deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into rs2

Browse Source
This commit is contained in:
jdeckerMS 2017-03-28 11:50:56 -07:00
commit 8f6f97e34e
6 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
View File

@ -84,7 +84,9 @@ For security reasons, the package used to offboard endpoints will expire 30 days
a. Click **Endpoint Management** on the **Navigation pane**. a. Click **Endpoint Management** on the **Navigation pane**.
b. Under **Endpoint offboarding** section, select **Group Policy**, click **Download package** and save the .zip file. b. Click the **Endpoint offboarding** section.
c. Select **Group Policy**, click **Download package** and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.

4
windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
View File

@ -108,7 +108,9 @@ For security reasons, the package used to offboard endpoints will expire 30 days
a. Click **Endpoint Management** on the **Navigation pane**. a. Click **Endpoint Management** on the **Navigation pane**.
b. Under **Endpoint offboarding** section, select **Mobile Device Management /Microsoft Intune**, click **Download package** and save the .zip file. b. Click the **Endpoint offboarding** section.
c. Select **Mobile Device Management /Microsoft Intune**, click **Download package** and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*.

4
windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
View File

@ -88,7 +88,9 @@ For security reasons, the package used to offboard endpoints will expire 30 days
a. Click **Endpoint Management** on the **Navigation pane**. a. Click **Endpoint Management** on the **Navigation pane**.
b. Under **Endpoint offboarding** section, select **System Center Configuration Manager System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file. b. Click the **Endpoint offboarding** section.
c. Select **System Center Configuration Manager System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.

4
windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md
View File

@ -78,7 +78,9 @@ For security reasons, the package used to offboard endpoints will expire 30 days
a. Click **Endpoint Management** on the **Navigation pane**. a. Click **Endpoint Management** on the **Navigation pane**.
b. Under **Endpoint offboarding** section, select **Group Policy**, click **Download package** and save the .zip file. b. Click the **Endpoint offboarding** section.
c. Select **Group Policy**, click **Download package** and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.

BIN
windows/keep-secure/images/atp-disableantispyware-regkey.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 49 KiB

After

Width:  |  Height:  |  Size: 38 KiB

17
windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -229,22 +229,21 @@ If the verification fails and your environment is using a proxy to connect to th
**Solution**: If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy. **Solution**: If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are set to ```0``` or that the settings are cleared: - Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared:
- ```DisableAntiSpyware``` - DisableAntiSpyware
- ```DisableAntiVirus``` - DisableAntiVirus
For example, in Group Policy: For example, in Group Policy there should be no entries such as the following values:
```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key> - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
``` - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
- After clearing the policy, run the onboarding steps again on the endpoint. - After clearing the policy, run the onboarding steps again on the endpoint.
- You can also check the following registry key values to verify that the policy is disabled: - You can also check the following registry key values to verify that the policy is disabled:
1. Open the registry ```key HKEY_LOCAL_MACHINE\ SOFTWARE\Policies\Microsoft\Windows Defender```. 1. Open the registry ```key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender```.
2. Find the value ```DisableAntiSpyware```. 2. Ensure that the value ```DisableAntiSpyware``` is not present.
3. Ensure that the value is set to 0.
![Image of registry key for Windows Defender](images/atp-disableantispyware-regkey.png) ![Image of registry key for Windows Defender](images/atp-disableantispyware-regkey.png)