From 5b4e559c9f39619726422b6ade9c6ceec889b839 Mon Sep 17 00:00:00 2001 From: fattala Date: Tue, 25 Oct 2016 09:19:26 +0300 Subject: [PATCH 1/8] Update configure-proxy-internet-windows-defender-advanced-threat-protection.md a test for change --- ...net-windows-defender-advanced-threat-protection.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 5aaa60e929..5b5482c1cd 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -28,14 +28,13 @@ The embedded Windows Defender ATP sensor runs in system context using the LocalS The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods: -- Configure the proxy server manually using a static proxy - - Auto-discovery methods: - - Transparent proxy +- Auto-discovery methods: + - Transparent proxy - - Manual static proxy configuration - - WinHTTP configured using netsh command - - Registry based configuration + - Manual static proxy configuration + - WinHTTP configured using netsh command + - Registry based configuration ## Configure the proxy server manually using a registry-based static proxy Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet. From 0691be48b809887e4e5238b2ef66726f86513e1a Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 25 Oct 2016 18:17:23 +1100 Subject: [PATCH 2/8] Update configure-proxy-internet-windows-defender-advanced-threat-protection.md --- ...roxy-internet-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 5b5482c1cd..49d660bfbe 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -29,7 +29,7 @@ The embedded Windows Defender ATP sensor runs in system context using the LocalS The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods: -- Auto-discovery methods: + - Auto-discovery methods: - Transparent proxy - Manual static proxy configuration From 21612e8497b91e3d2ac56e83f9823142919dd5de Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 25 Oct 2016 18:26:04 +1100 Subject: [PATCH 3/8] Update configure-proxy-internet-windows-defender-advanced-threat-protection.md --- ...y-internet-windows-defender-advanced-threat-protection.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 49d660bfbe..df0c5361b3 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -28,11 +28,10 @@ The embedded Windows Defender ATP sensor runs in system context using the LocalS The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods: - - - Auto-discovery methods: + - Auto-discovery method: - Transparent proxy - - Manual static proxy configuration + - Manual static proxy configuration: - WinHTTP configured using netsh command - Registry based configuration From de5b0ba9035a62bbed018e09641a04007ffbdad8 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 25 Oct 2016 18:28:26 +1100 Subject: [PATCH 4/8] Update configure-proxy-internet-windows-defender-advanced-threat-protection.md --- ...-internet-windows-defender-advanced-threat-protection.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index df0c5361b3..a624053f4d 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -75,10 +75,8 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Primary Domain Controller | .Microsoft.com DNS record :---|:--- - Central US | winatp-gw-cus.microsoft.com
us.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net - East US (2)| winatp-gw-eus.microsoft.com
us.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net - West Europe | winatp-gw-weu.microsoft.com
eu.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net - North Europe | winatp-gw-neu.microsoft.com
eu.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net + US | winatp-gw-cus.microsoft.com
us.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net
winatp-gw-eus.microsoft.com
us.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net +Europe | winatp-gw-weu.microsoft.com
eu.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net
winatp-gw-neu.microsoft.com
eu.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net
If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs. From 0ee2a4522e50a244f78142c64251ae41bf9f5172 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 25 Oct 2016 18:32:27 +1100 Subject: [PATCH 5/8] Update configure-proxy-internet-windows-defender-advanced-threat-protection.md --- ...y-internet-windows-defender-advanced-threat-protection.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index a624053f4d..a47ee0cae8 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -75,10 +75,9 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Primary Domain Controller | .Microsoft.com DNS record :---|:--- - US | winatp-gw-cus.microsoft.com
us.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net
winatp-gw-eus.microsoft.com
us.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net -Europe | winatp-gw-weu.microsoft.com
eu.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net
winatp-gw-neu.microsoft.com
eu.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net + US | ```winatp-gw-cus.microsoft.com```
```us.vortex-win.data.microsoft.com```
```crl.microsoft.com```
```*.blob.core.windows.net```
```winatp-gw-eus.microsoft.com```
```us.vortex-win.data.microsoft.com```
```crl.microsoft.com```
```*.blob.core.windows.net``` +Europe | ```winatp-gw-weu.microsoft.com```
```eu.vortex-win.data.microsoft.com```
```crl.microsoft.com```
```*.blob.core.windows.net```
```winatp-gw-neu.microsoft.com```
```eu.vortex-win.data.microsoft.com```
```crl.microsoft.com```
```*.blob.core.windows.net```
-
If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs. If you selected US as your region, you should permit anonymous traffic for URLs listed in both Central US and East US (2). From 82205e5310c1c5a5d1640fbf9a939799abb2d8d3 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 25 Oct 2016 18:39:46 +1100 Subject: [PATCH 6/8] Update configure-proxy-internet-windows-defender-advanced-threat-protection.md --- ...xy-internet-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index a47ee0cae8..23670b825a 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -75,8 +75,8 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Primary Domain Controller | .Microsoft.com DNS record :---|:--- - US | ```winatp-gw-cus.microsoft.com```
```us.vortex-win.data.microsoft.com```
```crl.microsoft.com```
```*.blob.core.windows.net```
```winatp-gw-eus.microsoft.com```
```us.vortex-win.data.microsoft.com```
```crl.microsoft.com```
```*.blob.core.windows.net``` -Europe | ```winatp-gw-weu.microsoft.com```
```eu.vortex-win.data.microsoft.com```
```crl.microsoft.com```
```*.blob.core.windows.net```
```winatp-gw-neu.microsoft.com```
```eu.vortex-win.data.microsoft.com```
```crl.microsoft.com```
```*.blob.core.windows.net```
+ US |```*.blob.core.windows.net```
```crl.microsoft.com```
```us.vortex-win.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
+Europe |```*.blob.core.windows.net```
```crl.microsoft.com```
```eu.vortex-win.data.microsoft.com```
```winatp-gw-neu.microsoft.com```

If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs. From f14553fc51cfb85777ab2b067cc5d8c7e95dbe33 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 25 Oct 2016 18:41:44 +1100 Subject: [PATCH 7/8] Update configure-proxy-internet-windows-defender-advanced-threat-protection.md --- ...y-internet-windows-defender-advanced-threat-protection.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 23670b825a..24f01c30e8 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -75,8 +75,9 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Primary Domain Controller | .Microsoft.com DNS record :---|:--- - US |```*.blob.core.windows.net```
```crl.microsoft.com```
```us.vortex-win.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
-Europe |```*.blob.core.windows.net```
```crl.microsoft.com```
```eu.vortex-win.data.microsoft.com```
```winatp-gw-neu.microsoft.com```

+ US |```*.blob.core.windows.net```
```crl.microsoft.com```
```us.vortex-win.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-cus.microsoft.com``` + +Europe |```*.blob.core.windows.net```
```crl.microsoft.com```
```eu.vortex-win.data.microsoft.com```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com```
If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs. From 7bf51b9077d62f56a2aa9d015349a4819c96ae7d Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 25 Oct 2016 18:42:57 +1100 Subject: [PATCH 8/8] Update configure-proxy-internet-windows-defender-advanced-threat-protection.md --- ...oxy-internet-windows-defender-advanced-threat-protection.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 24f01c30e8..3fb7c6fed0 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -75,8 +75,7 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Primary Domain Controller | .Microsoft.com DNS record :---|:--- - US |```*.blob.core.windows.net```
```crl.microsoft.com```
```us.vortex-win.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-cus.microsoft.com``` - + US |```*.blob.core.windows.net```
```crl.microsoft.com```
```us.vortex-win.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com``` Europe |```*.blob.core.windows.net```
```crl.microsoft.com```
```eu.vortex-win.data.microsoft.com```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com```
If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs.