mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 22:37:22 +00:00
Merge branch 'master' into design
This commit is contained in:
Gary Moore
GitHub
commit
812e09f179
@ -60,7 +60,7 @@ To exclude files opened by a specific process, see [Configure and validate exclu
|
||||
The exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
|
||||
> Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
|
||||
> Changes made in the Windows Security app **will not show** in the Group Policy lists.
|
||||
|
||||
By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists take precedence when there are conflicts.
|
||||
@ -164,7 +164,7 @@ For more information, see [Windows Defender WMIv2 APIs](/previous-versions/windo
|
||||
|
||||
### Use the Windows Security app to configure file name, folder, or file extension exclusions
|
||||
|
||||
See [Add exclusions in the Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions) for instructions.
|
||||
See [Add exclusions in the Windows Security app](microsoft-defender-security-center-antivirus.md) for instructions.
|
||||
|
||||
<a id="wildcards"></a>
|
||||
|
||||
@ -267,13 +267,13 @@ The following table lists and describes the system account environment variables
|
||||
|
||||
You can retrieve the items in the exclusion list using one of the following methods:
|
||||
- [Intune](/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
|
||||
- [Microsoft Endpoint Configuration Manager](/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings)
|
||||
- [Microsoft Endpoint Configuration Manager](/configmgr/protect/deploy-use/endpoint-antimalware-policies)
|
||||
- MpCmdRun
|
||||
- PowerShell
|
||||
- [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions)
|
||||
- [Windows Security app](microsoft-defender-security-center-antivirus.md)
|
||||
|
||||
>[!IMPORTANT]
|
||||
>Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
|
||||
>Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
|
||||
>
|
||||
>Changes made in the Windows Security app **will not show** in the Group Policy lists.
|
||||
|
||||
|
||||
@ -42,7 +42,7 @@ When you add a process to the process exclusion list, Microsoft Defender Antivir
|
||||
|
||||
The exclusions only apply to [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). They don't apply to scheduled or on-demand scans.
|
||||
|
||||
Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). However, changes made in the Windows Security app **will not show** in the Group Policy lists.
|
||||
Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md). However, changes made in the Windows Security app **will not show** in the Group Policy lists.
|
||||
|
||||
You can add, remove, and review the lists for exclusions in Group Policy, Microsoft Endpoint Configuration Manager, Microsoft Intune, and with the Windows Security app, and you can use wildcards to further customize the lists.
|
||||
|
||||
@ -121,7 +121,7 @@ For more information and allowed parameters, see [Windows Defender WMIv2 APIs](
|
||||
|
||||
### Use the Windows Security app to exclude files that have been opened by specified processes from scans
|
||||
|
||||
See [Add exclusions in the Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions) for instructions.
|
||||
See [Add exclusions in the Windows Security app](microsoft-defender-security-center-antivirus.md) for instructions.
|
||||
|
||||
## Use wildcards in the process exclusion list
|
||||
|
||||
@ -138,7 +138,7 @@ The following table describes how the wildcards can be used in the process exclu
|
||||
|
||||
## Review the list of exclusions
|
||||
|
||||
You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Microsoft Endpoint Configuration Manager](/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](/intune/device-restrictions-configure), or the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
|
||||
You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Microsoft Endpoint Configuration Manager](/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](/intune/device-restrictions-configure), or the [Windows Security app](microsoft-defender-security-center-antivirus.md).
|
||||
|
||||
If you use PowerShell, you can retrieve the list in two ways:
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ ms.date: 02/10/2021
|
||||
|
||||
- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
|
||||
|
||||
Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
|
||||
Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
|
||||
|
||||
> [!NOTE]
|
||||
> Automatic exclusions only apply to Real-time protection (RTP) scanning. Automatic exclusions are not honored during a Full/Quick or On-demand scan.
|
||||
|
||||
@ -75,7 +75,7 @@ The potentially unwanted application (PUA) protection feature in Microsoft Defen
|
||||
|
||||
Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification is prefaced with `PUA:` to indicate its content.
|
||||
|
||||
The notification appears in the usual [quarantine list within the Windows Security app](microsoft-defender-security-center-antivirus.md#detection-history).
|
||||
The notification appears in the usual [quarantine list within the Windows Security app](microsoft-defender-security-center-antivirus.md).
|
||||
|
||||
### Configure PUA protection in Microsoft Defender Antivirus
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 207 KiB After Width: | Height: | Size: 177 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 42 KiB After Width: | Height: | Size: 78 KiB |
@ -74,7 +74,6 @@ Microsoft Defender Offline scans are indicated under **Malware remediation statu
|
||||
|
||||
|
||||
## Configure notifications
|
||||
<a name="manage-notifications"></a>
|
||||
|
||||
Microsoft Defender Offline notifications are configured in the same policy setting as other Microsoft Defender AV notifications.
|
||||
|
||||
@ -131,7 +130,7 @@ See the following for more information:
|
||||
|
||||
## Review scan results
|
||||
|
||||
Microsoft Defender Offline scan results will be listed in the [Scan history section of the Windows Security app](microsoft-defender-security-center-antivirus.md#detection-history).
|
||||
Microsoft Defender Offline scan results will be listed in the [Scan history section of the Windows Security app](microsoft-defender-security-center-antivirus.md).
|
||||
|
||||
|
||||
## Related articles
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Microsoft Defender Antivirus in the Windows Security app
|
||||
description: With Microsoft Defender AV now included in the Windows Security app, you can review, compare, and perform common tasks.
|
||||
description: With Microsoft Defender Antivirus now included in the Windows Security app, you can review, compare, and perform common tasks.
|
||||
keywords: wdav, antivirus, firewall, security, windows
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
@ -48,61 +48,34 @@ The Windows Security app is a client interface on Windows 10, version 1703 and l
|
||||
|
||||
2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar).
|
||||
|
||||
## Comparison of settings and functions of the old app and the new app
|
||||
|
||||
All of the previous functions and settings from the Windows Defender app (in versions of Windows 10 before version 1703) are now found in the new Windows Security app. Settings that were previously located in Windows Settings under **Update & security** > **Windows Defender** are also now in the new app.
|
||||
|
||||
The following diagrams compare the location of settings and functions between the old and new apps:
|
||||
|
||||
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
|
||||
| Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | Description |
|
||||
|:---|:---|:---|:---|
|
||||
| 1 | **Update** tab | **Protection updates** | Update the protection (Security intelligence) |
|
||||
| 2 | **History** tab | **Scan history** | Review threats that were quarantined, removed, or allowed |
|
||||
| 3 | **Settings** (links to **Windows Settings**) | **Virus & threat protection settings** | Enable various features, including Real-time protection, Cloud-delivered protection, Advanced notifications, and Automatic ample submission |
|
||||
| 4 | **Scan options** | **Advanced scan** | Run a full scan, custom scan, or a Microsoft Defender Antivirus Offline scan |
|
||||
| 5 | Run a scan (based on the option chosen under **Scan options** | **Quick scan** | In Windows 10, version 1703 and later, you can run custom and full scans under the **Advanced scan** option |
|
||||
|
||||
## Common tasks
|
||||
|
||||
This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Microsoft Defender Antivirus in the Windows Security app.
|
||||
The following sections describe how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Microsoft Defender Antivirus in the Windows Security app.
|
||||
|
||||
> [!NOTE]
|
||||
> If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) topic describes how local policy override settings can be configured.
|
||||
|
||||
<a id="scan"></a>
|
||||
## Run a scan with the Windows Security app
|
||||
|
||||
### Run a scan with the Windows Security app
|
||||
|
||||
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
|
||||
1. Open the Windows Security app by searching the start menu for **Security**, and then selecting **Windows Security**.
|
||||
|
||||
2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar).
|
||||
|
||||
3. Select **Scan now**.
|
||||
3. Select **Quick scan**. Or, to run a full scan, select **Scan options**, and then select an option, such as **Full scan**.
|
||||
|
||||
4. Select **Run a new advanced scan** to specify different types of scans, such as a full scan.
|
||||
|
||||
<a id="definition-version"></a>
|
||||
|
||||
### Review the security intelligence update version and download the latest updates in the Windows Security app
|
||||
## Review the security intelligence update version and download the latest updates in the Windows Security app
|
||||
|
||||
|
||||
|
||||
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
|
||||
1. Open the Windows Security app by searching the start menu for *Security*, and then selecting **Windows Security**.
|
||||
|
||||
2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar).
|
||||
|
||||
3. Select **Virus & threat protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version.
|
||||
3. Select **Virus & threat protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check your current against the latest version available for manual download, or review the change log for that version. See [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates).
|
||||
|
||||
4. Select **Check for updates** to download new protection updates (if there are any).
|
||||
|
||||
### Ensure Microsoft Defender Antivirus is enabled in the Windows Security app
|
||||
## Ensure Microsoft Defender Antivirus is enabled in the Windows Security app
|
||||
|
||||
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
|
||||
1. Open the Windows Security app by searching the start menu for *Security*, and then selecting **Windows Security**.
|
||||
|
||||
2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar).
|
||||
|
||||
@ -114,11 +87,9 @@ This section describes how to perform some of the most common tasks when reviewi
|
||||
> If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats.
|
||||
> If you install another antivirus product, Microsoft Defender Antivirus automatically disables itself and is indicated as such in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md).
|
||||
|
||||
<a id="exclusions"></a>
|
||||
## Add exclusions for Microsoft Defender Antivirus in the Windows Security app
|
||||
|
||||
### Add exclusions for Microsoft Defender Antivirus in the Windows Security app
|
||||
|
||||
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
|
||||
1. Open the Windows Security app by searching the start menu for *Security*, and then selecting **Windows Security**.
|
||||
|
||||
2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar).
|
||||
|
||||
@ -128,8 +99,6 @@ This section describes how to perform some of the most common tasks when reviewi
|
||||
|
||||
5. Select the plus icon (**+**) to choose the type and set the options for each exclusion.
|
||||
|
||||
<a id="detection-history"></a>
|
||||
|
||||
The following table summarizes exclusion types and what happens:
|
||||
|
||||
|Exclusion type |Defined by |What happens |
|
||||
@ -143,27 +112,23 @@ To learn more, see the following resources:
|
||||
- [Configure and validate exclusions based on file extension and folder location](./configure-extension-file-exclusions-microsoft-defender-antivirus.md)
|
||||
- [Configure exclusions for files opened by processes](./configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
|
||||
|
||||
### Review threat detection history in the Windows Defender Security Center app
|
||||
## Review threat detection history in the Windows Defender Security Center app
|
||||
|
||||
1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
|
||||
1. Open the Windows Security app by searching the start menu for *Security*, and then selecting **Windows Security**.
|
||||
|
||||
2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar).
|
||||
|
||||
3. Select **Threat history**
|
||||
3. Select **Protection history**. Any recent items are listed.
|
||||
|
||||
4. Select **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**).
|
||||
## Set ransomware protection and recovery options
|
||||
|
||||
<a id="ransomware"></a>
|
||||
|
||||
### Set ransomware protection and recovery options
|
||||
|
||||
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
|
||||
1. Open the Windows Security app by searching the start menu for *Security*, and then selecting **Windows Security**.
|
||||
|
||||
2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar).
|
||||
|
||||
3. Select **Ransomware protection**.
|
||||
3. Under **Ransomware protection**, select **Manage ransomware protection**.
|
||||
|
||||
4. To change Controlled folder access settings, see [Protect important folders with Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders).
|
||||
4. To change **Controlled folder access** settings, see [Protect important folders with Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders).
|
||||
|
||||
5. To set up ransomware recovery options, select **Set up** under **Ransomware data recovery** and follow the instructions for linking or setting up your OneDrive account so you can easily recover from a ransomware attack.
|
||||
|
||||
|
||||
@ -73,7 +73,7 @@ For more information about how to use the tool and additional parameters, includ
|
||||
|
||||
## Use the Windows Security app to run a scan
|
||||
|
||||
See [Run a scan in the Windows Security app](microsoft-defender-security-center-antivirus.md#scan) for instructions on running a scan on individual endpoints.
|
||||
See [Run a scan in the Windows Security app](microsoft-defender-security-center-antivirus.md) for instructions on running a scan on individual endpoints.
|
||||
|
||||
## Use PowerShell cmdlets to run a scan
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user