mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-28 13:17:23 +00:00
Merged PR 4010: Merge atp-23-10 to master
Merge atp-23-10 to master
This commit is contained in:
Joey Caparas
commit
aec2f25dec
@ -18,7 +18,7 @@
|
||||
## [Windows Defender Advanced Threat Protection](windows-defender-atp\windows-defender-advanced-threat-protection.md)
|
||||
### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md)
|
||||
### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md)
|
||||
#### [Troubleshoot onboarding and error messages](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
|
||||
#### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
|
||||
### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
|
||||
### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
|
||||
### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -78,7 +78,7 @@ Reviewing the various alerts and their severity can help you decide on the appro
|
||||
- Others
|
||||
|
||||
>[!NOTE]
|
||||
>The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product.
|
||||
>The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender Antivirus as the default real-time protection antimalware product.
|
||||
|
||||
**View**</br>
|
||||
- **Flat view** - Lists alerts individually with alerts having the latest activity displayed at the top.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Windows Defender compatibility
|
||||
title: Windows Defender Antivirus compatibility
|
||||
description: Learn about how Windows Defender works with Windows Defender ATP and how it functions when a third-party antimalware client is used.
|
||||
keywords: windows defender compatibility, defender, windows defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -13,7 +13,7 @@ ms.localizationpriority: high
|
||||
ms.date: 10/17/2017
|
||||
---
|
||||
|
||||
# Windows Defender compatibility
|
||||
# Windows Defender Antivirus compatibility
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
@ -75,8 +75,8 @@ Follow theses actions to correct known issues related to a misconfigured machine
|
||||
- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled)</br>
|
||||
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint.
|
||||
|
||||
- [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy)</br>
|
||||
If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled.
|
||||
- [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)</br>
|
||||
If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
|
||||
|
||||
If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
|
||||
|
||||
|
||||
@ -112,7 +112,7 @@ You can sort the **Machines list** by the following columns:
|
||||
- **Active malware alerts** - Number of active malware detections reported by the machine
|
||||
|
||||
> [!NOTE]
|
||||
> The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.
|
||||
> The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
@ -127,9 +127,9 @@ When Windows Defender Antivirus is not the active antimalware in your organizati
|
||||
|
||||
For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md).
|
||||
|
||||
## Windows Defender Early Launch Antimalware (ELAM) driver is enabled
|
||||
If you're running Windows Defender as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
|
||||
## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
|
||||
If you're running Windows Defender Antivirus as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
|
||||
|
||||
If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender ELAM driver is enabled. For more information, see [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy).
|
||||
If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-minreq-belowfoldlink1)
|
||||
|
||||
@ -69,7 +69,7 @@ Event ID | Error Type | Resolution steps
|
||||
5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
|
||||
10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically<br> ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```.<br>Verify that the script was ran as an administrator.
|
||||
15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). <br> <br> If the endpoint is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again.
|
||||
15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender ELAM driver, see [Ensure that Windows Defender is not disabled by a policy](#ensure-that-windows-defender-is-not-disabled-by-a-policy) for instructions.
|
||||
15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) for instructions.
|
||||
30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
|
||||
35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location<br>```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.<br>The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
|
||||
40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
|
||||
@ -129,7 +129,7 @@ If the deployment tools used does not indicate an error in the onboarding proces
|
||||
- [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled)
|
||||
- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
|
||||
- [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection)
|
||||
- [Ensure that Windows Defender is not disabled by a policy](#ensure-that-windows-defender-is-not-disabled-by-a-policy)
|
||||
- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
|
||||
|
||||
|
||||
### View agent onboarding errors in the endpoint event log
|
||||
@ -240,7 +240,7 @@ To ensure that sensor has service connectivity, follow the steps described in th
|
||||
|
||||
If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) topic.
|
||||
|
||||
### Ensure that Windows Defender is not disabled by a policy
|
||||
### Ensure that Windows Defender Antivirus is not disabled by a policy
|
||||
**Problem**: The Windows Defender ATP service does not start after onboarding.
|
||||
|
||||
**Symptom**: Onboarding successfully completes, but you see error 577 when trying to start the service.
|
||||
@ -263,7 +263,7 @@ If the verification fails and your environment is using a proxy to connect to th
|
||||
1. Open the registry ```key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender```.
|
||||
2. Ensure that the value ```DisableAntiSpyware``` is not present.
|
||||
|
||||
|
||||
|
||||
|
||||
## Licensing requirements
|
||||
Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
|
||||
|
||||
@ -48,7 +48,7 @@ See the topic [Review events and errors on endpoints with Event Viewer](event-er
|
||||
|
||||
If onboarding endpoints successfully completes but Windows Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy.
|
||||
|
||||
For more information, see [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy).
|
||||
For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
|
||||
|
||||
#### Known issues with regional formats
|
||||
|
||||
|
||||
@ -66,7 +66,7 @@ breach. You can submit files for deep analysis and receive the results
|
||||
without leaving the [Windows Defender ATP portal](https://securitycenter.windows.com).
|
||||
|
||||
Windows Defender ATP works with existing Windows security technologies
|
||||
on endpoints, such as Windows Defender, AppLocker, and Device Guard. It
|
||||
on endpoints, such as Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard. It
|
||||
can also work side-by-side with third-party security solutions and
|
||||
antimalware products.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user