Q}kk7WmmtOsDs6$hku_C0zwGg(&x-CJ$tQs_WJiv zvQl|20A{qjE&paOK+%f18#fniI&$XMFD~85S$(V$H}16srfq2GQGGjl+`bv#U#Kd7 zdEGm|0Z58U&l>e(84x380f3ob^6|2wBWDk8{Nf2WeZ9$QP7P2Rp5ZU6T6crL29yu87@PGOMK(1?Tn`vljxB|eyc{~&4;%}Zn z%(*cwHmaUxS-EE68;MCv3kHL4br_-R=~s4kb;~WC?KRU@tm7w4#gofp$HFXZo0Dc^ zMPjQ+u1Z;TXpev1Um_JP2Bb#w5{uQ!IeX0=hU%-6;Q|2EQV9U?60yh*hKb%5P|JRg zJAW-UnC$($%j5MBo^x`(iHG@l=LIw+@Ogcqfjs|!WoYn(*nAZ2WI|<(NFFw6;=m2) zb-U$GyVZ+;+s+Tpj1EV%LT2U|ktHZ9UKu`r*`%S}HV5oH@%g`BaZ*OTjpO@;N^Mj?V2-JoziNoW) zOe?3PuaA8pM53KJVJJ@s$m!j|SM>Ln7@8Z6KBGbJXl)t{1^{_)2dvEvw>g?2@j*esZK3@VbMbnLdxz zq^woN#A#w8)gh|y33li?b8?*4FIP81xthkg3c06YL( zV}bp*^$*OXH6T@=ZyS@{0wNDGFgh?YEig4YFff;?ypWR)10owTFgh?YEig4YFfiuy R1S|jm002ovPDHLkV1nYPxz>i7Eo_x1Vm@X77>q}u6@$k>d;)tl4fyXNwc&fq?A ze^+U4f`Ngan3koVot2W2b%29XdWCVa#nkcnxaagbZ+>}obbrIUxoV1&gT>d9(c?T* zTHV#ttF5kPufwO@>^@Rh&C1GXu*EN5ZNkpdgSyFHrn{Pwkb1So)!N%KUTSKeu93;v ze}jZvqqgee;8vTj!n(MIz|gk2yE}i9=iuI?(Ax6|wL06I_B%g9xKi%FHMt<~TFIZw5zrg)2x0bhBy*WodSo&YgF%D=nM#ltFC zWdK%gUZS(A!wx7gu&w8R;3hyXD}aBy(f&40>xfPykrUlBr33qDO9Mp02= zW~7{%N2MFN0000HbW%=J000000000000000000000K*;4?f?J)0b)x>L;#2d9Y_EG z010qNS#tmY07w7;07w8v$!k6U0081iL_t(2&tqU1BtTF|SVUBe5vv@NxP+vXw2Z8r zyn-U8tbdZS3Nw_cs-})EtD&id#M9P6mDSZ_LE-BgAoExa+0aZgGDhNQZva)k9+>)D@Ur<<7TvA$AUcryWqYRZ*)it$s^$h|H^Z@`A#2{-bAQGXI zR|O&uF*rIgGc7PRIxsMIL6J|Bhy@}WF*rIgGc7PRIxsK>94Yev0000 Date: Wed, 25 Apr 2018 16:58:14 -0400 Subject: [PATCH 29/34] corrected resolution and transparency images --- .../images/ball_50.png | Bin 1147 -> 1591 bytes .../images/ball_75.png | Bin 1022 -> 1470 bytes .../images/ball_full.png | Bin 1124 -> 1454 bytes 3 files changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_50.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_50.png index b1df96bb866330249067989424449bb287b28018..bab791f3c0ff175f7e7b736e470fbd35ac0f81f9 100644 GIT binary patch delta 1526 zcmV zZePdz`i}4LO zaYgI?%FX?0*2t{gCma1iDP>%^DIS!N$Dl=y6#Q}3`+wQF7HxKz85TkSaw|bZfC~XN zDJisc`##^+g>!tDj+VMF9W5;>c;@+OzB%(=ZMxYpuxNPJ*I$*_hU39aJ)t)OVQ_I` z*siLERTVed=Tafmn0N^R;|7F~#E^IOXy^CuDeh=(zQ7j0x#DIhvdH1B-LmqcTl8E) z>DiEJOMmWnp!UYX@}{=A0ZLWIIcN`O-7bUx<3>!<7Hs{s#_cLz=WlHue@(SNm9yYE z*i)?W!BR@>bl0Il3ywL}(DHJ7C}NEVrJRGZZm^VKoX70nnnEYuE!kPGwRpcXfcZbX zwtP_0@{bZLesN5W`9z&}rsrlLpLGM`xz4%*5Pw2|#sLGsrdO7tkWFR3n3FK2C*PFH3j3d2iK{VB%8DF(VQWZo`?mnKT?UB z)_?XiEfh)B83Uy}q3d@jrU?`iLa<^=0bUrJ7qpno)MR&LkC^v*EV!br?ckRERL zX~$QticR&Cd0EJ`Tbp#oF5mNDQ4Y$uA|%YF!8r-zD_FJ`e|x-nZ7nVRgH0Y!L&=W2 z6%#^G+u}#=z%*^t>dl8ZFtc~T1P0?Ugh3*`q+0G>-|yp+W7E8Kwe7skd(}{Gmw%1u z*YJ!~40!8v1pTf1sZKqKibq!gVW7P0R7WU{o8~WECvn-|IqJ;$>gm3V=MDpCl|saV z0f3!y;rgaeFGRHVoith~;&^ve6GB3#ECw2)3?Du{Dee2?6-&;SonqnY%Drle{jTdI zdbn;~TN%sO@L+ZM7R!U#*S|2+G~#$Ck=FCE(V zvuM1w8-z$m**jPo9K@0&Lx=a2S^^y_)e&P?6G!?OC<=*ACIm1H2q~l~q<=w5sQ^f= zyxux-`|+~H#Rm=*)*W^25Lc@zmPYZ}u# zCRp_M)~oxNq-KMM)z=^QMx)4?If- zWIO_^%?Z_{W>}LvDJtow`8$17Yizi}8m^S0+2aDF2k{TbeS&XWG8EMbt9=NPl2ZYg z5Dsbx2bv&76M)Wp0sp)9570rq41UJE{F4m?A`db%Ix{gXFf}?bFvIy8?UOzPA{#O@ cIx{gXFf}?bFtVhgQ2+n{07*qoM6N<$f}H-%cK`qY delta 1082 zcmV-A1jYNe4EqR>8Gi!+000c`UXTC)0!C0wR7L;)|Lynr-thI|`2X+y|JU*P@%Z}f z=jQMG|MKbP`TYI;^YG>D?(ppE|NQ#w^!NP#|NsB}|NQ&>_4EJs^Z)<;|M>R!@$cB| z^OMcpZoATMywY>U-9}zyPIP}vgp-NK*?qy)YPrvIz0!BT(|>rs({RAo!nU)iqoHMl zjd8Wf&*$!7v&wL~&vU%cYP{3CvarCpxL=s4$m#OZ>F-*u#%{OGZn({5x6iz?uyUcV z$L8);s={cq$Z536UbD-*v#@EYyMMjUU97@mufI*_P4kf7Y09fe1~o#u zudBzrxlw6w3`$!7O=JL3Ya(%o08wZFGDavzQJ|QW+|tm+y0^Tvve3uHAvI3d0000O zbW%=J000000000000000000000000000000pMMPL;#2d9Y_EG010qN zS#tmY07w7;07w8v$!k6U00BrzL_t(2&tqU1EP#=TnFW`egrt>9Z5>@bAka4eaSV-&QDsd`&CEf-!V=8ow6aE)<+8E00|R>phyb@E z4}X%hld}s1xVk|_c-{Hnviu&NP~hba6Z7$fOZ)i;KtW&-OiUnH5XKA%4TFMkxHLmV zB#adm9Rmfiad7GQ1Q;tZ2?ml=;L@pSFjjg-CKP04!=-a_VXVCT0w^dff=d^dz*wba z!6^%0VdYi1Xn23+<(#v0d4Itv5rnepmsHPLqHEqy0=dlAuZBB zVImkznhX`0G8H+>rcIwQ69i_>hVbXiMUC)z^A{{!v}n=dB_PhyWy{f%%Zin&Ru-{r~^~C6mns z9uF}zIx#sdFf}?bFv$%rkCXZZA{#L@Ix#sdFf}?bFt|{bGXMYp07*qoM6N<$f;sIH AsQ>@~ diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_75.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_75.png index a369f1b534211618cbcf1e5eff3bf04be2ec43cc..de277c05e178db1cdd0447f127f41981d5ea4a25 100644 GIT binary patch delta 1386 zcmV-w1(o{#2fhoC85#xv0028MuA%?{00v@9M??Vs0RI60puMM)lTiW}e+2wVL_t(Y z$L*C{Y*bYghW~xenNDXq?a(&U3oTR%R3sn>n4qcA)C4u+gAhXmgN7)<2Mih&6Nr)+ zCDCYNV#FAU8U><|0t$jaO(>Vru`RXj^a2!y4$zr)rnGZEXWx9V(93jYN-)0YO8#Ug zXYci`we~t|1OMBpp0ZfSsX%>ugtENUZg$x1+0}uc}NP4#^cZ>qs z`*gmz%Rf}*_W2j|2L=i#h{(!wSX5PsS~c}jz9r*KMQ+x~iac946Ow8QNf`i11Jwo$ zv82Aox6awtUg>IXig-HPTm9FrwlAoBOuzT3m0Khsg#>^~NZe{te_e%E^Y;%H=l(d) zk>gF3JxKxt087_kbj8v0?VEo8?I=Hg?9iTTEe%H`=RI$=1mcfcjHPwg0|%%Og`>|a zgv70ydayhP_4&*fO1hVe^Ex7LTYT9vY}rWmp0GMM`>y47`QS~w(d~8vieNpYX`si>Qqzp zuFa~+)OxFN0KlLOTu4yHk}77f$9qm zYdd~;$BNJQxb@IbLK*)C3mBB86lGi`X3NW!8@JrQ{G+eOUd642kP-?ZwzC)9%Q_mJ zZ9_fXwbdI}PuP)h!vN#MU@lVrl#(bjtVJa&cT~-7RaA`$&PFnpQlhJW5Z*X1>b!iV z!rSFK@u8GMe;DcTabOD0Idn#$QwrTkF3LDmYj%}=`pm-oIr9@s{n_ajG+*y8>h1Mv zH$9h|x0g&$o(1QioJ+%CQl}I~3h9)Bt6F(Z*~}SbRm&5>dm6iNrGFsX;N1WIJ8vU+ zy=SJ*_^k0VxR}+n>ACWf9BV0MOx1^-CzV0LgtRG{f0n6p*S(Q=$H8a}fl!#6il&vj za%^9$|Eb1=i7O34Ai0oPQC+vwG^P+nfX3on4+V{e{SArWMI{bcOj@r&sh4tIG|7i6y%7REG!%>Zz5OkpZXF9IgkX0= zJC@D4f2VJ^)7411SolwIK?ov!UT?(H?T+`|NX&S}{8`9c{{fvn&2d;L+8PjK-Zc|| zU<@Jm1*c@p!&vC{x7%H9&M+a52NAw{>68(R{*i7fO-hU-+Uw~LcQzj=SoLaTd{84% zShDbRG>p0z-(0OarhW-U&Ay8YL+Ei4J$L-Oe{g-x>mX#zKvG9WF&Z21aBr(BmoQnMq52>@9rFm{_shIG-aqV!!lc_npFZL zf6m7X02cyc&>y8P=P{%4L#bzuJs)x?U{@+0ctR->6 z4ELoFkc>)1f+6YaammZ=`-JD>UI3nS9Y3jFfucA_LFr=T7cYg)UICLi50C_UJc!WE zEAZcFkO7|)QuF}e=^fs=DF8A7n1|0B5CCG6f&I7bFDF``i-HXw){~F}A`db$Ix{gX sFf}?bFf2Q9)04piA{#O?Ix{gXFf}?bFkNQJZvX%Q07*qoM6N<$g0H`g&j0`b delta 954 zcmV;r14aD43;qX?8Gi!+000c`UXTC)0sBx)R7L;)|M&m@^!oeg`~T(h_W1Mi@$2dT z{`~Rk==}8Z`~3d&?d$RB=l}Ti|M~X+{rkh}_Mg_~j>p%T(BP%jNsO>i-dw@waj+C(tmQi(POpDpwi%WywFNj zSYNTpak|fEwab6O(}Tv@Qd(PDt;KA%%VV<0guv0o>h(ERUsI^SX0pdvti!I$(>{fn z!nn0eqq|_O!(Xk#RHnVZZriJ~BQkjcNia<0A~eV8hP zoG68$B3^IL;pPf(jU#@S8i1TrW^5^al^A!C9eI-+dw-P-VR^&2wZqQP0A_?2bdMKx zj|z2@Pg-7NkemQ$g%NOz33QPeMNvn2hX7=Q3vGxDZHNqQi2-hn5kpbd%g1MchX7l5 z2Wo`~X@ml6hyY%DE=Nw}+Sk6ev@Tp|08?%NVt@c;f&gZN0AqpxR&f?XP>_g)&cncZ zfPz0=W`8D6TO>_cH&tG0adNk-s3yVVBLDyZ5Oh*bQvd(}00000000000000003Inn z+W-In0b)x>L;#2d9Y_EG010qNS#tmY07w7;07w8v$!k6U00ACJL_t(2&tqU19Dq?k zP)JxrlnJXOvzWMqq?ELbteiXxrmTXZ5-X5WR)0}ZQB_k%m(|c@1JhdCAfTg*Dyydt zWf&NOfsrw?tcfW*lx1cP0Tz}>(pJ_mmW?e0*x7TyWgQ&hOebe3aB+o;xw*rc9-dI( z<;@8b^YMjC`}spbKwuC|EEwU6kWeTH3y**bafL=kK|yp(EDXfO!?YwMCc!{59HgYe zq<_=WGcZ7ARyIsJCpQlR cIyEsZFf}?bFaqnQ=>Px#07*qoM6N<$f*LZw3IG5A diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/ball_full.png index b58555b46f73ed158c732c2b51cd2b9d94535cfe..2bc45259d3937ca6bc1daddb62de6132eb2e797f 100644 GIT binary patch delta 1341 zcmV-D1;YB|2(Al|B!9b5OjJbx00960|BcGr`~Cj<{rzmY(BtFdW2LzB`THF-I%&Sv z{r>&}0|eIT?-eUCXsy6BZG8`WnO@KD0C13a|Nj?!m_)A2Ntdk_JV&O?)&vU;`1$$( zUw;x@aTZr;0tpLE|Nj610SPfY1so#`S#J)HvH=eh|NsC0|9}7c{r>X#`|r@TCEd;kCcj>OYOg_ZyS0Os=b zY_Y^ikE0JBBe>Y%Sfsi}lBXR#MwrIaOq{bqkft9+Pldb6Lzb;PjG`PuO@Oz?Jdvq0 zgPIjJKZ(4`HjJbyc8d%lC+zh0FNU8VU~>Tk1SNcwBY%FF5R82|wS000000000000000dcoCs!PRxW(ssVm zak|fJw##g`%xJU7X0pd;vd3Vp!(pw%VXnkmslQsNzgnrkS*X5JqqTgQOrEt( zp0!P%wnmw-MwzicldC_Jt3Q;iIF6<`j;A<}r%f@5p)rY~F^Z!qgPkgbohpT%BY&7A zf0!bBlpT7M9($D+b&wc#kP>l>5^sqOZix+ThzMzf32TN4YJ~`Dg#~4R1!sbiY!~SO z006U-ZUP;D000000000000000000FPBPu8!4gwEBgS5`p)W)J`C)tU8nS=x*%f=fz<>)*{@AOtg@cCmj=k{G2&+SMB zoYg2%_n!+C!s<_2^8KC<4wd}JF(0P;{>?=JACT-U^|L$zR{_)0g9TrJ}r@6YU zi&r5E5fTh|{JIeU0004EOGiWj{{k)Elbiw=e``rZK~yNuV_={QU}RL+(A3h_(bZ#Q z#FS*xH!w6ZHZe6bx3E-aMpM9OWo=_?w|NT?Y_@lBbV4zJkB=2G%zhNH99abYre>RlP3fs8!|CEG%zhNH99ab8sl)m00000NkvXXu0mjf*Xwaq delta 1023 zcmVv?-S744_4w=c`2PO>^7#7y{rvg-{O#!G z^ZEJc^7P*8@appQ^Z5Dt^z{7r_y7O>_~hU6>*)Xa^!@GW^zH2b|Ngt*>ZR4=oY3Eg z$Jlhf({a7galF%Uz0#o3;6tUsak|lTywP>M(L$xcipADmuz$&QyU%dB&VawsT&~4z zw##g_%3ZI;db-cH+T=f;xM;J-WU$6)vc^WGzM;j=VXebntHEEa!e6bzTd2L^33x}v?sb+pGtnzT})xly6GQKGp@pSW6?s$HkMLYc5kowQ4xv`C(| zLX4o)*49m(w0}UAtworyMVhlUg`2s*!ak9zH;$)1lBqqBsXmmgD14NouCGLtsxFD5 zH;tt>kf|Yai>+_cf!7j}^$eU>79mLh(a6?Ktddx9Kzks5fC9e;U~9e9%-dzJ}jf2*US+TPp% zRdy9~j}~)|6?2XibBz{tkN|L#W?^7agOUJafe>+v5paqSaEcOgi~?_t1vyAJaDf0@ zehh7h4Q+=FY=;bNhYoIt0Bel`IZC&#s(+4@0911TVSfT>h6ZYe2WW!_Xo3c6g#>Gf z0AzvyR#J6ERa)%V(W0lRL2Y>eOJD#|ZvbS20BVZ>Ym5MAh5%P}06|wOS7UsFgwo8* zXmoioK}ZoQGz%s#BsM)#Ut_?$yz1lNEpa+-0000PbW%=Jlkox>e@{=9KL7v#0b)x> zL;#2d9Y_EG010qNS#tmY07w7;07w8v$!k6U00B8kL_t(2&tqVq8(?H&V#F!QEGZ=| zEhWi}Rgy(UR!&|)L0(Q)h807SO;Jf%MHLKGl+_g3(4^HhG_~MBQ$rn9R$E6`4+-e% z8z9RX8X23Q08=w_e}pW%g{2i5u(q*!lt@buz>N^^Vr z`1+v(|A0WKG*3`)2nGlZ3x`VcMnpzMql1{(IH)vVd_p1yNJ>tDO7o|trK5w4%&csf z$8vJ>^3gy+VNo$mx}>zM91T=dRtdnQ1*>anQ9)gOLn9(oZJU}~THBC7dq-!N5K^3U z_w@GlBfx}-lZ26@Ol0zusne#<0E6k%X3m;D2Q|V)=gynIVBw<0ix(|fx@`H1mFTHS zXw~X9YuBycuyNDoEnCH~q($*<+js2TwR_LreG&|G0RXL9op<_xl&6zG1tJeIF*-6a tEig4YFffuttWT411tJ?UF*-6aEig4YFfij86!QQ8002ovPDHLkV1nlG^y2^k From 31fa186d3d62862de59d5468854d29e866c714ba Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 17:09:25 -0400 Subject: [PATCH 30/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 9c4f1ddefa..e99a67f349 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -70,7 +70,7 @@ Each of the features in Windows Defender EG have slightly different requirements > [!NOTE] > ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -> ![supported, full reporting](./images/ball_75.png) On Windows 10 E5, includes full reporting capabilities to Windows Defender ATP console. +> ![supported, full reporting](./images/ball_75.png) On Windows 10 E5, includes full reporting capabilities to the Windows Defender ATP console. | Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) From 29b1a421977d9bb9beedc9d905e2f81a87fbb680 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 17:09:55 -0400 Subject: [PATCH 31/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index e99a67f349..1f4f6e8e7d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -70,7 +70,7 @@ Each of the features in Windows Defender EG have slightly different requirements > [!NOTE] > ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -> ![supported, full reporting](./images/ball_75.png) On Windows 10 E5, includes full reporting capabilities to the Windows Defender ATP console. +> ![supported, full reporting](./images/ball_full.png) On Windows 10 E5, includes full reporting capabilities to the Windows Defender ATP console. | Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) From 6c68b4f7a8f4938f7edb57917b4985c87bd689ff Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 17:11:31 -0400 Subject: [PATCH 32/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 1f4f6e8e7d..d1beef5882 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -70,7 +70,7 @@ Each of the features in Windows Defender EG have slightly different requirements > [!NOTE] > ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -> ![supported, full reporting](./images/ball_full.png) On Windows 10 E5, includes full reporting capabilities to the Windows Defender ATP console. +> ![supported, full reporting](./images/ball_full.png) On Windows 10 E5, includes automated reporting into the Windows Defender ATP console. | Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) From 6eecb1efdd967455baaa929befef2d640f027892 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 17:14:03 -0400 Subject: [PATCH 33/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index d1beef5882..8840fe99a0 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -63,10 +63,10 @@ Each of the features in Windows Defender EG have slightly different requirements | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | -| Exploit Protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | +| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | | Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, full reporting](./images/ball_full.png) | -| Network Protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | -| Controlled Folder Access | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_75.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | +| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | +| Controlled folder access | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_75.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | > [!NOTE] > ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). From 33a7af6cacb801c45aaa10f40683ca9aee084e56 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 25 Apr 2018 18:06:39 -0400 Subject: [PATCH 34/34] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 8840fe99a0..08cc20ad7b 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -65,8 +65,8 @@ Each of the features in Windows Defender EG have slightly different requirements | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | | Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | | Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, full reporting](./images/ball_full.png) | -| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | -| Controlled folder access | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_75.png) | ![supported, limited reporting](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | +| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | > [!NOTE] > ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).