From e42b13922d3b1615edf56d02c8445c78428b8915 Mon Sep 17 00:00:00 2001 From: valemieux <98555474+valemieux@users.noreply.github.com> Date: Tue, 28 Jun 2022 12:09:40 -0700 Subject: [PATCH 1/5] 37251356 - Add note about garrulous events caused by MI/ISG enablements --- .../operations/known-issues.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index a54661c0b2..2463f2312e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -31,6 +31,10 @@ ms.localizationpriority: medium This topic covers tips and tricks for admins as well as known issues with WDAC. Test this configuration in your lab before enabling it in production. +## ManagedInstaller/ISG enablements may cause garrulous events + +These events do not indicate an issue with the policy, and we are servicing the code to turn them off by default. This will be resolved in the September 2022 C release. + ## .NET native images may generate false positive block events In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fallback to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. From 568e1da35e86cb065d7341d918c1483401b50528 Mon Sep 17 00:00:00 2001 From: valemieux <98555474+valemieux@users.noreply.github.com> Date: Tue, 28 Jun 2022 12:33:35 -0700 Subject: [PATCH 2/5] Update known-issues.md --- .../operations/known-issues.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index 34b4026eb5..57efc3c9da 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -28,20 +28,20 @@ ms.localizationpriority: medium >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). -This topic covers tips and tricks for admins as well as known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production. +This topic covers tips and tricks for admins and known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production. ## ManagedInstaller/ISG enablements may cause garrulous events -These events do not indicate an issue with the policy, and we are servicing the code to turn them off by default. This will be resolved in the September 2022 C release. +These events don't indicate an issue with the policy, and we're servicing the code to turn them off by default. This issue will be resolved in the September 2022 C release. ## .NET native images may generate false positive block events -In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fallback to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. +In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fall back to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. ## MSI Installations launched directly from the internet are blocked by WDAC Installing .msi files directly from the internet to a computer protected by WDAC will fail. -For example, this command will not work: +For example, this command won't work: ```console msiexec –i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi From c6758d8894de1abbaf2ff6866edb53fa282ddffa Mon Sep 17 00:00:00 2001 From: valemieux <98555474+valemieux@users.noreply.github.com> Date: Wed, 29 Jun 2022 05:51:34 -0700 Subject: [PATCH 3/5] Update known-issues.md --- .../operations/known-issues.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index 57efc3c9da..1c179e8e7a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -30,9 +30,9 @@ ms.localizationpriority: medium This topic covers tips and tricks for admins and known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production. -## ManagedInstaller/ISG enablements may cause garrulous events +## Managed Installer and ISG will cause garrulous events -These events don't indicate an issue with the policy, and we're servicing the code to turn them off by default. This issue will be resolved in the September 2022 C release. +When Managed Installer and ISG are enabled, 3091 and 3092 events will be logged when a file didn't have Managed Installer or ISG authorization, regardless of whether the file was allowed. Beginning with the September 2022 C release, these events will be moved to the verbose channel since the events don't indicate an issue with the policy. ## .NET native images may generate false positive block events From 980dd88868937de62dc8216960819732c0a67008 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 1 Jul 2022 10:07:52 -0700 Subject: [PATCH 4/5] Update known-issues.md --- .../operations/known-issues.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index 1c179e8e7a..dfddeebe3f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -10,7 +10,7 @@ ms.reviewer: jogeurte ms.author: jogeurte ms.manager: jsuther manager: dansimp -ms.date: 04/14/2021 +ms.date: 07/01/2022 ms.technology: windows-sec ms.topic: article ms.localizationpriority: medium @@ -25,8 +25,8 @@ ms.localizationpriority: medium - Windows 11 - Windows Server 2016 and above ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +> [!NOTE] +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). This topic covers tips and tricks for admins and known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production. From 6a69f49b16bd65385cba6d3e382cfaf7668e8494 Mon Sep 17 00:00:00 2001 From: Office Content Publishing 2 <44301038+officedocspr2@users.noreply.github.com> Date: Sat, 2 Jul 2022 23:32:58 -0700 Subject: [PATCH 5/5] Uploaded file: education-content-updates.md - 2022-07-02 23:32:58.2316 --- .../includes/education-content-updates.md | 34 ++----------------- 1 file changed, 2 insertions(+), 32 deletions(-) diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md index 73b3828e76..825288c869 100644 --- a/education/includes/education-content-updates.md +++ b/education/includes/education-content-updates.md @@ -2,39 +2,9 @@ -## Week of May 02, 2022 +## Week of June 27, 2022 | Published On |Topic title | Change | |------|------------|--------| -| 5/3/2022 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified | -| 5/3/2022 | [Change history for Windows 10 for Education (Windows 10)](/education/windows/change-history-edu) | modified | -| 5/3/2022 | [Change to Windows 10 Education from Windows 10 Pro](/education/windows/change-to-pro-education) | modified | -| 5/3/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified | -| 5/3/2022 | [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education) | modified | -| 5/3/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | -| 5/3/2022 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified | -| 5/3/2022 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified | -| 5/3/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified | -| 5/3/2022 | [What's in Set up School PCs provisioning package](/education/windows/set-up-school-pcs-provisioning-package) | modified | -| 5/3/2022 | [Take a Test app technical reference](/education/windows/take-a-test-app-technical) | modified | -| 5/3/2022 | [Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs) | modified | -| 5/3/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified | -| 5/3/2022 | [Test Windows 10 in S mode on existing Windows 10 education devices](/education/windows/test-windows10s-for-edu) | modified | - - -## Week of April 25, 2022 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | -| 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | - - -## Week of April 18, 2022 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 4/21/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified | +| 6/30/2022 | Get Minecraft Education Edition with your Windows 10 device promotion | removed |