From 9e1239af66d6f8092136a7cb97896c4ad017168b Mon Sep 17 00:00:00 2001 From: Andrea Bichsel <35236577+andreabichsel@users.noreply.github.com> Date: Mon, 13 Aug 2018 17:07:02 -0700 Subject: [PATCH 1/5] Fixed typo. --- ...windows-event-forwarding-to-assist-in-intrusion-detection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index e42efc4ec8..35ab89b19d 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -108,7 +108,7 @@ Wecutil ss “testSubscription” /cf:Events ### How frequently are WEF events delivered? -Event delivery options are part of the WEF subscription configuration parameters – There are three built-in subscription delivery options: Normal, Minimize Bandwidth, and Minimize Latency. A fourth, catch-all called “Custom” is available but cannot be selected or configured through the WEF UI by using Event Ciewer. The Custom delivery option must be selected and configured using the WECUTIL.EXE command-line application. All subscription options define a maximum event count and maximum event age, if either limit is exceeded then the accumulated events are sent to the event collector. +Event delivery options are part of the WEF subscription configuration parameters – There are three built-in subscription delivery options: Normal, Minimize Bandwidth, and Minimize Latency. A fourth, catch-all called “Custom” is available but cannot be selected or configured through the WEF UI by using Event Viewer. The Custom delivery option must be selected and configured using the WECUTIL.EXE command-line application. All subscription options define a maximum event count and maximum event age, if either limit is exceeded then the accumulated events are sent to the event collector. This table outlines the built-in delivery options: From dd78eb3a31924ea6d0dc2dfc6c99c95f9198257b Mon Sep 17 00:00:00 2001 From: tmlyon Date: Fri, 24 Aug 2018 10:22:15 -0700 Subject: [PATCH 2/5] Update hololens-insider.md Updated latest build number --- devices/hololens/hololens-insider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md index 05e12d5cce..3e8092ebf3 100644 --- a/devices/hololens/hololens-insider.md +++ b/devices/hololens/hololens-insider.md @@ -14,7 +14,7 @@ ms.date: 07/27/2018 Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. ->Latest insider version: 10.0.17720.1000 +>Latest insider version: 10.0.17743.1000 ## How do I install the Insider builds? From bc3ab3a1c0bd2293571b38e9158bb24b09904e3a Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Fri, 24 Aug 2018 11:08:20 -0700 Subject: [PATCH 3/5] Revert "Update hololens-insider.md" --- devices/hololens/hololens-insider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md index 3e8092ebf3..05e12d5cce 100644 --- a/devices/hololens/hololens-insider.md +++ b/devices/hololens/hololens-insider.md @@ -14,7 +14,7 @@ ms.date: 07/27/2018 Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. ->Latest insider version: 10.0.17743.1000 +>Latest insider version: 10.0.17720.1000 ## How do I install the Insider builds? From 6302ea96169bdcac4d449971d19ded7a01919d7b Mon Sep 17 00:00:00 2001 From: Andrea Bichsel <35236577+andreabichsel@users.noreply.github.com> Date: Mon, 27 Aug 2018 07:58:05 -0700 Subject: [PATCH 4/5] Added text about PE files. --- .../applocker/working-with-applocker-rules.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md index 4cb0d0390a..8400f6cb17 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -6,8 +6,9 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft -ms.date: 09/21/2017 +author: andreabichsel +msauthor: v-anbic +ms.date: 08/27/2018 --- # Working with AppLocker rules @@ -60,6 +61,8 @@ The AppLocker console is organized into rule collections, which are executable f When DLL rules are used, AppLocker must check each DLL that an application loads. Therefore, users may experience a reduction in performance if DLL rules are used. The DLL rule collection is not enabled by default. To learn how to enable the DLL rule collection, see [DLL rule collections](#bkmk-dllrulecollections). + +EXE rules apply to portable executable (PE) files. AppLocker checks whether a file is a valid PE file, rather than just applying rules based on file extension, which attackers can easily change. Regardless of the file extension, the AppLocker EXE rule collection will work on a file as long as it is a valid PE file.   ## Rule conditions From 36b16c69c16a30fe4e1c7b8b715bb7ae398da85a Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 27 Aug 2018 15:19:50 +0000 Subject: [PATCH 5/5] Merged PR 10919: format string so it displays properly --- windows/configuration/guidelines-for-assigned-access-app.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index a032dc458d..eff3c3a789 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -75,7 +75,7 @@ Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh stat > > 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer. >2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). ->3. Insert the null character string in between each URL (e.g www.bing.comwww.contoso.com). +>3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com). >4. Save the XML file. >5. Open the project again in Windows Configuration Designer. >6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.