From 88d6a46d21cbc07111eebb2d8c898d29339d263d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 26 Jul 2016 20:47:05 +1000 Subject: [PATCH] update product name, change called to named, update event table --- ...ows-defender-advanced-threat-protection.md | 2 +- ...ows-defender-advanced-threat-protection.md | 46 +++++++++---------- ...ows-defender-advanced-threat-protection.md | 8 ++-- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index 9ca613c20d..51d6fbf1ae 100644 --- a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -33,7 +33,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre b. Select **Mobile Device Management/Microsoft Intune**, click **Download package** and save the .zip file. -2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATP.onboarding*. +2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*. 3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune). diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md index 9aa40813b4..0f011611fa 100644 --- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Review events and errors on endpoints with Event Viewer description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service. -keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Advanced Threat Protection service, cannot start, broken, can't start +keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Defender Advanced Threat Protection service, cannot start, broken, can't start search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -49,39 +49,39 @@ For example, if endpoints are not appearing in the **Machines view** list, you m 1 -Windows Advanced Threat Protection service started (Version ```variable```). +Windows Defender Advanced Threat Protection service started (Version ```variable```). Occurs during system start up, shut down, and during onbboarding. Normal operating notification; no action required. 2 -Windows Advanced Threat Protection service shutdown. +Windows Defender Advanced Threat Protection service shutdown. Occurs when the endpoint is shut down or offboarded. Normal operating notification; no action required. 3 -Windows Advanced Threat Protection service failed to start. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to start. Failure code: ```variable``` Service did not start. Review other messages to determine possible cause and troubleshooting steps. 4 -Windows Advanced Threat Protection service contacted the server at ```variable```. +Windows Defender Advanced Threat Protection service contacted the server at ```variable```. variable = URL of the Windows Defender ATP processing servers.
This URL will match that seen in the Firewall or network activity. Normal operating notification; no action required. 5 -Windows Advanced Threat Protection service failed to connect to the server at ```variable```. +Windows Defender Advanced Threat Protection service failed to connect to the server at ```variable```. variable = URL of the Windows Defender ATP processing servers.
The service could not contact the external processing servers at that URL. Check the connection to the URL. See [Configure proxy and Internet connectivity](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#configure-proxy-and-Internet-connectivity). 6 -Windows Advanced Threat Protection service is not onboarded and no onboarding parameters were found. +Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. The endpoint did not onboard correctly and will not be reporting to the portal. Onboarding must be run before starting the service.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
@@ -89,42 +89,42 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen 7 -Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: ```variable``` The endpoint did not onboard correctly and will not be reporting to the portal. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) 8 -Windows Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable``` The endpoint did not onboard correctly and will not be reporting to the portal. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) 9 -Windows Advanced Threat Protection service failed to change its start type. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: ```variable``` The endpoint did not onboard correctly and will not be reporting to the portal. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) 10 -Windows Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable``` The endpoint did not onboard correctly and will not be reporting to the portal. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) 11 -Windows Advanced Threat Protection service completed. +Windows Defender Advanced Threat Protection service completed. The endpoint onboarded correctly. Normal operating notification; no action required.
It may take several hours for the endpoint to appear in the portal. 12 -Windows Advanced Threat Protection failed to apply the default configuration. +Windows Defender Advanced Threat Protection failed to apply the default configuration. Service was unable to apply configuration from the processing servers. This is a server error and should resolve after a short period. @@ -143,14 +143,14 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen 15 -Windows Advanced Threat Protection cannot start command channel with URL: ```variable``` +Windows Defender Advanced Threat Protection cannot start command channel with URL: ```variable``` variable = URL of the Windows Defender ATP processing servers.
The service could not contact the external processing servers at that URL. Check the connection to the URL. See [Configure proxy and Internet connectivity](#configure-proxy-and-Internet-connectivity). 17 -Windows Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable``` An error occurred with the Windows telemetry service. [Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled)
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
@@ -177,14 +177,14 @@ If this error persists after a system restart, ensure all Windows updates have f 25 -Windows Advanced Threat Protection service failed to reset health status in the registry, causing the onboarding process to fail. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to reset health status in the registry, causing the onboarding process to fail. Failure code: ```variable``` The endpoint did not onboard correctly and will not be reporting to the portal. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) 26 -Windows Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable``` The endpoint did not onboard correctly.
It will report to the portal, however the service may not appear as registered in SCCM or the registry. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
@@ -192,7 +192,7 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen 27 -Windows Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender. Onboarding process failed. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender. Onboarding process failed. Failure code: ```variable``` Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
@@ -200,7 +200,7 @@ Ensure real-time antimalware protection is running properly. 28 -Windows Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable``` +Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable``` An error occurred with the Windows telemetry service. [Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
@@ -208,7 +208,7 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen 30 -Windows Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender. Failure code: ```variable``` Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
@@ -216,20 +216,20 @@ Ensure real-time antimalware protection is running properly. 31 -Windows Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable``` +Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable``` An error occurred with the Windows telemetry service. [Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled). 33 -Windows Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable``` A unique identifier is used to represent each endpoint that is reporting to the portal.
If the identifier does not persist, the same machine might appear twice in the portal. Check registry permissions on the endpoint to ensure the service can update the registry. 34 -Windows Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable``` An error occurred with the Windows telemetry service. [Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 0b5510a346..59aa4f699a 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -72,10 +72,10 @@ If the **OnboardingState** value is not set to **1**, you can use Event Viewer t Event ID | Message | Resolution steps :---|:---|:--- -5 | Windows Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). -6 | Windows Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual). -7 | Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again. -15 | Windows Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). +5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). +6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual). +7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again. +15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). 25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support. ## Ensure the Windows Defender ELAM driver is enabled