From 0d98c94adb25c7f6b247c7571120484ff71e912f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 2 Jun 2020 14:33:56 -0700 Subject: [PATCH 01/13] Removed extraneous pipe character and spaces --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 738bf5aceb..bbe24a32b2 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -22,7 +22,8 @@ Answering frequently asked questions about Microsoft Defender Application Guard ## Frequently Asked Questions -### Can I enable Application Guard on machines equipped with 4GB RAM? | +### Can I enable Application Guard on machines equipped with 4GB RAM? + We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is 4 cores.) From 6509fb24eeb806492d6c6b1d9bfa49f6eb203981 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 19 Sep 2020 19:57:17 +0500 Subject: [PATCH 02/13] Update review-scan-results-microsoft-defender-antivirus.md --- .../review-scan-results-microsoft-defender-antivirus.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md index d23aa3b802..702e9274d3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md @@ -25,12 +25,6 @@ manager: dansimp After an Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. -## Use Microsoft Intune to review scan results - -1. In Intune, go to **Devices > All Devices** and select the device you want to scan. - -2. Click the scan results in **Device actions status**. - ## Use Configuration Manager to review scan results See [How to monitor Endpoint Protection status](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). From e386450aee97cf16301688aa9a0612ddaf240bf8 Mon Sep 17 00:00:00 2001 From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com> Date: Sun, 20 Sep 2020 12:14:17 +0200 Subject: [PATCH 03/13] Update microsoft-defender-antivirus-compatibility.md When using DLP, RTP will be enabled even in Passive mode. > [!IMPORTANT] > If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection feature will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate. --- .../microsoft-defender-antivirus-compatibility.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 200a5cd47a..c6012aeeff 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -91,6 +91,8 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir > [!WARNING] > You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md). +> [!IMPORTANT] +> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection feature will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate. ## Related topics From 0a7feed59a29f66ad25bd98d94a36bea04daa17c Mon Sep 17 00:00:00 2001 From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com> Date: Thu, 24 Sep 2020 12:35:15 +0200 Subject: [PATCH 04/13] Update manage-updates-baselines-microsoft-defender-antivirus.md [!NOTE] Updates are released under the below KB numbers: Microsoft Defender Antivirus: KB2267602 System Center Endpoint Protection: KB2461484 --- ...anage-updates-baselines-microsoft-defender-antivirus.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 514ee0334b..78f9f2a96f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -40,7 +40,12 @@ There are two types of updates related to keeping Microsoft Defender Antivirus u ## Security intelligence updates -Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection. +Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection. + +> [!NOTE] +> Updates are released under the below KB numbers: +> Microsoft Defender Antivirus: KB2267602 +> System Center Endpoint Protection: KB2461484 The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See the [Utilize Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection. From fb7ce22bfdef625a2c82f47b0cc7467f27f36697 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Sat, 26 Sep 2020 23:48:12 +0200 Subject: [PATCH 05/13] Event Forwarding: 1 word typo removal Closes #8361 --- ...indows-event-forwarding-to-assist-in-intrusion-detection.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index da3aea58e5..58051a41aa 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -24,8 +24,7 @@ Learn about an approach to collect events from devices in your organization. Thi Windows Event Forwarding (WEF) reads any operational or administrative event log on a device in your organization and forwards the events you choose to a Windows Event Collector (WEC) server. -To accomplish this, there are two different of subscriptions published to client devices - the Baseline subscription and the suspect subscription. The Baseline subscription enrolls all devices in your organization, and a Suspect subscription only includes devices that have been added by you. The -Suspect subscription collects additional events to help build context for system activity and can quickly be updated to accommodate new events and/or scenarios as needed without impacting baseline operations. +To accomplish this, there are two different subscriptions published to client devices - the Baseline subscription and the suspect subscription. The Baseline subscription enrolls all devices in your organization, and a Suspect subscription only includes devices that have been added by you. The Suspect subscription collects additional events to help build context for system activity and can quickly be updated to accommodate new events and/or scenarios as needed without impacting baseline operations. This implementation helps differentiate where events are ultimately stored. Baseline events can be sent to devices with online analytical capability, such as Security Event Manager (SEM), while also sending events to a MapReduce system, such as HDInsight or Hadoop, for long-term storage and deeper analysis. Events from the Suspect subscription are sent directly to a MapReduce system due to volume and lower signal/noise ratio, they are largely used for host forensic analysis. From e36795e3781b1ad4080a3ac9b8ac761b2927d875 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Sun, 27 Sep 2020 22:45:05 +0300 Subject: [PATCH 06/13] update naming https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6806 --- .../microsoft-defender-smartscreen-available-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md index 3956891c0c..89fd8fd2ee 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md @@ -78,7 +78,7 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor ## MDM settings If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support both desktop computers (running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune) and Windows 10 Mobile devices.

-For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP - InternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer). +For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser). From 49696f8aa070e22771fe28857d8256e98609ae10 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 10:18:04 -0700 Subject: [PATCH 07/13] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 78f9f2a96f..35ef7a7f50 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 09/10/2020 +ms.date: 09/28/2020 --- # Manage Microsoft Defender Antivirus updates and apply baselines From 465f35d02f66ae915bd3a62916b84b53a3287a27 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 10:36:33 -0700 Subject: [PATCH 08/13] Update windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index c6012aeeff..4b85403bcd 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -92,7 +92,7 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir > You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md). > [!IMPORTANT] -> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection feature will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate. +> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate. ## Related topics From b3386e77e5f5b064aa71db22527095ec7e221920 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 10:37:52 -0700 Subject: [PATCH 09/13] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 4b85403bcd..09c2e938a3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 08/26/2020 +ms.date: 09/28/2020 --- # Microsoft Defender Antivirus compatibility @@ -92,7 +92,7 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir > You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md). > [!IMPORTANT] -> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate. +> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled even when Microsoft Defender Antivirus is running in passive mode. Endpoint DLP depends on real-time protection to operate. ## Related topics From 95a73b8ae1ca5be1979d9e399cbec64013b4deeb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 10:39:24 -0700 Subject: [PATCH 10/13] Update windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../review-scan-results-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md index 702e9274d3..964eadf5dd 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md @@ -22,7 +22,7 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -After an Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. +After a Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. ## Use Configuration Manager to review scan results From 6b71932d9a8ca3d29c9128a3f15c6b332ebc2aeb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 10:40:12 -0700 Subject: [PATCH 11/13] Update review-scan-results-microsoft-defender-antivirus.md --- .../review-scan-results-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md index 964eadf5dd..93117ba6f2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 +ms.date: 09/28/2020 ms.reviewer: manager: dansimp --- From 86a2f6c76365c820ced5c0abaadb3638c7aa5997 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 10:53:33 -0700 Subject: [PATCH 12/13] Update microsoft-defender-smartscreen-available-settings.md --- .../microsoft-defender-smartscreen-available-settings.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md index 89fd8fd2ee..263e076dda 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security author: dansimp ms.localizationpriority: medium -ms.date: 1/26/2018 +ms.date: 09/28/2020 ms.reviewer: manager: dansimp ms.author: dansimp @@ -78,7 +78,7 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor ## MDM settings If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support both desktop computers (running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune) and Windows 10 Mobile devices.

-For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser). +For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser).
Setting
@@ -220,5 +220,3 @@ To better help you protect your organization, we recommend turning on and using - [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies) ->[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). From b42e4eeb073c7b296501112066c64c0e8c0a52d7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 11:30:57 -0700 Subject: [PATCH 13/13] Update review-scan-results-microsoft-defender-antivirus.md --- .../review-scan-results-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md index 48ed7d3439..da893a1b8a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md @@ -40,7 +40,7 @@ The following cmdlet will return each detection on the endpoint. If there are mu Get-MpThreatDetection ``` -![IMAGEALT](images/defender/wdav-get-mpthreatdetection.png) +![screenshot of PowerShell cmdlets and outputs](images/defender/wdav-get-mpthreatdetection.png) You can specify `-ThreatID` to limit the output to only show the detections for a specific threat. @@ -50,7 +50,7 @@ If you want to list threat detections, but combine detections of the same threat Get-MpThreat ``` -![IMAGEALT](images/defender/wdav-get-mpthreat.png) +![screenshot of PowerShell](images/defender/wdav-get-mpthreat.png) See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
Setting