updates to compat topics

windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md

@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Antivirus and Windows Defender ATP
+title: Windows Defender Antivirus compatibility with other security products
-description: Windows Defender AV and Windows Defender ATP work together to provide threat detection, remediation, and investigation.
+description: Windows Defender AV operates in different ways depending on what other security products you have installed, and the operating system you are using.
 keywords: windows defender, atp, advanced threat protection, compatibility, passive mode
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 06/13/2017
+ms.date: 09/07/2017
 ---
 
 
@@ -30,44 +30,53 @@ ms.date: 06/13/2017
 
 Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10.
 
-However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself. If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode.
+However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself. 
 
-The following matrix illustrates how Windows Defender AV operates in these instances. Note that this matrix only applies to endpoints that are running Windows 10:
+If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode.
+
+On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. See [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) topic for key differences and management options for Windows Server installations.
+
+The following matrix illustrates how Windows Defender AV operates when third-party antivirus products or Windows Defender ATP are also used. 
 
 Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state
--|-|-
+-|-|-|-
 Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode
-Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Disabled mode
+Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode
 Windows 10 | Windows Defender AV | Yes | Active mode
 Windows 10 | Windows Defender AV | No | Active mode
-Windows 8 or earlier | A third-party product that is not offered or developed by Microsoft | N/A (Windows Defender ATP requires Windows 10) | N/A (Windows Defender AV requires Windows 10)
+Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode
-Windows 8 or earlier | System Center Endpoint Protection (offered by System Center Configuration Manager) | Yes | Active mode
+Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode
-Windows 8 or earlier | Windows Defender AV | No | Active mode
-Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode
-Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Disabled mode
 Windows Server 2016 | Windows Defender AV | Yes | Active mode
 Windows Server 2016 | Windows Defender AV | No | Active mode
 
-If you are using another antivirus or antimalware protection app.
 
-If you are enrolled in Windows Defender Advanced Threat Protection, and you are not using Windows Defender AV as your real-time protection service on your endpoints, Windows Defender AV will automatically enter into a passive mode. 
+>[!IMPORTANT]
+>Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016. 
+>In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/en-us/library/hh508760.aspx), which is managed through System Center Configuration Manager. 
+>Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/en-us/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations).
 
 
-On Windows Server 2016 SKUs, Windows Defender AV will not enter into the passive mode and will run alongside your other antivirus product.
 
 
-Windows Defender Advanced Threat Protection (ATP) is an additional service beyond Windows Defender Antivirus that helps enterprises detect, investigate, and respond to advanced persistent threats on their network. 
+In the passive and automatic disabled modes, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware.
-See the [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) topics for more information about the service.
 
-I
+The reasons for this are twofold:
 
-In passive mode, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware.
+1. If you are enrolled in Windows Defender ATP, [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. 
+2. If the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, then Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. 
+    
+    Therefore, the Windows Defender AV service needs to update itself to ensure it has up-to-date protection coverage in case it needs to automatically enable itself.
 
     You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
 
     If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
 
+>[!WARNING]
+>You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Defender Security Center app.
+>This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks.
+    
 
 ## Related topics
 
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
+- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)

windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 08/25/2017
+ms.date: 09/07/2017
 ---
 
 
@@ -56,21 +56,56 @@ This topic includes the following instructions for setting up and running Window
 -   [Configure automatic exclusions](#BKMK_DefExclusions)
 
 <a name="BKMK_UsingDef"></a>
-## Enable the interface
+## Enable or disable the interface on Windows Server 2016
-By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs. 
+By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
 
-You can enable or disable the interface by using the **Add Roles and Features Wizard** or PowerShellCmdlets, as described in the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic.
+If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
 
-The following PowerShell cmdlet will enable the interface: 
+![](images/server-add-gui.png)
+
+See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard.
+
+The following PowerShell cmdlet will also enable the interface: 
 
 ```PowerShell
 Install-WindowsFeature -Name Windows-Defender-GUI
 ```
 
-The following cmdlet will disable the interface:
+To hide the interface, use the **Remove Roles and Features Wizard** and deselect the **GUI for Windows Defender** option at the **Features** step, or use the following PowerShell cmdlet:
+
+
+```PowerShell
+Uninstall-WindowsFeature -Name Windows-Defender-GUI
+```
+
+
+>[!IMPORTANT]
+> Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature.
+
+## Install or uninstall Windows Defender AV on Windows Server 2016
+
+
+You can also uninstall Windows Defender AV completely with the **Remove Roles and Features Wizard** by deselecting the **Windows Defender Features** option at the **Features** step in the wizard.
+
+>[!NOTE]
+>Deselecting **Windows Defender** on its own under the **Windows Defender Features** section will automatically prompt you to remove the interface option **GUI for Windows Defender**. 
+
+
+
+
+The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016:
+
 
 ```PS
-Uninstall-WindowsFeature -Name Windows-Server-Antimalware
+Uninstall-WindowsFeature -Name Windows-Defender
+```
+
+To install Windows Defender AV again, use the **Add Roles and Features Wizard** and ensure the **Windows Defender** feature is selected. You can also enable the interface by selecting the **GUID for Windows Defender** option.
+
+You can also use the following PowerShell cmdlet to install Windows Defender AV:
+
+```PS
+Install-WindowsFeature -Name Windows-Defender
 ```
 
 > [!TIP]

windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md

@@ -38,11 +38,11 @@ In Windows 10, version 1703 (also known as the Creators Update), the Windows Def
 Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703.
 
 > [!IMPORTANT] 
-> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date.
+> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
 
 > [!WARNING] 
 > If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. 
->It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed. 
+>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. 
 >This will significantly lower the protection of your device and could lead to malware infection.
 
 

windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md

@@ -1,6 +1,6 @@
 ---
 title: Windows Defender Security Center 
-description: The Windows Defender Security Center brings together common Windows security features into one place
+description: The Windows Defender Security Center app brings together common Windows security features into one place
 keywords: wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -22,17 +22,17 @@ ms.date: 08/25/2017
 
 **Applies to**
 
-- Windows 10, version 1703
+- Windows 10, version 1709
 
 
 
 
-In Windows 10, version 1703 we introduced the new Windows Defender Security Center, which brings together common Windows security features into one, easy-to-use app.
+In Windows 10, version 1703 we introduced the new Windows Defender Security Center app, which brings together common Windows security features into one easy-to-use app.
 
 
 
 
-![Screen shot of the Windows Defender Security Center showing that the device is protected and five icons for each of the features](images/security-center-home.png)
+![Screen shot of the Windows Defender Security Center app showing that the device is protected and five icons for each of the features](images/security-center-home.png)
 
 
 
@@ -41,60 +41,65 @@ Many settings that were previously part of the individual features and main Wind
 
 The app includes the settings and status for the following security features:
 
-- Virus & threat protection, including settings for Windows Defender Antivirus
+- Virus & threat protection, including settings for Windows Defender Antivirus and Controlled folder access
 - Device performance & health, which includes information about drivers, storage space, and general Windows Update issues
 - Firewall & network protection, including Windows Firewall
-- App & browser control, covering Windows Defender SmartScreen settings
+- App & browser control, covering Windows Defender SmartScreen settings and Exploit protection mitigations
 - Family options, which include a number of parental controls along with tips and information for keeping kids safe online
 
 
 
-The Windows Defender Security Center uses the [Windows Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on 3rd party antivirus and firewall products that are installed on the device. 
+The Windows Defender Security Center app uses the [Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on third-party antivirus and firewall products that are installed on the device. 
+
 
 >[!IMPORTANT]
-> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date.
+>Windows Defender AV and the Windows Defender Security Center app use similarly named services for specific purposes.  
+>The Windows Defender Security Center app uses the Windows Defender Security Center Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Firewall, and other security protection.  
+>These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product.  
+>Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
+>Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).  
 
 > [!WARNING] 
-> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. 
+> If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.  
->It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed. 
+>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. 
 >This will significantly lower the protection of your device and could lead to malware infection. 
 
 
-## Open the Windows Defender Security Center
+
+
+## Open the Windows Defender Security Center app
 - Right-click the icon in the notification area on the taskbar and click **Open**.
 
-    ![Screen shot of the Shield icon for the Windows Defender Security Center in the bottom Windows task bar](images/security-center-taskbar.png)
+    ![Screen shot of the icon for the Windows Defender Security Center app on the Windows task bar](images/security-center-taskbar.png)
 - Search the Start menu for **Windows Defender Security Center**.
 
-    ![Screen shot of the Start menu showing the results of a search for Windows Defender Security Center, the first option with a large shield symbol is selected](images/security-center-start-menu.png)
+    ![Screen shot of the Start menu showing the results of a search for the Windows Defender Security Center app, the first option with a large shield symbol is selected](images/security-center-start-menu.png)
 
 
 > [!NOTE]
 > Settings configured with management tools, such as Group Policy, Microsoft Intune, or System Center Configuration Manager, will generally take precedence over the settings in the Windows Defender Security Center. Review the settings for each feature in its appropriate library. Links for both home user and enterprise or commercial audiences are listed below.
 
-## How the Windows Defender Security Center works with Windows security features
+## How the Windows Defender Security Center app works with Windows security features
 
 
-
+The Windows Defender Security Center app operates as a separate app or process from each of the individual features, and will display notifications through the Action Center. 
-
-The Windows Defender Security Center operates as a separate app or process from each of the individual features, and will display notifications through the Action Center. 
 
 It acts as a collector or single place to see the status and perform some configuration for each of the features.
 
-Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center. The Windows Defender Security Center itself will still run and show status for the other security features.
+Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center app. The Windows Defender Security Center app itself will still run and show status for the other security features.
 
 > [!IMPORTANT] 
-> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center itself.
+> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center app.
 
-For example, [using a 3rd party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
+For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
 
-The presence of the 3rd party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center.
+The presence of the third-party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center app.
 
 
 
 ## More information
 
-See the following links for more information on the features in the Windows Defender Security Center:
+See the following links for more information on the features in the Windows Defender Security Center app:
 - Windows Defender Antivirus
     - IT administrators and IT pros can get configuration guidance from the [Windows Defender Antivirus in the Windows Defender Security Center topic](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) and the [Windows Defender Antivirus documentation library](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
     - Home users can learn more at the [Virus & threat protection in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012987/windows-10-virus-threat-protection-windows-defender-security-center)