From 1cd14bbb16a5475e6b124a9d845dd8ed4eaca7b8 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 12:41:08 -0700 Subject: [PATCH 01/22] update wdav requirements for UC --- windows/deployment/update/update-compliance-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 5e3c80f9c4..2728abccb0 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -32,7 +32,7 @@ Windows Error Reporting | watson.telemetry.microsoft.com Online Crash Analysis | oca.telemetry.microsoft.com - 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. + 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). For endpoints running Windows 10, version 1607 or earlier, Windows telemetry must also be set to **Enhanced**. See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. ## Add Update Compliance to Microsoft Operations Management Suite From 35c1f967f2a45a5b51902266f15a6142dc83b604 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 12:46:10 -0700 Subject: [PATCH 02/22] include link to troubleshooting doc for reporting in UC --- windows/deployment/update/update-compliance-using.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index 9daa1a5103..a49a7adb06 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -147,7 +147,10 @@ Devices are evaluated by OS Version (e.g., 1607) and the count of how many are C You'll notice some new tiles in the Overview blade which provide a summary of Windows Defender AV-related issues, highlighted in the following screenshot. -![verview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png) +![Overview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png) + +>[!IMPORTANT] +>If your devices are not showing up in the Windows Defender AV assessment section, check the [Troublshoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting) topic for help. The **AV Signature** chart shows the number of devices that either have up-to-date [protection updates (also known as signatures or definitions)](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus), while the **Windows Defender AV Status** tile indicates the percentage of all assessed devices that are not updated and do not have real-time protection enabled. The Windows Defender Antivirus Assessment section provides more information that lets you investigate potential issues. From 0b721bcc78529ccd2d974d56e7dcfdcfc2746b10 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 13:29:44 -0700 Subject: [PATCH 03/22] updates to troubleshooting uc --- .../troubleshoot-reporting.md | 58 +++++++++++++++++++ ...indows-defender-antivirus-compatibility.md | 32 +++++++++- 2 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md new file mode 100644 index 0000000000..bf8a1da73f --- /dev/null +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -0,0 +1,58 @@ +--- +title: Troubleshoot problems with reporting tools for Windows Defender AV +description: Identify and solve common problems when attempting to report in Windows Defender AV protection status in Update Compliance +keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: iaanw +ms.author: iawilt +ms.date: 09/06/2017 +--- + +# Troublehsoot Windows Defender Antivirus reporting + +**Applies to:** + +- Windows 10 + +**Audience** + +- IT administrators + +When you use [Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues. + +Typically, the most common indicators of a problem are: +- You only see a small number or subset of all the devices you were expecting to see +- You do not see any devices at all +- The reports and information you do see is outdated (older than a few days) + +For common error codes and event IDs related to the Windows Defender AV service that are not related to Update Compliance, see the [Windows Defender Antivirus events](troubleshoot-windows-defender-antivirus.md) topic. + +There are three steps to troubleshooting these problems: + +1. Confirm that you have met all pre-requisites +2. Check your connectivity to the Windows Defender cloud-based service +3. Submit support logs + + +## Confirm pre-requisites + +In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender Antivirus protection: + +>[!div class="checklist] +>- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. Using any other antivirus app will cause Windows Defender AV to disable itself and the endpoint will not be reported in Update Compliance. + + + + + + +## Related topics + +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index 84504a1aae..6a237c878c 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -15,23 +15,51 @@ ms.date: 06/13/2017 --- -# Windows Defender Antivirus and Advanced Threat Protection: Better together +# Windows Defender Antivirus and third party protection products **Applies to:** - Windows 10 +- Windows Server 2016 **Audience** - Enterprise security administrators +Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. + +However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself. If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode. + +The following matrix illustrates how Windows Defender AV operates in these instances. Note that this matrix only applies to endpoints that are running Windows 10: + +Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state +-|-|- +Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode +Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Disabled mode +Windows 10 | Windows Defender AV | Yes | Active mode +Windows 10 | Windows Defender AV | No | Active mode +Windows 8 or earlier | A third-party product that is not offered or developed by Microsoft | N/A (Windows Defender ATP requires Windows 10) | N/A (Windows Defender AV requires Windows 10) +Windows 8 or earlier | Windows Defender AV | Yes | Active mode +Windows 8 or earlier | Windows Defender AV | No | Active mode +Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode +Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Disabled mode +Windows Server 2016 | Windows Defender AV | Yes | Active mode +Windows Server 2016 | Windows Defender AV | No | Active mode + +If you are using another antivirus or antimalware protection app. + +If you are enrolled in Windows Defender Advanced Threat Protection, and you are not using Windows Defender AV as your real-time protection service on your endpoints, Windows Defender AV will automatically enter into a passive mode. + + +On Windows Server 2016 SKUs, Windows Defender AV will not enter into the passive mode and will run alongside your other antivirus product. + Windows Defender Advanced Threat Protection (ATP) is an additional service beyond Windows Defender Antivirus that helps enterprises detect, investigate, and respond to advanced persistent threats on their network. See the [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) topics for more information about the service. -If you are enrolled in Windows Defender ATP, and you are not using Windows Defender AV as your real-time protection service on your endpoints, Windows Defender will automatically enter into a passive mode. On Windows Server 2016 SKUs, Windows Defender AV will not enter into the passive mode and will run alongside your other antivirus product. +I In passive mode, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware. From ef511b73a58ef7f70d0274fd4a752abd69b7ebff Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 15:01:39 -0700 Subject: [PATCH 04/22] compat updates --- .../windows-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index 6a237c878c..bf5df70ede 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -41,7 +41,7 @@ Windows 10 | A third-party product that is not offered or developed by Microsoft Windows 10 | Windows Defender AV | Yes | Active mode Windows 10 | Windows Defender AV | No | Active mode Windows 8 or earlier | A third-party product that is not offered or developed by Microsoft | N/A (Windows Defender ATP requires Windows 10) | N/A (Windows Defender AV requires Windows 10) -Windows 8 or earlier | Windows Defender AV | Yes | Active mode +Windows 8 or earlier | System Center Endpoint Protection (offered by System Center Configuration Manager) | Yes | Active mode Windows 8 or earlier | Windows Defender AV | No | Active mode Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Disabled mode From 8b37014f331264cae58ccb88e66c7e3adbf4cb0e Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 7 Sep 2017 14:31:56 -0700 Subject: [PATCH 05/22] updates to compat topics --- .../images/server-add-gui.png | Bin 0 -> 61500 bytes ...indows-defender-antivirus-compatibility.md | 53 ++++++++++-------- ...fender-antivirus-on-windows-server-2016.md | 49 +++++++++++++--- ...dows-defender-security-center-antivirus.md | 4 +- .../windows-defender-security-center.md | 53 ++++++++++-------- 5 files changed, 104 insertions(+), 55 deletions(-) create mode 100644 windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png diff --git a/windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png b/windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png new file mode 100644 index 0000000000000000000000000000000000000000..f9ef1da5f76500bd11da29b59b3518355dfbb247 GIT binary patch literal 61500 zcmdS>WmH>T^e>FkmKLW)ic68=?oN>whvM$;?pCZg6hd(+#flT0BEj7)xO=c5L4v&L z^B?COcid0sjC;P^Jw}q5xz}1*Hs|_H*@^zDEQ5tkf{uiQge4~{t%ij33Kt3KB?syo z1P2#vD2ez$bCK0`M?%8x{r7tDlNp;7!9?+pQ~HduiH7nXnO#FaKl(q`XB`g-PY)Ys zH>A?4QCS2F(*wbhwsbdlvvu*Xb#_9+L!+WW@X`PArJP-S-E6IGJdi5hjtU{T*#B|e zEKUCv{orBiXoj>Uzv%Gb;VFID+vJVa zS7gXzfQS$B`iNkjdxz})P zhASXu7a+rSW^o;mMLc5=R$D!%eca=XsW($Q^Nx_lPY5&OhcuJMteCIMnU|qc3rfjcUJn&6M=O498hnbdg-cQbhl)67p{!F4ZJCW9}CUeuS5>a_PI_oe>|88yS& z?v7iIQ(=e`Uj|Wf7dN%8TwE!XOY{Pf{KsuTPmU-J#j6#c6E3}hfl9)9O&1lx-geFt zEzt>~3J`N+U~0MX=YJdOMZd*wY5*#O47IEM$lo@>LSp}chCL(oz%_%m82VGv-pjXr zm%V{uKJHMaXN=|c@Ye!wU=*(uzp?a(#}}-s!Dn*>Sxg9?j+w_fzha|P+f2Q4D95wi zEy7%`I^4m&0#Z;pyl|~LRQ-|sm$cT%!l1RNs`Rrh=STYlId^4Iz2O7h{!)E=qNczo z`@eIUuIxf@rgk0D>^o0sw5oxj*yejpckzg&&jbZ+?uWf*CF;xFiN zZ!)VaCcs%f7ju}o0lcp|uLGfZ*49>OdZ~eWGam*zJKl$FnXJSnv<|m=CokIzZIjas zYef&mdFAK~ci@t}+BKXx-2DqVVF;VTbWPCF|ClV|7w`W)e!%s+1iVwXVzFaH?6dWJ z=QN?9wP2nQCJUd-NuP)HdHpT??7*2?pLF!$ zvwYxtRLa_Z%fF<8{xS+yCgr0>#!iv(ZmK9Ir1z7Um@#W870cz>6>>d!h zR00O=vPKT5Y>{B4j_hova%{b0P}jiPevThS3)#DxdX%vUanKN5o0k>8-)j86qJ25w7jbxeF(~WJ*$!qQuzXReH{&!WVDOefO?|~XTVYu{1~JX`r2Nxj zk42jHOPha2j8GZtFcEv)lXHak^B;?h@DnekT+%(bL ziZYCj#$9s)DNyIoL+sRh?7)fgTIZUbKY4 z!#LczhjBD43{k(5mTkc!pxa?^6_?pHu>z*l7g9p~CTh+_!{AA3`BG5!<4b{R?*53g zUJeVM4a-2}g%X}IGlEw+p4ZBjP3wUH9gj?i4Gp4C+saH}GyHoSaI~RF_t)dlO#*^x z$0a!7^`S*614T%j-R!J+KIkL5@`O0P@#)5Y>b~&EHnVp7L0m@izpp{T4@M5{-UjyI z8^7TXh*qgD;Kl#n=fVGbF#MkpH74KctS7X*$o@4;?S?jm_kVC!{qLM-|9?}4F|voH znLd5PWFI_-`FyTl4X>hjqFR3$Nw~5NbOe8wtAERvx+wrVf7!3RXvS{aC5jxWVj2rv z6Ms9P`TqP8QNWwR-RH#(J~OvK0J=V=r5a1>#)ivE>oG8rG-3Dr<x6}0gerB4kyx13X2C~^L4ls$DpKJMt%ADx1FY`ZGUsK z{HnG<`rp2|wmCPLJqA(S^s&}})5Jrt`?(2Lq{68PAV6<{#~)OJw)Y<%`TMu)Ybk>Tj>OuTGqDJo&138k~2%+Z?~fVoC=H#5#UkZE<*rOyT=SIInGE z!0Ud>KrcizS z;pu5LqLSW`?djoK#T8&RV)Fi|6Vma6NhC?Yog=YnkFBu4{2lp&1&I#?-;VM{2ND9MLg>EH3h zEHP#ehkJJulZ8JtFKB!W=Am}lv+(kf!_W4H_AK?gWaUN6=aA~F?-8}Bl5x|YZA82c ze7_LYe4{;JYKyrXb;c~IadE+u#C0rcV?MQ6J0vP_x&`ltuu1Hdt$jxCm4<= zKq2Pxp+zCuR$Dw6cfhl&3mN6c>a5wf%A8ptf)3Z(E2wK@){~_QufNs&YoH?Hs>AS^FtfC+r4% zX68TdcaQ0!(&?t+=%$>Ac)t%a@?T?_DENU<@e(guboBN^;+LkiA-K2auah~?X3Sr( zpFCKgkff$nSwKwrLulP1_W5`@@#qrXg73b-U_zMoJ80xa3|a+#>)09hEx?)0ul=9q z6!!3WL4$Jo!Bjf3Hqp_8+f|hH7|SIS5NIMEqN!bvMCJ`W^TcjGfxNYA19e;-DtZ3B zXi6fD=3~=>5&P3@8Ieftg=-3wU8!2>n>h*hk8{-lzF_)Y7$q|5#5+;Q#$OS){q1=B z>fu1>+n2E19ist2+^~jgbZ;)Tn8;EJoEoC7^PW)s#|evgPOaNK!GT7ZIvKpdt=Kq6 z*fW!cPrqoE712-7tM7*jT{y8s9eo_D{mm25dD@$-C~6&ixS3$_9*^0i)aqTpli0>S zt~b=ygZtH^PWTFg6Sl(g!wjd=pu#Z)%G<5{(>(5AW8evev+CbuxSa^Z$IT?Ye+Np( z+$v-UNMGB_TRG0Io;|R7Gar=G5ctN21=U-{kqP#O(Vq$-SUuv-*d8$p5$|U$+;S@q zO3~BnK=fH_bqSZ%`_At5 z#Tnb;@Jwr>TPHfN-F$xVGHUVKR0PBxuG{~7;p2Qr@C1Y~tm}uNR%xcCNAb0J$XM$c z8C@K93M#9g_gRZ{>a%vD?e(vq<7M8%iYs;%e79ZW`qjf*sW#19awsX-mzN)HOnPz z0R4*XfgC`v|C#zf+p$!Li7n|5IEmi>w0LIvvw`-u7DXHIm{D2Wf!F;81?AAoo}Hyf z()KHIQs;)%H*b9T z2x^dLq$5;cDB*ZpG}xWuEnWh_VQ!&OoUOFlZWK@4#C(4#y|wdqccry~!gl+t#88w} z{Lw+h%fTA^d~hHL2Xg^MWI+MU z6IK*-PaQr+2lkX2uV$Uz4R46Aj%Rs#ah%RP|I{luSpbXNKux#K;`jT^ELWaNmgPWZ z!sg<0(yHBSl_G6d35 z{2D#TgMHoc0FhZXfHaxCXC|K`jY%}4Q7kJhN!nt+G}U;L*>dxVV=s1iHb@&Xc#rb? z07ory!;Y_Pt~nd>R~ot|I(GK}g6Oy}QLMLYFK4t@Qp}v5C?xK|6if9^{8lD!_@1VL zW?BEiKEf}rgA=5cmiktD5>SMuZ{TC$C2b>k#`v48d4rE0%$JhO++__-k+j#uD~#c+ z%U(6*DNAnJ4yHjEcm+LeqK$th$a5qYveO2f2CP-G>nf~gJFMEgjb%s-cCIHw`q5o1 zWx2suA8D2w#)y38-d3>wY4$lunC2+tK8fu!5pE0#u8s(n&T501Uy}-PR80l#ISW{? zpU3{hlh8wEL#&D$V=F_RgQ0Le27BBy-dz*#MyzG5?WG=e3&mn@Q^l%x@@D1Irv2Wu zCD=%=Nortm-yAgN^^G?IbUpxCCd`UG(`wfZ{7WwM-My{d%O5AL$x&{Ct60I%W;eRQ zgB2BYZ)Pxj-)pe`XJ?N*QpZJ;`=0MIH(s-V(~$(F?hpm8kKv$HO@F%7^I#9v!hY0C zg8tJsvY%U`D4o6nAaHC8!&Y*|K>zovM&bkW1NUaZ#LJLA(R68HHodlas;v6|6YNlXYwwh7w41uS2};h!G3R`WU~}T$l|PBHt*C^ZcfxMF^#*(zLEFru zea|WN-yLP|N917bS0B0OueN>~jlVmB4j*ia_)s_>0~f0-`fY*m2LW#fh^Ce>y2vA|{&-&(b#@32QR={P;comWw97?>%MX83Va<_yzp7 zyxZ5tgZXq7pm1Mej0<$bD?qv0ZW*)>5Gz9Hy%#nj$29UF&)rMK?}0l4m%rSXRVtpr z939Q}oJN<)1>-xv(9rT0_~#O{yOkmM@VB4ciNsnsp^m?7#_h@E9RFa%4UL;NReBNNyF#1GZ@OHwwy+hYOd> za(QkVrj#muoVB0mB;e~1ddM;F`58VdK0bd|v9D?qmCF(Nt*0Qt9Tn7h;@*VVaR4`zHR&8Spko@ z9OP7_h0rp0%W_iR;}D#H8!+S!T9-(CcLzj|QInPqVh+-KW`6^+>B>c3*|?po5frC5#%N+ zI(q(2!kOG5!UGAGpIqGiZk&|B+Fk->W2Ta4oE9y~`P6%uAONsOUwE81WqrkWMb(Y2 z-pipiFHX{0bzF$-nqUkVOu6#j+OxTlxQUR{`j*Hj*y)?KaKP;Ll)WIH%?U#_gjrZ* znPMfIQx}DNcV%b+`0ChkK_qh1+-P4=rZqEh$ZbD#T&%^N#T-Sz+~X#sZaroX(>ukG z>y5c_;*gN+RQ8Liw_%rF@!8j;Bd##dsch4gt7&?Xr7FR8e{c7IvxJ`O*6m|@>%9A8 z>wyL=r}6X(!>UX9D~XSPvZX`SvxQ!1&$X>U-MRl7>1Tb0dv82XE~$V0s{WT3l%069 zZ!WsOj-O!!HXPe~TzA=^UPoeAsd(-G*4%OVdq^@LcA*>p7IN-nFM*lh>NKK7+RNxD$}YQ|aj(4UW9wq z^(G;*akH!%<2E6z!eBL9A3e=tgN95anN9`Li&9Vb?qh)Z; zc#)XVZBn(@GivA5N?(8uGJd7WqG#TD4#Id8e6$_b$h6c0>Q$2E!tgH1U#&Sp^te~` zdXGLjyNt-!iFOSdDn8Z7h?dAcHiyj6xYaljDXa>r)X+hN{XrFwzUeq}vayVAfQ;IS z=N_G^bpbqh2_{r=?C*niaw;MI{d`o`!vGk)pceCd&!z2;i+Y;7#s0tZ zGeCkO9CzM_^rttTCHg?Ux7;8JbQSCOq+gu%Wgv$MM9Zr~&_k_?NOAA$tTUn|pDRy2 zILntu>vt^)k8ld3?kH`q1$dwXn^yVH-}OW!lw+pD02$fGao5#7{tvr{EOv3(6Z?tl z2GAL%p(WG&I3qjVdhR6*jf;=Tv1?@($8!; z4FhV|{v&Qifx2J}=TrMm!;=*ZZ($GgqA@-UZtr^^Cf7X_82*!n-B0qr^&bMVBEW$u zuBTUt$B%pAko~_&I1i6LY>CykQ`IlpSr0G=RPMx0KtF&l@gFYKqXohotcT!dY-
C@Ys`lJd~7KQ;I{-q|k$M1TR@G6A$7#LwW3qv0n5 z#uF~Oo|OPZ)Zv*tJGkT#`;_+vdfJ~u<`lrqDM4A&Rhv9V6};0?UaQ+^MQTh2k=GU{ zkZL}YCOsX53wiZ@@e|X#=P9zHvA#S{_CiKMnXy@5aw3|I`93CdAz7_a<+>X994)GU z>|Gfa7G~=)GsEIaOUeJhn8}B9z04^P@NthEX3NblLzqQBqz?uvp+tu zN$Qkod5wR}Sh)IQ9Hs+lGCwyQGb|B;{P7P&aq=Pv^L{6Z$%*;B|j?!;dEyo8Vt zYVlO6R$j68o4@*|HLlcs52^zb(EwM?hU$hiUAik`#z+Z@FMsh3RE{gJ$dA)e10! zGw*b}WCqp+8=`q_(b4)1CD^G4)Xoy>v{?T_=Hf!L6Fmm!UEU>_XV)*nTWx0cpZ+{OLF#yQ7A1b{? z?u7D-lYami8vLB5aI@^^Dy4`Yan{}gtTKGm(^w7I3C8k{RuHa@dQYm~iV`%td;i0L zK+p+?uu`Z0y_C>Q`d-{a_4YWd4m{P|8u-Jpnm!F@(cH&U#<1$l1Z3~X>Xo)qDR%NE zvd-GWeJJ4Bf*?ZfkSXwq~EvHHl)@^66$dWFGnu zTo*m4*T3ohwZMwikH0mwx7l=MzD&7Pb1AfJX0OqIVZn@?o$WEZQI}pYfGujoZl12z zm%G3JIVnBWvx_4QWL3_w7y(wOjB$Jbl7NgdwUN!oL$TC|i4P zFhc0w!JsPRl9tP|lJj|`{(1WyukCsfVb+=Lf!$50X}OQpF1jRvz90p@bio_#%ZX*P z^!ZIviZRR@39M!4sJXW5<<@mvpgDzpkYFsr<^uCL3{oy<-5ymn8f@!Glh2C830Dtp z0=?I_A;zxP-WTLyM2n}?pjd50fXpy0(rr#Z2Q>)2xlDMq75l|6=oqI#YI6#6Zs_0Z zd$+k^c+gHcDy-}1>~oRWRzs=tlS$f5 zybgJLhrF9L>JSx1OZ}{Sp4=b3TTWfbXRr75e|^C(uMOJi!IV4f%IvMSiQ69gl*mWp z-jhQyz)N}evi;4%_BT4(fQ$FGoNu{>ie7_}Unx25cXfYfEmTx|8W*COT1t9&~&2o-Oa{7TqaJ#*?tl zu}YrZiS)DdL!q=}A@xoPULLYKD*+1uMruSpzSfS9rkw1z(NQI=I^(>Q1Gj8rxmT@j zZ_NtifEGXA8Rg24(ZT_!#?p6(&|c%@f}=8U8a4GkO>^z5cXvumEFakU(82F`Me?)5 z1Q7ODQkk3ztu&LQ2R<-EPV6*u4?yAUrsRKd{h=%SSggN*Y&)g&*5hJqC_R~riW?1( zc*tC3E7Dh@D|qUXWe69YxFHU+E~L$BBj0bf&&xe-&q*j@s1iyZgZZ@0SudRGraodj z`}ws|d6|o>-S;TgGDa(M$#JFZHdGox#^^|4T<0|w)HcY<0rI@_ECzng9Hg)F4w&0b5_M!CH>z|@@#^7ZYO9O?veCM{u>R{rru%M)m$ZIIU>bl!afgB<1wVt0NJ_Ndbz5_WIx5 zoL=7ywG?pRz5pCcQ#gN9-DO>*yAilm}~dE4B3Jktz2b6zWz_MAmLC1)6TbjrFaLj%Uhs zj@%TG2VecnlT$=1-X)Iil=@nj6uZ`obSXA@m)0`yz+TI-Op^oB0U(8|;8F|gn3wnR zR^Z;lq7jHYDDlZ7*WRI3X61DI!LD3Jw=aRwC=t3}f!5gAe;aF9?r7`1ynRDlUQIOI z+}N=Mx#7K8(=JN2Zwp%6I^Wj&d*5%Zj~Qt7;JpX&F7bIzxedGuY8QoYTq!~AAt!o% z^&{TKsd_Tdbz<@1ONet^KH0?m>cCHmw5D~Oz(WON&_MOSd>GJbsnU3>H%>ImsO+aY z`JF8cda54D&~0p|3k?j$sR;a?-6X+T=`u(&s-&pX(VluU1{b%I1xaH+fn?C8n{2l9 zhq`+Vj1R8Ko9myhP;sqQXzAC1tkg+z3BKB!NsrMwMzTSSoIVfc!|WE?#~NHK?#;49 z?_(L473Dop-$`smsr`=6i3yCB6reJFN4guuC=$+r9*4!Dh!txkz2!i+w+o7CGuadINw*ZP=(jD(SE0kylrsVcLKo)AAoVsU4j|=Y$eZ<7{u?>CDH)^s*iolV4bk7DF_gt-TQ7jma&58N=`TS&|~g`PX&6sB(bUbu&!EHO`;I3S`2QPdLRF6tQX8&O4dsANMFnBqi%6o*Tk8 z(TL@#nKA_z&4avy^4(2LKw$!{v%b49;lfg*AaFr}*^nZ-gOi&qL!mOy!&>@&vV1VL z!sGjM^00kVs&Gp>;-yTL`(s730=5lS1^-u=?k!`ZN)bYa za}U9AEledSaPkwDFYW|cZsxwOzkqwQvWNfpO3h^rzw@fJQDec7>kT58lB5~THoRZg zHwJTw)CL2+?$Iaw$zhjRyP5kWPJetcXhSeZG|af`IN{g){hril1>HJg-fSa1D=JJ6 zw!&ZKs=MDOl@%V*<5EbX7EPYZj5PlmZLt~cU}c=?_%*g;BxkGh!^XfQRmHE?e>2~o z)6zDUm%JM)uJ6_q; zbc+ps)(ABi*m80PRU=kQ5vz`Uk~c#!J=vs;()&2Df5R7_5d&}W=Z=UK!w8&RQ2ANTs7lp`_R*ESk?pMEy03Xb7;V44&gQq-Dn@w0304CoKkyqz z9@aJWFMC~iPS`lRf0uLgecNL^_fsX=@Wm61@$<*~`Q>Mf0K*a7YoYC{V}(4=aC(j* z9Vah_Xe0Py^SLNmaq+v8{dFR5(%+~fqqL(x9^i9cI5;2v4DE>MPpKm!&5>{K3hDRX zWo+G276@kCcH>mF9`5b?8)do-e6`=?>Lo7X_ctt;H>M-0tR4rG`L#X&aAAuDPp}jClL)}O2z$GbBtg=fmtvh_*5p0r@CCP@_Un$pOi3b5-xvnu?gU@=ozi^= zaFmL_7QC4#}FD&O5guvq-ppl`~a-0{yE#BY^H#t{m56rp|$?t*#`*APyrwc`&-}MdFr~ z{D+6tLdu@-&=9LO!RE3ekw{ng>$u4bNm@oCc_37Qd#Fw-unlAR*)0$)5!12-s>HMd z5StRcW(?o`-ZY$^k#%%d{&Za3&_GXK)Jsf(Ru>=p?ouupAznE zz^AGvT&8ZRq7A{(VE#YZwI$l!ABl^{cM`rsaxPTjG>ZQwGHAW*X_k&L(nS(| zo3mw4#8JaDHMA*#+5bi%>uX~N_(wz`D@KR^-zJbh1qlru-oehs zhG?^x`N{tEA*rk?h8`CoN+kf}wVAQQ!Zi3!Z46(prE(QkMK4f&A^kV;Tcbw)xkt!e3%wld=R!^#i_W=9E(0%r5TCHB zbG2C&5fgBE)pL6MDJ%vY5Is~BKo@J;J&p+2od_;?F(LrRvh3wM}Xt20*4Oval z6X!-|%FP4fW2-c~S!!!*2Zx8v77N-(G{1bE+85!!u%Zj}3kk!+xx+#)n~QdJX0tq; z{x}*`!CoR35Gs5Y7(ZssRHY2bZ5R!P2X;KnYu$(JSKzbc_MQtDLqGCu;QP;8ox{4Z z0_@cZsM2y37?O~<0D}p&CP1BA0#M^re&))0T#Z)dYAj@ z`!>-?_Y+H=e!t5S1PUv8t&WGMYXdZqV}$+bL?C|Q;rFq9Trr{f-$US48dj}lhO!68 zpWa+gNhh7SwzY7i;7pC5W}pICjE2YQMa8lhv=vn??5PGnyXxkA=dquUvl`2E9n)+W z(focQ{leH$wAXg{mNF$O%B4yVtIEcObu5d2zrSnS=OiBL!H_=CW*Ny;F|H>{xeLgC zO`AR}`=(4+@UK6HF=fNccla7vxrvswuy)XNRpwLwNYVbZJS{b@VVG4E9aF_O$pMwu zBknKt6>uozg3%wv2PU@17CGiK96hn`7v*!&MW^FWpU2XfoV-d8q5Zs(fS`+Prp7CR!#33`yTCxVG5~qIIUWm^ZgO z%P7*}<^10A6@+u_v=2>+cPKu!eBh#NO@a;Ob(aK}1V#$14Z7poJP4jCefP4NSO``$ z` z&ZOxJ=a~eq86j1C7HkvpLdtRCnc}=)dxDyZftJRhGsXOO%O~vz9tF|Zf&IxXl;b(@ zh_<)%TouNIPRElGSx-b5J6$1$EkG$kv*(VeQ0|fikw5{O^#!HLq!wC_sI8)g0o@dv-|%!ybfBrQ`?qW` z#a5#ezgt1+t0bvBYV#4CPBF)kSvXb64`R70D}{ZA9%P{ zZh+%{7#Olj7Y5CuJf6Ov(Be{5*5dqE)W^gcR2_rg;8EyyVFBtE|9Xl(doMqyUtBr3 zO}thG%^2TJ&_n*Q+1EY3@mmK=N@T%xZ`aJjwd-);7g`{&j)UlO^kR8qvfE|Ts7g@O z#L`0+J74hFU)@)Cu)g5)VoUxrW#7~j!{Qph*obQWj6x8<=Hc;|GoPBDA|`wGZj1s33{EnGp7ED=g^IfAWcF`4BNz>1m{mhdv78WaPeJJxg~a6=Vou_C3xB~L%o9K z_wE5ZRiqL(&&@ZHl$fS9rD)>g!QUh8#X6;2UmfDBb(Cr&4ui~V|DanS32$}fcm_H1 zU9Vfps{Z!DeOq8trCwl%uq%0vlg*&M`*WXpoYkn|Bd4Kzs?uVf+uk0U2u}?wR@q{6 zpfry-()x=A;j8`P^Gu_1%(5U>p!dLZEyd&}#T#$mjI_6ps0I-3(K^tn)yaOVjo7j6 zDK9S)i3=p~=0_5gB&*|z&=5)ggtYm3kAlbEWIJXYCtDv%{wy4TO~Rb``@+m|=>Oa%uFvKKx~W^}$@e@x}) z?=TX>yRXPlp)5SyL(Oa5iWd%1nBLj%CiO5|z9LW)iP7n;lyR_ttv+j&Cy%jnVCvI4 z`_3VX@%FyN%x&kx>$CXyb6u;3C2ckFUkpd?>kxvTzvKvGpZDPDb|4@f_JRDSee6Kk zJR?&*gc;|vG*if!)pl=cQ9w4S@?L7p%G zen!#-(GS|)83JfjYo_TXTpZP7(}&lhoJdHdsgJl$3o4rn@9!(+yLZi&8urw&EL$SO zNh)(hyV%7a`M$fk+1@)oz#<~Q3QP$)(r3NfKM)r}PtJB`jIokFaJae3J!U9|u~$w` zCpHnDSTbpPpku`EXVgXy%l@iIK?!N%$4w=~pP-4#A^F@0_Un-wIF9!;zx<9(i!caFKe-+QHy0&%iV zKQ`25%BN56UO+D?3YkPg;BDQt7^JS@SaO0uCgb^Dv5`U;3xuBpxF=wCgnbU8GCVaq z#xN&#S(NBldK~+F@B$|(M)PFFR+;SX`|sb>EDCDAJJI}T_uGIKaEnk{!;y4iIcPKI z**~()Tx*SRX3X)X37lko4U3l6+3_ebTME2cpL2fE7FnUx1~^x-GY zg%?%3s35ZSk&?5v2{5a9RNSN_YH4QK?QF3Nu3EO#xs94y%!v{Qb_#i3>jqUOe(Y>yU#Am>jAXfMnzEtrBT*TZzdzaQHdYQX1xvt)g;XwTNG3>rw zg)Q}$SAnnNaAI6=5PrK+gWH`ZzuQQ`5OTv|=O2Hu9m=Ssy3mL=ztmWS7YT3ex>=M_((+gR@{S#pz1U_dBZH zsEeB zGTjT=AvFrE5(_^PC#VGE`olZERVw2NttLrd5MwygK13X*8s}TRTIyBYxLY7FAiZ)n z5{L0T`#l+nDOP<6GfL!yUb63$AFp%>&OXlRybl%^KXxy>)#5e$mUv7`F)trSem^F(PdOxzURn`q|Fc>Q0yKl-rEQ*N^W>z1{6y#w&W0iB0KX3VRzX4HI>E(uQSls$ zo*;P3kO2Rkq4Lm1)D<}yG=WPAdgvp#tQt9_>0P^6fHb`=dXoWA!c)gidRaXrniO{*EkR) z=*#fBU zk2e1y)U{slu)DKey%xbflpf834aJ*iIxW_JLY!1>%o!)l#-eg9ADm8 zSYdLSa(#9+?G_y$*dDKAVF&+FEaBs(3Br8h(`TzfxGWb?CIIPCL-=Q$=e&g9xrR8J z->O7~lI_31p-tdWzC)wus_$%H&c;%m+GQw_cG02h>fQ3b9g7H8=EA({!Hc3U(dkZ7 z!7dP)_m@sYc(5>cN&w`4Ies;KK=>T4_~+#iChooZMgi-TswqDHy>SP^5dEoDP5CIq zX7$rP#V@8!lX=nKjXwgOy{xR>e1jSWzxt&$AfuBanoIE$x8m6jrbsvA3pgL)aY`qI zXj8ifERu;Gh+@Qk%z|pRC#7Xx&`J|tJTMgw)8ir`9923j0F&R`8G|J*zD!c0wO6!i zhBVt8k};y6P!lmdvC39`r8jnc&=N3XMHgM^@a`f;M>I6vV?2a?K0EiJ&=Su}xbC~UZ-rjqM<74BWnWr? zz2{ESoqMzYcGh1hc1_9m#tx47%98yI2qW_cu9EDtGyy^0n)=aU zQuz27Ri0#RGd;WS9FQx(5Tgy$&wpYtDu&|W&+k@?{cBg!B3Vuc zgd`khT72970>kAqiA$x`z(tuXYcjTkAo8n)CR)*U+&`Zu zc3v0uHJsxlLU)oKJq_90`c}Jc8a%JI*8)F zGO~4`|1RPk3EBdfzPDuG->`MVPykI;u&{&>SBSc+f%n|apzB8-rE;^d06N;oX(NW$ z(8Hay%wOSnL(<7(Qy)t>B4ludT&WL}PAzD~#q-Y3U4DI&WEcG6W5Iw&UyOHH#+`Q+ z{aV_R_5+ADgzojOl9;r#ym{T?LXGJw6l}7M-e^4OFJIK!{jTNXOXsh_Qy!OU9V>(~ zJ(YRDjyVpa<_Ci>n$|nirgR5R7RXVQYk>>pDm5z# zP{=Q|fPd#bdnt_juipA`kJSEom?_Uji|y<7ARC%;$2dsk%OUG`g^!!ULfR&_%|eWI z;ll$fwVk0wLsnLpqyycau5r$APQ3q)JAz}SypYzztPD;!I;CR$ntGRhC^e*ZKn;MX z21BzFJYw1$G*I&z?>5VDI;-X<Cum>s*2p$AGN$^jb1?Eja6N$Yc?koqX z{og9xSHMH`Qu_J=xNU^+AEF&$fqBfQYE_PUWHas@v@x(iBXi1{pJ?WdoFX%!oZ1Jf z#}5j+bGb|SMuP_1vw6`R-Ga3V%B~eT=hyQz?7yWLbQ1QnQis(OLwI@VN_{+32r>1WU6J%3+Dyu4p*-4E`ufiS$i$&IlZgtr zy2DlbUbmd?3&vV;kpi;MxU4Pho`iE-h)yL12WjO?03G)XPj!Tz02A3jY|ma#x>)*v zeg@{qb)72|is0cuaNC+A zP0QHY$(hD;FR)QQVU9U_R#8#2D<*v;=m% zKNz*|%KtdgoMkk)*49wiE7Xq=`?~1{f+9LmN|Gc0Z!4XvdDr*X1>l6ofC)y}@%lhg zOMzkRu*~?l`M}c_D^w)UuZi-|Fh?@X$1Q@?*^{_@I1_{ zujEH(otnMpJ`BRO_Y4UCoH~Wj^q7FdsI*e0_e1)}2;Y!7iDQ+$8!+?_z9t;uM}DZv z))kAahdo0Tx!79cRfDn1+kQzGBFFYg!eJ-2OZALMSfqS~h`$p!UTtkkrU@gVVzo_f z&7Qk<&ez9q!8%F{-qWMpZ1Q_N0J~B-3!S;;Esg3sS9#1!%U(W1r`=EK(FfATHpyk$ z8>sIm;VBV!q*c97CWZXkK^z&r1KF;Nb4RzRv2Jvvr*Uapw*zsp0jYq5)}w|hP(rc2 zv85?7{k?y-^$dKB8yBYDr)>9~ZuE z>6^=MIJh08cBAvQfHFCMd>r0;Z!A;=X5<51(`BLDKrgNeuk0bl$FTL*=k}`=XFt<6 z#J@~HPZbGNQiSG)ILB;T;LQpBf+|Mi;)uOMPGQ`ActZ(O+anfx992A43KF3f0QBLF zGpckhI&!y+3~2n}PZhk$Aacqh{5+3G?h`O%yB2)=MzLpIlDkm)z&2M{t!$^fGss^kWm$1;KUnFE<#Vm^sP%kb3)bkq^VF?! zq^fWcjT@`e~AN>I}J4hD#~|p>xW~Hhr*A-m}{r) zp2iWL^zZFWFpk|9(m#A(D7zpzb)9?DxiH;6Zns`CwO`i6%o*wY`QwXg?y)z=ruTC+ z=uPXNU6pz2O$j2h?ji)Q!i73BqEMUGR(hF<(ks_K0g5M_5}0B{>0Z0{Rg<9H*j%)PxSe4#og`8?BmUuE4v&rp4LpY zbd7Wu`|mvMFry!AvhufK12|EVs7!gMN*}VZ#EYb`tv?pY)_y|x^k5Wv*s+oL5jjyM zYM-ZjS6<40A^gYJg)hiNw6~A;C)R^<+%KuOpdRV&YIU*R&dXFEBBEXS@5^%&?R=sl;O;32D>u|e>-%a1WWYvitC&~lQOVz!PzH7 zBf0g;Uqsn=@q?lKs2o3zXvpFPN^2r_0E?LbI6lO3WCPndwIY%W2V!5%wP>!lW`0x7 zHU^EqJxk$lU(DqgF>!RDPzO~(-W<?^!?*)f2mO=*+=L9D6z3b>DF&Y_=*Uk&LOcE1oOAzyzA@x zb_3y@GL?1>6sl0W%QabWdtc%y<%kqxQQR682lx59m2v7f{rN#$ZE`BoP>*2}=R7kT z&zs*wyfrtg?w}lnH(RY&A?mM>)<{IQ>ewQr!P|>+sa;F%8K+&lzrgc(=a6#1? zzjJ0s+ejmdS{RQOkE$~|ilIUSg?sIOJ$OHGV1{#?>WS2uueLvw9{5mMC)%x|- z4b`9+OC>b)Uemc>NArVN)i_sTHTw^EDAHWazSh&)dU~$bYtQh(j)%d6!*JBe}a8#!UR^UzuG6A ze_uyVUAcMr%1*1Y)xj@KvFBW25h0lNsx%2`dT)=)X`2T$u6qvS^BbgXRoz3@rGUXhwvo)Py2q&;Gez|61;dLe-%6UmZ^jKZQ0n*EH0 zndj9e5?r4HZzH>V&z&k(Hsn*PwwYE+n1L1Oim{K z&8k|oaj2dPISQY2W090q^cYI>++q4ca_|Hn(%w;!e5{cdo4PVUaY*%6b(QwSf+1a{ zFfP6A;fsp;YJfXhn)As+34@>ub4)i)M2TlaG8>O!*hl|n`M(X8uNpa62ex@3 z^q~Ipd(5{U^L*@>CEzn?i|=?Yc|Sd)-%z!~WqZKzzz9};YZ}CX%xb2NK2lMiu&fS} zdM!0m5fmwPXgKM3O7JVlho_mIJcu04hVUk*LXXirHpvhxgkW1R?M=IqMs z+daOjY`q+UoP5;EI<8@`tD!^_ZEnH0qg`?+&-PKrl@@y)^}7ba_)!v#QoCuaBe|>5 z#*^>MWIE6vG-}6#@Tqr!L_0q$6`Xj}W13#CNoeVNkMSk`jeYgWZ>#gmtgGt}Mj9oL z)lvMY(Dk;K%2u3Q7ew+8h4$eh@Yz4@nJ-!U7c-2ME;3ksT7KUC?8tpIhlD2Or4igy zULRLy(n1mHqV0G4wi-+jvKh1=Ld3s6cVUaPUd_PqMwU^{Lw{4U{f zzv)+{o#l7_%UzzMYlMU*Qt-qi9(a>n>z6Ew=9Ya6R+(SA<|h2sn*{K@t(aB|==}DW z3_WfA`awbaUNod+UF64ZOS{SVvl;X@)8aCs<~a?)Woh80bUr~Im`{V|xIMdIhClrOj+h4Y#+A0Wtj7d-_lMu{+o;zfoToI=ZVt8);7EfJL zWsWzrUSvD2_6A*Gw1T;UDL-lG^)#z_ef}nmbca|-q&G0sHO+KJfi+r*iuQb?NRa(g z)O?e**;;QXA8JX&*#15*SIl6>g!%XOWnc05AEcAU5w78$nnQPt%1kb}|e(hCmf&9@EiB9`f z=95d`GmPE*C2J?~xQ;N9eeSU>HG28>VeI0=D{f1q?FuI2K=1pVZ%j^KBtj&r$!G*r z6(1@m?l7HE9A925F-pz@ot7#yM(m`9YLh{8G?WXSTCc9a(Ru>@&zK5K| zyCr&V%WdCNk+f4c*;)l-7lN|x`GtW>{a#Qdt@Bv8P|v}qr_Ia0xpJ$Tm0$Ilkg3*v zMvd~?-Hd7v-OE3Io5dQ8V>bD-B_(efHsxkZG#K~W3sxf4rrj2sMlYN$r}OjkR9kf6 z$wWMp>&|PQV`pa-1*UwO7oE0cF5gV=Yxge<=a!N~;`1NMM^9?Tg{`hQdF)noy_p2h zdT_yqsY93$4N2jKans?reU|5^%3%)S#=A*Z)Kt%o2hYnJ$+aTp)A+tPmXhbE?MNj7^n|kLJrBC16<6X9Y&O(u1J8kLQu0QN|UOCLhBw%Ix z06VU=?62*Nrc^BXPW#@B7w_9obE{EU!972}6S-X(=}4D_7VF%E1QxH=j%t4J^@AMR zT|gOz-QrNnanrgpHfA^2kHVE+TDG>IxEiqbKC7%1wCGL z!i@=;_Ra`57`)(uP;4idp6(-nAG+Q5XN`txJtBFr6x(mZ5%~tZ$nH-kkg^$}*q_2ni$w7~ zob;lFB{3YLOD6@XxoR?!m^ozYd8PD_3JIO@yqY&Rzus(jt5{RP&5oPI6*0ws!-#AD z$X_~pfxg;-e<1r&iggJ*50M4XoPhHY92(Nrw1B8C4^s=(WJP#HxuN8Er-`SS;PI=c zE=OC+PnXP_SOg#KgB^vPVy4g3m%mZbuQv8SA*J{l9O7_al0NiKhlrB0JiJPWR+4`v zMIv2F-xMZ_z~aG3Go)P_8E)cSY6A8A7PGIDBuO>@n%I=ICCo^)SwHt#h-lB4t#1%8 z=KwfT`*g2~v!dC{(6|dNu(2s|)a)G3p7HiSeTfZ(<7*sI^dp2cUIjsv(J zhG9i(rKbM-kTW@u8)Y(#)7d95P#gsYaGUgEK;kXAkKlJ&l*ub`Z>Ru-OIv#{FQIrYM>cXfb`!L%iu`=8G>IJ~sQ;TC!$v zroToIk9TMIkB>V0YkYRD8RtcHHcX2hds4HIrcuPDU*nebt=AhvT#AOU$f>e-c4Q)0u2-thK zQ)4{+CAs0k14mucVx|mACM9Bph=f+K@uX>5$)@_VzklD%ge!`33k!u$w(+ioF%S!! z5H5v0*|%pL(Q~wTa&ETRH+d*`an@biXZEIFRBR8r?|E!jQRc~~bj7%FeDS-m?8nr` zryk6j2CU16{p-;cw>M?lvuvVb_ou)sjo;0+A<^Hfk*1R~0)xi%%ZWPB;^3l+aMPt~ zZ8g0HmTFF>P+nY6tweSPSG$mzR*B^7Gh%+*zr!U{?Hm%f%i>VO%LA!(Tj`4C0K=0_ zS|wl^@=FMvZpc_J@_=n!Zt=9vF;W&eHrW<2pBj@=sGL%BJ;v?6jGD#WeTSTRi`?T2 zSU4d-SM-l1g)tWmpcnGQ>6i%&AK_bWV?GyXAT3x1|W#8MKbHQFaWwg=nAXP06Xf+rSC>XfF4F3e1@9vgv)68WFUoowS z@%Me?9%6~M$|pDGY$ONAhzBkhyjydNx>+4bcD54|Z3@ZI>;%qHNgiU9@zB22ytizN z>%$g}4TnYBr0s4Tzb^7=5RopDHEK6G*_F0vHf>`*uPF~yXGAmGnu55# z@MW$s_C?U?5TbAN(S5sHHQa4uV4ZtWOpU{tTvAlY3fkquFflJ#L%&SMAJkqSjF=V4 zzV{84f0bT_WqTn<5o+i+75g? zeB2AN+B-`E(^Ymo;N(2?#bj%iTQ#O)iE<+CNg-3}cBNPbbMfunN#Yuh{{5OYcXK3C zy_#t2-Gz$R+jZaV$~KnAk@d?hnnqO&j_fgKb5BQ8+t|qFjp^qmQY}6S&lZxw))j74 z*_CE0yx4elpE#j<-JgbwP7>}6zt(Qlv;))?OV8lW!-ngyN|AR2^Jm4)zb-o2G0do| zsrx_2$bPSVz5p&dZ;YjJl%Cm@bR8(X)l7*h(9=UTweeC1@@)CXWDbmBWRT32UIa-L0H;u(;SCuDN+@s zesXJvS=faftVgcigy;H*Ld*#q=E>Mf#J?L~cVFa<4C(fDb`?1*)Vo0XZ(k&oxUk0vUXEVGf)AyFV-qmCg`r-cxC~t)c4^STPXHi`9k-u zw%s{Nm&B(%Hm5AV{lWle7OnEx2Jb!6Pv5=@H$P4Gd?_`u57>O1y>B!fWe1sgY`sAY#A@}HhZk`@@M8}D^OuUe>jKEgJF{Jq)E+T)PA{kg z_#0Ah-$yR33a-{}1wW*gWZkS~Q@aj*ikW-?Xq?j_rcx*q?WR`)D!PhCG zo1-?85Kh8cjQ!oNnTg=`v{^$~^3Rs)BUHCcd6(GXj2ol(E2c7h>%%=8|GS+rGrToU zYIsjn>JPHCj1K6QIM^d;LSezQS^p4Y*ipvlg?UbMxcl?w&iRHJa%JS~>9MIE{0Mgl z`f`k>qS+BwPF~{A+=PdK7%`I1PL8*o5PN7|#il=j%v`q4v?pkL(|Hc| ziM6A!Bob89ZwVo$y9uMQX$0UrG%ji*0k*G)mqal&CZOWp`oM6w1p*KcuY+X`qHOeRuY}x z^+XtEd~Iu80M9lyrHc4I6;DekDw;1h+K(y`Q;N$@LVCO6h2JSBz-@Ibr?9?YKEG1U zVAWfKwrF*0c^1?sPxjWx-9w+Nn9sUr zAfyk~JcioDjkyQh?Ce{RhwCWYWz_F?yu!YtEzBApYvlojq;2wZqx(X4WW7wy`Hne_ zad*n@W`hhJfQOO`<6K~qq?VCFB(7+*hVy(pwYk?`mu7{f*$ zpt|iE*MetW`f?zA@At~}8j)C}Vq-)j4|FlN?2~lM?8q_K<_;RH@#tRPoM-~}>-y8& z9We%Qequ#2sc}g>&7>P1N*%vxcyxg4lN~;hdMFH{ZL*cM9v?91Q+kvIN2p(6!oA)k zw?s(2-8YG;emWNL?9bxy_H^F72EC5h;rwHt|9nZPC2L&h(<9U)^AF|>Nl^n%<)-40 z^yszWK6UXs1G!r zGQ@0Z<`x?VhXw{^cjov7aDFOw1zcCsj&?6SXI^<-_tJraACe0^aeX>(dqY0G#yH!18^pBwO&ZPqTbPU(xcV~wqnNMB1X8SQx+zKqwYjC)6aO33a8B*&TUTEBWqRC z_r%eQp9pc)L`@ibB{O&5s8dG%AzK*Ul=R{!? z+{$5kVJ5D(dsN0TMiRI@WJ2dvyOunU|)AGHx2|qh~!^(ACbM$ zWb3eBl1SEYOp07sl@cM<*{ENc9T{E>>{!Abu#Pk2SDXn!1W`F=>|f?6)= zaM_G8v)1iJr}sxPdBOu^im+mA10X|wyYCVTq;A?S25~pKsK1WI7AeiRchU3B*5k*I z*qdo|R6>>^2L4}!=bXI>vC+ek$E5af!_S-^{dayyk2&2pt?QFytWwcr@@v) z&ATP^q;Eg2AL_TJi;OuOF=&4%V;oVnO7g$|(X> zR=)Va^dd#WppFGFivwS^L--ZGP_%oC4PLxunL)={X|>{uiGB{#_yZ|_^Y$#iz{T#O zjh{u1M3&*AjV>SdF|5u>6afG$?V0*l@4jwuZFN}hKOm4a!rA))kGz79Zz$@jTMqoX z_D!tANZvF~`VD^*FcoxwsoC$I%EJXMb8dUsR}=$AqHz*NeNgsXW&%>w^@#B5o->}_ zcl6BBwE3GiC%TK>yMb?hyg4=Y3j2xDJ!c#-GAYv+%rl9xj9Q;#V!q`-?Ta29H%8@z zy-00UW?Xgnm0SoE&tb0pXeiI$?G!(jI8c2VL|B06&d`8CbIEvWXEI5)oiYw0#)XZF z-D~80#p!4~AbDuVSxrSXRvT^ANvR{-m)#&@O}UcoC3#3NX{7Y+OZ|Z!GLZi%6n@c; z5QtFob<~5L!{Y`=Wt;iRoT<|S;U9FQ_%NsRvB*A?-~8*RTd(?ZHrnnh(h^PV>PVCb`Jg2T=COt|QoJ4s&UMMKE4RzG0*4dLX&jdyl~w zz5>$yaHoO^6aP50Z*}XhBWd$Dl<_Ml`ttcD@Vwyt3pFbfFS~0eXc`V?=M|EGg=TLo zWf6lVibhu*RiOc4C|rU~YUhP~pw8kL^j2r@o2EAIKq#fP@!aBYa+{@TUvmkJGe!qZ zWSjHneqG?KbJ2{ka^DD8s1uRB=SU{h@j2Su&yF-7Dn(UiS`Eoaa44Z7FyMu#JqV0= zTEyrq{wpeyEYp2IKp$C7m7|a(jPu5+BYtlN?6+u=IJmPVJZ7Z=^?(r?Wk3D}B-_tz z;!CF7DWT!v)^nTFmf5&cg9yF~J7e>^0R2GM5zG--7*nwo+_0}H%Gsa}h;gYeYlv!wEB@Zh=DUM7 zY9@r(qX#NiNm(pFoCkwdjfCd-{S2%G-y>@9vdMvPb5-}66By^J<0WgE_r^K+G24a) z-PLSScy)<=>2uVuLt~d@=;gOSnb}nCZ4a*{FCD0;ttj@(h>M2rz=V}^e;I!e$UIr5 z%V@y2ke@!6q#k>d6RWw0Pb97BSWpI@R=zhssoc?%%=Bq%I@Ur}{?)9s$Z=nzY4jz* zqMmG&mTE27_Zy|faEDsl8)ZR$xSX*c_Bvx2AMD`w0F-Ntt14y#Br!K@dwf3G@Jz+8 zK{V^lcrcR3K1pPl$6fOk=>%PAX4U62Kx3JMEl>+MZ8ymc(%yoaDwd zf^+g$Env<*!3oTIWI&z4&_!UvLzN^x&QgZZtIO0rD2-zt?|;Zy7-8@x@JCabs+>zSRrjHK;L?(7u( z@&C$z-!Ua8pW2v(;;Ing5yg08NbTPP#=FBxuFxe5hn2wOOM5>iesxgZaW(HMmud@?Gj8d;4$FNH+7|E z)+V#t6%rW3bn3TBcRFEhh6Xquf9kj8y+hG!nT#5qSwjR*=e68#9e`H4EA94Him2|G zSIB%_kLIx3`kk7m%BXb9>AD@w%bZ%f>l`QJ{tECL30a9uwh6Wg>{aQDhwNnileqy} z(H|%?_p%VKfakoC8xCAE45}34tcn#-8%a0Q0Fl8ke;OP7Hx=!Y_+Po0sO>Mms^Go) zJh;BVNKv)q6Ba!bC@Erg0n5uuFm~7+=K#$c1$j@_5LiQ0RL$*@3mLEGLD6YNRE?2~ zY=o)VX(=@bk$%GURHdZAh=iDYx+Nute*ZliE55}+R?GfgbCqJOT-+QU?6UQS`-U!u z-YojQ)MVth7&Sm!-O_B-S16MV0GcGgr4hFfR1^%b#$Zm7n}6-`a-rudoRs1QwVq+1 zgsCtJ4q9pt{z!GSePsy13|UIW9nmjn!6!Yne62H9R+9)7PB+Z@Cpnuc z2*o%#V~>FO-vgZ{m6>w`pGVpK$5|16)Xqo@gUergL{&Wh|OyhnQv&a1k%V5z=~G@;GpY;L{HJSd59l9Gf0trUFWcatfVw(2sm zMl9=6ZF@Zo*W>l%EPqQ^iCmo8^lJC_c0%&_6*?Kfgw!SdtOeyO7rGC9bsz}+Q=bf7 zk`hxn0c^;~X@pc2Tk*Sdx%a0RrgtUE`ID=>BZO900E#_=s&?=n=IU1(73v&1cWcph z$$_F%c!Yn%!mcFoCyL>aA1i_lb>9K{g##Kryku(!lP!4hWioXH)Fd^(zST*0 zLTOQ+t2P_Akl^0Pk!r5|=pWfSGr{-Y%Ew<)e!45OLz(GMM*E!a>|7+}X^ z@)UoW=}H(y_DgxhOoo)?(g}qfYx#}G&sWN&iEJ5DF3yJvCi4+iKdz6%p`q|5kLr{paO|vZb>7WLPG@|o>}6$3A$D(?L7n>48*eb zu}xyZq3e`!2i!Hk|xKJyN?%2{qVfmmIm z|DSF)01h$0Dn}9s^vg~Jvp-guDERde?|oMYi5@y|kWKqWBjsPr$rJ_Cn8HlVxNR=p z($eN9$-V=Qgw+322(trC3)VAdO-)VULTVU9wHSsW)Rgd1Gh;yVP8IfU{?uP#;3hJp znSgP0_xsWRzW%EFcwqB36nCs^&@Fd8xaf?^&&_u8eppEEzp{OgErkXoVF`+3uapS8b$>tG#`95cPH< z3fL#hEDn<=z$#n?Xn1A98p`zt3t5iC8g1pi9s5>`tGn42M}V7=SsC&pY9Gc(&87acTU&4osO52u&IczoRfwsSO6b1SshP#yWFok6tx1D z?1L5Ar8y8d;E~Uxl!mL6BqxkVwffdLlp>VFW6rnH!lglQIfyxkW~6=c)wgKII{qbK zEWWTy0;1-CS>GwY9}6ps(xf;RICDXD&m70#cr*-Os&YWUnzDT_5v zVesl@PIzBR&rJNbSVdNU#&x_aacnG)Sn`?IOC>Bxho9XdU;b&RBQVE8I>vH7iyaA@ z06pCv+@k_L)?P_m_rg!WZeu=AWy4LgBIkXrVi*>g>Q&qj$@so&BX+t4DcCzZW0z*z zfZN<$(Gl0R-L{K%;eG294q~6>wY`*H#BBMsc{Y0}=#AEaVOs$D(fZ70pJ4^wz4ciJ z!xh$7cie=@@-0`$&NgiCs&5HQ-B)LmblX{3q$x=f*0Q(6uLE<-VV!_%#`tilgLGG= zgAfPp+)aNi0aEsg`T9`!=tOnDqr_+HAx#hEww`n)Of=HewWMNGzZt)ptOCjPuhY}u z;EwM%AvfLxX(9QU@&sPb&2CLpM0~tm6>rYfgIDyW@780S!caB|{3cdAkl;(&A)(_%j|S)zLVbQ} za_;YAY7JfOH`d>(@D6r`in&wmvfBwde>^}Chax6O_pg4sLCLTi`a-gLgrw4F&Fd-i z+%&EMIgJtrsE2>>J+0Wdu%h*Wz z(mzq)-l5|$AIROcij7>kEbGzTQv4}U<#~cM`j4v?BytHPgN^SxAqG`GJ|f3$N}%y~ z=2R(Yf2|84o6s3)Nxs;s+lL38)4iFvrAU*F%_@E22hNd?m&1sE@-}NqIrbDyafjg&5ALr?p3m&Op0d*2hkHEv2&OTG$IFyO49rH4b^4vp*9#~;rqYL;oVEnxybBF} z)U=bcG{{QM7;~qmXQ^%}bfhuALKQC2dfgq;;6+p(2d6 z!?LmQP+Rwc>RlB_1Y+^i**lV@%PmZiGsC}?gvCGku6~msd+j-VZ%JR?J8HDcy8Fo? zn8)P+-g)>lbpw*K1;+>oJPfR5OcT#)4BcKPz@?(SI5iz$^6>F!sS$he{Z3AisjcQ= z)(TR%Xj&^d>oZTbyaUC3x^Y1FbyELr@RDRj0wwbfiOXqpQ|Q8{j`s*z@?8IFh=s-R ziNKqeYqM47mN-44z`QUlXiaZD!T?>I$g_HkkIy!Tzs?ok$pgf~rK`eZXcO-Avx8n033wp85E`JR> zJ+FV5TyhR~%O~)4o6jik|Ft0XCYSW@sEhZ2k8tq5BndI%3~08yMa6lC8dvXE<@i2Ap4}2-y|$?h^sFUM{seYT4)z>4A3hND(4Uq_~J0K9LtYP*)v)K$RVkl zCCe)96{RlLd-GKOmHNV9PB2H_XWiGx>%`_%i-l~)eXM39iDuGPr++&yb|(XlmKr#m zc9j|5|Gc;>{YzbaBJN{?I8Lt%@}aM1u3>0o^0bu2j9z;M497mpb%`lGn)kfj|#MET&# zZ0J*Pqb|X{`0n$!n>^>{)Zt7UGG4YhB9FXw8Z7+dD&w5-P#Po8 zXA6$Qe#gVh8*g|kz;I^c_b=-zX6MA$$}4H#sb!0XmdzntNcPKak2lkxhUa`d9?zj% zmcDZ(muhk@adaoYWANGtXp*L;rRBCt&QvJ09U7WrV`J05z88#huj|Fhwmm{>mOHn# zNj1PFF|+JnARs=Y3`pq#NZSLELh`-6y>Jqqav~Wj05jjUYR*qdQd{oJNP%l&Q{kOU zS514mBoz~0z;`YZKKaVxwF?)t>(xXWdFiRhCA{@4Kq!tRP@STjw}1VI=anR{cNOti zGT$~h>91d>rmTZi9!*a~bV`b6&ab!Po4V?f()x<~{fGE<69$jANxXq;HyNfw+?ir+ zKLLYB%2Y8w&g?85J+Fp*#p>)2%LTX;!twyF4 zN1NUdz){m+Rx(lV@Y@iRY?ch1B&zc>*mFgq1YLP+`17abZIxm+IK4WEG;jK-(ZAb0 zYcWrq-B6U-LAUE*QIX3I<3698_vLqF+MrW_%nvw9q6JHWY zsQBz`@3UrwQ7n~YrSqe_idLdc<2> zUh?Ii1`XGXS2Vi2Z^X?r^l#LBq|X*?ZDaD_ipMA*)NQ*fy+|494HH>%7}EO#pA{_0 zqW1T3y*!`Tk6LEN`U@5%g1EDmbhJg6(UZ?#(Zh&!WD94sDQB8fd`3FOLf=c2BeB^~ zDgf7ym~lvsyh<%ZTw^9{x`=pHvk<;LaP5Sw z^jY^bIv$wW|4+dLC#l0m^SO$5m<#TIk?;Zk_#E@A3b;b$DVm3Mnm1?HMLow;Dk?uRMiWW9Z7wFA_9yo;NK;-qqVWm1 zJ>_*U4kPX_>-CAr%@r!ui0N}0ypXqKH`E2V_ZPnox7iA8KV^Yt4UV$pKr@0nKp12Z z5J-7=@ES|y>$dZ~U-AIW;aY`n{-gd9!&Uy@)O}{ThN_yn_}MN(I6r)!4IjAv<>)7Z z&IhuTL}Jt{iKE0qBNd1EucZfqR){3(n6#f4)UWNqDeC2Fd=ixm8ZlV;xs;?b1BQdn z#hJo}M1xvlZY);&&cmv}40A2B2CPB$ZNUA0O(84?6q-bA*@nNq-y#N1G*o`^G`8Nf zaG|~X=@Y@VnOQ$Nv|1_@PQIY6OaoX=x1>WcZ+d)YK%Tq@=`N$ctz{{4|ZpvKFqqI_2DLhV&f-x97k*C#9U29)<6Q%ik7 zFxCgS=p!gMxz@+q2Qo|TpC@^LofBp&z2TAfbfmr=kYWM)K}s0RJG%)i5-~NkH$ZRn zW=^DVc4g&nmiC*M1_lN=I5-n~P7zY_|Jo6&-o&c#dr(UxdL9B%adoVi%yChGqIX-$4rf{?Bys zG%d+}Fd~j6W9CKTow`05m(dwE-zI<;uqFWc171I7qt}sKG%kaiLP}zDfJM@th~|8Ruj{Wqxnl9qJG4IW|9Sz! z2861k*%k-HU^YfnS%%X0IX!DWLP{rln~%v#M8Na|YoldYGX*xz9d|tY@H_AKtatyc z`e*Z<7ZM;+X#k@e{80WMl<-&QQ53+Jd1w0&=E{6z=+qS^k*oe$OBs$ci>xSEi)r)g zC(I#$t~IlMb)Qd4UD2;Rv{8T^_S(!=EUElAf9H=ZH?K$BLb%H4s&#oM_=cBpT(rh5 zWa>E|f$bFd*P4pMn@f&ihDh8r8=2`jq@rJAtT8r2PJoS(5WQFbT;8Vxo=c?XM0f^W{L<_Y&Ucemj zjJ=Q(I@3mvSu9jESJX4)A}`7zS^}54%KcTJE4L5izC}b(t{NhG7swTWVP|;@Gglku zd^P62i;|e=XMgvVXS|HjF;*B#`v*byE-*2-?g*$@GdVp23}e_~>D zxtRPHn{A7uN`t)N5wYYb%p%#ujFIaYoWzy>x_iVX(coNgp$YJr8pHeV!CT&FO8Ar+ z>jFU(=3FeBe5?0tVf0?ND;qEce8;dU2DY`+q)*Rx2Lf-=6@#8%l;f;$Q8jO>~GGJnQw)R{;Fh5pNfu@PjU9 zH$S8tBJE4Nu|-Uwgc72I;0432-9&5~uajdcKO~h7uobFBemy=^E>r{mOUpVdUyrXf zhYmXH%R3(rNF<|-oZX#9pM5uXPDCswv* zDbq(Yz_MRA5ACu6IpyF_hvcp3s(u6@2X(_sO*WdK7Q32cDO6bBDds(KPn!Zb9%#NO zg=)9xp9H6R&w^_aOG0zaq=x@vVbcO{Yc~rM$PbU7E%T?RS*a)iWvw!-qx$sye;~-y z?YJ-Z4QUBO=xM*gX=8S#g@~hr60U}-i)_+=(nltzI|c&a6F06jBXufAwgFt(wj}P% zuK+`jiXc58w845U<~i%~D(Z5mjGkWiU)HyZr0N+HPZ8RJtUQ=3wzZuvO^Zv6J>-E7 zj`-yQ`;tTei8IoW0XS9CtR|`ZC+2jMqq#&l;bdh@DQ&uUzF1jY+9k@c&d5t6n9KqV zThWm5*`?fYIRdX{FYzX)g$nycbdHv=NSmrwT7RS;DYtj(@*{?moF|B#0 znKKNtz4EZYO!2(V`>{)FadB~8cY6gd0)v78%i>g~Q>kaoJcq{?ms^bu&^H6v-s7y3 zY$jG&!N_~|C*@p@S6Vy0+^$)#yQz!L=C4)5hQK%*;bE2vS68WJV2`G}V#&SkxQ+Ngc)2ep+Z_69 ze3b+3qV4kMWC^~_QK>L(xnKtAB?$lGx(7__Z=5A9*(6Qy%nE9RHEcxG);eC9MUfNl zW>IN?g#hKnp`%Y-6($p+`-D*T;{l&t9{ z7p{B2an$9T)#xa!I+G!x`cFjOJ}FOHf{rW#M%CWcbBA zNwLYW|Nj)cuhenTaO$7`c{Ad=Vn9Qi_u0J_G7xsGg>lQ_%^i;Ioc+P%FlCMEIk@y~k+4E`P*$cl=-#@76+@12WiWd zc~jsY%>~cQ@W8eHud2AYwN9K=5&K+1)$CQ@$k^7DUW%2_GY)MJ46$h!FvF~X4_+?bC+doe@roZm_uZxLpb+27T^EH*;~g&+3nrKiXtf}h%~5l2+|GG4N4;^ zozfj60#X7>Hxd%k-Q6wS-Q79B{PuX?=RD^==Q+}ilM5P$ByvR#pIJ>Q$nDs{gn zgq%;ut_ep)Z5El@dhWBr^&&4NnRy5v!l%0kVsE<%vfwJ@uO(I z1tQ3(0lo(U-4ovyVOfSneKt@#&X#@i;wgQb8%^-*;+(J`xSYEGZOT{Xt=w|pK|F@H z@4YhUd;}J=ro4(d)W+|E-u@ugX3zaQfq2pUvb8gjK&5on5UX(Xg#NhpGnUJ;^y@c> zIZtcS!;8E)P7l$|B{2V}7Si`=3`_a+J?PtYh$;A5_ytlI!7pGOgKZYm7dLyBi-0n7 zl&)cMGsWgs>VDcv0BIZafc1Xi=QPvLipI^jWnDlj#+Ls z-~TH`*mOLf2IlhXeaz+EeHJe!kkQP0d_2iLTn}OC68+YHQ;oc4H9OLYGDR|UNGLBA zLa=3!cka$t)Q%KWk$JC#2p@Fo7?5#zl=hTA7@{hq=L+g%dZ2<(?O)YPf;evi{jp>4Hn>|$)40o8#oF#}_=Nd%efY~)>@T{rFF zdXp>Y97nc&vq*$noD5m{KN-omdOSly{Hsdve~b}%GzXsuYJCH z@(?*?zg+<}rHM=!v}>UR6ol_9?7jI2D#BwU{Rxt$>pa3365K9}mZy!Oek4DQMTCrX z*VYUIUnGvJ)FCNKszu2}dDJj`stO?t(NB_X4t(%b8-yWflHm=^J-FQ(*n^I-eQT6; z9tAyPc^Z;3G9VWjuVG|l1PtqtfPgA73asY-KpInIKP)r3)(^xx;k^awc;gO^|9ktX zp$PDr={Y!li%Xa%t@5!=aUD;?M^m46o8QR^Fvg8wF*eVk1v{y*2K-5Z1WOHm_g&6x zD6o3*d*MX+5Ne?U(#r7H4Of2CAs-V~6icjBoLIP{-VdFgza8tPcnqkJhz1n^`FFAH zj;L`{m%rneSwZl&)(mx^&T!#M--EZLI?Nj>D&P~A#n1yv6BQhgp4Aqt8Iv1eftrn7 zn|Eh7rCv1}A8fLbn*TyDhX%#FY2m`xO{=#ccGM+ti!+nveBSL7b+-O?UX84zVQvpw zb=>yLR+#brt@lsPV-Z-xk74w#^sO2PtI-ce(RZJJZw>hvPg*i>^TuC7C_&Ks^$T-` z59k#7i`AT;#tpE>9Y#cn&1;$0I0^3M_+sB{w^>g5NG--t6D!01O!A)XBTg!V89^uK!ulPvGxYTd#WDQcrNB0HDUJKH3OG|g2w=?i&>c#Qf zHHtX#w(R-yDHQ}&ko;oL9*2CD*W*apHdT|H6W+>KCP)s6mwWIx&xrztyeuo17 ziMH?G7PVH*oF(dp_h(3F(IvNLS(WRsn3&W`sQi>!YBf;o>XbOXNk}@oPh5BNoFBLS z9@DpZ16}Z|wZFzfd2Yl-@!Z!?jIWR3qad#bZ7kxzl@3dd^*R4*8S+)F)vm;^G@G|jPp$ff_45iZ_C*0DBhJ_yMm6YvC3wh=tNcy$CA(Y z_VtEoL;J1r8S&{#p5`m9%3aSEkKH{bTRS8v1ezXnIzhr8y!5=8%}LbTW7+|Nm>!Qc zCN@dQnNisvM8wZ-R;J{49oVR{piZ#P&-Yfm`xeu&=tvh(8=j&clnUCIui~o|iCVH^ zcZMD8Z}@JTxu(R-wyib;LbTgm*uYBX{t(>1(D#hYqU&ozZS!g$z425HH>wW@QKUxW z>_n=2c}b^G4N4mpA97HJA_u)-&kwJbrp0%B7|xbmu$<}yX^m0O!M7sGIk8+A)8SjA zvqTMw>uGEvzUy#yszh8AnnV7zxHo;<0Nc!rAZwF8xVo{2inqQpcL5BTa$DU?m;9Oc zW7+Ti_^sL#J0y(a76FM7Rbs(DH5qqZ z8iF~iNrF6KU!Mp=!BtT)k4UX4gQ3+uvBP|B{D-XCctvE8(BssA{7I}g-RZ|$MK+X) zVtl9d+r~GEn!QpK4`FlRx?afuJeWpTwsm|T)uUX0%b}ZCPTZvhbJ%p<6_O1rV^Uyo zQk;wFrL`3J{#8k#7nQ%LdNk0vuGViwnE-khnJP22O&jHngoI?8-EOAE)V=Rv^{k&Q zlMo%zAM_U+luu#Lf?4)%k2Ot+Wm0QygC{CXN$3zYSK>)<>Uhtlq_%JQJpXFCf?3Wu z)47}$cn0Dsoyj;d>eN^PTuJlWfG1}mX#fnKT|+}!TYGMUlqfSSEDVKj(zVvIbtQJAgu*9=fgie4 zQZOT~rA3^hT9D*p;`3-&bVWNl7c7y(5fKqG4#;}BwX6K`XR;3PAX;mBI3N!AA}UXf zFt)3(te`y}aLL08UlI(yCG+n_d%^<|k#HSkUi&ByY)ik@H?bd8B~@0A15WK%(GwfBxFj|uwW+yusQxT_xvy0R+2f3X`x=t8s|opO+uW|xrcntxZK-eX5pr?CIZ8bW93gsqMcc5} zZS`fvWx3-SQu5ug(&{HY`@W|fzEIDe58QcwrN|mM$Jz4vOn=xySrptUGG&0zqmqQM zug%P9Nk+Jh&yx5fdp{Z96vS#(x{*Gk3|lCE4qeA~m>WuH3?l;Aw#zu0{Tn1#dFPb9 z7H|;$0VGXU70B967U-powteGAo|u!bslJm8Urg_vc1o?_?GD`jv5Zk%CUQhqph0(+ zYRlR{Bl)xplY5`3mE%bCxnZoJM@bI@+i^6%IvviKnaJFtWB#s=A!$dW`Wh@jfKsEe zDwsmMMg3`N!NNdjy%~HhpO%56JdYtjLQ?f`l{ByRYUkAT0W$6k?>Wz$kf93G_4{8V4X00?>k#=NR^f!?(^j>g`Ex^l8R5b zV#=^eU5ImwW#h=f-qY35h43Qe|JdEQmNZQC8sTZ>x-S+SJgKF8%Go85?8NQ473qhl}kI%kC9Gf=uwWMB8zeB5jo`pecm356w^~?ub3|Fd4 z)Tt{Wl?mAgd>$eelU>|aer6942_J67yGcl>8$~L`CbF_Id_SndqbtHY`ITu@$jSdD zYXZ-VJyf5?p%c#!(z|0j>{0SrZ(r-8wx!hRWC-&$r#wzR8s0r$@_jC9lyrmE%kzkf zy=$s4r^>{Txm%_O+)8+dgNKgMXIroJNc^Vr?lV4tnaMJ1Fy7y@L&2;hp~Xiey!m0C zvZTEBnAk4(#>I<{*4x>22j}b84#3WtrX^lH_jxTVuYY;jQ#)plLP3dju$NfbWWGE{ z%H*G!X)a`Q(Vbh(>x`w)C7~mwky9)s-=eg~LlU9K;DbJ@Y{zUIZ9{EyAINDC-JN#^EMW?SdXNv4Ds<`ZZFx11T z9K!t@#QyI?l;(&X9Q>|?quW9mF<_b+-GwhYkDiKJXi_;uD>3g7P?{^~bcpWX`ZJZN zu*~s3eWME7V$v~HR2$KJfU$Q_K#libLY<5PWlC=l<=Q)4u3s0iS|6$-opXKfdw*_6 zOJl?Dw^oR%4ZeNJqmFC!2aX}*Km0PX`aRQc4@uAee$JEJTi3=Kj(hd7J%IHgo3-od zi3h3n8R$&ovlE=M*5r;pgE`>9A8yyZO`re4vjV#R8qc;FoPxBr(!YKU6I-8>pDaas zP2pjRKFy1^gI61$p114+z=wH}F}xTnDX)#diZW6`qb{V*cxGkI)a3q2!?C#j-rK=3 z#Y)~-y}Sp=#;e^$c@i<>XVdzKW6q^-Et8|m>%XpcwW(?4x6c0%66$7taHNt#+?}#? zgTPMGQ*!l|#9%etiwgX`DH_rgWeN>`qZcf+L)fGNvY-#z@#ld_IPEc7KAGlNo4}!1wxHSmJTO2gvU$mMMS83iUq2o+W)w@fQ9{j0OBZ zwaBb!{1M2ejE`VPVe+lNKI)+fX>3$4_b2wke9!W~0Z~}85Z?;`M0qKuXAQ0Hu$KLL z8bK!VFe@b8EezY^j?32-AB$@Ap^fICUO7%`VE5WKB*rsVx4sr+GQDMzL&q5wfvL2& zjM%J9jdL8V7dd_0>!fHH@?E4y^8iPfJ{KbgIHCxgA7Oh32iYu33yU3MSa9&^oATqk zp?>T<@mUQYmTaM!O5UKzD^ZXHIMiQWXxEJC1^rAd8Id$R=#W@GEX|pG{*Z#{4jyMk z!J^q1mpxdXVUeFS`gEZ8N3#l+Hk!S6WbQ2=QPCF;=vd9R;Kp|(%fw#gBy2FQCd`SQ zex>RMBi}V#iYs$kU$ZXcy*$~K6ol?M)=WWcTvhy0XTh0)9e9wI@CpF+Av*d&GVC(B zw5&{49sSQrQ)E27WD{$vn~G_xE?fsppCE%Da_2kGSwSKBg%fwrYD=YL(zoVZkol=w z<``|L0I6OoUp6|y+@|sIyKRE(P=S5Ol)c)MqGRz7TyNhW4(c3pc?^H18U+t&4-Qrt z6T+B$KJW1qqhzR2Xy{qCOdan6)~(n@?>q*JgTM7%y%#9zQnso6g5~U`_uECB44~3( zKlw4ZGqT;L??=tupZ7hBRJ^=$iz5yeo(ieZG?SPdegW0}T+(}f{40z|(dnS{MtVbE z!=}N0MzB0e0yJeysIxcTK2{Zcuz46F`({#kA?8w_5c?0f6zp7RC>y77T&r zc}ZRMvDAiD9fYZ@O;dUS$SR>`9dN&6W#PB%MI%cY;Ud!EE&>o<;CZ4z=tc~ND>P3b zQ`+o7kg%Lc!C}r%AB1d2XN!N3hWW{x?>V$H5HaNN--?j9%Bb&^Eew-IOJF7 z4_B|Fm0wUoIWA{ck-JaXe~$Nw0|jF{iIEzEX_KwsCh(`ft$kfE3n3DxeK&W=p7ZC~ z$E$aXEb;A3Lnl`=&b{zn_$Bl8<5mndxa=O-FpHC5iqb6wv&5@?RqC!PH~Xx_o?^6D zGQCk6B|i7u6qWn%7laOcNiDVa=i|-&tdYGQpn`rZC+AyXAw^-Aycc9wik1GjAToQ| z*%iRu8CS!(a5aX`IR|>si?jIO4;Nn!{%`|o_Ns&2_Nt6gLvq9Z5JLVeY!M?|&|O_O zNV30(0(6(lvFOkd0%eS2xZN+FF4bRSxW&yMm^U`bz~5jiN`2pT(*!;2Fi~iFa>Hm# z!ZX?tpYY@AQ#|!1x%w?HJjNju?lWP7t+AaI6z_3UHCS`_{TzQRu#v*3hsJY*M46^b zCg#DySFel@)Ecp;Px!^Z^aS^4r*x?i4Se@14`cXS79g{uTG(p7Pj1fj?yxG>(|$$Y zrd8=NgPP!B>HZS#XR&X>YMH3X(+wt2dY>gF{bqsl4)TCiE_l!`8*$PMldR76F1iuz zpfN2ue_78m6T2JV&U}e+S)ms>);3~6QlH|63`1?%&}UgHBXI2poF%^gb2THF`V{bb zEapMJR!zH815|5iX(?mn!pxPRN2jvae12ObK>fjl8=lP;1E)!<}aC!Wc#HqHF;jtCyAnrU}-cnspC@ec^CO6jGB+*TJDM% zL#CVAd$v#OI)KV+B-Q=_1MaVxLn?b$W;Iewdtqle#Fs6On1uGBGfeLm8Q8U_WJ}CJ zNF0GwPEORnudBVYF0|8H;cTPEVC!XC{)7x07*V;}{(GIG!>+<1UfDdIT2PvJ`$X3L ztv>3T&($g!dkYU9hr1yFoDS*=1Pijo&v4{MhRu!iy|Armatqn5?aGZ=QYND@v-bE7 zS`To-ooeW%RD5&l8nd;vA4Ie%D|5@=LzBWQ!jMvnD*lb)@M~FP(-A~%{za6D+AlZ3 zufZVoOk&y(ei)>;*C^t2+w2BI-0H-;C*IPdVR zTaggnOoz%O&euM9)6cq*vVN6Fa7T^qX=RrM#nImrlSu<$tMpGRNm5R$RkajXV+ zj_qa)D|0p6omr#!O3pOV{Bnf*mD!boUb%~!Zu0d(B~F->dA2r( z(}d0KmY*`YdECt>*tLvD>%y-n+Q@TNOP7Y?eQDtx!z% zHB2Q}IIM{0OGjs}G2@C0)xsi|QmM?fMmD-Je%CFUl&^>2@NiT~nc8w6DD>r@79Of4 zv9Wi1=ei&D_h^yn&;>VZ5q9R;bjgM%-Ssq0k%=|bBx#jZ3^c9C9oj#S%BYk)|%Hp3(@BesGKI|!Wn$cd`OS_+G zpk9v^W&c}np&bq?zgbdirKD;2BbH8)b8!jD2sm$|j0b8`?5QW$)qqg zT-yecy|RvasVBa`(kMeL?s#CHvG>ev5Q9LtmZQ9dlSZS|`;a~U(cf9p^&sgBj#U|Z zarS^qY`15Li}dl<({F6(3Ceoy9a(!dj32XMNZ`fM;FJ~5L93g`frND-~YcM zGDY1=w!5}ia0vmU*e^0qje@z}HtJ`ncZliM96LeW+RI2(hLWRypfe?!-PPfcg!zce z>CYh)A_?{S_?$gL5nFh2-JhcreO)b`mF(Hs!oJ3Rj!SAkI#xx_XGIH15p?<*?-X-p z4pleo*w#|UQ(0P}qd}`BxwT_TFeJCCYwU~D+a&aXQ72J3^;q-J)leFu>25M2D+>?IR{7ONOuJROSVEwj>q^~)V_)TSxv+aEW#2QB{snd~3X;P^Y6iGq;S#S7**`WB(*Pfa4ca=^t z;4?jK1ls&TT~uQF`vrP8AbanQPsx?6G-H?}+-{*{+%KN5z$dwNH{0Hr=m2(Hw}L`ubJ6&pn2mf08y^ZcW* zAGmlJ%N;V)Se&i`6b3F`X3y|A%l)wI?TtJnwcE9#M*(3DGh=)@Z-`>(btxW)*2ixK zZJvao?Ho|N8oxNDirsJ}v{J%-K(2ZgsNTM`pd4(YmGkyi7tH7{v0(PfU^~q^;GWOe z4Ll)Ir{LQ~;dX^G)y!0avH@*^hiPLog@>Qpo+~g6$nYxJfek*Le@gUW1%H+3C3F5u zi9XGun601)66rw2ed$}n^`sE;T5_s)s&r7#Mm_u>6V*>9zsA~WK0RZiru%Eh;u+ws zIBTLE)|L?M#z3*G@z2NdXLaMvI&)8$Kl8lB0?J4m=7Wd(Cnb|^#r31$Y)XuZ;lXLh zdOdIkL@nNDLaaNfC-B}JJ>6?)H{&*yR|_zvHe2K8QRf`kx|Y(6v9GGhi~RbAiAM6a z@?JRI{(RflyZG~E1k-PTd5M?kev|WPxUtN9{9@0kL0VIDCW1%@E_a|syX?9pQZx13 zaocb0BCI`Y6D?*w4^FEP8u zyS(A3KyBh%GvRE?(U))Ra^Dx|TS}P35{jfl{Zjebz+fCeN+6Q$OsA-9x}P5j)|;+p zzzmcr%9eX^=Wjm2Pb>Z0|FH?M8#qFhuh^}(3rLP5*?mR(3>S1?2L!y8AAJn1gu5y- z)pG1985v%1-5;&iy&1dkJuX~mE4O`Ch;Aa3$)`YnEGeP>^qOSCPfKCW*@Cp@--J>_JCwpJWZ>M z6*1kFBss*y5G{xv4zESEY&chIneA>$9xaYY|sKD|)I6V(Q*$Xh_P*C5`Z#o11s_^bnrf z>3CjJ%wP69wa-{dN_P1qS@6w)rohG1NkCOVKh)Ni8aQ8%T!akR3NOy9;mr*n2US3qUp# zy8=Mm7#nkNLF*KJ-v_e^Q*zJ_CTX%2aYbY6{;xmzTEZ|^!bQ_K{Q+t9j>)p8Ul0mD!HI!6?do(2^ zfMe6eBILB@XyG_lhuhf98)0pReRF^FICwdM%TDd$TIX^JzGs;c!S6R+Bd1?vO7ns^ zs)x_c-PUvhZRC8)a#%E!%BxbKOv)sLH*r8f^Bm^Bv^!sTBp8fT=39T11j5J1gLIQ7 zai>=$k)%k(cHp7ry8mL}bA2^Q+l8-SwE8l$+I@Pf;3kr-c7`+E(!ZF3?S^S+o*qNX z?8%#VPw=cdop;9VU`Kf3JtQZ@<{O6vdPuJ}mLf-0<^wJxRj{6RYTsnPbomUaBzaN# zX5BEfD?}e|Y1rD@g6#~X+vk|3JjUCguGwebM^%d*Y8%a&V-4ZmM@Ec)+!ys>s|ciX z8s>hlH%Rj`)1|dHl#2al_#UK0Dv=>)^ZFIP$h1b@^%iOKrD43>v{lgMk~L1WRZCt) zkMmV!`(mg)|8-WdCEUu_>+?hs;Fa1d3C_(glL|eFszbk)&6e0QU| z-!ISjVsM)A5Oe&w#o_}`<7god=c~-p2G?c|^#+Gs07n{d3_88YF&w@U5zkQe4=Jd4W>LXiMGK(<=CcjQ6>hRXW7*(CS@$rY- zX?H79`2$r#bO!cwCIO1X_~^MNL&skeCwF`yh7?cjHqv1EtMo~@Vg@@ikN3CS)ZHFT z4QiYnwdrVdwStjqHE^e_ZH)L5DctU&Y)fJx#83 zNQ)-4d*Fqvg7Z$lR|_TmC0lN~)xlHT_^ZqKvL*`S3Z4Sn%{@JxUfn#_DmRCG;?80f z@~4zVr^#O)>%(VRyHNeDGV=S#dv$69IgmA>04b#0I_&dv`@^Z%_XIp`VKGot{YUZx z4ib0}B9+)thTAp=Qqlow{pF*(1mjviZt5AXhLWi;5ItR^LX-9z4|@?x>qm(^1zLal z?6)#cmh3YNR9<87Ku$W~Pu|y^=}j{%UkI>1ubRR{EX!F8*eun$J7J__e-t3*%gNYieC8mpp(~P*U;sTtb~2 zPay45*PcW#4uf`%ksNCfJYkm^*=_g8+ueYLQ0m&4^~VR3DY6j;HHp$&Jk;?)AP^_oy7zric-4 z4prEszVMN)@#1p&R!<&h`JpfH{lQZ!E9n(un88aycPc0{DSA~)J_Fr?+W`G*x^n(B z@<`jW5d~!Lj`NWrXs;P-pLVl<=h^|Z#`*TrkQ~>11i@@fN(X=JO^aS==UOL}=W@9S zU1~y$w|-6D#Vn;gWBQffE3As7H13DbDs|@F5C@+_C3Ud+#*)RYovpH(2GVP%S`^J$ zOQ%0pf3+-tMZwA!(V?!n=6W9eo*th5`~ZLbnPTkb^FyX@raQQ#A1!I5mz71XtgJ}x zmXw!A)z;QZ?qcU=D#@>OjV)V(fPpqRD6mO&FRi8~9vl`UFT@IJ*B7=0(kcMCOr@lx zGPv)Zvn6I+$Ofl5$%ST77Hye z6%%LRH=&aVmqz{;snY@>$A6C0ZL#)~AY6ozK%GS0lGZccZUCVT--cnPI2W{B>wSjj zDAeU7CEmxrl`lcleI%bOWzP$Cb@S{uY@nwQ1iWl|v_$MMC3(%E0GXhRsN4YaO*IkRHj>xlvn z{H$~J%^0WJx-O{Xi!S;*ZfCEm<{$~*?cmIa60Vm285Q`~%KblP1%5Fwnk}|zSlKmA zivYKGjaGdbg`Grd$9C9&s0r;SbY}aTK_Y7nGwM5T{sw z+r)AX&z}6?&uk>R!Ch_i3d1t?9V|N`)D=_Pc{`VSK>~+W@WP+yIi(E9M)+o!l3Q&9 z<7uBtiTQl9{P`9L9kXHnio73B$p=;Po4#!dWqSUX(% z*Ae<|3Jj-(dFfPgOQT(X3Z+{wuI=~ZXqUWAEGZfCg;^dO@A39J0li1^^5Z^B2a)Oy zE(hf4Vc+T_K#Gl?-)hL&jFhqeQ>50Ln=YwE__kR z2!yXK|5MHmS;%JmAL{%s9R;6%SI!c##&&4in5;G)9c$u;N#gb6B6P=s1jnpnJTTof zmw#n5x$A_b7Ts1+Cn!^yp6nVIst8}Nvk8LC;^}Owc!x#~-<(eq_}Ol&9WH#HL_H)j z5cfC4U2VeIapBYbfk?L*#06=S`-x6Kz<9r`YSV3CD$T|qU4ab_OGGPP_Cm<>_isB# zadr;nUPXe>Ed6h))Q=9)4HVyVse}8=l8a3-KY}nCUb)ND2_~Q^hfSIdgtyqyn&20w zemAgvtf980C$@h{d|;x~iE;iSIYekVUftUSDG=x*nDo|%Xi zD9$bOG3MfgOqnGSJBaM?VL|ge;WE73z1}~<0E+N1!11mpTc9>$Ce`G0J3(4BY=Wb4 z$K1ErAXt{@w*xuNr8NpuB4v>GdczkaK|3xccC~MFD&sEmOkt(*H3n zkOP+3r-;0b5C7M^S}Dk@z4$9S?L1z7m0);#PRU)r{KasPocNhZ!o6GBQb>zByJ->xGwbhEuDIWVl8uY7B=e>uQq?~(J( z#G|V0=1-OV@8uWUM_f)t7}3^T1lTW^33<6xe+Bl-O|ejbyM+gp9Y4#W0aML5xQe#~ z+_(|a?`oVvS zvc;)}jzfe`gg{zm567$9LyAg!lR@bYzu=q0`H0D7T%u@>2QBJiM`LI+xin(Zy_rLX zsXVqf`uba(#ln%~lk1xM=@vq(QYp*$H+3KBaIE(NE}Kx`+n{a={$D7#o&Q_EK72kE z_s{yZE?mD((b69IYmj`08Sj6=z&YDzz(AHpW%@R@;`T>W?jP~*t|Y2j`0`)yZ}L21_nhCH@11(AA}ur9G(3Ifu`0BGQyA1T?%i=ao@|i1{c=a9L@Fw` za*DGgB~d?;0X~ID)C7V5>Z-xEz2uGYk<96#YDqt0g1jz*<6p#VCZRQ>7BX?CmEtwC zr|UaM#X#3Cc zZF5Jgh3CXdTbcm)ic?kPkVubA-q<|cYd6V=^l#w^^AefxEI1AU)1VHY7nS~@KlX~C zJZ4>e%Tte#;SRx_o8W-w#`aFM7pnTmxYr1v#~H3^wO|DDd=m*3MGX2|762SKCvVMo{BD>c zB1WRI#%bw6L9iR7^%;pyUjN0v=JY1QKS2B4;3+-A77pg@*d6{yg|V84R>)(!qhW8L zpFC_d$6Zc+{LtrZWjMKTymqIvv^hfDR^hS5DRBNrlT?J5g*nK;t=@&c`_c{U^#B>`kC*{U>4_%HYRAWcp2l=My_4~KI#GIWNFkg6lZ;Mz(vYqlvR@FVCnMG2nwE94@Ih-Gl z=g|fu z?wd6XsL18~5mo2tdo#SO53P`tN_SSoQ~IBK&(I}p!Qtr@&VCP+E zLPhzPlO!<5Q{bApN=cHC2miw1ufG?st&V>wUgeeu)mfyEaLuY zUyY(IHLwQY^r=KsO^M!yfkS0VcWBZc#bFgB!}`w5A3O}k?UG7tpA^2MGo%m8HyJpd z=|%Qv9zlxwO0wF_hsYw-GTf3Wpe_~25!Je`9&Ot}Is8$|eT6L~8I|ajcSsJb7wk?U zr>+EkqhYxINS{fbUf7$JIf?knKU1EfWI-KfZiKrxhvXkXUK!DGdnuCWZ6PZ>jCHTu z4rB_-wf4d!JV!eOJ6Ij82p`HG=VRS3z`N+qcE9243u%9DDID=K8wBYJCVA79Ivdra zddJYf;yxzPThQw3RU&g7xuRAO?5N#js2Fs6rh_1lDqh~uAbN}41ey&1N4Ojq1?^-! ze(*#d*~5)_++k||f}9nDq2t^-(%Mz7dQNwz1n-^{_f;Op?12NU>_$(|M#ecbj~zD> zw=Zp(u((g(B`?=&%T^zkkKT~V;UcykTxwXLRPNQYixJ{fArd)R6zStBRO6^I;7oL2 zI$GDh;8>XOVqzq~QhXNaVk&)kz0`2A-wx3hU+qGquP>llD0{qgbN#aXdI5I?Dph^G zY*eaTNNdogzQFY|b)nMx<=u50HIg+#MmJ5`M91VHR89x71tRb6PNC$QvaL4(!)`mG zhzZs28|v3^rsn6R$2i^)Q2AUqf;HNIQZ829zE^yNqo&d1dl5s@#wCa)Z+@?sr*)`K zhlkQdG>!=xeg=Nm95>}D`Q{~@S-92(?*RB)RSzY}H3HE`c&VJAjG9)lw;0rSsZ`zU z9~fLB{WCZ6F-3kjUGT?A$zclL7zyC%rP1dWPM7Z(Oz3&Tm(*c;t_Ip?l5e|a#=E_6 z7FU!uN|g)9NC2ET3b@j(e)HoTbzVP)4|c2V%#o0rI#NfQi)tq#HqhF3Qis$vamVoV1|y%b$5|ce(CTh0;Kx1<5W4d zF9^uQF>dIL*X`!SaJ z%OO!9f-&Q)lI>CzJBVxjB25^+pFBqj<R#odH)$iP764Q<#XJ#P3&QkVaCiGvd#6?lr$yf}wE{p;iP=3VAZ+nO$}jl>l? zlWjEh_Z*-n?s1VJ)pjlMPy8nqtXWoj&p}g*vVx)G&`9OS=5@W?R=r=s$?%SpSE+jX zS(Cio4~+NI>w$#yB(#>XxuNxLOtJ7H^A<;QkToNO& zV*9pa=lDY5$<EHJki#m3e2`v+{u5{>O4Sste z$ZDbo!NE6Ub>^J9$-R7`d}8m6Nyk#I>F#xzYp2weghE=r*X-+)%$2q?+*Oox-*X|U z2pyaqZ-H@X8R#s3JTB{Kb0Z$fQhUlXz+vHc)e#*DHC^S%}3Ihe~;<^qP{pdHIH0i_pNhKc9g@;ZxJ#JN;gBhChXekHS!ee7}!NhkkrCRe0w}vXw_-1F+JDn z;`b9xro(T}JwCT>`AQ@+vTjvmcu07C z=`vftY$ab+1HIsU&j8_8;5mI?o{Y&E{dTW({`i7Bsm?K>`*Y59Ndaqb519SY&9IAD zk7yXH05Mbe5n{iF2AB!S(2Uuc`~IyRK4)c1L#pnGqC+cxK8RK^hv$dO zW@Vdx&nRKtLSRfjxL7LwGz=7hZm-pK{5UeWSf%m|h*i(gY;z-{emA4o|GahW96%%j z1+ZZ~GZozlZB1zxcgT`f6%&C;?JFThkeeq&rcPtt%I4->nJ}Y-PW2ZKRyY|x5kpcX z%nkUtxY@LuXhBGmRp9OcjluXn+idRts**WN1Qzw_8 zw`lj?#@;r{AN=Y}ZRLaM-~!q3*23J2_9W8w68PyM_yJ7k+R=`5MJ^M@W?$-nx2hSS|Kb0Q&(y-!IMewf3g8(#Rs%Vf($!qkF=>>Cupa-9N zW4peK$`^Qm)V34{s(W$g!xyKG87?zD4{k?IIXmE$&tt5wa^ z2j2od;bIWa=TaBV7BU~6DkOEvP|mxwi_}ayCnr1l4vXWOcwjBRiF?$oi{_HX=J{Io zIqxkxBqApT2eG_@ay68%JjPO#pv*COH51yYrJwBdrnkxCXTZSW^^!RCklelVV%yc_ zIgW_~r-3VIC5K;Fa{DCqf!l@6rRkMBlYUcl|k9rgw*aFx|dF%-NRZ?J+y| zU^ezeNji1@sX!mC{8Nc3$HxtLtIl_eLhSdPwwk4S$G-j`E)Sui!xQqiiTm%3tJdCySp(i<$|f-l#LI?j zvfFyI-BQShHY8wYMM5|B_Kf~HUuzTxvbEV5g8rsWCOl1tYsm*C-ipLs&K`1Ft2r|z zwMJ7^piR_<3LXye25m<%v$X@6g^-7km|ZqyCu*%Y{@MY{gAXoMPQl*u1(B?P)|LQW z5AOODCVe|x&c@J3$X%CyBJY3){*?XyUw7PAfAFt;vj3<%77>kuDE%6gG>l^y)I_Wg zUmoTpdN0!J5B>_`88l}AO`jU_aG`~5n`UJF9tozUBl}y(Z0qXTfCLgB--*$WundzY ziI(q;-(}TjAc1C>6Er79&`AQKnA!WoJZ<3%U$IXl^-~*MKiv-5ZCH+;dEZbDqF2H< zTFChPj~3auLYzIjmXOvZxtK@EO`M?cvS_h_al6b=^vOg6-PAEJ2a6CcT#kJ5TaJtX z$~ivJJnjHA$u@Y(yAA2vX`Y4NVfuDI`p%?4a+clKJX4c*FD~n=2|yCnG8z{cWPkc% zV#33f^eh4OTEzp@k|F`l&(C zf`#$!{XvJ>0{!syy4Gg1b=0@oQv?q4z?&c9psaPYAmucd)F=Csi6YyV;~G}ca#LpK`PF>6y(&jzmNeKW`F@s&pZ9i)sXuiK zvp~EikUx=msZ7(*any{ru-e0z1n?f&Ga!EcHhz3~aM);`zwPF+MzCt*u?D@=oWB!} z(s2GFT$IJw#Z|o8&s^6aWDN=l`XCo!Iiu1*-jRDqhSc>0JEb#?F48d@n|)++`p9GA%C7_zL|@LLbHNu74)$TQ=mV_uy6_QI0vQB;N9Bbv4Vp0`ovjv&EnB7Wtehh3iv)twV)|HUH z%E)0!$w3mqLqp?n_9^Kwk~fykvpxLhj558dVL+f?ukCzgeE3P&Z2mp6BMlnSBV_5* zKI@6yvoq7MJtdjI0A%uq2zPw2uu$&oS8oA%$IYLj^p&$%>G|#*B#Zwy6vMN9_3I(5kYCv1OybM6F{0$ zLN(#gRXPZv_a>q!RjJa8gkF?TLlc!wXrV|ybV5P`QbJ33!@cL;b=Q6GzV+66^Usv8 z&FpXQ-~P?4`Svc?hQd?2GoL2*zhh%>g|zjQ?sTls59Ci~^zByr!oJ2!gnpU-Jwh8= zE6`#OJNVk&S@6xIc+n-~B1+NeWPHwc;>a6v^-iK~om6TIUf5B*BQBw$`tc-RN0dv7 zLt3Jx;bD{K3EMc?i(%qxH>tKVD_b(K2R9vuiez|FP&Lz6qS6+PtG0KV%1}+3D3759 zF;4yQo<597Lm2}zZ1@w&g@PJaK6H66_J?=6oD&xinTUE`mLMX`mv${x(U@W5D(Q2| zWPp8#ph=>Lsi5X%qm3!ULFr%o9dXqq9!K`+q-Nfz&wP4= zsDwHqdzf|(LNW10f7qnq{BOF`CN=f6B-*atjYSS5^F1>B$qNY>A}V8^&RQPE+)cSk z_{g&Cln5cvSmQ9+YTfK*=s@%fAIPkPK_hZjwE>@&o=~SDFe5M?J_8{bmZ)WPg2Bcq zq}ge^Hl#{Xc~5ouZv3{vtSer;em!Ag!vAmy=czF9$YU_`mKN<+vxKB`Ce(A5#W=B< zWg@Lg-LcBCd&-bbyy?MGk9WG9%PS9TA}H+r#OC;#P>2ljt<~B(s<*e-rq*=YtAA$3 z9D%stLuIEH5OBm?@xo>I2K6_-z|}UVL+?RnOsz#~geU`4?zPDmJ`83wK2 zJ!;cO$51mmjbJdZ*v}VqCghnX{035+zFq4v zK)zzXICMWhKff{{CQ(4oGDHBx9a$uG4g><-i($RQ6=CieO3h~g0_9c!cEY`?l|4lb z0u7DdaXF8AQ1pwX^H}6h{vKQ7)#buz^L-sioK^nfbxT_OgF{olMriSLcwc3I&vlc# zXv*&yg>+*Cen+AcX5i#CWS>>aC4k7oHp zJ3w`lrYy z>#A|j_?g zB^(Evu~j8oVWB5g^ZKhc@JVJ6D2w(T_0U+_^J`ZQKhzN`QZio)iQXu9D-T>S$xD|Y z7#3x%ZnI4qBI0qymXm&2u%DYkp}ujVtLVl|n=E_+OR~unv8h$?kL(gb zBa*}OYzvQDJeuS;*mydvge^CRLQU^VUat1?;zAs)unb+zbGE4pP>%uqeB}j5xu_$C8kBa` zg{{68fJ%AWD7;wDwETj8-2&w;%~)0`DqkkZ76$b$jfM;z{20DG-)hYKx(O;BQb6Nx zoGcm)W68$OARy-?Ivij6`gBUXQstBaab0`=81(+kEqWm?`=m?G8GT=FEfE`{hli?t zozV*q2%V*|qN)!j%K>2^NL$n1&!EivSIvzE9WZuDGf88J=y0WaiTnAQG3+d`d zqoJmzrWtX9jm9Od3CR_)98@4nAXtCX#{J8eFDLyA%t4Tn|A09FsNPXCYJCJy4U}~O z%mnN}zw>-J+daL3fGGdgI70bND<1?>HUqAz^d~FSUOGcFgDGk+N8J^%mq2cxBzi)Hi2Ch%v^|>obXz0}?#@V(yHe4%3a;1Q?-xv8WgnF& zJP!KKR$qUwPOK0{a<(4`64`Cz0D&UzFkQ;k_N-EA8H4*f0It6-$E^fax2;>BM@Vww z=kKl z;HPwtRp)0x*5wpyDZz6)`1)B=0Eo{P@NHax^vfj9RG7zQ-b_T67HWR)@fF`6cWzg! zNZQXJbmajdh%*6i>3M zs8_fsL+gv{Kf#JC5}zg5?%O4UPkqsQZS8P_7LQfa^qG$tcagg@iG;~3_7tS)jAyMB zm=b2!Mygz;dxr^EXwpiZT<*6j4%`s6w_fDqSMAfu6rZO>JYnw+3d%WL{cY0o^FIZC&oMNh>i~s_UJoW=h$J zUR(TikIS#OuTM;iZ6F(5rW#3qLGU)HUHSGowx4(hOf5Z9Q|;lC_a-hwVJ{MF$34@RgvT!Le!iiuW)*^$A>zZ=^ma^AR%d$9 z=VH6zusZ69hV^v^cEzAS><6=xd4rEP>yNg+GkD`F>S<)fLF|D1!bZX7Q~=ffjKOCx zyODISopJ5Os5G0j!-k_OQ;+S~nxeJ^U%i&XpTZEBxlaqlxsCPh8@VjGXAYoAi6ShT z+g~VUMSJp>c8nE!^y4Z4{o zLk*i+XePKmR&S=y`{ z>G853NynlLc;`sopJJ>KVdq6UzsWY2hGL|aoiLvWyaFPV`C}!{P!#?`icUkq1|fAw}XujEb4wW14+8I`$u)a!mgIP;0QmO!YXVZLQc zfa8z1SH#nF+UaSPFK+nYJeid;O@6#$8ukWak@q;&)?q&ak?FOxwVg5d`A9;*(wFMm zVQbJ=9FTIfqSa^N+XZ$7KYdsk6j*HKC8pTmQ#dBMI-vKlg1p4k!M>Exf$o68o6Zw6Z<^!k! zrlzibL7w`1zn$l2RnU;`$G=>~U-cjJo;ACnar=w`f4#?aiR2h&ZZI(c4xhM6mv*GMaVWM|LMRn_EJfeYRRYmYN zveeH7&~Fa`mU&U$Z!7m~1UgPdbN)m@;QD$#${SaBaNy^S8;2Z|hzve5AQeV{6SkMb z%77G|UihE)$$+xA(_d6(ff*QZr}iP_iOmu}^Zx1*H&&KPXdzh!Z+EcB`E5P@{QcaJ zdX|j4iln3@>X^_pR-~8nG?I#o8i4zUZcDM!PQdgY;gN$t&tHIo+-P^1TXG>M4U0=l z-awMc3ujMP`sgzi2vyn|eC#w*pxI7OrOa}TnHf=BT>Lch9M_NgJpT~unUvoEJp
QO#>bqLLiXOOJ{>IssLv|=yTwu3OEaUzs>shJB|4VA^A^QcGmbm z+$rt~9w@Y!7(r;iVpr*In5ms=w1;<5d(hnoJnhcS&KVSPOFb?>U}tLBZ-4=h7nYkY z4Y&NPy1onKjJ-M(!VtqcJMbZ*H9UW|o&F(H4wUOW8K~~z|B^y~KWc>ke;NBQaY;Tlr<|LLm~4R(BLg6l(^0|U;KX%f?-YLj&`32p4DCfZ{EuF(U^QYEA$P}u z5BU7?wRWxWNyRkr{r3g^NzRahm3X@n6x|!Tn+j&r`$c_IG}f=f=cKcZH0Pd4nukn) z9uybeGrQ^gx|`iFb*DD2Ij5qz+OwUWx7)mQAidyY(%@eCce4DC1(|~5(z&ar9%5(q z{oBKwJMh)p%#^l1;-s)$4F9e|9>(Q?@Gv5R0rR;nxvYW5j*HFdNy9Vk)Q_7F1z>HD za8|5&^?fW@j`_}evDu31RN*&Z_UdPS3Fa)LllYwKD4y-`lZ zas8^o4>yuKIId;JZ-A zIB{70`+HvTPZoDWJZx+n_EH9dp(?M6@avC1R7=d{3~N}?8D>RQx8#@={_5TES|%$w zk-FxK3uUxfZ~9`d23PP9Pur1tZ|tXQt3u!}DGJ`@R!qbAy+tcYN>2P<3RmNktmM*1 zb8{8tnuLkxoZA`gZqVbp<5bPV_%WMP#&5mjps*pgWnYwYZ`skd#PpNZx5=_!zblHJ zw9G}PS3WvMol-gq!KjL_dDiuf@U5$x63cEjk4uf!S09MX2BeNFZY%8ubaDsFx#zoL z{5Shfl^F)R-`C7b6Am}AQOA%54|aN!6>Gc$`icKA!Zv@5*WV4)MdabMH|OT`-;`na)eK3^Qi8~eqi#(hvUi_$|U_qjfj zX?5CW%we`Xb_&B|Ai-pM=vv=pp{3cTJYl-_O4xqT}V8kh))SF(e`iIwA_$#a877Rxq#X0v9;;9c5T!5)kKq@q{0+Z(=+ zP!7?t@ysXYyYXhTJpKFmx8hj%8n3==nv=^FjDDl-;WS?@{lGm^HEy~zSyEOV&i*l9 zoiti@Fd1sFy=&p2<9On0WpyGvTN_$!e>b%h$uYi2(pX3LY@S@7z5zfB7j;m6^SnLQ znGe^2J;!^+YRzH%?Jd&am%$CO>CWP+f}MmTMa4%~;fVzSS&C4E*m&U`CzqwX;5ACo zH~tvdqA{!7E>;b40zZDTJNulhS5|PDXt^gByrGRo_iycKN6=+g9+LP=8}Nqj)IQS8 z3_oh~TfU^u+)Q})X(w8bqhiW9ZvE}%ey8D^H%K`W+PJi@N590^tUhCGt!5PL5yN!r zW)gDM43MbwjM2!_fV^Z)vu>A9)73=hqq$m(+46%Q)O(2qTMp_cs$W`V#Y{p+&895M zn=OJRdGf4qkrT{<@}%O{?KmIIA^ls~k2+CrW5$QcIhqyB;*EgN{KHd1mnmh3tqXD$ z3km%wV&mG%05gr#Xu%C~-F}S?xFlR@aHyGu+~rwPSEw@Iavy2{f8g3eS^EbuvdTVA zrl=3kUhI`>L);`2*xan)n)7V(5Y^br(#zPN^RBR?hr%`{NJu(4wvzV-n2$5B-fGXu}M#TH;#K*O&TZNi`S{-ycI_mR84ee;` zZHj1m%b6TQXnD*7bzT+XQk4Q#Pv^?Jo-KJ2u{F4uQr#at7Kh6tB?%%&>mEyVw-7nx z%?Z<)W&cV-T72+e3nDI{^hMw^jq@PJfFnNV7Vu$dWaG1w%j9_@25e4nEhJb{+P7__ zBEhvm&pKq6mdvkUEJovjSBisbwBrcywTpTaCxJ^zOtmmWD@cywu;-}1i(WiNOu=7$ zzOiv?{;-Hgf#wXsEhqPCkE>>Rk`IWd7LCpxNed+|8$O=RhLlYj_HHE3ZaRo=eK?mW zvNBceo_f^(SYK@v)cDII$-U-vS`6WXR?yw*PxDVwclSP!_PS;{apAmsF-b0^O~$vy z7d3+a$V9|^+SbarZ|-{wJ=VmENN^qBte?LzlPjO1F@#Eb85nOxw1KNvO7{qoYX?^}Z}&WhH6=-oDp%gaYcON`8d&`z~LmZqjx zJeMIE((rMs)1wJ(f<(}P8+o@#X*2gN<6C2^;4zZt^XK``pFa=3L5Dhj#uFrYq@-X7 z1R{0*O6miDkGJ4gObG?RB4BEHYOnhMp9HwgKj~!>@Krn937sz4PQQ?DpkE{ZlbcI9 z2<8$w&)xprDC3L<-C$~3mC*Y8;iG@P0{q_y5>V^=Uo>)D)uT%1i~)jP9-X=gX!|B= R3!=|XHPv<1Dpj6_{}&dtzbF6z literal 0 HcmV?d00001 diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index bf5df70ede..6a778f6cc1 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -1,6 +1,6 @@ --- -title: Windows Defender Antivirus and Windows Defender ATP -description: Windows Defender AV and Windows Defender ATP work together to provide threat detection, remediation, and investigation. +title: Windows Defender Antivirus compatibility with other security products +description: Windows Defender AV operates in different ways depending on what other security products you have installed, and the operating system you are using. keywords: windows defender, atp, advanced threat protection, compatibility, passive mode search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: iaanw ms.author: iawilt -ms.date: 06/13/2017 +ms.date: 09/07/2017 --- @@ -30,44 +30,53 @@ ms.date: 06/13/2017 Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. -However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself. If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode. +However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself. -The following matrix illustrates how Windows Defender AV operates in these instances. Note that this matrix only applies to endpoints that are running Windows 10: +If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode. + +On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. See [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) topic for key differences and management options for Windows Server installations. + +The following matrix illustrates how Windows Defender AV operates when third-party antivirus products or Windows Defender ATP are also used. Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state --|-|- +-|-|-|- Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode -Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Disabled mode +Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode Windows 10 | Windows Defender AV | Yes | Active mode Windows 10 | Windows Defender AV | No | Active mode -Windows 8 or earlier | A third-party product that is not offered or developed by Microsoft | N/A (Windows Defender ATP requires Windows 10) | N/A (Windows Defender AV requires Windows 10) -Windows 8 or earlier | System Center Endpoint Protection (offered by System Center Configuration Manager) | Yes | Active mode -Windows 8 or earlier | Windows Defender AV | No | Active mode -Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode -Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Disabled mode +Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode +Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode Windows Server 2016 | Windows Defender AV | Yes | Active mode Windows Server 2016 | Windows Defender AV | No | Active mode -If you are using another antivirus or antimalware protection app. -If you are enrolled in Windows Defender Advanced Threat Protection, and you are not using Windows Defender AV as your real-time protection service on your endpoints, Windows Defender AV will automatically enter into a passive mode. +>[!IMPORTANT] +>Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016. +>In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/en-us/library/hh508760.aspx), which is managed through System Center Configuration Manager. +>Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/en-us/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations). -On Windows Server 2016 SKUs, Windows Defender AV will not enter into the passive mode and will run alongside your other antivirus product. -Windows Defender Advanced Threat Protection (ATP) is an additional service beyond Windows Defender Antivirus that helps enterprises detect, investigate, and respond to advanced persistent threats on their network. -See the [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) topics for more information about the service. +In the passive and automatic disabled modes, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware. -I +The reasons for this are twofold: -In passive mode, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware. +1. If you are enrolled in Windows Defender ATP, [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. +2. If the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, then Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. + + Therefore, the Windows Defender AV service needs to update itself to ensure it has up-to-date protection coverage in case it needs to automatically enable itself. -You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. + You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. -If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode. + If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode. +>[!WARNING] +>You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Defender Security Center app. +>This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. + ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md index 91520bc734..77b79508b8 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: iaanw ms.author: iawilt -ms.date: 08/25/2017 +ms.date: 09/07/2017 --- @@ -56,21 +56,56 @@ This topic includes the following instructions for setting up and running Window - [Configure automatic exclusions](#BKMK_DefExclusions) -## Enable the interface -By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs. +## Enable or disable the interface on Windows Server 2016 +By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required. -You can enable or disable the interface by using the **Add Roles and Features Wizard** or PowerShellCmdlets, as described in the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic. +If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option. -The following PowerShell cmdlet will enable the interface: +![](images/server-add-gui.png) + +See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard. + +The following PowerShell cmdlet will also enable the interface: ```PowerShell Install-WindowsFeature -Name Windows-Defender-GUI ``` -The following cmdlet will disable the interface: +To hide the interface, use the **Remove Roles and Features Wizard** and deselect the **GUI for Windows Defender** option at the **Features** step, or use the following PowerShell cmdlet: + + +```PowerShell +Uninstall-WindowsFeature -Name Windows-Defender-GUI +``` + + +>[!IMPORTANT] +> Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature. + +## Install or uninstall Windows Defender AV on Windows Server 2016 + + +You can also uninstall Windows Defender AV completely with the **Remove Roles and Features Wizard** by deselecting the **Windows Defender Features** option at the **Features** step in the wizard. + +>[!NOTE] +>Deselecting **Windows Defender** on its own under the **Windows Defender Features** section will automatically prompt you to remove the interface option **GUI for Windows Defender**. + + + + +The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016: + ```PS -Uninstall-WindowsFeature -Name Windows-Server-Antimalware +Uninstall-WindowsFeature -Name Windows-Defender +``` + +To install Windows Defender AV again, use the **Add Roles and Features Wizard** and ensure the **Windows Defender** feature is selected. You can also enable the interface by selecting the **GUID for Windows Defender** option. + +You can also use the following PowerShell cmdlet to install Windows Defender AV: + +```PS +Install-WindowsFeature -Name Windows-Defender ``` > [!TIP] diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index dc8b0b0597..495cc05eec 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -38,11 +38,11 @@ In Windows 10, version 1703 (also known as the Creators Update), the Windows Def Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703. > [!IMPORTANT] -> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date. +> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date. > [!WARNING] > If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. ->It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed. +>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. >This will significantly lower the protection of your device and could lead to malware infection. diff --git a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 00470f7842..50c6d3b553 100644 --- a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -1,6 +1,6 @@ --- title: Windows Defender Security Center -description: The Windows Defender Security Center brings together common Windows security features into one place +description: The Windows Defender Security Center app brings together common Windows security features into one place keywords: wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -22,17 +22,17 @@ ms.date: 08/25/2017 **Applies to** -- Windows 10, version 1703 +- Windows 10, version 1709 -In Windows 10, version 1703 we introduced the new Windows Defender Security Center, which brings together common Windows security features into one, easy-to-use app. +In Windows 10, version 1703 we introduced the new Windows Defender Security Center app, which brings together common Windows security features into one easy-to-use app. -![Screen shot of the Windows Defender Security Center showing that the device is protected and five icons for each of the features](images/security-center-home.png) +![Screen shot of the Windows Defender Security Center app showing that the device is protected and five icons for each of the features](images/security-center-home.png) @@ -41,60 +41,65 @@ Many settings that were previously part of the individual features and main Wind The app includes the settings and status for the following security features: -- Virus & threat protection, including settings for Windows Defender Antivirus +- Virus & threat protection, including settings for Windows Defender Antivirus and Controlled folder access - Device performance & health, which includes information about drivers, storage space, and general Windows Update issues - Firewall & network protection, including Windows Firewall -- App & browser control, covering Windows Defender SmartScreen settings +- App & browser control, covering Windows Defender SmartScreen settings and Exploit protection mitigations - Family options, which include a number of parental controls along with tips and information for keeping kids safe online -The Windows Defender Security Center uses the [Windows Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on 3rd party antivirus and firewall products that are installed on the device. +The Windows Defender Security Center app uses the [Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on third-party antivirus and firewall products that are installed on the device. -> [!IMPORTANT] -> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date. + +>[!IMPORTANT] +>Windows Defender AV and the Windows Defender Security Center app use similarly named services for specific purposes. +>The Windows Defender Security Center app uses the Windows Defender Security Center Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Firewall, and other security protection. +>These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product. +>Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). +>Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). > [!WARNING] -> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. ->It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed. ->This will significantly lower the protection of your device and could lead to malware infection. +> If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. +>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. +>This will significantly lower the protection of your device and could lead to malware infection. -## Open the Windows Defender Security Center + + +## Open the Windows Defender Security Center app - Right-click the icon in the notification area on the taskbar and click **Open**. - ![Screen shot of the Shield icon for the Windows Defender Security Center in the bottom Windows task bar](images/security-center-taskbar.png) + ![Screen shot of the icon for the Windows Defender Security Center app on the Windows task bar](images/security-center-taskbar.png) - Search the Start menu for **Windows Defender Security Center**. - ![Screen shot of the Start menu showing the results of a search for Windows Defender Security Center, the first option with a large shield symbol is selected](images/security-center-start-menu.png) + ![Screen shot of the Start menu showing the results of a search for the Windows Defender Security Center app, the first option with a large shield symbol is selected](images/security-center-start-menu.png) > [!NOTE] > Settings configured with management tools, such as Group Policy, Microsoft Intune, or System Center Configuration Manager, will generally take precedence over the settings in the Windows Defender Security Center. Review the settings for each feature in its appropriate library. Links for both home user and enterprise or commercial audiences are listed below. -## How the Windows Defender Security Center works with Windows security features +## How the Windows Defender Security Center app works with Windows security features - - -The Windows Defender Security Center operates as a separate app or process from each of the individual features, and will display notifications through the Action Center. +The Windows Defender Security Center app operates as a separate app or process from each of the individual features, and will display notifications through the Action Center. It acts as a collector or single place to see the status and perform some configuration for each of the features. -Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center. The Windows Defender Security Center itself will still run and show status for the other security features. +Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center app. The Windows Defender Security Center app itself will still run and show status for the other security features. > [!IMPORTANT] -> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center itself. +> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center app. -For example, [using a 3rd party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall. +For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall. -The presence of the 3rd party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center. +The presence of the third-party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center app. ## More information -See the following links for more information on the features in the Windows Defender Security Center: +See the following links for more information on the features in the Windows Defender Security Center app: - Windows Defender Antivirus - IT administrators and IT pros can get configuration guidance from the [Windows Defender Antivirus in the Windows Defender Security Center topic](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) and the [Windows Defender Antivirus documentation library](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) - Home users can learn more at the [Virus & threat protection in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012987/windows-10-virus-threat-protection-windows-defender-security-center) From 0515bea69fe1117d417dbf1116d4d339a5e53843 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 7 Sep 2017 15:24:11 -0700 Subject: [PATCH 06/22] update troubleshooting for UC --- .../update/update-compliance-get-started.md | 12 ++-- ...llect-diagnostic-data-update-compliance.md | 65 +++++++++++++++++++ ...-connections-windows-defender-antivirus.md | 2 +- .../troubleshoot-reporting.md | 16 ++++- 4 files changed, 86 insertions(+), 9 deletions(-) create mode 100644 windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 2728abccb0..492435e8ac 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -25,14 +25,14 @@ Update Compliance has the following requirements: 2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). 3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint: -Service | Endpoint ---- | --- -Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
settings-win.data.microsoft.com -Windows Error Reporting | watson.telemetry.microsoft.com -Online Crash Analysis | oca.telemetry.microsoft.com + Service | Endpoint + --- | --- + Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
settings-win.data.microsoft.com + Windows Error Reporting | watson.telemetry.microsoft.com + Online Crash Analysis | oca.telemetry.microsoft.com - 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). For endpoints running Windows 10, version 1607 or earlier, Windows telemetry must also be set to **Enhanced**. See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. + 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. ## Add Update Compliance to Microsoft Operations Management Suite diff --git a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md new file mode 100644 index 0000000000..14f81e83f6 --- /dev/null +++ b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -0,0 +1,65 @@ +--- +title: Collect diagnostic data for Update Compliance and Windows Defender AV +description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender AV Assessment add in +keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: iaanw +ms.author: iawilt +ms.date: 09/06/2017 +--- + +# Collect Update Compliance diagnostic data for Windows Defender AV Assessment + +**Applies to:** + +- Windows 10 + +**Audience** + +- IT administrators + +This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in. + +Before attempting this process, ensure you have read the [Troublehsoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) topic, met all require pre-requisites, and taken any other suggested troubleshooting steps. + + +1. On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process: + 1. Open an administrator-level version of the commpand prompt: + 1. Open the **Start** menu. + 2. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**. + 3. Enter administrator credentials or approve the prompt. + 2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example: + ```Dos + cd c:\program files\windows\defender + ``` + 3. Enter the following command and press **Enter** + ```Dos + mpcmdrun -getfiles + ``` + 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. +2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us. +3. Send an email using the Update Compliance support email template, and fill out the template with the following information: + + ``` + I am encountering the following issue when using Windows Defender AV in Update Compliance: + + I have provided at least 2 support .cab files at the following location: + + My OMS workspace ID is: + + Please contact me at: + ``` + + + + +## Related topics + +- [Troublehsoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) + diff --git a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index cc04c936e3..f144ebfc04 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -147,7 +147,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t Use the following argument with the Windows Defender AV command line utility (*mpcmdrun.exe*) to verify that your network can communicate with the Windows Defender AV cloud: ```DOS -MpCmdRun - ValidateMapsConnection +MpCmdRun -ValidateMapsConnection ``` > [!NOTE] > You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703. diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index bf8a1da73f..7e11c2e005 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -39,13 +39,25 @@ There are three steps to troubleshooting these problems: 2. Check your connectivity to the Windows Defender cloud-based service 3. Submit support logs +>[!IMPORTANT] +>It typically takes 3 days for devices to start appearing in Update Compliance + ## Confirm pre-requisites -In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender Antivirus protection: +In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender AV protection: >[!div class="checklist] ->- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. Using any other antivirus app will cause Windows Defender AV to disable itself and the endpoint will not be reported in Update Compliance. +>- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. +> - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md). +> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) +> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). +> - It has been 3 days since all requirements have been met + +If the abnove pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us. + +> [!div class="nextstepaction"] +> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance-wdav.md) From 701d9e572b2d4a8f9413c92d549c24fc100b1425 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 7 Sep 2017 15:30:11 -0700 Subject: [PATCH 07/22] insert reporting troubleshoot to toc --- windows/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md index c3b5a294aa..80a04ca0c3 100644 --- a/windows/threat-protection/TOC.md +++ b/windows/threat-protection/TOC.md @@ -143,6 +143,7 @@ #### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md) ##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md) #### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md) +##### [Troublehsoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md) #### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md) ##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md) ##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md) From 70da9f32542e1db478d5dfca455d13d079cc55c8 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 7 Sep 2017 15:37:58 -0700 Subject: [PATCH 08/22] layout updates for notes --- .../windows-defender-antivirus/troubleshoot-reporting.md | 2 +- .../windows-defender-antivirus-compatibility.md | 9 ++++++--- .../windows-defender-security-center.md | 6 ++++++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index 7e11c2e005..98a9a4946d 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -47,7 +47,7 @@ There are three steps to troubleshooting these problems: In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender AV protection: ->[!div class="checklist] +>[!div class="checklist"] >- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. > - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md). > - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index 6a778f6cc1..1d49a1e634 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -51,9 +51,11 @@ Windows Server 2016 | Windows Defender AV | No | Active mode >[!IMPORTANT] ->Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016. ->In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/en-us/library/hh508760.aspx), which is managed through System Center Configuration Manager. ->Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/en-us/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations). +>Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016. +> +>In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/en-us/library/hh508760.aspx), which is managed through System Center Configuration Manager. +> +>Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/en-us/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations). @@ -73,6 +75,7 @@ The reasons for this are twofold: >[!WARNING] >You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Defender Security Center app. +> >This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. diff --git a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 50c6d3b553..804c2d9152 100644 --- a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -54,14 +54,20 @@ The Windows Defender Security Center app uses the [Security Center service](http >[!IMPORTANT] >Windows Defender AV and the Windows Defender Security Center app use similarly named services for specific purposes. +> >The Windows Defender Security Center app uses the Windows Defender Security Center Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Firewall, and other security protection. +> >These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product. +> >Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). +> >Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). > [!WARNING] > If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. +> >It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. +> >This will significantly lower the protection of your device and could lead to malware infection. From 4e1dd0c43e981c46317fd7d517bb015d1f0e184c Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 12 Sep 2017 16:03:14 -0700 Subject: [PATCH 09/22] updates from feedback (%20 instead of +) --- .../deployment/update/update-compliance-get-started.md | 6 +++++- .../collect-diagnostic-data-update-compliance.md | 2 +- .../windows-defender-antivirus/troubleshoot-reporting.md | 8 ++++---- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 492435e8ac..8e3da008da 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -32,7 +32,11 @@ Update Compliance has the following requirements: Online Crash Analysis | oca.telemetry.microsoft.com - 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. + 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct. + + For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). + + See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. ## Add Update Compliance to Microsoft Operations Management Suite diff --git a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md index 14f81e83f6..b7d59b8952 100644 --- a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md +++ b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -44,7 +44,7 @@ Before attempting this process, ensure you have read the [Troublehsoot Windows D ``` 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. 2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us. -3. Send an email using the Update Compliance support email template, and fill out the template with the following information: +3. Send an email using the Update Compliance support email template, and fill out the template with the following information: ``` I am encountering the following issue when using Windows Defender AV in Update Compliance: diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index 98a9a4946d..a723a79704 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -14,7 +14,7 @@ ms.author: iawilt ms.date: 09/06/2017 --- -# Troublehsoot Windows Defender Antivirus reporting +# Troubleshoot Windows Defender Antivirus reporting in Update Compliance **Applies to:** @@ -24,7 +24,7 @@ ms.date: 09/06/2017 - IT administrators -When you use [Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues. +When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues. Typically, the most common indicators of a problem are: - You only see a small number or subset of all the devices you were expecting to see @@ -54,10 +54,10 @@ In order for devices to properly show up in Update Compliance, you have to meet > - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). > - It has been 3 days since all requirements have been met -If the abnove pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us. +If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us. > [!div class="nextstepaction"] -> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance-wdav.md) +> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md) From 650388efbdd31093caae77984ad4003a0aea9639 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 12 Sep 2017 16:10:48 -0700 Subject: [PATCH 10/22] update url to collect diag data and some formatting --- ...llect-diagnostic-data-update-compliance.md | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md index b7d59b8952..83993b92f7 100644 --- a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md +++ b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -26,26 +26,38 @@ ms.date: 09/06/2017 This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in. -Before attempting this process, ensure you have read the [Troublehsoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) topic, met all require pre-requisites, and taken any other suggested troubleshooting steps. +Before attempting this process, ensure you have read the [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) topic, met all require pre-requisites, and taken any other suggested troubleshooting steps. 1. On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process: - 1. Open an administrator-level version of the commpand prompt: + + 1. Open an administrator-level version of the command prompt: + 1. Open the **Start** menu. + 2. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**. + 3. Enter administrator credentials or approve the prompt. + 2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example: + ```Dos cd c:\program files\windows\defender ``` + 3. Enter the following command and press **Enter** + ```Dos mpcmdrun -getfiles ``` + 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. -2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us. -3. Send an email using the Update Compliance support email template, and fill out the template with the following information: +2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us. + +3. Send an email using the Update Compliance support email template, and fill out the template with the following information: + + ``` I am encountering the following issue when using Windows Defender AV in Update Compliance: @@ -61,5 +73,5 @@ Before attempting this process, ensure you have read the [Troublehsoot Windows D ## Related topics -- [Troublehsoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) +- [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) From 634be613e79651e10c4ceae3a91b615301b34871 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 12 Sep 2017 17:15:31 -0700 Subject: [PATCH 11/22] update email template with url encoding --- .../collect-diagnostic-data-update-compliance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md index 83993b92f7..bc96824baa 100644 --- a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md +++ b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -55,7 +55,7 @@ Before attempting this process, ensure you have read the [Troubleshoot Windows D 2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us. -3. Send an email using the Update Compliance support email template, and fill out the template with the following information: +3. Send an email using the Update Compliance support email template, and fill out the template with the following information: ``` From 424fb0d6d82a70ec5f8605ff67a0bdee57d0e5fb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Sep 2017 13:41:16 -0700 Subject: [PATCH 12/22] remove suppression rules --- .../settings-windows-defender-advanced-threat-protection.md | 4 ++-- .../windows-defender-advanced-threat-protection.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md index 81b976e914..aee67ec43e 100644 --- a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Windows Defender Advanced Threat Protection settings -description: Use the menu to configure the time zone, suppression rules, and view license information. -keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license, suppression rules +description: Use the menu to configure the time zone and view license information. +keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 4f308f2bea..e208f89717 100644 --- a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -101,7 +101,7 @@ Topic | Description [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI. [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service. [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. -[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings, suppression rules, and view license information. +[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings and view license information. [Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues. [Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP. [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required. From f794356249ccd53a19f0b42a0284d062fa18a3b6 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Tue, 19 Sep 2017 14:39:19 -0700 Subject: [PATCH 13/22] updated publish date to actual --- browsers/edge/microsoft-edge-faq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md index f24235f60d..bb633e1460 100644 --- a/browsers/edge/microsoft-edge-faq.md +++ b/browsers/edge/microsoft-edge-faq.md @@ -7,6 +7,7 @@ ms.prod: edge ms.mktglfcycl: general ms.sitesec: library ms.localizationpriority: high +ms.date: 09/07/2017 --- # Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros From ac254b778f579c4e17260ac3d81e413be1f69751 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Tue, 19 Sep 2017 14:45:28 -0700 Subject: [PATCH 14/22] Adding FAQ document --- browsers/edge/change-history-for-microsoft-edge.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index e3c6a0b2d7..83fb456c61 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -12,6 +12,11 @@ This topic lists new and updated topics in the Microsoft Edge documentation for For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/). +## September 2017 +|New or changed topic | Description | +|---------------------|-------------| +|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.md) | New | + ## February 2017 |New or changed topic | Description | |----------------------|-------------| @@ -47,4 +52,4 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th |New or changed topic | Description | |----------------------|-------------| -|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | \ No newline at end of file +|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | From 8db7b8587a92f214ee633b8fff87cc61dc13157f Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Tue, 19 Sep 2017 15:13:26 -0700 Subject: [PATCH 15/22] TEI link updates Updated the Total Economic Impact infographic link; added link and wording to full Forrester report --- browsers/edge/Index.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md index 77890240cb..5893fdf819 100644 --- a/browsers/edge/Index.md +++ b/browsers/edge/Index.md @@ -23,7 +23,7 @@ Microsoft Edge is the new, default web browser for Windows 10, helping you to e Microsoft Edge lets you stay up-to-date through the Windows Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools. >[!Note] ->For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892). +>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956). For a detailed report that provides you with a framework to evaluate the potential financial impact of adopting Microsoft Edge within your organization, you can download the full study here: [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847). >Also, if you've arrived here looking for Internet Explorer 11 content, you'll need to go to the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area. @@ -59,7 +59,9 @@ You'll need to keep running them using IE11. If you don't have IE11 installed an ## Related topics -- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892) +- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956) + +- [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847) - [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956) From 69eafe1073ddc64438b05681f301b9b999c7d6f7 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 19 Sep 2017 15:32:24 -0700 Subject: [PATCH 16/22] updates --- ...r-codes-windows-defender-advanced-threat-protection.md | 4 ++-- ...verview-windows-defender-advanced-threat-protection.md | 4 ++-- ...-status-windows-defender-advanced-threat-protection.md | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index 4200e50e85..f1ff28638b 100644 --- a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -29,14 +29,14 @@ ms.date: 09/05/2017 You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints. -For example, if endpoints are not appearing in the **Machines list** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. +For example, if endpoints are not appearing in the **Machines list**, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. > [!NOTE] > It can take several days for endpoints to begin reporting to the Windows Defender ATP service. **Open Event Viewer and find the Windows Defender ATP service event log:** -1. Click **Start**, type **Event Viewer**, and press **Enter**. +1. Click **Start** on the Windows menu, type **Event Viewer**, and press **Enter**. 2. In the log list, under **Log Summary**, scroll until you see **Microsoft-Windows-SENSE/Operational**. Double-click the item to open the log. diff --git a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index 9e98297388..5d510f2eb6 100644 --- a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -30,7 +30,7 @@ Enterprise security teams can use the Windows Defender ATP portal to monitor and You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to: - View, sort, and triage alerts from your endpoints - Search for more information on observed indicators such as files and IP Addresses -- Change Windows Defender ATP settings, including time zone and licensing information. +- Change Windows Defender ATP settings, including time zone and review licensing information. ## Windows Defender ATP portal When you open the portal, you’ll see the main areas of the application: @@ -54,7 +54,7 @@ Area | Description **Alerts queue** | Enables you to view separate queues of new, in progress, resolved alerts, alerts assigned to you, and suppression rules. **Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. -**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features. +**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, enable or turn off advanced features, and build Power BI reports. **Endpoint management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding. (3) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list. diff --git a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md index aed38dc020..67b2520eea 100644 --- a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Check the Windows Defender ATP service health description: Check Windows Defender ATP service health, see if the service is experiencing issues and review previous issues that have been resolved. -keywords: dashboard, service, issues, service health, current issues, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time +keywords: dashboard, service, issues, service health, current status, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -33,11 +33,11 @@ You can view details on the service health by clicking the tile from the **Secur The **Service health** details page has the following tabs: -- **Current issues** +- **Current status** - **Status history** -## Current issues -The **Current issues** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue: +## Current status +The **Current status** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue: - Date and time for when the issue was detected - A short description of the issue From 2802081f69c8be4f1a65676c63449fb9d5f8dc6c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 19 Sep 2017 16:11:41 -0700 Subject: [PATCH 17/22] update organize alerts queue --- ...-windows-defender-advanced-threat-protection.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index 4fa77ae8f4..70660d58f9 100644 --- a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -37,7 +37,7 @@ Use the Machines list in these main scenarios: ## Sort, filter, and download the list of machines from the Machines list You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order. -Filter the **Machines list** by time period, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, or **Groups** to focus on certain sets of machines, according to the desired criteria. +Filter the **Machines list** by **Time**, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, **Groups**, or **Tags** to focus on certain sets of machines, according to the desired criteria. You can also download the entire list in CSV format using the **Export to CSV** feature. @@ -78,7 +78,15 @@ Filter the list to view specific machines grouped together by the following mach - **Inactive** – Machines that have completely stopped sending signals for more than 7 days. -**Malware category**
+**Security state**
+Filter the list to view specific machines that are well configured or require attention based on the Windows Defender security controls that are enabled in your organization. + + +- **Well configured** - Machines have the Windows Defender security controls well configured. +- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization. + + +**Malware category alerts**
Filter the list to view specific machines grouped together by the following malware categories: - **Ransomware** – Ransomware use common methods to encrypt files using keys that are known only to attackers. As a result, victims are unable to access the contents of the encrypted files. Most ransomware display or drop a ransom note—an image or an HTML file that contains information about how to obtain the attacker-supplied decryption tool for a fee. - **Credential theft** – Spying tools, whether commercially available or solely used for unauthorized purposes, include general purpose spyware, monitoring software, hacking programs, and password stealers. @@ -88,6 +96,8 @@ Filter the list to view specific machines grouped together by the following malw - **General malware** – Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks. - **PUA** – Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software. +## Groups and tags +You can filter the list based on the grouping and tagging that you've added to individual machines. For more information, see [Manage machine group and tags](respond-machine-alerts-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags). ## Export machine list to CSV You can download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file. From 19a12d75b0f1d23dfe42ea4e764d9159b477f434 Mon Sep 17 00:00:00 2001 From: Jimmie Lightner Date: Wed, 20 Sep 2017 10:57:19 -0400 Subject: [PATCH 18/22] Update hello-planning-guide.md Corrected typographical errors within Trust Type section. --- .../hello-for-business/hello-planning-guide.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/access-protection/hello-for-business/hello-planning-guide.md b/windows/access-protection/hello-for-business/hello-planning-guide.md index 54739d877a..1e51ed414b 100644 --- a/windows/access-protection/hello-for-business/hello-planning-guide.md +++ b/windows/access-protection/hello-for-business/hello-planning-guide.md @@ -160,9 +160,9 @@ If your organization does not have cloud resources, write **On-Premises** in box Choose a trust type that is best suited for your organizations. Remember, the trust type determines two things. Whether you issue authentication certificates to your users and if your deployment needs Windows Server 2016 domain controllers. -One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end enetity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust). +One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end entity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust). -Because the certificate trust tyoes issues certificates, there is more configuration and infrastrucutre needed to accomodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificatat-trust deployements includes a certificate registration authority. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. +Because the certificate trust types issues certificates, there is more configuration and infrastructure needed to accomodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificate-trust deployements includes a certificate registration authority. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. If your organization wants to use the key trust type, write **key trust** in box **1b** on your planning worksheet. Write **Windows Server 2016** in box **4d**. Write **N/A** in box **5b**. @@ -320,4 +320,4 @@ If boxes **2a** or **2b** read **modern management** and you want devices to aut ## Congratulations, You’re Done -Your Windows Hello for Business planning worksheet should be complete. This guide provided understanding of the components used in the Windows Hello for Business infrastructure and rationalization of why they are used. The worksheet gives you an overview of the requirements needed to continue the next phase of the deployment. With this worksheet, you’ll be able to identify key elements of your Windows Hello for Business deployment. \ No newline at end of file +Your Windows Hello for Business planning worksheet should be complete. This guide provided understanding of the components used in the Windows Hello for Business infrastructure and rationalization of why they are used. The worksheet gives you an overview of the requirements needed to continue the next phase of the deployment. With this worksheet, you’ll be able to identify key elements of your Windows Hello for Business deployment. From ea35f3d24cc5d571bb295974dd57b6f9f4194251 Mon Sep 17 00:00:00 2001 From: nevedita Date: Wed, 20 Sep 2017 10:13:13 -0700 Subject: [PATCH 19/22] Update upgrade-readiness-get-started.md --- windows/deployment/upgrade/upgrade-readiness-get-started.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index 29a27310e4..ff117afd8d 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -84,9 +84,9 @@ To enable data sharing, whitelist the following endpoints. Note that you may nee | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| -| `https://v10.vortex-win.data.microsoft.com/collect/v1`
`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. | -| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. | -| `https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. | +| `https://v10.vortex-win.data.microsoft.com` | For Windows 10, Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. +| `https://Vortex-win.data.microsoft.com` | For OS versions lower than Windows 10, Connected User Experience and Telemetry component endpoint. +| `https://settings.data.microsoft.com` | Enables the compatibility update KB to send data to Microsoft. | Note: The compatibility update KB runs under the computer’s system account. From 5894c31bd977ba9eb970f7db761d2ba1c0111cc2 Mon Sep 17 00:00:00 2001 From: Andrew Childs Date: Wed, 20 Sep 2017 13:37:32 -0500 Subject: [PATCH 20/22] Update waas-delivery-optimization.md --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 2b77126ecf..be0f75a719 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -21,7 +21,7 @@ ms.date: 07/27/2017 Delivery Optimization is a self-organizing distributed cache solution for businesses looking to reduce bandwidth consumption for operating system updates, operating system upgrades, and applications by allowing clients to download those elements from alternate sources (such as other peers on the network) in addition to the traditional Internet-based Windows Update servers. You can use Delivery Optimization in conjunction with stand-alone Windows Update, Windows Server Update Services (WSUS), and Windows Update for Business. This functionality is similar to BranchCache in other systems, such as System Center Configuration Manager. -Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This mean that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet. +Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This means that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet. For more details, see [Download mode](#download-mode). From 023d27eefe35190fdeee6a3a992e47641d750253 Mon Sep 17 00:00:00 2001 From: nevedita Date: Wed, 20 Sep 2017 12:12:09 -0700 Subject: [PATCH 21/22] Update upgrade-readiness-get-started.md --- windows/deployment/upgrade/upgrade-readiness-get-started.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index ff117afd8d..90fabf7307 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -84,9 +84,9 @@ To enable data sharing, whitelist the following endpoints. Note that you may nee | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| -| `https://v10.vortex-win.data.microsoft.com` | For Windows 10, Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. -| `https://Vortex-win.data.microsoft.com` | For OS versions lower than Windows 10, Connected User Experience and Telemetry component endpoint. -| `https://settings.data.microsoft.com` | Enables the compatibility update KB to send data to Microsoft. | +| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for Windows 10 computers. User computers send data to Microsoft through this endpoint. +| `https://Vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for operating systems older than Windows 10 +| `https://settings.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. | Note: The compatibility update KB runs under the computer’s system account. From 93b2bc88b745112558a4e7e7182bb3f0729872bc Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 20 Sep 2017 14:39:40 -0700 Subject: [PATCH 22/22] general updates --- ...-windows-defender-advanced-threat-protection.md | 2 +- ...-windows-defender-advanced-threat-protection.md | 14 ++------------ ...-windows-defender-advanced-threat-protection.md | 12 +++--------- 3 files changed, 6 insertions(+), 22 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md index f775017c4c..e9c01a20cf 100644 --- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -77,7 +77,7 @@ Field numbers match the numbers in the images below. ![Image of artifact timeline with numbers](images/atp-siem-mapping3.png) -![Image of alert timeline with numbers](images/atp-siem-mapping4.png) +![Image of artifact timeline with numbers](images/atp-siem-mapping4.png) ![Image machine view](images/atp-mapping6.png) diff --git a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index f437a524b9..4581751734 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -93,18 +93,8 @@ Use the search bar to look for specific timeline events. Harness the power of us - Behaviors mode: displays "detections" and selected events of interest - Verbose mode: displays all raw events without aggregation or filtering -- **Event type** - Click the drop-down button to filter by the following levels: - - Windows Defender ATP alerts - - Windows Defender AV alerts - - Response actions - - AppGuard related events - - Windows Defender Device Guard events - - Process events - - Network events - - File events - - Registry events - - Load DLL events - - Other events

+- **Event type** - Click the drop-down button to filter by events such as Windows - Windows Defender ATP alerts, Windows Defender Application Guard events, registry events, file events, and others. + Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed. - **User account** – Click the drop-down button to filter the machine timeline by the following user associated events: diff --git a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index 70660d58f9..ca3569887b 100644 --- a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -60,19 +60,14 @@ You can use the following filters to limit the list of machines displayed during - Mac OS - Other -**Health**
-- All -- Well configure -- Requires attention - Depending on the Windows Defender security controls configured in your enterprise, you'll see various available filters. - **Sensor health state**
Filter the list to view specific machines grouped together by the following machine health states: - **Active** – Machines that are actively reporting sensor data to the service. - **Misconfigured** – Machines that have impaired communications with service or are unable to send sensor data. Misconfigured machines can further be classified to: - - Impaired communications - No sensor data + - Impaired communications For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). - **Inactive** – Machines that have completely stopped sending signals for more than 7 days. @@ -85,6 +80,7 @@ Filter the list to view specific machines that are well configured or require at - **Well configured** - Machines have the Windows Defender security controls well configured. - **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization. +For more information, see [View the Security Analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md). **Malware category alerts**
Filter the list to view specific machines grouped together by the following malware categories: @@ -109,13 +105,11 @@ Exporting the list in CSV format displays the data in an unfiltered manner. The You can sort the **Machines list** by the following columns: - **Machine name** - Name or GUID of the machine -- **Domain** - Domain where the machine is joined in -- **OS Platform** - Indicates the OS of the machine - **Health State** – Indicates if the machine is misconfigured or is not sending sensor data - **Last seen** - Date and time when the machine last reported sensor data - **Internal IP** - Local internal Internet Protocol (IP) address of the machine - **Active Alerts** - Number of alerts reported by the machine by severity -- **Active malware detections** - Number of active malware detections reported by the machine +- **Active malware alerts** - Number of active malware detections reported by the machine > [!NOTE] > The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.