From 5547d1d461653e0fe57b7bd77ed99251c8e52e3e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 09:54:04 -0800 Subject: [PATCH 01/25] antivirus platform updates started section for older versions --- ...on-updates-microsoft-defender-antivirus.md | 2 +- ...-baselines-microsoft-defender-antivirus.md | 265 ++++++++++++++++++ 2 files changed, 266 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index 613d0bb3b1..7dcee83d5a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Manage how and where Microsoft Defender AV receives updates +title: Manage how and where Microsoft Defender Antivirus receives updates description: Manage the fallback order for how Microsoft Defender Antivirus receives protection updates. keywords: updates, security baselines, protection, fallback order, ADL, MMPC, UNC, file path, share, wsus search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 9700678379..e5bb66a2ff 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -336,6 +336,271 @@ When this update is installed, the device needs the jump package 4.10.2001.10 to
+### Previous version updates: Technical upgrade support only + +
+ + +
+ November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17700.4) + + Security intelligence update version: **1.327.1854.0** + Released: **December 03, 2020** + Platform: **4.18.2011.6** + Engine: **1.1.17700.4** + Support phase: **Security and Critical Updates** + +### What's new +- Improved SmartScreen status support logging +- Apply CPU throttling policy to manually initiated scans + +### Known Issues +No known issues +
+
+ October-2020 (Platform: 4.18.2010.7 | Engine: 1.1.17600.5) + + Security intelligence update version: **1.327.7.0** + Released: **October 29, 2020** + Platform: **4.18.2010.7** + Engine: **1.1.17600.5** + Support phase: **Security and Critical Updates** + +### What's new +- New descriptions for special threat categories +- Improved emulation capabilities +- Improved host address allow/block capabilities +- New option in Defender CSP to Ignore merging of local user exclusions + +### Known Issues +No known issues +
+
+ September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4) + + Security intelligence update version: **1.325.10.0** + Released: **October 01, 2020** + Platform: **4.18.2009.7** + Engine: **1.1.17500.4** + Support phase: **Security and Critical Updates** + +### What's new +- Admin permissions are required to restore files in quarantine +- XML formatted events are now supported +- CSP support for ignoring exclusion merges +- New management interfaces for: + - UDP Inspection + - Network Protection on Server 2019 + - IP Address exclusions for Network Protection +- Improved visibility into TPM measurements +- Improved Office VBA module scanning + +### Known Issues +No known issues +
+
+
+ August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) + + Security intelligence update version: **1.323.9.0** + Released: **August 27, 2020** + Platform: **4.18.2008.9** + Engine: **1.1.17400.5** + Support phase: **Security and Critical Updates** + +### What's new + +- Add more telemetry events +- Improved scan event telemetry +- Improved behavior monitoring for memory scans +- Improved macro streams scanning +- Added `AMRunningMode` to Get-MpComputerStatus PowerShell cmdlet +- [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) is ignored. Microsoft Defender Antivirus automatically turns itself off when it detects another antivirus program. + + +### Known Issues +No known issues +
+
+ +
+ July-2020 (Platform: 4.18.2007.8 | Engine: 1.1.17300.4) + + Security intelligence update version: **1.321.30.0** + Released: **July 28, 2020** + Platform: **4.18.2007.8** + Engine: **1.1.17300.4** + Support phase: **Security and Critical Updates** + +### What's new +* Improved telemetry for BITS +* Improved Authenticode code signing certificate validation + +### Known Issues +No known issues +
+
+ +
+ June-2020 (Platform: 4.18.2006.10 | Engine: 1.1.17200.2) + + Security intelligence update version: **1.319.20.0** + Released: **June 22, 2020** + Platform: **4.18.2006.10** + Engine: **1.1.17200.2** + Support phase: **Technical upgrade Support (Only)** + +### What's new +* Possibility to specify the [location of the support logs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data) +* Skipping aggressive catchup scan in Passive mode. +* Allow Defender to update on metered connections +* Fixed performance tuning when caching is disabled +* Fixed registry query +* Fixed scantime randomization in ADMX + +### Known Issues +No known issues +
+
+ +
+ May-2020 (Platform: 4.18.2005.4 | Engine: 1.1.17100.2) + + Security intelligence update version: **1.317.20.0** + Released: **May 26, 2020** + Platform: **4.18.2005.4** + Engine: **1.1.17100.2** + Support phase: **Technical upgrade Support (Only)** + +### What's new +* Improved logging for scan events +* Improved user mode crash handling. +* Added event tracing for Tamper protection +* Fixed AMSI Sample submission +* Fixed AMSI Cloud blocking +* Fixed Security update install log + +### Known Issues +No known issues +
+
+ +
+ April-2020 (Platform: 4.18.2004.6 | Engine: 1.1.17000.2) + + Security intelligence update version: **1.315.12.0** + Released: **April 30, 2020** + Platform: **4.18.2004.6** + Engine: **1.1.17000.2** + Support phase: **Technical upgrade Support (Only)** + +### What's new +* WDfilter improvements +* Add more actionable event data to attack surface reduction detection events +* Fixed version information in diagnostic data and WMI +* Fixed incorrect platform version in UI after platform update +* Dynamic URL intel for Fileless threat protection +* UEFI scan capability +* Extend logging for updates + +### Known Issues +No known issues +
+
+ +
+ March-2020 (Platform: 4.18.2003.8 | Engine: 1.1.16900.2) + + Security intelligence update version: **1.313.8.0** + Released: **March 24, 2020** + Platform: **4.18.2003.8** + Engine: **1.1.16900.4** + Support phase: **Technical upgrade Support (Only)** + +### What's new + +* CPU Throttling option added to [MpCmdRun](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) +* Improve diagnostic capability +* reduce Security intelligence timeout (5 min) +* Extend AMSI engine internal log capability +* Improve notification for process blocking + +### Known Issues +[**Fixed**] Microsoft Defender Antivirus is skipping files when running a scan. + +
+
+ +
+ + February-2020 (Platform: - | Engine: 1.1.16800.2) + + + Security intelligence update version: **1.311.4.0** + Released: **February 25, 2020** + Platform/Client: **-** + Engine: **1.1.16800.2** + Support phase: **N/A** + +### What's new + + +### Known Issues +No known issues +
+
+ +
+ January-2020 (Platform: 4.18.2001.10 | Engine: 1.1.16700.2) + + +Security intelligence update version: **1.309.32.0** +Released: **January 30, 2020** +Platform/Client: **4.18.2001.10** +Engine: **1.1.16700.2** +Support phase: **Technical upgrade Support (Only)** + +### What's new + +* Fixed BSOD on WS2016 with Exchange +* Support platform updates when TMP is redirected to network path +* Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates) +* extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility) +* Fix 4.18.1911.3 hang + +### Known Issues +[**Fixed**] devices utilizing [modern standby mode](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby) may experience a hang with the Windows Defender filter driver that results in a gap of protection. Affected machines appear to the customer as having not updated to the latest antimalware platform. +
+> [!IMPORTANT] +> This updates is needed by RS1 devices running lower version of the platform to support SHA2.
This update has reboot flag for systems that are experiencing the hang issue.
the This update is re-released in April 2020 and will not be superseded by newer updates to keep future availability. +
+> [!IMPORTANT] +> This update is categorized as an "update" due to its reboot requirement and will only be offered with a [Windows Update](https://support.microsoft.com/help/4027667/windows-10-update) +
+
+ +
+ November-2019 (Platform: 4.18.1911.3 | Engine: 1.1.16600.7) + +Security intelligence update version: **1.307.13.0** +Released: **December 7, 2019** +Platform: **4.18.1911.3** +Engine: **1.1.17000.7** +Support phase: **No support** + +### What's new + +* Fixed MpCmdRun tracing level +* Fixed WDFilter version info +* Improve notifications (PUA) +* add MRT logs to support files + +### Known Issues +When this update is installed, the device needs the jump package 4.10.2001.10 to be able to update to the latest platform version. +
+
+ + ## Microsoft Defender Antivirus platform support Platform and engine updates are provided on a monthly cadence. To be fully supported, keep current with the latest platform updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest platform version: From 2e112248e6888198bc74baf1fe9e35a8fcb7cff4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 09:56:26 -0800 Subject: [PATCH 02/25] Update manage-updates-baselines-microsoft-defender-antivirus.md pared down current version section --- ...-baselines-microsoft-defender-antivirus.md | 200 ------------------ 1 file changed, 200 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index e5bb66a2ff..369b94de5a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -135,206 +135,6 @@ No known issues No known issues
-
- August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) - - Security intelligence update version: **1.323.9.0** - Released: **August 27, 2020** - Platform: **4.18.2008.9** - Engine: **1.1.17400.5** - Support phase: **Security and Critical Updates** - -### What's new - -- Add more telemetry events -- Improved scan event telemetry -- Improved behavior monitoring for memory scans -- Improved macro streams scanning -- Added `AMRunningMode` to Get-MpComputerStatus PowerShell cmdlet -- [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) is ignored. Microsoft Defender Antivirus automatically turns itself off when it detects another antivirus program. - - -### Known Issues -No known issues -
-
- -
- July-2020 (Platform: 4.18.2007.8 | Engine: 1.1.17300.4) - - Security intelligence update version: **1.321.30.0** - Released: **July 28, 2020** - Platform: **4.18.2007.8** - Engine: **1.1.17300.4** - Support phase: **Security and Critical Updates** - -### What's new -* Improved telemetry for BITS -* Improved Authenticode code signing certificate validation - -### Known Issues -No known issues -
-
- -
- June-2020 (Platform: 4.18.2006.10 | Engine: 1.1.17200.2) - - Security intelligence update version: **1.319.20.0** - Released: **June 22, 2020** - Platform: **4.18.2006.10** - Engine: **1.1.17200.2** - Support phase: **Technical upgrade Support (Only)** - -### What's new -* Possibility to specify the [location of the support logs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data) -* Skipping aggressive catchup scan in Passive mode. -* Allow Defender to update on metered connections -* Fixed performance tuning when caching is disabled -* Fixed registry query -* Fixed scantime randomization in ADMX - -### Known Issues -No known issues -
-
- -
- May-2020 (Platform: 4.18.2005.4 | Engine: 1.1.17100.2) - - Security intelligence update version: **1.317.20.0** - Released: **May 26, 2020** - Platform: **4.18.2005.4** - Engine: **1.1.17100.2** - Support phase: **Technical upgrade Support (Only)** - -### What's new -* Improved logging for scan events -* Improved user mode crash handling. -* Added event tracing for Tamper protection -* Fixed AMSI Sample submission -* Fixed AMSI Cloud blocking -* Fixed Security update install log - -### Known Issues -No known issues -
-
- -
- April-2020 (Platform: 4.18.2004.6 | Engine: 1.1.17000.2) - - Security intelligence update version: **1.315.12.0** - Released: **April 30, 2020** - Platform: **4.18.2004.6** - Engine: **1.1.17000.2** - Support phase: **Technical upgrade Support (Only)** - -### What's new -* WDfilter improvements -* Add more actionable event data to attack surface reduction detection events -* Fixed version information in diagnostic data and WMI -* Fixed incorrect platform version in UI after platform update -* Dynamic URL intel for Fileless threat protection -* UEFI scan capability -* Extend logging for updates - -### Known Issues -No known issues -
-
- -
- March-2020 (Platform: 4.18.2003.8 | Engine: 1.1.16900.2) - - Security intelligence update version: **1.313.8.0** - Released: **March 24, 2020** - Platform: **4.18.2003.8** - Engine: **1.1.16900.4** - Support phase: **Technical upgrade Support (Only)** - -### What's new - -* CPU Throttling option added to [MpCmdRun](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) -* Improve diagnostic capability -* reduce Security intelligence timeout (5 min) -* Extend AMSI engine internal log capability -* Improve notification for process blocking - -### Known Issues -[**Fixed**] Microsoft Defender Antivirus is skipping files when running a scan. - -
-
- -
- - February-2020 (Platform: - | Engine: 1.1.16800.2) - - - Security intelligence update version: **1.311.4.0** - Released: **February 25, 2020** - Platform/Client: **-** - Engine: **1.1.16800.2** - Support phase: **N/A** - -### What's new - - -### Known Issues -No known issues -
-
- -
- January-2020 (Platform: 4.18.2001.10 | Engine: 1.1.16700.2) - - -Security intelligence update version: **1.309.32.0** -Released: **January 30, 2020** -Platform/Client: **4.18.2001.10** -Engine: **1.1.16700.2** -Support phase: **Technical upgrade Support (Only)** - -### What's new - -* Fixed BSOD on WS2016 with Exchange -* Support platform updates when TMP is redirected to network path -* Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates) -* extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility) -* Fix 4.18.1911.3 hang - -### Known Issues -[**Fixed**] devices utilizing [modern standby mode](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby) may experience a hang with the Windows Defender filter driver that results in a gap of protection. Affected machines appear to the customer as having not updated to the latest antimalware platform. -
-> [!IMPORTANT] -> This updates is needed by RS1 devices running lower version of the platform to support SHA2.
This update has reboot flag for systems that are experiencing the hang issue.
the This update is re-released in April 2020 and will not be superseded by newer updates to keep future availability. -
-> [!IMPORTANT] -> This update is categorized as an "update" due to its reboot requirement and will only be offered with a [Windows Update](https://support.microsoft.com/help/4027667/windows-10-update) -
-
- -
- November-2019 (Platform: 4.18.1911.3 | Engine: 1.1.16600.7) - -Security intelligence update version: **1.307.13.0** -Released: **December 7, 2019** -Platform: **4.18.1911.3** -Engine: **1.1.17000.7** -Support phase: **No support** - -### What's new - -* Fixed MpCmdRun tracing level -* Fixed WDFilter version info -* Improve notifications (PUA) -* add MRT logs to support files - -### Known Issues -When this update is installed, the device needs the jump package 4.10.2001.10 to be able to update to the latest platform version. -
-
### Previous version updates: Technical upgrade support only From 416714f3047acf819fdd17f7a1af61e609ccba4a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 09:57:33 -0800 Subject: [PATCH 03/25] Update manage-updates-baselines-microsoft-defender-antivirus.md set the previous versions section right --- ...-baselines-microsoft-defender-antivirus.md | 58 ------------------- 1 file changed, 58 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 369b94de5a..51619b0baa 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -141,64 +141,6 @@ No known issues
-
- November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17700.4) - - Security intelligence update version: **1.327.1854.0** - Released: **December 03, 2020** - Platform: **4.18.2011.6** - Engine: **1.1.17700.4** - Support phase: **Security and Critical Updates** - -### What's new -- Improved SmartScreen status support logging -- Apply CPU throttling policy to manually initiated scans - -### Known Issues -No known issues -
-
- October-2020 (Platform: 4.18.2010.7 | Engine: 1.1.17600.5) - - Security intelligence update version: **1.327.7.0** - Released: **October 29, 2020** - Platform: **4.18.2010.7** - Engine: **1.1.17600.5** - Support phase: **Security and Critical Updates** - -### What's new -- New descriptions for special threat categories -- Improved emulation capabilities -- Improved host address allow/block capabilities -- New option in Defender CSP to Ignore merging of local user exclusions - -### Known Issues -No known issues -
-
- September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4) - - Security intelligence update version: **1.325.10.0** - Released: **October 01, 2020** - Platform: **4.18.2009.7** - Engine: **1.1.17500.4** - Support phase: **Security and Critical Updates** - -### What's new -- Admin permissions are required to restore files in quarantine -- XML formatted events are now supported -- CSP support for ignoring exclusion merges -- New management interfaces for: - - UDP Inspection - - Network Protection on Server 2019 - - IP Address exclusions for Network Protection -- Improved visibility into TPM measurements -- Improved Office VBA module scanning - -### Known Issues -No known issues -
-
August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) From 73a985f3c311e4c1d5ca49669d34a88560c1a6ed Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 10:04:11 -0800 Subject: [PATCH 04/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 51619b0baa..44ab2eeb3b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -138,8 +138,7 @@ No known issues ### Previous version updates: Technical upgrade support only -
- +Previous version updates are listed below, and are provided for technical upgrade support only.
August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) From cc317b344eb1ab1b72f9447bee04657ef53ea525 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 10:06:27 -0800 Subject: [PATCH 05/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...s-baselines-microsoft-defender-antivirus.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 44ab2eeb3b..fcdf912ecb 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -174,8 +174,9 @@ No known issues  Support phase: **Security and Critical Updates** ### What's new -* Improved telemetry for BITS -* Improved Authenticode code signing certificate validation + +- Improved telemetry for BITS +- Improved Authenticode code signing certificate validation ### Known Issues No known issues @@ -192,12 +193,13 @@ No known issues  Support phase: **Technical upgrade Support (Only)** ### What's new -* Possibility to specify the [location of the support logs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data) -* Skipping aggressive catchup scan in Passive mode. -* Allow Defender to update on metered connections -* Fixed performance tuning when caching is disabled -* Fixed registry query -* Fixed scantime randomization in ADMX + +- Possibility to specify the [location of the support logs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data) +- Skipping aggressive catchup scan in Passive mode. +- Allow Defender to update on metered connections +- Fixed performance tuning when caching is disabled +- Fixed registry query +- Fixed scantime randomization in ADMX ### Known Issues No known issues From b8b63496d4d95ade904771ceebe2963fa6b155b0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 10:08:53 -0800 Subject: [PATCH 06/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index fcdf912ecb..e03dbc86af 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -138,7 +138,7 @@ No known issues ### Previous version updates: Technical upgrade support only -Previous version updates are listed below, and are provided for technical upgrade support only. +Previous version updates are listed below, and are provided for technical upgrade support only.
August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) From 826a1a8811b502b5ea1919939cbd17e6d907a624 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 10:15:42 -0800 Subject: [PATCH 07/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index e03dbc86af..1a71bfa5e6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -68,7 +68,7 @@ For more information, see [Manage the sources for Microsoft Defender Antivirus p ## Monthly platform and engine versions -For information how to update or how to install the platform update, see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform). +For information how to update or install the platform update, see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform). All our updates contain - performance improvements; @@ -138,7 +138,8 @@ No known issues ### Previous version updates: Technical upgrade support only -Previous version updates are listed below, and are provided for technical upgrade support only.
+Previous version updates are listed below, and are provided for technical upgrade support only. +
August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) From fca8929adac3fdb1f6b1477f674cab953066fdab Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 10:20:10 -0800 Subject: [PATCH 08/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...-baselines-microsoft-defender-antivirus.md | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 1a71bfa5e6..ced116a6ed 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -148,7 +148,6 @@ Previous version updates are listed below, and are provided for technical upgrad  Released: **August 27, 2020**  Platform: **4.18.2008.9**  Engine: **1.1.17400.5** - Support phase: **Security and Critical Updates** ### What's new @@ -172,7 +171,7 @@ No known issues  Released: **July 28, 2020**  Platform: **4.18.2007.8**  Engine: **1.1.17300.4** - Support phase: **Security and Critical Updates** + Support phase: **Technical upgrade support (only)** ### What's new @@ -191,7 +190,7 @@ No known issues  Released: **June 22, 2020**  Platform: **4.18.2006.10**  Engine: **1.1.17200.2** - Support phase: **Technical upgrade Support (Only)** + Support phase: **Technical upgrade support (only)** ### What's new @@ -214,7 +213,7 @@ No known issues  Released: **May 26, 2020**  Platform: **4.18.2005.4**  Engine: **1.1.17100.2** - Support phase: **Technical upgrade Support (Only)** + Support phase: **Technical upgrade support (only)** ### What's new * Improved logging for scan events @@ -236,7 +235,7 @@ No known issues  Released: **April 30, 2020**  Platform: **4.18.2004.6**  Engine: **1.1.17000.2** - Support phase: **Technical upgrade Support (Only)** + Support phase: **Technical upgrade support (only)** ### What's new * WDfilter improvements @@ -259,7 +258,7 @@ No known issues  Released: **March 24, 2020**  Platform: **4.18.2003.8**  Engine: **1.1.16900.4** - Support phase: **Technical upgrade Support (Only)** + Support phase: **Technical upgrade support (only)** ### What's new @@ -280,11 +279,11 @@ No known issues February-2020 (Platform: - | Engine: 1.1.16800.2) - Security intelligence update version: **1.311.4.0** - Released: **February 25, 2020** - Platform/Client: **-** - Engine: **1.1.16800.2** - Support phase: **N/A** + Security intelligence update version: **1.311.4.0** + Released: **February 25, 2020** + Platform/Client: **-** + Engine: **1.1.16800.2** + Support phase: **Technical upgrade support (only)** ### What's new @@ -302,7 +301,7 @@ Security intelligence update version: **1.309.32.0** Released: **January 30, 2020** Platform/Client: **4.18.2001.10** Engine: **1.1.16700.2** -Support phase: **Technical upgrade Support (Only)** + Support phase: **Technical upgrade support (only)** ### What's new @@ -317,8 +316,7 @@ Support phase: **Technical upgrade Support (Only)**
> [!IMPORTANT] > This updates is needed by RS1 devices running lower version of the platform to support SHA2.
This update has reboot flag for systems that are experiencing the hang issue.
the This update is re-released in April 2020 and will not be superseded by newer updates to keep future availability. -
-> [!IMPORTANT] +> > This update is categorized as an "update" due to its reboot requirement and will only be offered with a [Windows Update](https://support.microsoft.com/help/4027667/windows-10-update)
From dc492ee3d0ce928a299c4a0cfa47a44dfa6a9ded Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 10:21:36 -0800 Subject: [PATCH 09/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...e-updates-baselines-microsoft-defender-antivirus.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index ced116a6ed..1a06c92c1c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -305,11 +305,11 @@ Engine: **1.1.16700.2** ### What's new -* Fixed BSOD on WS2016 with Exchange -* Support platform updates when TMP is redirected to network path -* Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates) -* extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility) -* Fix 4.18.1911.3 hang +- Fixed BSOD on WS2016 with Exchange +- Support platform updates when TMP is redirected to network path +- Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates) +- extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility) +- Fix 4.18.1911.3 hang ### Known Issues [**Fixed**] devices utilizing [modern standby mode](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby) may experience a hang with the Windows Defender filter driver that results in a gap of protection. Affected machines appear to the customer as having not updated to the latest antimalware platform. From d96c503113c007458469f126bae0d898f3ed4b14 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 10:44:40 -0800 Subject: [PATCH 10/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...pdates-baselines-microsoft-defender-antivirus.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 1a06c92c1c..5ad59164fb 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -47,7 +47,7 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). -For a list of recent security intelligence updates, please visit: [Antimalware updates change log - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes). +For a list of recent security intelligence updates, see [Antimalware updates change log - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes). Engine updates are included with security intelligence updates and are released on a monthly cadence. @@ -315,9 +315,12 @@ Engine: **1.1.16700.2** [**Fixed**] devices utilizing [modern standby mode](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby) may experience a hang with the Windows Defender filter driver that results in a gap of protection. Affected machines appear to the customer as having not updated to the latest antimalware platform.
> [!IMPORTANT] -> This updates is needed by RS1 devices running lower version of the platform to support SHA2.
This update has reboot flag for systems that are experiencing the hang issue.
the This update is re-released in April 2020 and will not be superseded by newer updates to keep future availability. -> -> This update is categorized as an "update" due to its reboot requirement and will only be offered with a [Windows Update](https://support.microsoft.com/help/4027667/windows-10-update) +> This update is: +> - needed by RS1 devices running lower version of the platform to support SHA2; +> - has a reboot flag for systems that have hanging issues; +> - is re-released in April 2020 and will not be superseded by newer updates to keep future availability; +> - is categorized as an update due to the reboot requirement; and +> - is only be offered with [Windows Update](https://support.microsoft.com/help/4027667/windows-10-update).
@@ -439,7 +442,7 @@ We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind | Article | Description | |:---|:---| |[Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images) | Review antimalware update packages for your OS installation images (WIM and VHD files). Get Microsoft Defender Antivirus updates for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016 installation images. | -|[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. | +|[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through many sources. | |[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. | |[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan the next time a user signs in. | |[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. | From 8dcc321629d71e40ba144d416f16a58282dd616d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 10:53:25 -0800 Subject: [PATCH 11/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 5ad59164fb..5f8677d0a2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -74,7 +74,7 @@ All our updates contain - performance improvements; - serviceability improvements; and - integration improvements (Cloud, Microsoft 365 Defender). -
+

From a7c9d594764abfdcf662c3209e6f38b5de726d38 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 12:47:02 -0800 Subject: [PATCH 12/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 5f8677d0a2..0eca49c841 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -139,7 +139,7 @@ No known issues ### Previous version updates: Technical upgrade support only Previous version updates are listed below, and are provided for technical upgrade support only. -
+

August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) From e09403ba403f4b2eef8e5ffc73e38487695d0fdd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 12:49:31 -0800 Subject: [PATCH 13/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...-baselines-microsoft-defender-antivirus.md | 52 +++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 0eca49c841..8c2cf4a503 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -216,12 +216,13 @@ No known issues  Support phase: **Technical upgrade support (only)** ### What's new -* Improved logging for scan events -* Improved user mode crash handling. -* Added event tracing for Tamper protection -* Fixed AMSI Sample submission -* Fixed AMSI Cloud blocking -* Fixed Security update install log + +- Improved logging for scan events +- Improved user mode crash handling. +- Added event tracing for Tamper protection +- Fixed AMSI Sample submission +- Fixed AMSI Cloud blocking +- Fixed Security update install log ### Known Issues No known issues @@ -238,13 +239,13 @@ No known issues  Support phase: **Technical upgrade support (only)** ### What's new -* WDfilter improvements -* Add more actionable event data to attack surface reduction detection events -* Fixed version information in diagnostic data and WMI -* Fixed incorrect platform version in UI after platform update -* Dynamic URL intel for Fileless threat protection -* UEFI scan capability -* Extend logging for updates +- WDfilter improvements +- Add more actionable event data to attack surface reduction detection events +- Fixed version information in diagnostic data and WMI +- Fixed incorrect platform version in UI after platform update +- Dynamic URL intel for Fileless threat protection +- UEFI scan capability +- Extend logging for updates ### Known Issues No known issues @@ -262,11 +263,11 @@ No known issues ### What's new -* CPU Throttling option added to [MpCmdRun](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) -* Improve diagnostic capability -* reduce Security intelligence timeout (5 min) -* Extend AMSI engine internal log capability -* Improve notification for process blocking +- CPU Throttling option added to [MpCmdRun](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) +- Improve diagnostic capability +- reduce Security intelligence timeout (5 min) +- Extend AMSI engine internal log capability +- Improve notification for process blocking ### Known Issues [**Fixed**] Microsoft Defender Antivirus is skipping files when running a scan. @@ -335,10 +336,10 @@ Support phase: **No support** ### What's new -* Fixed MpCmdRun tracing level -* Fixed WDFilter version info -* Improve notifications (PUA) -* add MRT logs to support files +- Fixed MpCmdRun tracing level +- Fixed WDFilter version info +- Improve notifications (PUA) +- add MRT logs to support files ### Known Issues When this update is installed, the device needs the jump package 4.10.2001.10 to be able to update to the latest platform version. @@ -350,10 +351,9 @@ When this update is installed, the device needs the jump package 4.10.2001.10 to Platform and engine updates are provided on a monthly cadence. To be fully supported, keep current with the latest platform updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest platform version: -* **Security and Critical Updates servicing phase** - When running the latest platform version, you will be eligible to receive both Security and Critical updates to the anti-malware platform. +- **Security and Critical Updates servicing phase** - When running the latest platform version, you will be eligible to receive both Security and Critical updates to the anti-malware platform. - -* **Technical Support (Only) phase** - After a new platform version is released, support for older versions (N-2) will reduce to technical support only. Platform versions older than N-2 will no longer be supported.* +- **Technical Support (Only) phase** - After a new platform version is released, support for older versions (N-2) will reduce to technical support only. Platform versions older than N-2 will no longer be supported.* \* Technical support will continue to be provided for upgrades from the Windows 10 release version (see [Platform version included with Windows 10 releases](#platform-version-included-with-windows-10-releases)) to the latest platform version. @@ -437,7 +437,7 @@ We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind
-## See also +## Additional resources | Article | Description | |:---|:---| From e70b00fdb317a77d4af5e179e4a46a255763c772 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 12:51:23 -0800 Subject: [PATCH 14/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 8c2cf4a503..ab98ec1db1 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 12/05/2020 +ms.date: 01/06/2021 --- # Manage Microsoft Defender Antivirus updates and apply baselines From 3d534fd878ebe46062e47359c39ad3adc08c1334 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 12:52:38 -0800 Subject: [PATCH 15/25] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index ab98ec1db1..05f8205f31 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -377,7 +377,9 @@ Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsof ## Updates for Deployment Image Servicing and Management (DISM) -We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016 OS installation images with the latest antivirus and antimalware updates. Keeping your OS installation images up to date helps avoid a gap in protection. For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images). +We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016 OS installation images with the latest antivirus and antimalware updates. Keeping your OS installation images up to date helps avoid a gap in protection. + +For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images).
1.1.2012.01 From 626b657efce0437d1b286550b1a9d53c40f6f678 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 12:56:43 -0800 Subject: [PATCH 16/25] Update manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md --- ...updates-mobile-devices-vms-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index fbbf677933..dd49d3b0d9 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Define how mobile devices are updated by Microsoft Defender AV -description: Manage how mobile devices, such as laptops, should be updated with Microsoft Defender AV protection updates. +title: Define how mobile devices are updated by Microsoft Defender Antivirus +description: Manage how mobile devices, such as laptops, should be updated with Microsoft Defender Antivirus protection updates. keywords: updates, protection, schedule updates, battery, mobile device, laptop, notebook, opt-in, microsoft update, wsus, override search.product: eADQiWindows 10XVcnh ms.prod: w10 From f0bac1eec4ef42ca874ba877510e85e8ef7f63b9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 12:56:56 -0800 Subject: [PATCH 17/25] added ms.reviewer --- ...e-protection-update-schedule-microsoft-defender-antivirus.md | 2 +- .../manage-protection-updates-microsoft-defender-antivirus.md | 2 +- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md index add2af0433..acbc359a64 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md @@ -12,7 +12,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.reviewer: +ms.reviewer: pahuijbr manager: dansimp --- diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index 7dcee83d5a..9cfcd64a5d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.reviewer: +ms.reviewer: pahuijbr manager: dansimp ms.custom: nextgen --- diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 05f8205f31..943036f62c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.reviewer: +ms.reviewer: pahuijbr manager: dansimp ms.date: 01/06/2021 --- From f11d7c5bb46be69cdab41a8e9041a45dcd272e46 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 13:04:22 -0800 Subject: [PATCH 18/25] Update manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md --- ...es-mobile-devices-vms-microsoft-defender-antivirus.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index dd49d3b0d9..788464ca9c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -11,7 +11,6 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 ms.reviewer: manager: dansimp --- @@ -25,14 +24,14 @@ manager: dansimp - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -Mobile devices and VMs may require additional configuration to ensure performance is not impacted by updates. +Mobile devices and VMs may require more configuration to ensure performance is not impacted by updates. -There are two settings that are particularly useful for these devices: +There are two settings that are useful for these devices: -- Opt-in to Microsoft Update on mobile computers without a WSUS connection +- Opt in to Microsoft Update on mobile computers without a WSUS connection - Prevent Security intelligence updates when running on battery power -The following topics may also be useful in these situations: +The following articles may also be useful in these situations: - [Configuring scheduled and catch-up scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) - [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) - [Deployment guide for Microsoft Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md) From c3db2e4504e7aef50e2875f930c91906f16fbd3c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 13:05:03 -0800 Subject: [PATCH 19/25] Update manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md --- ...-mobile-devices-vms-microsoft-defender-antivirus.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index 788464ca9c..d4f2648721 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -36,21 +36,21 @@ The following articles may also be useful in these situations: - [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) - [Deployment guide for Microsoft Defender Antivirus in a virtual desktop infrastructure (VDI) environment](deployment-vdi-microsoft-defender-antivirus.md) -## Opt-in to Microsoft Update on mobile computers without a WSUS connection +## Opt in to Microsoft Update on mobile computers without a WSUS connection You can use Microsoft Update to keep Security intelligence on mobile devices running Microsoft Defender Antivirus up to date when they are not connected to the corporate network or don't otherwise have a WSUS connection. This means that protection updates can be delivered to devices (via Microsoft Update) even if you have set WSUS to override Microsoft Update. -You can opt-in to Microsoft Update on the mobile device in one of the following ways: +You can opt in to Microsoft Update on the mobile device in one of the following ways: 1. Change the setting with Group Policy 2. Use a VBScript to create a script, then run it on each computer in your network. -3. Manually opt-in every computer on your network through the **Settings** menu. +3. Manually opt in every computer on your network through the **Settings** menu. -### Use Group Policy to opt-in to Microsoft Update +### Use Group Policy to opt in to Microsoft Update -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. 3. In the **Group Policy Management Editor** go to **Computer configuration**. From fc6aa4c6fbc44a975595272f6b3b6f2d8a54b7a8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 13:06:10 -0800 Subject: [PATCH 20/25] Update manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md --- ...e-devices-vms-microsoft-defender-antivirus.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index d4f2648721..0aebecaa24 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -44,21 +44,21 @@ This means that protection updates can be delivered to devices (via Microsoft Up You can opt in to Microsoft Update on the mobile device in one of the following ways: -1. Change the setting with Group Policy -2. Use a VBScript to create a script, then run it on each computer in your network. -3. Manually opt in every computer on your network through the **Settings** menu. +- Change the setting with Group Policy. +- Use a VBScript to create a script, then run it on each computer in your network. +- Manually opt in every computer on your network through the **Settings** menu. ### Use Group Policy to opt in to Microsoft Update -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. +1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. -3. In the **Group Policy Management Editor** go to **Computer configuration**. +2. In the **Group Policy Management Editor** go to **Computer configuration**. -4. Click **Policies** then **Administrative templates**. +3. Click **Policies** then **Administrative templates**. -5. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**. -6. Double-click the **Allow security intelligence updates from Microsoft Update** setting and set the option to **Enabled**. Click **OK**. +5. Double-click the **Allow security intelligence updates from Microsoft Update** setting and set the option to **Enabled**. Click **OK**. ### Use a VBScript to opt-in to Microsoft Update From 46347c664d31c280299be5b2b46bcb6fe27722b8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 13:07:11 -0800 Subject: [PATCH 21/25] Update manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md --- ...evices-vms-microsoft-defender-antivirus.md | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index 0aebecaa24..e9c2d12071 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -63,14 +63,17 @@ You can opt in to Microsoft Update on the mobile device in one of the following ### Use a VBScript to opt-in to Microsoft Update -1. Use the instructions in the MSDN article [Opt-In to Microsoft Update](https://msdn.microsoft.com/library/windows/desktop/aa826676.aspx) to create the VBScript. -2. Run the VBScript you created on each computer in your network. +1. Use the instructions in the MSDN article [Opt-In to Microsoft Update](https://msdn.microsoft.com/library/windows/desktop/aa826676.aspx) to create the VBScript. + +2. Run the VBScript you created on each computer in your network. ### Manually opt-in to Microsoft Update -1. Open **Windows Update** in **Update & security** settings on the computer you want to opt-in. -2. Click **Advanced** options. -3. Select the checkbox for **Give me updates for other Microsoft products when I update Windows**. +1. Open **Windows Update** in **Update & security** settings on the computer you want to opt-in. + +2. Click **Advanced** options. + +3. Select the checkbox for **Give me updates for other Microsoft products when I update Windows**. ## Prevent Security intelligence updates when running on battery power @@ -80,15 +83,14 @@ You can configure Microsoft Defender Antivirus to only download protection updat 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. -3. In the **Group Policy Management Editor** go to **Computer configuration**. +2. In the **Group Policy Management Editor** go to **Computer configuration**. -4. Click **Policies** then **Administrative templates**. +3. Click **Policies** then **Administrative templates**. -5. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates** and configure the following setting: - - 1. Double-click the **Allow security intelligence updates when running on battery power** setting and set the option to **Disabled**. - 2. Click **OK**. This will prevent protection updates from downloading when the PC is on battery power. +4. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates** and configure the following setting: + - Double-click the **Allow security intelligence updates when running on battery power** setting and set the option to **Disabled**. + - Click **OK**. This will prevent protection updates from downloading when the PC is on battery power. ## Related articles From ba0e74fc8109ec3be756de9b64ce3e118ee8f255 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 13:09:57 -0800 Subject: [PATCH 22/25] Update manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md --- ...-devices-vms-microsoft-defender-antivirus.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index e9c2d12071..816025ec14 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -54,24 +54,24 @@ You can opt in to Microsoft Update on the mobile device in one of the following 2. In the **Group Policy Management Editor** go to **Computer configuration**. -3. Click **Policies** then **Administrative templates**. +3. Select **Policies** then **Administrative templates**. 4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**. -5. Double-click the **Allow security intelligence updates from Microsoft Update** setting and set the option to **Enabled**. Click **OK**. +5. Set **Allow security intelligence updates from Microsoft Update** to **Enabled**, and then select **OK**. -### Use a VBScript to opt-in to Microsoft Update +### Use a VBScript to opt in to Microsoft Update 1. Use the instructions in the MSDN article [Opt-In to Microsoft Update](https://msdn.microsoft.com/library/windows/desktop/aa826676.aspx) to create the VBScript. 2. Run the VBScript you created on each computer in your network. -### Manually opt-in to Microsoft Update +### Manually opt in to Microsoft Update -1. Open **Windows Update** in **Update & security** settings on the computer you want to opt-in. +1. Open **Windows Update** in **Update & security** settings on the computer you want to opt in. -2. Click **Advanced** options. +2. Select **Advanced** options. 3. Select the checkbox for **Give me updates for other Microsoft products when I update Windows**. @@ -87,10 +87,9 @@ You can configure Microsoft Defender Antivirus to only download protection updat 3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components > Microsoft Defender Antivirus > Signature Updates** and configure the following setting: +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**, and then set **Allow security intelligence updates when running on battery power** to **Disabled**. Then select **OK**. - - Double-click the **Allow security intelligence updates when running on battery power** setting and set the option to **Disabled**. - - Click **OK**. This will prevent protection updates from downloading when the PC is on battery power. +This action prevents protection updates from downloading when the PC is on battery power. ## Related articles From 8780dfa7a688808075a706f2327abc00fb41acdd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 6 Jan 2021 13:11:02 -0800 Subject: [PATCH 23/25] acrolinx fixes --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 5 +++++ ...pdates-mobile-devices-vms-microsoft-defender-antivirus.md | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 943036f62c..4f60e5d308 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -87,6 +87,7 @@ All our updates contain  Support phase: **Security and Critical Updates** ### What's new + - Improved SmartScreen status support logging - Apply CPU throttling policy to manually initiated scans @@ -103,12 +104,14 @@ No known issues  Support phase: **Security and Critical Updates** ### What's new + - New descriptions for special threat categories - Improved emulation capabilities - Improved host address allow/block capabilities - New option in Defender CSP to Ignore merging of local user exclusions ### Known Issues + No known issues
@@ -121,6 +124,7 @@ No known issues  Support phase: **Security and Critical Updates** ### What's new + - Admin permissions are required to restore files in quarantine - XML formatted events are now supported - CSP support for ignoring exclusion merges @@ -132,6 +136,7 @@ No known issues - Improved Office VBA module scanning ### Known Issues + No known issues
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index 816025ec14..e2fb5173d8 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -81,11 +81,11 @@ You can configure Microsoft Defender Antivirus to only download protection updat ### Use Group Policy to prevent security intelligence updates on battery power -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), choose the Group Policy Object you want to configure, and open it for editing. 2. In the **Group Policy Management Editor** go to **Computer configuration**. -3. Click **Policies** then **Administrative templates**. +3. Select **Policies** then **Administrative templates**. 4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**, and then set **Allow security intelligence updates when running on battery power** to **Disabled**. Then select **OK**. From fe649b4c7c31cb96b839b1239afa9629c24a3c37 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 6 Jan 2021 13:48:15 -0800 Subject: [PATCH 24/25] Removed "en-us" from a Microsoft URL (and verified that it works) --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 4f60e5d308..7835dd3bfa 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -47,7 +47,7 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). -For a list of recent security intelligence updates, see [Antimalware updates change log - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes). +For a list of recent security intelligence updates, see [Antimalware updates change log - Microsoft Security Intelligence](https://www.microsoft.com/wdsi/definitions/antimalware-definition-release-notes). Engine updates are included with security intelligence updates and are released on a monthly cadence. From 42cd42a769e77b375de26bac0b2d699e431202ea Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 6 Jan 2021 13:52:15 -0800 Subject: [PATCH 25/25] Acrolinx: "Powershell" --- .../manage-protection-updates-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index 9cfcd64a5d..42af3da160 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -170,7 +170,7 @@ Set up a network file share (UNC/mapped drive) to download security intelligence MD C:\Temp\TempSigs\x86 ``` -3. Download the Powershell script from [www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4). +3. Download the PowerShell script from [www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4). 4. Click **Manual Download**.