From ac0de6c9a99f44ece4552743e63203ebd09790d3 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 7 Mar 2017 14:53:25 -0800 Subject: [PATCH 01/11] edits from leonid --- ...nternet-windows-defender-advanced-threat-protection.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 49287b61de..5e69d804c4 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -45,16 +45,16 @@ Configure a registry-based static proxy to allow only Windows Defender ATP senso The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**. -The registry key that this policy sets can be found at: -```HKLM\Software\Policies\Microsoft\Windows\DataCollection TelemetryProxyServer``` +The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DisableEnterpriseAuthProxy`. + +The registry value `TelemetryProxyServer` takes the following string format: -The policy and the registry key takes the following string format: ```text : ``` For example: 10.0.0.6:8080 -If the static proxy settings are configured after onboarding, then you must restart the PC to apply the proxy settings. +The registry value `DisableEnterpriseAuthProxy` should be set to 1. ## Configure the proxy server manually using netsh command From 7e613e2743ec476341da59ab3b9c9ce0ca5fe039 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 7 Mar 2017 15:04:05 -0800 Subject: [PATCH 02/11] updates from dan m. --- ...y-internet-windows-defender-advanced-threat-protection.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 5e69d804c4..8ef29a6be5 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -37,8 +37,8 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe - Manual static proxy configuration: - - WinHTTP configured using netsh command - Registry based configuration + - WinHTTP configured using netsh command – Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy) ## Configure the proxy server manually using a registry-based static proxy Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet. @@ -61,7 +61,8 @@ The registry value `DisableEnterpriseAuthProxy` should be set to 1. Use netsh to configure a system-wide static proxy. > [!NOTE] -> This will affect all applications including Windows services which use WinHTTP with default proxy. +> - This will affect all applications including Windows services which use WinHTTP with default proxy.
+> - Laptops that are changing topology (for example: from office to home) will malfunction with netsh. Use the registry-based static proxy configuration. 1. Open an elevated command-line: From c6129df10a616abe4ab6a4de6d87628f2dfb3aa7 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 28 Mar 2017 12:16:12 -0700 Subject: [PATCH 03/11] updates --- .../deploy/upgrade-readiness-deployment-script.md | 14 +++++++++++--- windows/deploy/upgrade-readiness-get-started.md | 2 +- windows/deploy/upgrade-readiness-requirements.md | 2 -- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/windows/deploy/upgrade-readiness-deployment-script.md b/windows/deploy/upgrade-readiness-deployment-script.md index 0206b5764e..4d921b4468 100644 --- a/windows/deploy/upgrade-readiness-deployment-script.md +++ b/windows/deploy/upgrade-readiness-deployment-script.md @@ -42,9 +42,9 @@ To run the Upgrade Readiness deployment script: 3. By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options: > *logMode = 0 log to console only* -> + > > *logMode = 1 log to file and console* -> + > > *logMode = 2 log to file only* 3. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected: @@ -57,7 +57,15 @@ To run the Upgrade Readiness deployment script: > > *IEOptInLevel = 3 Data collection is enabled for all sites* -4. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. +4. The latest version (03.02.17) of the deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**. + +The data that is sent is the same data that is collected in the text log file that captures the events and error codes while running the script. This file is named in the following format: UA_yyyy_mm_dd_hh_mm_ss_machineID.txt. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: %SystemDrive%\UADiagnostics. + +This data gives us the ability to determine the status of your machines and to help troubleshoot issues. If you choose to opt-in to and send this data to Microsoft, you must also allow https traffic to be sent to the following wildcard DNS name: + +https://*vortex*.data.microsoft.com/ + +5. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered. diff --git a/windows/deploy/upgrade-readiness-get-started.md b/windows/deploy/upgrade-readiness-get-started.md index 4829baa632..7cb98c4cf2 100644 --- a/windows/deploy/upgrade-readiness-get-started.md +++ b/windows/deploy/upgrade-readiness-get-started.md @@ -79,7 +79,7 @@ For Upgrade Readiness to receive and display upgrade readiness data from Microso To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this. -Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account. +Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) to learn what you need to do to run it under the logged on user account. | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| diff --git a/windows/deploy/upgrade-readiness-requirements.md b/windows/deploy/upgrade-readiness-requirements.md index 5f706bab59..5593a4eb72 100644 --- a/windows/deploy/upgrade-readiness-requirements.md +++ b/windows/deploy/upgrade-readiness-requirements.md @@ -78,8 +78,6 @@ See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release. -**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints. - **Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises. **In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported. From 72d0830f3a0068a9b50303961d233d7c12d7a282 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 28 Mar 2017 13:39:20 -0700 Subject: [PATCH 04/11] updates --- windows/deploy/upgrade-readiness-deployment-script.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/deploy/upgrade-readiness-deployment-script.md b/windows/deploy/upgrade-readiness-deployment-script.md index 4d921b4468..f8d311cd6b 100644 --- a/windows/deploy/upgrade-readiness-deployment-script.md +++ b/windows/deploy/upgrade-readiness-deployment-script.md @@ -59,11 +59,12 @@ To run the Upgrade Readiness deployment script: 4. The latest version (03.02.17) of the deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**. -The data that is sent is the same data that is collected in the text log file that captures the events and error codes while running the script. This file is named in the following format: UA_yyyy_mm_dd_hh_mm_ss_machineID.txt. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: %SystemDrive%\UADiagnostics. + The data that is sent is the same data that is collected in the text log file that captures the events and error codes while running the script. This file is named in the following format: **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: **%SystemDrive%\UADiagnostics**. -This data gives us the ability to determine the status of your machines and to help troubleshoot issues. If you choose to opt-in to and send this data to Microsoft, you must also allow https traffic to be sent to the following wildcard DNS name: + This data gives us the ability to determine the status of your machines and to help troubleshoot issues. If you choose to opt-in to and send this data to Microsoft, you must also allow https traffic to be sent to the following wildcard endpoints: -https://*vortex*.data.microsoft.com/ + \*vortex\*.data.microsoft.com
+ \*settings\*.data.microsoft.com 5. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. From 46883594f52b0ba26865b6e673c1b8907dcbf092 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 28 Mar 2017 14:00:20 -0700 Subject: [PATCH 05/11] Update whats-new-windows-10-version-1703.md Insert rware links. --- .../whats-new-windows-10-version-1703.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 8533da7d2e..9fbdda50f6 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -114,15 +114,7 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10 - **Other features** - [Check sensor health state](../keep-secure/check-sensor-status-windows-defender-advanced-threat-protection.md) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues. - - ### Windows Defender Antivirus -New features for Windows Defender Antivirus (AV) in Windows 10, version 1703 include: - -- [Updates to how the Block at First Sight feature can be configured](../keep-secure/configure-block-at-first-sight-windows-defender-antivirus.md) -- [The ability to specify the level of cloud-protection](../keep-secure/specify-cloud-protection-level-windows-defender-antivirus.md) -- [Windows Defender Antivirus protection in the Windows Defender Security Center app](../keep-secure/windows-defender-security-center-antivirus.md) - Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](../keep-secure/windows-defender-antivirus-in-windows-10.md). The new library includes information on: @@ -136,6 +128,15 @@ Some of the highlights of the new library include: - [Evaluation guide for Windows Defender AV](../keep-secure/evaluate-windows-defender-antivirus.md) - [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](../keep-secure/deployment-vdi-windows-defender-antivirus.md) +New features for Windows Defender AV in Windows 10, version 1703 include: + +- [Updates to how the Block at First Sight feature can be configured](../keep-secure/configure-block-at-first-sight-windows-defender-antivirus.md) +- [The ability to specify the level of cloud-protection](../keep-secure/specify-cloud-protection-level-windows-defender-antivirus.md) +- [Windows Defender Antivirus protection in the Windows Defender Security Center app](../keep-secure/windows-defender-security-center-antivirus.md) + +In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated beahvior monitoring and always-on real-time protection](.../keep-secure/configure-real-time-protection-windows-defender-antivirus.md). + +You can read more about ransomware mitigations in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) ### Device Guard and Credential Guard From 2bfe1678e292d46f1e6736b94c106c428718abf7 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 28 Mar 2017 14:05:45 -0700 Subject: [PATCH 06/11] Update whats-new-windows-10-version-1703.md added blog link --- windows/whats-new/whats-new-windows-10-version-1703.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 9fbdda50f6..11fdff94d4 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -97,7 +97,7 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10 - Upgraded detections of ransomware and other advanced attacks - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect attacks that previously went unnoticed -- **Investigation**
+a- **Investigation**
Enterprise customers can now take advantage of the entire Windows security stack with Windows Defender Antivirus detections and Device Guard blocks being surfaced in the Windows Defender ATP portal. Other capabilities have been added to help you gain a holistic view on investigations. Other investigation enhancements include: @@ -136,7 +136,7 @@ New features for Windows Defender AV in Windows 10, version 1703 include: In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated beahvior monitoring and always-on real-time protection](.../keep-secure/configure-real-time-protection-windows-defender-antivirus.md). -You can read more about ransomware mitigations in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) +You can read more about ransomware mitigations and detection capability in Windows Defender AV in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). ### Device Guard and Credential Guard From 79f29d9f352aedd0a01f333dbafda82cfe0b3bd9 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 28 Mar 2017 14:11:24 -0700 Subject: [PATCH 07/11] add link to mmpc blog on ransomware --- .../whats-new-windows-10-version-1703.md | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 11fdff94d4..d4150db6cf 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -36,7 +36,7 @@ Windows Configuration Designer in Windows 10, version 1703, includes several new Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](../configure/provisioning-packages.md#configuration-designer-wizards). Bulk enrollment in Azure AD is available in the desktop, mobile, kiosk, and Surface Hub wizards. -![get bulk token action in wizard](images/bulk-token.png) +![get bulk token action in wizard](images/bulk-token.png) ### Windows Spotlight @@ -52,7 +52,7 @@ The following new Group Policy and mobile device management (MDM) settings are a ### Start and taskbar layout -Enterprises have been able to apply customized Start and taskbar layouts to devices running Windows 10 Enterprise and Education. In Windows 10, version 1703, customized Start and taskbar layout can also be applied to Windows 10 Pro. +Enterprises have been able to apply customized Start and taskbar layouts to devices running Windows 10 Enterprise and Education. In Windows 10, version 1703, customized Start and taskbar layout can also be applied to Windows 10 Pro. Additional MDM policy settings are available for Start and taskbar layout. For details, see [Manage Windows 10 Start and taskbar layout](../configure/windows-10-start-layout-options-and-policies.md). @@ -79,7 +79,7 @@ Using Azure AD also means that you can remove an employee’s profile (for examp MBR2GPT.EXE is a new command-line tool available in Windows 10 version 1703 and later versions. MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS). -The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports additional partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk. +The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports additional partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk. Additional security features of Windows 10 that are enabled when you boot in UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock. @@ -87,7 +87,7 @@ For details, see [MBR2GPT.EXE](../deploy/mbr-to-gpt.md). ## Security -### Windows Defender Advanced Threat Protection +### Windows Defender Advanced Threat Protection New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10, version 1703 include: - **Detection**
@@ -97,7 +97,7 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10 - Upgraded detections of ransomware and other advanced attacks - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect attacks that previously went unnoticed -a- **Investigation**
+- **Investigation**
Enterprise customers can now take advantage of the entire Windows security stack with Windows Defender Antivirus detections and Device Guard blocks being surfaced in the Windows Defender ATP portal. Other capabilities have been added to help you gain a holistic view on investigations. Other investigation enhancements include: @@ -114,8 +114,10 @@ a- **Investigation**
- **Other features** - [Check sensor health state](../keep-secure/check-sensor-status-windows-defender-advanced-threat-protection.md) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues. +You can read more about ransomware mitigations and detection capability in Windows Defender Advanced Threat Protection in the blog: [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/). + ### Windows Defender Antivirus -Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](../keep-secure/windows-defender-antivirus-in-windows-10.md). +Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](../keep-secure/windows-defender-antivirus-in-windows-10.md). The new library includes information on: - [Deploying and enabling AV protection](../keep-secure/deploy-windows-defender-antivirus.md) @@ -136,18 +138,18 @@ New features for Windows Defender AV in Windows 10, version 1703 include: In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated beahvior monitoring and always-on real-time protection](.../keep-secure/configure-real-time-protection-windows-defender-antivirus.md). -You can read more about ransomware mitigations and detection capability in Windows Defender AV in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). +You can read more about ransomware mitigations and detection capability in Windows Defender AV in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). ### Device Guard and Credential Guard -Additional security qualifications for Device Guard and Credential Guard help protect vulnerabilities in UEFI runtime. +Additional security qualifications for Device Guard and Credential Guard help protect vulnerabilities in UEFI runtime. For more information, see [Device Guard Requirements](../keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md#device-guard-requirements-for-improved-security) and [Credential Guard Security Considerations](../keep-secure/credential-guard.md#security-considerations). ### Group Policy Security Options -The security setting [**Interactive logon: Display user information when the session is locked**](../keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md) has been updated to work in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. +The security setting [**Interactive logon: Display user information when the session is locked**](../keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md) has been updated to work in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. -A new security policy setting +A new security policy setting [**Interactive logon: Don't display username at sign-in**](../keep-secure/interactive-logon-dont-display-username-at-sign-in.md) has been introduced in Windows 10 version 1703. This security policy setting determines whether the username is displayed during sign in. It works in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile. ## Update @@ -162,7 +164,7 @@ Windows Update for Business managed devices are now able to defer feature update [Express updates](../update/waas-optimize-windows-10-updates.md#express-update-delivery) are now supported on System Center Configuration Manager, starting with version 1702 of Configuration Manager, in addition to current Express support on Windows Update, Windows Update for Business and WSUS. -Delivery Optimization policies now enable you to configure additional restrictions to have more control in various scenarios. +Delivery Optimization policies now enable you to configure additional restrictions to have more control in various scenarios. Added policies include: - [Allow uploads while the device is on battery while under set Battery level](../update/waas-delivery-optimization.md#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) @@ -179,7 +181,7 @@ To check out all the details, see [Configure Delivery Optimization for Windows 1 Windows 10, version 1703 adds several new [configuration service providers (CSPs)](../configure/how-it-pros-can-use-configuration-service-providers.md) that provide new capabilities for managing Windows 10 devices using MDM. Some of the new CSPs are: -- The [DynamicManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device is not within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. +- The [DynamicManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device is not within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. - The [CleanPC CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/cleanpc-csp) allows removal of user-installed and pre-installed applications, with the option to persist user data. @@ -211,7 +213,7 @@ The following new features aren't part of Windows 10, but help you make the most ### Upgrade Readiness -Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. +Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled. @@ -228,4 +230,3 @@ Update Compliance helps you to keep Windows 10 devices in your organization secu Update Compliance is a solution built using OMS Logs and Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues. For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](../manage/update-compliance-monitor.md). - From 6ab411ede1464b64e7d5fbb242e51097c1f7d1b4 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 28 Mar 2017 14:46:34 -0700 Subject: [PATCH 08/11] update Windows Defender name --- windows/keep-secure/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 4680d2fe2c..09a7a1d1e5 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -801,7 +801,7 @@ #### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md) #### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) #### [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) -#### [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) +#### [Windows Defender Antivirus compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) ### [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) #### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-security-center-antivirus.md) #### [Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md) From aed18d390562a34cc29da236c5893eccd09bc2d6 Mon Sep 17 00:00:00 2001 From: Justinha Date: Tue, 28 Mar 2017 15:52:00 -0700 Subject: [PATCH 09/11] copyedits --- .../initialize-and-configure-ownership-of-the-tpm.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md index a1526fe442..152eec4793 100644 --- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md @@ -112,7 +112,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ 5. After the PC restarts, your TPM will be automatically prepared for use by Windows 10. -## Turn on or turn off the TPM (TPM 1.2 with Windows 10, version 1507 or 1511) +## Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 or 1511) Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. @@ -148,9 +148,9 @@ If you want to stop using the services that are provided by the TPM, you can use - If you did not save your TPM owner password or no longer know it, click **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password. -### Change the TPM Owner Password (Windows 10, version 1607 or earlier only) +### Change the TPM Owner Password (available only with Windows 10, version 1607 and earlier versions) -If you have the owner password available, see [Change the TPM Owner Password](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password), you can use TPM.msc to change the TPM Owner Password. +If you have the [owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) available, you can use TPM.msc to change the TPM Owner Password. 1. Open the TPM MMC (tpm.msc). From 1e0e4797556c7d238d17c190b5c6528badb362f6 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 28 Mar 2017 20:06:11 -0700 Subject: [PATCH 10/11] last few topics --- windows/keep-secure/TOC.md | 1 + ...ne-arguments-windows-defender-antivirus.md | 6 +- ...d-scan-types-windows-defender-antivirus.md | 188 ++++++---------- ...-remediation-windows-defender-antivirus.md | 39 +++- ...ployment-vdi-windows-defender-antivirus.md | 2 +- .../images/defender/wdav-get-mpthreat.png | Bin 0 -> 12472 bytes .../defender/wdav-get-mpthreatdetection.png | Bin 0 -> 52810 bytes ...scan-results-windows-defender-antivirus.md | 78 ++++++- .../run-scan-windows-defender-antivirus.md | 105 ++++++--- ...tch-up-scans-windows-defender-antivirus.md | 204 +++++++++++++++++- ...group-policy-windows-defender-antivirus.md | 31 ++- ...nfig-manager-windows-defender-antivirus.md | 16 +- ...hell-cmdlets-windows-defender-antivirus.md | 2 +- .../use-wmi-windows-defender-antivirus.md | 22 +- ...dows-defender-security-center-antivirus.md | 1 + 15 files changed, 525 insertions(+), 170 deletions(-) create mode 100644 windows/keep-secure/images/defender/wdav-get-mpthreat.png create mode 100644 windows/keep-secure/images/defender/wdav-get-mpthreatdetection.png diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 4680d2fe2c..1347f65ae1 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -804,6 +804,7 @@ #### [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) ### [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) #### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-security-center-antivirus.md) +#### [Windows Defender Antivirus on Windows Server](windows-defender-antivirus-on-windows-server-2016.md) #### [Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md) #### [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) ##### [Deploy and enable Windows Defender Antivirus](deploy-windows-defender-antivirus.md) diff --git a/windows/keep-secure/command-line-arguments-windows-defender-antivirus.md b/windows/keep-secure/command-line-arguments-windows-defender-antivirus.md index ea9f0e7d05..90098f1ce1 100644 --- a/windows/keep-secure/command-line-arguments-windows-defender-antivirus.md +++ b/windows/keep-secure/command-line-arguments-windows-defender-antivirus.md @@ -19,10 +19,14 @@ author: iaanw - Windows 10 +**Audience** + +- Enterprise security administrators + You can use a dedicated command-line tool to perform various functions in Windows Defender Antivirus. -This utility can be handy when you want to automate the use of Windows Defender Antivirus. +This utility can be useful when you want to automate the use of Windows Defender Antivirus. The utility is available in _%Program Files%\Windows Defender\MpCmdRun.exe_ and must be run from a command prompt. diff --git a/windows/keep-secure/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/keep-secure/configure-advanced-scan-types-windows-defender-antivirus.md index 369450238d..242dec94f1 100644 --- a/windows/keep-secure/configure-advanced-scan-types-windows-defender-antivirus.md +++ b/windows/keep-secure/configure-advanced-scan-types-windows-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Configure advanced scanning types for Windows Defender AV +title: Configure scanning options for Windows Defender AV description: You can configure Windows Defender AV to scan email storage files, back-up or reparse points, network files, and archived files (such as .zip files). keywords: advanced scans, scanning, email, archive, zip, rar, archive, reparse scanning search.product: eADQiWindows 10XVcnh @@ -12,7 +12,7 @@ localizationpriority: medium author: iaanw --- -# Configure email, removable storage, network, reparse point, and archive scanning in Windows Defender AV +# Configure scanning options in Windows Defender AV **Applies to** @@ -25,147 +25,79 @@ author: iaanw **Manageability available with** - Group Policy -- System Center Configuration Manager - PowerShell - Windows Management Instrumentation (WMI) +- System Center Configuration Manager - Microsoft Intune +To configure the Group Policy settings described in the following table: -Scan Turn on e-mail scanning -Scan Turn on reparse point scanning +1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. + +3. In the **Group Policy Management Editor** go to **Computer configuration**. + +4. Click **Policies** then **Administrative templates**. + +5. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below. + +6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. + +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. + +For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx). + +Description | GP location and setting | Default setting (if not configured) | PowerShell `Set-MpPreference` parameter or WMI property for `MSFT_MpPreference` class +---|---|---|--- +See [Email scanning limitations](#ref1)) below | Scan > Turn on e-mail scanning | Disabled | `-DisableEmailScanning` +Scan [reparse points](https://msdn.microsoft.com/library/windows/desktop/aa365503.aspx) | Scan > Turn on reparse point scanning | Disabled | `-DisableRestorePoint` +Scan mapped network drives | Scan > Run full scan on mapped network drives | Disabled | `-DisableScanningMappedNetworkDrivesForFullScan` + Scan archive files (such as .zip or .rar files). The [extensions exclusion list](configure-extension-exclusions-windows-defender-antivirus.md) will take precendence over this setting. | Scan > Scan archive files | Enabled | `-DisableArchiveScanning` +Scan files on the network | Scan > Scan network files | Disabled | `-DisableScanningNetworkFiles` +Scan packed executables | Scan > Scan packed executables | Enabled | Not available +Scan removable drives during full scans only | Scan > Scan removable drives | Disabled | `-DisableRemovableDriveScanning` +Specify the level of subfolders within an archive folder to scan | Scan > Specify the maximum depth to scan archive files | 0 | Not available + Specify the maximum CPU load (as a percentage) during a scan. This a theoretical maximum - scans will not always use the maximum load defined here, but they will never exceed it | Scan > Specify the maximum percentage of CPU utilization during a scan | 50 | `-ScanAvgCPULoadFactor` + Specify the maximum size (in kilobytes) of archive files that should be scanned. The default, **0**, applies not limit | Scan > Specify the maximum size of archive files to be scanned | No limit | Not available + +**Use Configuration Manager to configure scanning options:** + +See [How to create and deploy antimalware policies: Scan settings]( https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring System Center Configuration Manager (current branch). + + +**Use Microsoft Intune to configure scanning options** -## Manage email scans in Windows Defender - -You can use Windows Defender to scan email files. Malware can install itself and hide in email files, and although real-time protection offers you the best protection from email malware, you can also scan emails stored on your PC or server with Windows Defender. -> **Important:** Mail scanning only applies to on-demand and scheduled scans, not on-access scans. +See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune: Scan options](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#specify-scan-options-settings) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details. -Windows Defender scans Microsoft Office Outlook 2003 and older email files. We identify the file type at run-time based on the content of the file, not on location or extension. -> **Note: ** Scanning email files might increase the time required to complete a scan. - -Windows Defender can extract embedded objects within a file (attachments and archived files, for example) and scan internally. -> **Note:** While Windows Defender can be configured to scan email files, it can only remediate threats detected inside certain files, for example: -- DBX -- MBX -- MIME - -You can configure Windows Defender to scan PST files used by Outlook 2003 or older versions (where the archive type is set to non-uni-code), but Windows Defender cannot remediate threats detected inside PST files. We recommend using real-time protection to protect against email malware. + + + +### Email scanning limitations +Enabling email scanning will cause Windows Defender AV to scan emails during on-demand and scheduled scans. Embedded objects within an email file (such as attachments and archived files) are also scanned. The following file format types can be scanned and remediated: +- DBX +- MBX +- MIME + +>[!WARNING] +> Is this true - can it scan Outlook 2013/ 2016? +> "Windows Defender scans Microsoft Office Outlook 2003 and older email files." + +You can configure Windows Defender to scan PST files used by Outlook 2003 or older versions (where the archive type is set to non-uni-code), but Windows Defender cannot remediate threats detected inside PST files. We recommend using [always-on real-time protection](configure-real-time-protection-windows-defender-antivirus.md) to protect against email-based malware. If Windows Defender detects a threat inside an email, it will show you the following information to assist you in identifying the compromised email, so you can remediate the threat: - Email subject - Attachment name -Email scanning in Windows Defender is turned off by default. There are three ways you can manage scans through Windows Defender: -- *Group Policy* settings -- WMI -- PowerShell -> **Important:** There are some risks associated with scanning some Microsoft Outlook files and email messages. You can read about tips and risks associated with scanning Outlook files and email messages in the following articles: + +>[!WARNING] +>There are some risks associated with scanning some Microsoft Outlook files and email messages. You can read about tips and risks associated with scanning Outlook files and email messages in the following articles: - [Scanning Outlook files in Outlook 2013](https://technet.microsoft.com/library/dn769141.aspx#bkmk-1) - [Scanning email messages in Outlook 2013](https://technet.microsoft.com/library/dn769141.aspx#bkmk-2) - -## Use *Group Policy* settings to enable email scans -This policy setting allows you to turn on email scanning. When email scanning is enabled, the engine will parse the mailbox and mail files to analyze the mail bodies and attachments. +## Related topics -Turn on email scanning with the following *Group Policy* settings: -1. Open the **Group Policy Editor**. -2. In the **Local Computer Policy** tree, expand **Computer Configuration**, then **Administrative Templates**, then **Windows Components**, then **Windows Defender**. -3. Click **Scan**. -4. Double-click **Turn on e-mail scanning**. - - This will open the **Turn on e-mail scanning** window: - - ![turn on e-mail scanning window](images/defender-scanemailfiles.png) - -5. Select **Enabled**. -6. Click **OK** to apply changes. - -## Use WMI to disable email scans - -You can write a WMI script or application to disable email scanning. Read more about [WMI in this article](https://msdn.microsoft.com/library/windows/desktop/dn439477.aspx), and read about [Windows Preference classes in this article](https://msdn.microsoft.com/library/windows/desktop/dn455323.aspx). - -Use the **DisableEmailScanning** property of the **MSFT\_MpPreference** class (part of the Windows DefenderWMI provider) to enable or disable this setting: -**DisableEmailScanning** -Data type: **boolean** -Access type: Read-only -Disable email scanning. - -## Use PowerShell to enable email scans - -You can also enable email scanning using the following PowerShell parameter: -1. Open PowerShell or PowerShellIntegrated Scripting Environment (ISE). -2. Type **Set-MpPreference -DisableEmailScanning $false**. - -Read more about this in: -- [Scripting with Windows PowerShell](https://technet.microsoft.com/library/bb978526.aspx) -- [Defender Cmdlets](https://technet.microsoft.com/library/dn433280.aspx) - -## Manage archive scans in Windows Defender - -You can use Windows Defender to scan archive files. Malware can install itself and hide in archive files, and although real-time protection offers you the best protection from malware, you can also scan archives stored on your PC or server with Windows Defender. -> **Important:** Archive scanning only applies to on-demand and scheduled scans, not on-access scans. - -Archive scanning in Windows Defender is turned on by default. There are four ways you can manage scans through Windows Defender: -- *Group Policy* settings -- WMI -- PowerShell -- Endpoint Protection -> **Note:** Scanning archive files might increase the time required to complete a scan. - -If you exclude an archive file type by using the **Extensions** box, Windows Defender will not scan files with that extension (no matter what the content is), even when you have selected the **Scan archive files** check box. For example, if you exclude .rar files but there’s a .r00 file that’s actually .rar content, it will still be scanned if archive scanning is enabled. - -## Use *Group Policy* settings to enable archive scans - -This policy setting allows you to turn on archive scanning. - -Turn on email scanning with the following *Group Policy* settings: -1. Open the **Group Policy Editor**. -2. In the **Local Computer Policy** tree, expand **Computer Configuration**, then **Administrative Templates**, then **Windows Components**, then **Windows Defender**. -3. Click **Scan**. -4. Double-click **Scan archive files**. - - This will open the **Scan archive files** window: - - ![scan archive files window](images/defender-scanarchivefiles.png) - -5. Select **Enabled**. -6. Click **OK** to apply changes. - -There are a number of archive scan settings in the **Scan** repository you can configure through *Group Policy*, for example: -- Maximum directory depth level into which archive files are unpacked during scanning - - ![specify the maximum depth to scan archive files window](images/defender-scanarchivedepth.png) - -- Maximum size of archive files that will be scanned - - ![specify the maximum size of archive files to be scanned window](images/defender-scanarchivesize.png) - -- Maximum percentage CPU utilization permitted during a scan - - ![specify the maximum percentage od cpu utilization during a scan window](images/defender-scanarchivecpu.png) - -## Use WMI to disable archive scans - -You can write a WMI script or application to disable archive scanning. Read more about [WMI in this article](https://msdn.microsoft.com/library/windows/desktop/dn439477.aspx), and read about [Windows Preference classes in this article](https://msdn.microsoft.com/library/windows/desktop/dn455323.aspx). - -Use the **DisableArchiveScanning** property of the **MSFT\_MpPreference** class (part of the Windows DefenderWMI provider) to enable or disable this setting: -**DisableArchiveScanning** -Data type: **boolean** -Access type: Read-only -Disable archive scanning. - -## Use PowerShell to enable archive scans - -You can also enable archive scanning using the following PowerShell parameter: -1. Open PowerShell or PowerShellISE. -2. Type **Set-MpPreference -DisableArchiveScanning $false**. - -Read more about this in: -- [Scripting with Windows PowerShell](https://technet.microsoft.com/library/bb978526.aspx) -- [Defender Cmdlets](https://technet.microsoft.com/library/dn433280.aspx) - -## Use Endpoint Protection to configure archive scans - -In Endpoint Protection, you can use the advanced scanning options to configure archive scanning. For more information, see [What are advanced scanning options?](https://technet.microsoft.com/library/ff823807.aspx) - +- [Customize, initiate, and review the results of Windows Defender AV scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) +- [Configure and run on-demand Windows Defender AV scans](run-scan-windows-defender-antivirus.md) +- [Configure scheduled scans for Windows Defender AV](scheduled-catch-up-scans-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file diff --git a/windows/keep-secure/configure-remediation-windows-defender-antivirus.md b/windows/keep-secure/configure-remediation-windows-defender-antivirus.md index bfc941c20c..6e3c6cb619 100644 --- a/windows/keep-secure/configure-remediation-windows-defender-antivirus.md +++ b/windows/keep-secure/configure-remediation-windows-defender-antivirus.md @@ -14,4 +14,41 @@ author: iaanw -# Configure remediation for Windows Defender AV scans \ No newline at end of file +# Configure remediation for Windows Defender AV scans + +**Applies to** +- Windows 10 + +**Audience** + +- Enterprise security administrators + +**Manageability available with** + +- Group Policy +- System Center Configuration Manager +- PowerShell +- Windows Management Instrumentation (WMI) +- Microsoft Intune + + + +Main | Allow antimalware service to startup with normal priority +Main | Allow antimalware service to remain running always +Scan | Create a system restore point + +Main | Turn off routine remediation +Quarantine | Configure removal of items from Quarantine folder +Scan | Turn on removal of items from scan history folder + + + + + +[Configure remediation-required scheduled full scans for Windows Defender AV](scheduled-catch-up-scans-windows-defender-antivirus.md#remed) + +Threats | Specify threat alert levels at which default action should not be taken when detected +Threats | Specify threats upon which default action should not be taken when detected + +https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#threat-overrides-settings +https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#choose-default-actions-settings \ No newline at end of file diff --git a/windows/keep-secure/deployment-vdi-windows-defender-antivirus.md b/windows/keep-secure/deployment-vdi-windows-defender-antivirus.md index 50d37bfe9d..100bffd5f8 100644 --- a/windows/keep-secure/deployment-vdi-windows-defender-antivirus.md +++ b/windows/keep-secure/deployment-vdi-windows-defender-antivirus.md @@ -20,7 +20,7 @@ author: iaanw **Audience** -- IT professionals +- Enterprise security administrators **Manageability available with** diff --git a/windows/keep-secure/images/defender/wdav-get-mpthreat.png b/windows/keep-secure/images/defender/wdav-get-mpthreat.png new file mode 100644 index 0000000000000000000000000000000000000000..e1671237a65b7775eda0a1aa4985633e866ef556 GIT binary patch literal 12472 zcmc(FWmr`GxAxEqC?Fk@3Ift19ZEYAp^X~C^ z&iTLR%lY(P*E`n$!`d->uf2Y2-S@p#_Mfa(AS75pe1C`99q;eS!LH`^rogT)pxV}|IKX@lW!5%z zaRfVBgIcNA!vP!4KgYYfm|KEQ?n03NwVRZagM+1`8|d^`QVU?iM(w5ncC)tx{oEa4 z0fFd2^3ty~JkxjPjpg)_nF9MxFA;}gN5Q+%I*;?mcU!GENfNv8Rk&!tpRg?F-krt% z2zIRq$@cNJboFdh*W;rQ2Qt z#@8&#X)@XUyp01q_VW$uC+;4ia!Yos5#QE2geTwEsQCDv2u8ntZ==GKp^a?7_&hUI zPc3tOU$J!J00GGf*wS`PDlFC^DmCuO3J~O_z3L)Bo*xxL&XH7S@bj~+$G6?{>(o)9 zR79#P*S{{!sqjYlIvJueZt7y*z({tj8}`qaKsD&Ee6yTe4xysaEAJ(~C=f~&T&;-; zcHSUbZw<(omG#ckyETPi&1>8<$z6Bh>m>GK>8| zKKj7L-61s57uIjdvgUWWX|K{M*|1%*m_#m#S|oAI1lt$Rd_USJ%7~r|kvYCKLz6rx z{j)T`96&dlfZyEx(^lwLN+CX9isvNsd)+{qN?0YuQ)$?N+i;yVE zDkkJ>;(@YZqQg|`(&V%b>Gm9~uiK+z@8c&{+ctk1Fp5{(m*Z^io>Q}OBog_EuQ$mB z*VCIa>g7DeTI1lExXE|(ZBQ79+{v(?XYa2(*Rb>nlEd%Gr;KTfes^twjDzhSlF1Io z3Nq-?Gkq!dA8@vTHSNmmo^YPhN43}Kv0*RxKLgEA#`qN#+8q|+!*=R}oM4;Ww1VylVJx_b^fV(T6RAEum5CRP z;Q8^b0NQA$#!6vamk4|D_EG3W+tsC>+VMn+*C=@rPI&LC3_~8d5SIlAX16hT_o4Y0 zbJ!31nI~AozB$$2M5)-X)d(FFsKnHvHh}ZIeQ9tM2zLO}Y->u5^sqqCO&R%c;Hd$9 z(4Vs49&v=r+pKFo zHzRZy!Ts`#qG!0I`Wbp_vmC|kWR#$|{HrRTZowWg^~djWNT0m1B9y_utw#5Da-*D` zj4r+)Q0Ury=PYXUB+JQ+0P4>6Ase}CIKMD=?PSt8YE#Whe$9Y(Vcc^tJt*(#_;F=Y ztR?i4bU)3Bd8z)QR&LSt+S}|=)_i)Wb?yWm3sPTzdspK1@4JO}<9Dj3+jIvG_v#?7 zk1`|CEZzj{Rp9-qn&WcH-lOBqWn35Y_dFxIgO-kV9iV~6On2&vkfMWtuZQI=Wz;2- zjwg};XGm^FkAD~EgK1Qb#!}}k594N>Di{iEi9gIOD&}#LurZ$Tdn`C5Pkq-D9>-au zC3zflekgl-Pw2)}J?N*CK)%G}WKiZcwf)xom#>EQ;I1#DFwalH4d0uy){1Q&_8_X# zSt=v*L~e3kE5btF8FigeBG%GL7+%q$dFQq-H|4e8bMJT-<6_5Ejti1o0qd%+wlTn3 z*rUqwCOcSa^gnz!8N<)k!RtmX)f^MUE@Juy*e?!#8JeZNH$kufxkdQigsN|HYpq!8 zU|K+d%Qk5@{nsAa8&{S`-&?u}!~!Bu781E`g#2$>9G4|Pix8uq^%Ad>GHM}a^%B?c z3eFbz0rI};n5RF4*x2_wL`s-$q2+G(jnmJn~Cx;QeuV$>;1Df#~3LF|c?)XsSc@+$%kO{4_*m$h? z>D?=IkZPHxUGw!BBmgbOzmqGQlth5#V6f(dKhju*ih~ms8RRXO^((?BJaX%n;*Ea9 zcaBX^jJt{l7I))z-oO4dLWX7wce(aYrJc3ZHqWC3+wc6&^d)^tnnI%@BB*-C6EI}t zJS{HJOT@e7-6V2?K2!E^InDAYr_NiF0(ZdkLn3>ZX_~_vc6HC`fJoO(686x-mLl8# zH4p^}QLRft(;Jymr}yf2(UdmKlYKk(A>^M1h4&PPCoQ*+{hik@zIhu76`)JW#6E_9HGEX*bt+|-+^gYMI9w%5iJM1=s3-T83RP-AiSo;f?e zW0QDoE=7+W3s7OeolRoHCt$aW*pwk3akRU6WfPTGBs^7$)zubW`>xk3JI;%m=y#{P zu?L=7$k-@9zK>i3Syy?^z6XU_b}~Iq2OaCeFf7nqt3V#@?2(XT7*IovBeNd0q<02O zu@8f%>5Oq`Z%6kIoG!~92o@*n1uS;W54lrx;|Ys}j>DB`BoPS^*kxP5ls(Yf)JOhHZJlOBZ8AE8f9Q4|6kEZkPI;ZO+Mp2|9gyq z$uJ6S*yc%Z zx(j04$+Q`g~G~{!zzB#4Rpl5|@Z**wT_jS;mX3XUYFbB7Ini zN%`U{Tw_JnV(#tMQDWnLEa__K+a~5Pa+4*@h%+YPHLQ2f#KJgD^j}>qGk}T%qvRsE zayf0d0QU|h4U3)qMGajwauliR`>dpVw>yLGXoSW||JHhg0Dm$xhk5{A*nF>=%Zsom zs@zCx&AdGi3vNybej~mkp_LaIjAN9(O7pKklD<3a+E z%*H#>2Qk0WDTp=HB(?USn@H|?Q)_q#$=G8P`-b)u=r)ndMtBkF+YVQkd{TCw4+du- z=HrP63*6W9xjP~be1A)H%ECRy1OSq!l|F-;fqw+rY}-DtEwNOJ#|b~bbu1fuN-akp z{(|hs$m1{Glk9lFGq=T(RgC}d%v$o|=3@m(W>Mc%R1YC~U6Uf1!wpLk;6de7nvOi~Px^}Vk!a;ylsiJ^e$eWE2ec=8 zY1q$;mDbcBKF=}J;mxH1Wk0YW(EZpL2C3-M*!CV|S!@|_1~`lxznA~@LC^96M@w4( zv$4^}$Emki?;0hagk2B--|-l`29;aJTTdkSWr!f;8;+j@(#% zdD|Lrme=5M{$iW=Fx_R7lToplvf^6BBP;cNs{j#Eb#?`ha_lc-;@YBsxc-o)Xq%dd zM}K&%*YjO&fiKdFbvR2G3K;xCWZfS$`ZY`9BmP7Uj$e-DiK9fLuaLRVLobgLtJUdY zzWtbOk%bTZOmJ5H(rY0Hu{FbZvkWt1mH0JnWwB}38l;Qh8jRtHhufgBjL+6R-^HcUzI5y8v@scz z(@M~^YAvo}#wDJv89j+1e6+8aBhOe^Ju{xR2I1L;e~w=l#s+dZL`7mPP(92*GgK|b z5kLZNI$4FExDYAU;T;XUhnPpJNtc-EW;5tUYK%hvD8=U zJ5z=E{5~ZO{fOQ^a9j{jIG}=L%H(M+R#{v)8bg&LhO(KBJj!B|BC5A*Mm+ii8JxBH zjs3HY_l6L?@<%inK&=p|nRhKYnoQ?i9SSthd>rV_dsx8QUpduqg6$8+>ievw4Zu;2 zg|`m#dS~nTmDh7LZ!mgZ)c>)XKFBzwKvgCM-C+$XUtgNj23s#4?3nN_7uBX$huf#* zfxVT{W;FVi7%(xpr9LW!9&Yas0Mk~Sp|>~)br2w&yRHNOt^w#JciDRgv5%aon!NdQ z11bu~TCVX^^@X^VG5WEJ14)&u&8lWA)tz(B4jw`xqQsS$MO0bi9DBhe2t=f6q1iuW z?zK9(vSY>W&kK@4Vxz-rpk$CPrHE-O-lo#JL*0UAx1a2tZy$jp&J?L*s2q;=qH-4%@9iR1$FAmLYlsOJiHy z3=!y!#n(HW+dc#wH<4bk8@8T6e1wn1xIQPmo;nRa7FG5T3aI9^Zcg$9V)Um_eU$2O zG!%=~p#DUjwsUGooSBbqX&{_oK+*sSV_hpv?27#Ps%XXyzUfRS<&muU zL_OpleW>8E&c_#-oU~N4M=b!g_O*F__gcmIbhC1wEzE<%R`!>*J5G=#f~?f{f1|)m-0CTxC&(VgX`+aPj=FYJeQn9z8@L9@{6M%F z_Tghv%rBK&FjhdBZM2r0pLhgKG(-n)W-OX51Z{QyYE$vw`_FFnw^tO z7<1?aYr!p&gT{5xj}AocJ#YE2M@Hyp!m*rUHzAkU^CE*80pHad`R61q{JHrXNM4ur z)1(d?^%1@I96;S@w!@vtp+~(@1XN-@w(e6mBF2k1&9h-N?jn}{wb%IhYwMD)mEG3x z@y!2RQDugU2`g#GmzQg;Y+*#op~}Wl;OBCzJnI$!{KU!8LMM1we$f#4yVw+;gU-xd zHOPr6rg*IGfU4QDZKHsvAz<#Ub6G=1w^|)tA7Vm_Id4aGB_dsdQvb4kR-QhUu1C$5 z?7e7sV(HVz|G3l&4g?!f{qHfpU{oUH$NP`)qm54FP|^1QNxuUXMG9_$y*w5z`*NsL z)l)qdQXiK__N%1juqJ8m_iCSU3fivO!4l)<4=+|M+BGR<)GxS7-ddk8{TRpr5QZ-V z-Jdn$v@u7hHtJIu?I|PGJu1lC)I40mVbNCu^o}>>9;^|e8Ar2sVguD;c3-PuU*^{+ zY8>aw{pNLjgT@<&j*LoXg!Ok)2`i_veCeV;?YAGlkhWnKL6L zzll!%X~Z|Gb^pUf!m})ltC=SS8qpIC%%XzQ%zL48IIX^OeT79auPV-4E`03C4O?r1JvhV||4ScQMmz@X6HQ;s>`5I}?qtsT8JAseC){68 zd1^JPVQh2~)nZn)EhOjpIaQ`LcltLceD}rGH11Yr9_tbD!v>N492o767}<2tjSkyY z;Sj4x*_OCgUuNMNMP~xVO>Z&l$9T(`5_Lb_gVMKobDg$5CXfeO`gxCg@ZaoITKm5A zC7v1`Qf;2C^dr!}PW8O{W}>HZ)jTnY=6k;3x!t|@s{WWtaWV%yz0#ZQPRD-j=svo& zcJA|g{T!u1X?tc>xvKwJ)=039ExGnC^=drgY#3qggh)yAP8e^dULH1(*8{vL4J!<0!(X)~Cnovou2YsJxXWyx&Lc?O{99J(^Gtc{i|b zdDtp0QkL3n1&=g7#@Rz&4Giy=!q1_8j?hsaLBo*o32+Zs2q-KLDP7JwZQt$jJp}_f zZus3D;VOm3#EpA+8_mO5*%)H`?E#H=Y5U8IHw>a*JJ@=5Wo)SS6<=+q^3rHCn2L#i z#3+_2dIn$i#O!Uqg&N!e{mX z{x2cdO2@UPvUPMOLnrDwXVjeaodx8bE4;6vho;6C;s0*Y7>}`_i(|9&f%`1{fSH%O zIVpn6|4(0RMG~`WC~aP+Ot!JTEc29x&UIJ(BXWzq2YwSyJ6r>YE&Z3mzvBZ!ly5LC zJ<1c$pzv|0U+7S@1BPRZmpnf#6DYkr;BU#4-1n@b38!7#h^K>8&_7drTzTxd5^Bd63kCeLeOz1?6K*uYm{pTMR>D>IeC7b8@8?& z7);sw3DDJ@Gu^+k4hjuRjYmtl)5+fmg)bBX8W5I&G0sDek?y;LrSFY)K4KU6Jo;1md6k*%E2CWj1DuzUEVy|?@N+b#~h1nZw!^# zqy53nx+CSdv?nLfAC-#^4Whrc!#dWed;diN{NB0|ENSkmdcA!|FR;Ixe3^D14v{FW zK?!d`Ouw?A$XqQCM5zZf&fmW3))-{A?&`FO*Op_|gdMx_UGe8;X(WJi=O?+Hn?Zp3 z(zk1uQuh&Wb8E`aSQ37sGDnRy*5yYtN7da--8#VznKY@k`x7EH*TTMBVNuL(!=D7o z-KEd2( z)8ZMoeoWV2IRmr|lVXAQn*-(r@B_~JT3}Ind{t@Nym@~4J`(z!`Q0xv203->{w{85 zS05^hug=$&nhqI_18ff+A2jxNh!onD{c+V!ur7B;KDY*?Mkc=M*r#mNOwL4{gZ!T_ z?&Hj_+;gW};t*$yMmuMZK`W3)NiewafCLj!?{Ym~@K>k#GnM?XcTxroaZ2@E0>=16 zw4%v)f=9)}EBnOgD7ODwlfVqYYTUlooi0+rb!*0994=C??yN-ot{-$of;L00Uh~x? zq;$KoQ}nAcKHFni2|;?cL$%7{Op)a7*8nB+3@^;^=w~UkmdM9l;6G0FKSbn!wi;?)}O|XH-Q3(Zi1Qng9_tHF-sSC6JH5 z3?P5JjTO}`xWDMzVyn8Y~uLkqQ`2f20+74q1w`ZRfe|6%KoLQ^q z&@P01pGenp_{y8yM-bD<2j#F#(9fhBn*d+Qg@lV6wphE7;_gQ&aRl_2txd2?RA!?M zt_1i%4$;wR=ZTYBPHf6YrmVo0?S}^wH%$T3FS$ApAt#*gDojpkG&O-<#vKEpZTlum ze@JdIl{O{`gQ?#NRpyH&pZ7`VL|Cw?H7db=J1CE>80;^}&}K5YD#)5uh@yG6iyO`C z(shn3Za20nHnRZ)opSbroJCpH%&vnC@g4!ex~<6%X)BEdEz~8K_2as?y;HhNh-Tb> zOY+o5uuEYR>zwFB>!uKZ-=G7X&r(%BV!RjNR$HBjSZ@Np&np?85th7Md3(OV@MLc0D(+EfHse+1lKPFx2<#BUmi74RKstEBVmq5 zF`Zl-#50u0alC1qK}{0?Oz^99LGu&DSb`r83cW!|?LnB{9V}7|)QYP-p;bF;vKFF; zo0M``-|KkDSr5ACXMT`Ass1|HwOy1u8*SVbL#aQTP{o7v8eg-IxQ3#WDe<)#6_@14 z^{y))+=DIk6QA}$I4z}d03^p@U2gw#E@o}p_hpa%heN3z z_7}cU@iX_j{sz|>_&}1iHsmyY-N*vlJeRBo>V$s8l*{uLb#ThSwoqRB_e%|UCVMtS z&w?}23C@bqCvMCV%3{Y`bKC=Y6tUh@o{)-Fh1f}|T!0s5SqlL8#jc;-|5@4rCd-gM{JOS(tHhGR`|9NEVyJc(KEkw`_2?Np_UU3_6L&KM2mT zo;WFCo!LfWeV|pL80C90-~!xwHFxz3AvnaM>TqhU=p<1u|5vd(OVX&`2S6a(9#oE) z2#T=qeT76;4MffwYJHXl^A0dJa61>8{35le6&rrU6CGGD(>^9_narU5=Ta+^!#cT7 zn^j^Ds=s5Kkq34XiUGi6+mxyU_2Gk#g^X_X=0&Zu&)c*;ka3rbAs=AnK&dEX;?;Ah zL37a`h+d=LMhV&FrVFa)roqzhs?9nxr5mkd+|QKUB@?wi(R>AD*Yio-jplEpWG{uB z&1jiT>@}{I&mMGSEeNdRy3El2j>|z&I?A>T-qmBu@>u}!AKv?1@YVNpZy<33)dV5> zLq*^#{W5N(-XUoXAeXi#^*%!Yw{9$eKsxtXpEG+JgkqxTuZJ^bZh9S1s|e#I$g0=8 zWsBlf*Q>ZH=Vla(pv1gYTEX=rb{>2gI&VXHtVF-OysbrHeNRHPAAyU44{Jh7YFNz7 zqzOxb&dN8Low}3z&((RJ?-bPySrw-D32<8R!lzoe$Yn?Z)5sfu{)Ke1W)~~Yv66uO z2Zn*xEmm{hUwj_OuywW;vS$O4>eXbAkL;JW#J?<2_EuoV{P@PHwLts(es*BYpv6~U z!7l%9+_d_nubyfvI+^oD>~%>ahB3O{XO0H{fl3T6-@l$t!496aZlE+Y8?Am&QVbDl z6K5IHaq`4A7s)B9_pa53gw0V}AM($DD-i~zT!5|ykfjqOz$SIXgIKn@o&(~_*uA7A z<~$_hByB!XQgwM+3Bwn9n|tupcd+w| z2u{SV;#Bo&Vnk9u>2c06k~J2quf*CDWL2!D*dDEcD@FrCApsx zK0^r%+TuGr=gN0Xp;qS9V>$@fhEkX8AS* z)1)854#kVhYtDHVPqhu>0(!h#DG5hWo3uSisws~Ek*XxM0>Nh4uvzbLS!N2w-JQ!r1;#KBEwFGQ!`!g%4 zX_`^Z4}YAXwdDPIbSOblNG-B2xG>q$IJcSQw5!I zAhFwlMA@bkKa!Q8bPa8kDu4VqCmT`WeP=dqH%II4P44UGsY zgaWBDun-#KfPXfW>iRQ@iB;J=S4EKX3_yalRgqO3{T@s4I?)Of4urka0ts#hs}>Fa-o3MWXu$T?wl1RslG!w9Arorc96O z7I4$D6PR*dGMC*EdP1}4(uzd#b|U+9tU*toFJy z?`nD_;$iu}y@G`=C3kW^3-l@xZkKg*bu@HZ05bnTT2%B*b&9VtSI*aD8)w#(?{3J<8tk%I8N884yO<4Mf|M zfj)jh?zSce)^HFJxb5G*Bf0Z{Clc}fAz%z7$*TqeNVPf^T%dZgT_1efg*~h}vbbYB zj$iLR9xs*$DQ$QxS6VwnF<%md=>l{-c<0O4(^{`1!1!udd3_CyoC?yG@3|aJgA8`fI{+&D$ z#}JE^f9Wcjvq|QOpdnIaZ~QXt3M@tGSdZNKzaO-_tmEV3$(vD?Oj>!b^5o>CfXnQZ zW}4MDK6Q&Y-pEqQRY8#kA(QXMK{^<}UeoI?D?NxD0aBDx5P`JWr&`Ly5jnGhAnw;* z$T?{lIh{C=v0YqZ57gj;f|tiS+NMWHXV76ABDhYqO?XEVkVzX)u)j5i^CRd|`L0wP z;i-r`i2#$CyZG5c|Bw*pTYHJo69U`XD|;>DT$lB1|MbL?r$^=}Io5rbk4Tm2+TO+G z(fRD1AGiYHWI`@e`? zXAmzk1^x^wNGGQi?g~j&TEN#v<;-Y?ag|RzkR*oe#Ab9%Uk-%DM!LWfrBQka@C*RE zJ|rz+AJ8h#u}NwwBS&tVx!0>T=o5LjS|*c>xIJ9))z6E9lbv5`+!OC z3ZvQOJP1tMaW>+0wZ7N#YNodIarlkE=TdLdwHXU?1M>)gGdWV)xmrD~ z%+Cs!U3;x}+Oec3JP0V^{4-AnGez3t5o=eAO)8*`uUmm^#q>hFAy%vBOG6WQ*NMMC_j%A~c#`F# z6KZnk)&t?=sUo|V-{HMuO)bzHLNPntQ}A*#*T6I&X1Ne;sm)`uY1GTcg7ZhoWwpi? za5)*F18HJ;;vMZa_&^2pwDq0>XVh0G>&UQJ*z}#c?w%eM{ABSNqM-}^3&1#&i+q&@ zceBL5f!V@xGWvy_PSz3Aj_Q8QX1>5ursna*O^)Rm(GU1>h-?*&v|V$4SKaV`YuE!L zGTJjnOf_q6gN;H2C*?3}!L*L zbntz$yiXx7<*s^t??fiMlRP9sYL7NGzfqE~oaMf~DUJU?vJIfjDIbVY@rcx+qY$5@ zLCeF{SI4OhX9~8DvyO zq$q9o3HxP3%vpew(DMfEQixu%von6quQp{sy4Pv28LW3hO`A}XTR&cT($G$?_w;Qa zpuq%WV#`{wExhC+fI^g6-8mF-q3Z^sgMVBo@I-EOgx97X=h^)k^s>P&KCFKVU3b1; z2_&T!bRm8W$?Hee`qpm6e{L-J?zTLr6q){nVbb|LNASmnN}@N*+AVTJ^WRVJoIBQn zuDKY?40_kPn0}XEDZI0+=b28RTjTW^ zDppIPaLrNqzV4NZn%BuwJR-@zlJkgL5$V<-BvQpI(0hSO&;*YH!NHO|n^}Kb?N}y# zIe1S#QGbq=oRGDYihN#fN0aW8iBc?q`JELsp2F(PNfeM*Fqju(vHC+My?A*jiw(SL1(ozTaoY%lxR1-UyY& zUnbKvyP{Ea&8&FS>ke5|l=NAU`4u5p3zUN5u9E}|Xmvi_5%sGNhqlv?HH?l=z;}rN zL&t)?WTP%fc-q}}1l%N#GBBC;^$5QDDrSw?v%T#cxW-`H)H$`Pmk%^-EZMRl4GBY; z8o{!vmT6AabKtb$r-y6y6`dP%p8r*)8ns7tKB4LpQFShWmH%Q!oeu6UQE}di=e8(V zi0e8&LK4wg_5z(}c#W~A5@`0RBJ=bAX(wy)_c#r*Q({IoH-tMw-j(e{WXb!H zc679!p9i+N>S`u=rrTXM1wN)=zwrwK&wP-4g6);|nG)l-U2@v$L8iy+Hh8N=_c+QjXAY0YuKmFTkH zDQry?_~bOtm-D+Xm3$17FoaiJdco-?D{~m(=Bsk$l4P5ihr-MF|2@iS_N8Aw$ApA2 zXIl_K35^D%|M2Dr>|jP8&QFp~bsGD}|C4>^8t`3-iirFx5~*_6OgnBdyA8D=fqoWY z0ZeQlHEw^^i%Kl_TCAfmr6z-Zh6HJs{;^c`t1ocNZsPq7h|6kuW;DOo^399;KjFVi zY>O39$vCf^en+IVxfDa}LSSmF@wm!B*za`zU%EZw+2DKc*H`kIfy%-?$>>isF8jwT zq*zHPcHLD$`V(Hp&31T}nM(U-(9KMY^kpoTV)BH8tMAa2i-)=}H|oj$^sg~b-Hy-tC9)830!2=qQBVp$h$^wtFK0P~$>uEHy3D`^5VaRQoFVYw#5@tz>}bQfd5 zVLvJBQ(dy}-H&^|;&sfU5?=RrnuEgJ>p3dw2~1w^X&pW2C|w)T)E0u5__j<8>~2(! zM$m|UZb8VzS^6e}TP}r%9E`Wxcu@1)C$1S{lLD4I3M2aRqMrYby&+DD>QHj7;7i_B zg?cxs+CqnNm&}Z3f>vcDaSR_`kfGl{PSt}H!7&(Zft|Il&Jr%&T8jRenKUzgiI9W@S orK19$qvn5`JO6(-`E`D`=S%m+gj~EH7|;jF%cw|~yfz8`Kg~C4LjV8( literal 0 HcmV?d00001 diff --git a/windows/keep-secure/images/defender/wdav-get-mpthreatdetection.png b/windows/keep-secure/images/defender/wdav-get-mpthreatdetection.png new file mode 100644 index 0000000000000000000000000000000000000000..3e5de6552fc9247ca756cacd44018919ce58fba1 GIT binary patch literal 52810 zcmdSBhc{f`+cr)TK?FgfMF@h37KG?NqD4qV)KQb@z4tPaL~jv{PD1oy7-jSl%wW`n z8C{q#Vsu6??~!kL*7JMU`v?4HE$ghc=bTyR>~rsZU-xxgx2Tsd)TytrULzqPq1Je+ z@`{AyQate2N^un!5%kJ^4jd@mo`O6{NNBn){zy{}~D5 zNT9U+GQcR!-%$_iHy5Yg^|E)iCXv{ur3AjAy!b}f)yB*BjfXXfncMlr=~RDz+}_jD z=?!qI2MMCRCIJ|xxEMBkG`@k++)AlYzJgw3U@O-(jt z4#{O!GHrG-16h#C zq(BVHjV+dG!3WBJV1{!z3!heUI^dJoV~95+;Q~Gmv`$j=7b7D7ucOd}8yo29Yw%aT z%_E-seksqd&W6{8TuR^$jk&Aucv>u<;ugJ|;99kf$D4iL%fHj~{A3Gz?mnx^$<;X8 zAD%xle)RU#6(nk56s`4Uu4-BvSLD&+uOg3`FnP}9c?!W3RG#!KnDB%rjwQV_v4a{D zm{hn~JGrSS(f+lrvW=!Q();-z&)fSlpP%3p7SDeu?pK?8Q%mM2Zs)eiN}TV-%sDS8 z&YeWI6~lv;z^)-(7DrRTW>G6Hn5sTY{wW*oK6{F2$_I-k#gi z#PoT7`yz2b^XdV+I=nu2qa#UOxkts)@6&$U)@PZ7>VvyJ^rErfPGL;nDc9Ss&@cvk zau`8c2njzs-7~~3n~t4sGrmm zUHt-_uYesf^Llkh(g*w@vfh_t+8*~cMLjC~dUooc8WS05oN{2`eI_1%1KCbO;$`^- z(MX*-{DIGx+`T!m9r0N$e}dco&&(B)Z*8#U6oIeg2^NNX87W_WjS=``r2-yXl*D7L z82q3R3(Gap+P&BuA=)VfY;Y>T*rG(C?~-joR*ReqQM|sqXblEWMSL5?#h}je&>C6R zwxaP5mtLi`yhGMy%MVNn5&6sc0zje&*RqK9Oo2CSZBv~JHR0|L%v^4qZ&p$4hB!k+ zhnJx>lfQP*0q*eVmUJX8poZ|GE1 zK3XF`85klxIboNPX@ZN z7t?Nf5u)*IKkU~q8(w*Kk}}h*G$}R6rICo&@(yaSX?aaQt8+!PvXsvoynjD1dM}<{)a!w$S2G!sDDfs{P-I?@}nJ_so1kSepAkSv(num2x=k+ z@77qY{l|*u3y9$J$lamPw$sH&Pq1g#rY=HHA`VvZ94DYD@}=Kq=>ad_3%bk$-)}$9 zyQ_AA_a*&n5V*83+|3V{8$8=s3*9G_F(0`4Ybvi_4%x@?o%mX2DgZC%X~GH-?pi(B zc>Xg1d~NqsUq2UU306chc1G z!p?yL8)DfqBP5GaQMvgse_kr`Rz6mU9cf%MT~ASvn@Jth*+jgJVEl1AFxv$o`jcEL zqiVnJbW_K*{<_z^-DBG`MTL;}P^6FVk1< zKRE?<$WZzhTaO>V3q7xkJ3nz}DBwVBl_~t1l<=obBBZGhjJn!3kb809u8pI!>zQr7 z6{oroAI?gfZdtL>3XFPgBg-F9waBVzsM zF-K5xhvqPj-+aiZuB8y$!XC2c$}Clvb^BEAWYrc)WrfO!jC}9*h|LqiURF==L*97d zcJ6b@F-)oWM-EC`N{|Hi_~h~12m2}AKjSLP4P7>r>4FU#-SJmHnai|~5Ot;-u361K z0z2#Pmo}h?1`i0D0h={)GkZyANOsf0*7^irtO?bbN%=vCNuL23`yc_CR zd$IVrxEh&*fNkLYdsLlTAyb7qR<>yMUf-hpNIY-SwYky{bFq&@-q(**f$ z+JleEUP>*OewX>#6@8!QkJoXbNDwYwDtBPZS*Z7=&_x;{d+zfF#7M~{rxx7&BZ_Wr zW5v3}S^U|9=3)bEU^qhB#MH8_JY9JaJ#(9^z5j2$TE~W&wX6 zTsu*+wX7}S7XrnxDVxfdsT^?G)#Jt4sOJsvv8GNZ>PIzkM=oS+U-x7y!F#r0uqgx* ze7-vO@WyM7g4_+9@8gi@xe6aLg&a7M)gvB=1^4m&^EZ?A5~q08Vrn^B6&1ZLz1s11 zEjA0AzVq3{-Fqxg{@|CTvc4g>;IVV&>B6m8HSyqNj1zfT!Kk$*nJzUO|a znTp%*?rl1~Vy59?_z<5WY8ZX2JsK`xvzV`=l~qZjoS5-35ZC5$`K1wY4Vy^V^#(ef8Vn5iaf{ z$RcssgI>TAb86p7(myq43E43pM|Q0Vz2*#+xHnRwhs|gCp8M;(UYfFb0(pM0)pEG6 zd^+f~otkujY*^jk-Kw5DiJG-LR6lWXWN5oYV%jYd9PfGan7?8G00!XvQ^#ZMPov~r zM$9wQHetD=CNT2+;mV#5MVov`!rUpvuStqCgO~gFNS0~yPoBXNwm#Mdfwyt|Ca_uj z{fj)ZM*u7Lnig&0LnD{rRHyT_;QObfuiT3M#X56mnE$ITi%V&OUu@Mf~P+eAj`DXZKexL24<$ zjFGWU)IE^u__@d}Iyy6hThyqLOyz&RMsD4{_Nl_c5@!Bv`QPBJB2F(a=H5pJx%xYu zmzfpQ8aK84<466OVk0Akd8W!&=>O*2>WB?@Imy^!XAmuW+lvLwx|2D9Tam(i?vU(m zsqbl;Ea)Y=usv18hF^;_cqOQNFV>^Ek9X5Z2xiebFcU|Lm}Mda(4EdD@~;xC6UV-; zSfisGh7!X*5@gKL%iCg#Optw@U(QM$Wvg;|M{YL=$JHxC%6IydRaBTVTTnW8kO%9e zg*&-7_`ANA{`0KOEZ9~$UfRj>iTgCGCaO}nUjI&?>l>8`F;@h&k%53}q1z2w%jX-? zqXD|~enHHrQ#q24qP|RNFW-*q;@uhB!j@M&zkTZVddqBEa&L)bRnJ}1%!r%=%{$98 z+z{{N!V!+zr=1o+Ka@r4+1*cea)GQYb?P3{#kE@)GIrc>pcdGc@&>uK z(m=>(2FZ6Ey}Fc$b+>{iEjh-rKU&kYV-z^5SH2sen!u;1d?<9Cud%->`W@zY9}!Yd^#jkky6&aFPu87PUGqYAB#E%MLVF6|J;yPE9rvK(tvc(v5oKjy;u7iq|X~ z9h!LPqghq5#Fjo)Eq9B}?8O4wQQ_;<{XNefqy!yZc0zP`zED|))*9F}8o;@_LOdR| z+MTcNXH+Hg+QUm5>lg=3i51(#;eeICX7GjGV_Q((!x<*|n^4`NT>;g@Mhe#wh9eR!#F=lQNRFo7GbV1=4=m5#%? zjfl0D<)B0_UL#u$fZ_gJUfq4M&_v~98W~wkoCstiLRW|<>|$gsI`6iBcc@dgpjLz) z(rj3()nrJf*9W6Y3YcY*nZ~PjKYBlaj6doKz{C<>@Px-NOCI4cCcefIYK&i?xh=E zjXC{s?wSBqe66oE5%*;fx4O>Hdj&0$5-PlV3qS;i5dhM9$o?rZGGoZlKw|VwEO$iB z7Fmu$dwkVrClL4OC-;`r4M|i~b~kzO2K)*k)u8NDlX?HiN%TD?7T3nXuUZ1>w z2=aIBPj?L=d+*GH;%BbiFp-w_c!_nfi0<@G;{2Uwim0x!D`FG(M!Oc-@ytMdKNk`j z3QZiz>CE#Gb;U8z={Q;%0AWo>cliDPv!n`ySmT)_I_qz3e~kiC^~rXB>0Td?4_ayO zw8k!}0WVDG6^R#1{qjry17QRTb!e2T8O>hFkz^{@)jX>;l%9r6F?_gkh!;j%5qcx* zK<)z`{r0S0U=@|r&^D;Ukm*8J`jsDaGsvy9Nl7LX9KSujIW(W@!6t;^kuKrBYGI`$ z!`^8?K530lftb3S-C3POBFmYKog?&Tp903Io~s9Y!RB=xSAh6}nl(2m*Yr;hqVf2pFi->>Tr-gvS3tByy+ z?A-LD+xuf$1Sw8@ub4`mY=dZJHT4L|=!nScyhW+1w5P7(1xo7`wc*`KgOKF2An!2q za~i*YdXAD`?O?Iy(^TQ-+Ti~Bd%A$Ok|8&&^g+83%^#lQg*({Y&n`VHsm9TqWH<;B zntosTcPhmE5ydXef~F7Vlk{U!N$+wdDvByQ4>vDJjgWwFgf{nOe*dUs)W61bL4?jaT_ z;4oH-Cg`l1mfA6%+SSMAC&;PoYU^u&=PlgHKyLE&tSDIS)BJ!u-S6M_Tc zPf?bEugmpIbta1tYjicUNd3%2vFVVjwCWUFi}Xi@-ULOEbX24;HwS1;nPe6ljDl+| z-MBX~Ubp(2jWK^}S=&2(s+>nQ;MAE$!14{0XAN-!xYRslY*;|H@d)=sFD^0ciWsCQ z(-5u!ZC{qBg@A?T3WH|;mK4ag)#GYsL}eT$I%yD23`!k?54^IvM!rNlm}hDCeDfj- zulASnUSvv(NiON|{{_8cVBz`Vd1aua7YI#=XH#+#@NF@pV%1rvf*sp^MY+%2h@%g8 zMi%d_OO&{AqC*JX#kj> z5CAxFx;ZGFY!oQyhHMnGny{O47oA*#aDNJy7d#eQ2IIa7RAnvGHya)gw{mxSKA;pVi>D;0z!rCdsP88ShvGc%8U!1JxM?=BIcCQ#lKE z%Y*O|y$}+A<6XJ0s@3k)m<`f9FWv%Kk^VEuc*)EB6?x+(RL5`ZA+qf~&NwP^IV+7C z)p_ZmVQ0M}BH|I$!YkW84YxP=;eL#4v>;}vK!x~KHSbR4{-5^%<*996eNkZH(ark7 z=hi^QUmgI>_JvgQ*!q6~-dFvs6$|#e;CfDmSVe)gz1xzPMmDO?sEUg#(b(jZlf9)B z#qBttD$D6-N4-3fmZ2$f`vjl$5LWCE;2w+^T=)|n9h=zH+!R;){hk4Q=bgvP{k}Bm zp<66i`OkvuI~QT1X#|P0JYvtkYDB#zsxi0g^H*qHP@BJ+sh$9rd66FW zm9|p!YaqC1VLY-n?hL^7zhuiAYwNAm4QC7M?mJm7?BNR`Is!?7$XdaKBe{5Q@#=a~ z#6IXy=^hMDfnafyKio4G5D&WGv9+pr6qA6Tl{QU-IuM*45D{;m+0`1gq7PNPDCPaO z?I_ZV_ZgP(B`IQ^wO1{fQBBfpSnv*TC#}GZ_{=ViEq%>=Y)^8j;Jw6XT?4%E;>a50IZd2uaU!Zr%81XLpc_{}g-&dm^~*a=o5-?O4i2 zDZUoE?lR?t8A)&u?<~tkxq~I*0XPQa7h)JtQkLd7TIpZ@VAM;)U2ZGJacs&vP|s*3 zjfUs9^lpE>4AK46eWxbt>#nEQJr8DpY?XSuJD3v4Yi&)p=!||O8zcKsu#iEuI@H#= z*q^;xhQm>4zag^wL3}EOcqb5JV#Pmo$5f%JLUD0C8`j&gj=?RBw$kW2mTy_+plLBo zR5RN0grs~+%3UH<>p{io3>%7HSd(&wI5Y(*;f#?@4yjOmnFmB4-xklhYmn`x<=SA@ zxO`?;-#V3-umoQypWOwt81XODHSnhMpZAlP5F1e@n<4FcS+;@(nJ^;SMB@RPjdVQl zy$L>TjQ1nMbXzuwIqITT{4s?sp57UKb)BCX0kw6eK5%#_o&^-QA4;oB0kZLrAD3ig z_;2OM?fzEoKvuGzK z$$=P#%d zmDU>P&cwrBFBa8QVsD=XVo%vxMGwrQ^ps3TJl&ElM)sUu3XGVQ?ueT#46-Os(bW2_ z7p*n_i|(Oslbm7ER3LWk^iO{Sq#S?de?thNBJvEA`2vjq3FmL!_|!%|yGj`6cvV`M z1#dJw_V-2Kq-?rtyxFS=*tM^6VF`#*+ofcA8CAm1fU># z=KxYulPl=%6Ip)}_1YOS`KIou~6}iDzJ3X1&nN5#fo_uz`baYcsTvhPFR;i8p zxJ6vPZf@9{|B;`}Z!OlaSO2Nm-%56u#f-6u#hvTrazWMcj&)Def=3=U}A6%~*XxAW?+%s^>}|E25?b=5q7wj=3Ve!hGdj zW3^GE?<6L`qJkAB<~Jb0)c| zg-*tqQ(q1nx@D2Uvs{&`cI`%^=y0a;^OjF%D%p6> zloEF^V?MT+99&p-*c_AK9o+X8mJ81FBuv{-@I5U+C(WI2j>xN3Z_9IXmp1tfCOoG9 zezk#)@@REFkS&4QWZ?}VKLf`v9CI=qjVU{opNk7M_qQX{$$yHHGT!l3W$87S?ofiK zWM=1@3N6w9Y={hs3*iu{2D{jXs<7>w@!5!+KLlzyc@LeIuqa;*%^?&Y8{<{?p@WfI zEZrYBD5q7YMq97Y>YOIX5E6z0Im$~E$5MVu+2nt=HqZ6ls-iJ~(Al3hM-G+eIy+G3 zJoGVdd_*HKm>XNXKG}7y&T)^Z6Cv6f`0k=C9Srx`xF;6>;+i7*n|G?St`TE`r+}%* zL14~u^I?#b+R)RSD4eEbRJ9YEXUjk5`WwkCBLPS;ES2udio@PFLW(T^Sciz|?64?? zl=dRy0Um2fCicmbY}7ULr!G|xaGHD*JUu{v_Ll5ftEBhQSmyxzdI!y6S zioc+~ln(;+XX@-Ld=1ZaikjO;wAf&J`%Uy1k8rp5EVs+N>eyW5*k6h}>Fs-^IkPd%+%-5Q_(ZA$)8run^_emiIPX$p7J!83{CjDj zxnQ|=@^Qz3v!=XJEzzT7CIxj92;ag9~9-A#ye(D z!Gp72&lLzFoz+LGLO#(NFyckwSXeY}!NX++Vb4*G_bK<41)Jl0TGn&lU3!RTYbq9( zVML-nAJ9KOGZrp-voR3JHguhnp7d97rc=5}wko^xf4l%Qss#TORWBE7LOJ2wBXG#^ zcP_WHV&_u<(ICPZeO@@--bG-3SbB!#HfeZ3x|39<^LJ4_w`6Onb8b~c^yl2N97l?J z80lTHP>Y}X1u&}XaUi4%lLvx*2?keQmA{+|Fw1jLESBN=$GPLpR>h5P1g4`g8H=CddsP%c` zm&4wR9q!)EL)Oy@>WD8J+JWXrTWa4;U3Zsm9QpjL$bCF@lZ#zD&$zeF-jphqUAC`nGRb+YzMe4V-1=-x8+=PXSj9_pd_8`x zwH@K~=!f*{1nz&)0Z@m(%o+f?%{0{r{#N?3+?5Wq7OFN5hf3K7U!Es@9rytHs)P_q zpP!L=Z^a0}va#FMrEj8!qYZZSOgusOXAHIu*udQWO_y68;xQKpJ_0mG5_=#(H{`ss zqvl}!6HQ45gYQJHAVyCyGlaATh&H%or!H6{8_U4FKX!Gq;r_P( z^Jgqt#u^Z$3&_{6%Hwo4ocpf7Rn48T$h=vvrRNK?Tq^hRS|gFPO{)<&2Fu!a|` zk2td>l-S%UoynyTZ@$gvXCn&W&(njfc$D>9BNCKhAW39fyD4At7*^n`3A*&fBbl;* zSLo8g%PF8Sv!&9D*HIW(^-&`ziePythv3)Ec`6B%&^@2`48@D43fAG4yt0^!30>oL zcl}CUGRE*vOIX7b)@&OVA#W_qp(DTP;DOiCzd zjOIcOU%Rp?L!%#-&d(Yvwce-s$+9J98rd=`q+-~n{#PMiq>jm_<$E}&EYI%rCfwIE zQp^Xqo;40MHXLxsK7}MVM#>#c+fZJUyrXR$^Jt~st|k6M{k}|i!;{IaFWN=~9@{!9-@BK3O#Fi?VXVk!@Xz$|}N(nJ|pT7#1 z#~)|GymJ?To!XP>=@V<79Js#0NGDgF2GoloX>6VyDyae-Ij<}Df%qA_TwN+cQLSED z85hN)FnWRGi6|flfzS5hbaiRE^mAZnl)XRPvNywx>#4Q<6(Nl9Qs5I@bPeO~uPw(m z29FDzuk$jV9hJw;Ss)$v_hN_Ov+7bZ{{g@@vnrxx-;#p9rp8Er3tdiNL431L|G8~y zFO5H2o$?;C+UrZQZ)Dzowfh16tz{QQKgcRWt7bPxB%^t85mcygja>{c^ zs2272w`a!tkpmjvLbHbQqC5*!`zaf$HK41L)j^9a!$)VP9tBY=LQgMHo{qp~y8fC7 zb+<;QUjXCNuHkfy%gCJrErXI5(hM@SHf+hejtVnXqqw-(0a=wOY8UhMGV6Kg0K-y6myYwTpaZXynv`CtVPm-4;H7! z7POW~$S%NWqg5IkpyU8xG%L{K`o*SD8v!dUDjI6Kela?FwRLiO8j22oZ}Y;iDMy^O zDqFlFGyCU&=_Xn!Gr6r5Ur#r6k1KD_GTvQq{e()gx*BrGNV+!v`8917a}B@09@`4- zcQqGEhSgPfvoVIRQY zJqSJp%--TzMPlpFhoPY|g6LFmXgrS{7}0Ne+w8^Lf>bOiS7}17mbUg~FcHl8QLt4X zzGNCROdUEx zcFV71KQ z1@IneiSX?rFr+0g@J^T6Thy_ zUn%kO-#+G0SfR_iMIip_&F8dYH;^*!3_=E(P=4 zfRXQyB#*V|{vuA!D8U=3uswWl$Wm@4h#{Ph8jTDqCJ7hs&OGQ&z;Rh83Hl zL0KV4wZ3b*Zc-!mFYx!8q>=Y1TRj#&iTgvBWl(mN4VkKZ5Ir2b_!E>?E)M0~JHhxJP1EJJ`ydPC51~ zeKjg{RYuvoGvkZS9ER%amYm54N+IRgPbY*7j}Ai2;cT1^fmwYG_3}^>D!E6qxD|xK zt|(JavkLshgDI}AlMu2An-JRc?|0W(5UyiyVwvjXIXt!=Xx>%mTfhUcR(t6G5TzyX z5*6Lk%+J9+B5959cnFk#!S}f=iddLmX^LVwsZ~^JAG+$x7Wodlgxa;)VaWuJ-<&+K z5cRBRDS{OX;U?u>Z{M)hPk`n;Mf018EK7!Y55;(P41IuxjLN0_Y%mH}FGf7vS`UnJFY`col{y59t<=2}-Hcxl@?8oi+E1C1N% zOkEWu0p~uS5S@zAn!hVia{f^Gtx(^@jmY9!(Xx!_jbAFu3G>r78K(%t^=)LOt3$TkpFaY2;1uKCENmzdoKPN&n!mtv1E0aw7M zd|IkgG8NyHL(h1oNPOb9-aQ@0VLmynMtfk++;rs+2S$C=hIPC_V{>L;*TFC&7}P;= z>XA7b>LATtpKP3O90Jgs^hjFz^ z&mi5nZYK@m-MMQ3?|e!C4Ps)-ADMt&lG|52f~UQ>IdC(f2r(xEg!N9ERBptNs z3-!fI@-+2*IhRWjvlN#i7TmYwCBF`Gke4MUhq9fplX)JG~GhLzmg{fnS!~@(>o|S`m+2o8Wuv!*%{>m|AGCxU5L;L^~ zs4^PV${KGzF#^cEuO7Pi4@z=^RM^oxtiLQA&%FQbD2P|q4^93}Rh{EMW#EDe@Y5$e zPjC84@@Iv0J?;VDFd$3+YZ5t(1^nvYr_%c^_WsX|y`X?$@HAEW zwUgwpWPZ{nIDe=1T(YUXI#=JfoQ1^46QLTsO`v5ciwf%=v2v@l2W6I zc@}JA{2D+}67Ta-BN;o_lZ)~`S*fdQyNlfR)gskhCtmxEHKlT|gBzaJ21;W|ulJ9; zh8hRfbrGrR6p!aTjbdH$=T=GCx-)(mMf?~VahD4FkX#F$JZus0g7puhq z5dSjj_SAUCr-Ys1G!b}A4iHW&&zzI=2jm>M8vgHiKn$Id&JFl^Z-VVyjRivyq`sU2jEk+|R_gXb~u+%o%Y<>+QhefMB0h>r?5T(WBCI)QBrhgIngG z4YNS9kOQL{Xwg2`buUs5MGb&Y?-fx5>=vmbi!$>?5n4z7OrzS5=1R9fK6{KQqy9l# z0;ckO5+2)a!dC9}To;^8*jfI@Y z`>}@?*4BB+*N3Z)aXSw&>@FJn_!Lo*rWZXGA|W0 zt7(qvC&<$!Z#KgUtHdRp{4Ic_=~0n%aJ-awD7@ia!^WhU;9fnH>znzt0k5rA({>>f z(M!jo82s2o1KQC_qyxf5`SZorxgov0?u@juyrtet%7mmK;QlXcRLFbvhw@g}7IU6? zU$2YF?#O!T$6K)`Quci92e?)}SIxIy-+R>+t;GpcjvyX$b-9_?;&Keu!yV=04Z?bmGyM+3%*DapeBFSSBWOEaeE1 ztdg%s4xkXnVUL(jp5&Tz?CZ3j`dgsM=G44=Ss!GzvVet5G@ z5wU>jB~c3mAce{B=6EJ~@^s@&!HDS%CS?kcTySc;?+Rp=VkAHeMU`8Xz!0QMVOg=? zVlAlq&SMGj5Fz?8Rx_mGL}u&%vKwF8Jobk{bLA}A9|qWlv$cqApGH;x>BdG$_e8;~ zTHwfT?=~Ymrd+UNk556pvury!;Nl4nXXf{E$Yae3N~_I+9GWnw-R2Mc zwsw6M!_K*i>q17Xw>s~yE#>8!cwnF5XN)28_s9E7rJxHap;}sA)D1IwV_5qqf}TE8 z=-d%Yk^^kl#d7`9Bi7IuuuHF*K=!`D11br|KsJDpitI^+{Bie+*)EmP)^E;TT2z+| z1gpgLd}^U+r~$0nvODw4mW`}C8VwJ~=N`X@92(7dUE)cox}{Y2r!|*d&cA#hRj)(r zU5oi~K6*f*-t1&TP^rTgJ7>9G=R;Mu-4TO7dL%M9)P!`dY@Tywg$cPL;917<(VxA4 zTf5`xo-0}>x@reO*U&9Ru_eX1=*zlNL zWxpvT@KnfJAY}M&LH{w@Ub1wePzdWoR6&np(3CAz-p!e1J$>bcf(G25o%{M0yycVb z5I)Pm9d+*Yb){} z)IOla3FD^P36%lMIh(%&Ge4V}w1FDna48MMpOh*pFdit{;-)vVKOT_3{p4BJeF!L7 z<21AF)z;E&>NbYCo;r8b&YSk7t~Hu*agk%g^W8&hLZrzC-lQz*#K5)Xcl5~q-o%7t z%XXbL2*PFV{aR8|zf(JBYx#ZY5O}FB#2Qnj(PAA_d9C?*f~kqcJ?oNZ)Yfzy1efc( zjP8*uAu5+h0{9ZEPCnH(R?AV{Td3a(dn6J4>F_w|TkXp3|k6 zfR&}!xpF_exr|9rb!-@yVl|pF_9`AT?Y3bd<7#c(nX!7{p^K9Z4zeZR;ILxaDX?{A{-9d$RQ*=;6&ag)X59!=pUH&i@)bMhMY;DV?j8>USy?s9@@^YfwI4=$WJ6aMY>-Oxcx zGLhl*t2dNVt`0+Mi0H*A5az7)J9MLT<`G@uI|4JRJQEs(P$VVd#75|0oaB|NYI1xPE$sW{o z0Qkaw2b2W>W`ph-CFnBF>%9%4sN+$91{-tB9}9C zWUPU4=NAhLv|OCZtg{AIsyG%C2NeuGxF3_d^I9IWWV;i-7qGVe4_*4>Ma$o{1AujX zSy^Xjb}T@0;LT%zgy)V>El{WieS^GZ;<^K?ou1-GD^lAgvx&$F^tIcId{4;Sty0Y2nZM& zGm;)ko?5RqCf;$}X)NBqaRjtd`Ks~~IqCs_gY@wwx>^xn3#%1ftJ@O#?TUqo{)qfr zHxG;TimK?f{6DJcFrZz*`CcPb``Y>B*=DlcrNDN1k(q-`Px?~>T}L&aa?q9y$vF;_=~_Y4XX;n7xl2`Kg|5&9w>DPXy#9rua~Rn zDJn0DmbE0#MItNZ2hgp~JE(YERv@N@bn$xQKmg3PSwt2v_p<07nrS+BkKl}6n5K`D zEU~*kW6sw-fsBc;5sL%U+=jcE|L7^U z)3-6#vR7lAuH4>A7~G%{pPD{Ne4D-W+;ktUtoew`fltC#|8mO2NZphbP`e+A2(6{o z<_J*#6?3jN?g;cPh~q&9FY;_C$9@yXO*JK)% zx08;8UoB~hbdtxNz79DznvFTzE9y3?+fGp6;=}s0p#jRn&_*AYv;5P$YwOv-Tbc6i z&q5Ej`aV)>UfuoBESd|tlt7EC-#Aoa>3YU!r1v&09^h*X%su|q((v8dyzcJeJqIda zB3%!QL_>Fjf&59sy|&yzr4-X9u0TFGD9tj0zi*VGQ#s1`VMN@!a`;1X0m6CXL*mA4 zn8HUM!D;6{nFZrCI9*X4L>7JTPr+ z8-1l!W@*sv$+dithvN5#@lv++*m4!u1%&=_2ts!Ygn@qkwth3I{ z2Z*ju_WopHq*KcU@PC+4?FY<7QaeEZ#$vBbbLf~*TQ(8&&m{Rj2W)vCV)DwPJvgZz7L0PeTE1>pXP3JDfG2J`Bn)HB`|h5Lj$IvGl%?oFDIRiU-)4$+bg0z?1t~U*d*x&s$^ZcYPZ? z4%`)%Y_9Y}oFO<>o56`78Fg zdY~KSZcSHlWw6{d&}DbOl7;#+Xr*M;Oy!R3o?z3j4w zIEt1E`3hpSkYdN_6eaXlpJ+Lu7igSi%u{oRGf6TpM zby;}-Y-~vLfuYz20kt*F11Tk0_*61v`$t*H2OrrB)%;mo*MBj*NBTD4fsu`BnAJUbr!CcWgVz*! z#b9yMlI!-wf4l%UQTHDYsxj%snxsZm*j{uil>P_W(-HP3aZn4&YwT0;slomE{{i?N zFz=ATCXPWtZ;*N8*M;e;g0@1~!!NmLpi{k{xSs~70JcsLOZ=bjWzuB<2Ll)Fc$)bl z5vr=ki}%p)XePu8{<1xaV~b_Oa6$b4tjQ-X-vaOj|7Cx8aIC6OebGIEkAgX^n!jYd zHC;b0%cqA8jiV@A`9F$ck6R0I3_yF*|F+~?2{YJEg1>WqUj`#0g0o0AzW11d6N*Sk zz}TF=Bht&_7@R&k-p)wd1!wL+;YeFPm9#MwvL*p>RKBZ%52o?R3vz`udx2&?B>yDH zh)fm6+O>Flv)j6-5wl-h#|h?i2{7YyTK0erMY3Co6eRJX-z4cCq&y>e2dfA+k-@`n zB&q;u_=9@;^jhCm3x0sPQ*ym=bS|}ekYs&UNE1ZK-QFpl+0^a=iorsTm~9j?(p*;>pI7=h994`bSyKK#8tCvN+hBsp370QJT1D>vwSA21l5McI@S zjd`C2Cq1$~MYxCqvTy|8Y7F=sx0mtyr$12pgL~;~WyLqJJRUy>09EEL9V!@fJvX3C z>_NFNeR?UlGWh$O4*CyFEJE5n^21>YQ*6nTY_V#Oa@|-~6%|DKM#WWB)}Bd``tjJ- zIi?1u3mF<8ml1x$NdA|FIZI#I?|J0pM@Vn8J~7}&vjqZMwqw*mWQ^3+S;u6j@7O!|bmsps^3`Ecb#K=oNH;3oDk$9zN+SXy z(k0z7bhiT1(v2Y9-61t}_s~OkcYJ5?d4BKvUe{NDIgIC=z0aN<>t1W!_xp4w9G&ut z^+grH_r!o52Y7y-YIpgkg*R~nsf_Ha{4;H{bdy3*T|vFm$NU_m;ft)!4Kfd&k<44f zKGH`8i$dbrO#MeXIWe(`JgX4>n8pfu#<~fZgq~lZ@Oh(*O}Rt;XA}N7;96O^?zyRA zbKUCyMfn$@b{@a9GeEoOV$jFa3Rxf(Ndsexf)b2bwVlI@1iS$g+azRqo23gKGTY8m zZa8SkXBz=f!FAi?P`cNHjRSwp(#v&!&C>l4JztAYU=C{fnU~7_hH$6IW|a;+4#-u) zY75L3iW7us$X;WgLV;!$t?Dy2QMcYrCRSOSy_D{6%Qh9|B`@_dkHH@Q;q; zpD=Hkvl_VuG&#;-8Lw0%i?!QD59RB=Pp&bp;=SyExUc;z*?GxtlnPc%aheBAZ~D}m zP|PDz?+nY>or1eN3zumH?4!C@W%(PRLh8N*z$_9u%T&PkA8+!ivytW$FNsDUCX=4R z8~MszCtsr(R(!_4>7Yr5yMb1j!d7H< z#X%EsPGD%PqnrSXQK8+cjyD1Yas@CU53`N=@jK7W^HB-(3CqNJvJzHIhY5+EjmB z-ylNL?hbevBx**i&%cD}F#?JSNPlmlVlkhqmyhfaT^R5(*<_#_$6D^cY)oUq&PvOK z+5k+%4v5`Vv=f4%i*83E+T9U#iH97@Q#nBdoGc2r1yS z0WwUcZT|inuk>i0X$HbP@V#%`qF{mRydhCe6;%Q(VrJL9(<#C=lm^nluq*OOUOt*F ziouGC_s3IzGeM;G|6BPP44CAyNeVnmzexh{qJ4wq>eK1nO6+h9=YjH5!6VCmi?Zlv z0?Qz=_=gK=RpB=3tM7uq;d-PISZsFk){Lm9H3P5R9^hHZj@6A)kG6xzaS6fnoCRlv zP0|^PX(uHHGe%}_vKI%78XXD^m9Udeu+*)OdM6Ql_vEvamB=na_)p6(exYbS5Yxbs zAb$CCx!ZqcTl^7l7zqR7m5-A$r$QE>=2Iodw@U+f)?ID=CKTvSiQL$cv$2xX+qH*Y z?6S?7kq-biv?NujQ=utvE&3GJiJu3)pZgtKxhL!X#j>WQzyZii{&d;DAaVS+mPAtf zD`1f)ep8!JGWnwH@R-1XYc73GsfAP(1{(J?NL~p54qJeFLk9*kT4^si%os>V{*i@s zPHHY!B4P_{!^&MDUVx+wWZggNSHQId5?KHHqDbrQti?0Ev300fSHsWyZU+jcQ9^r@ zzpue317@3TjV=V>wvn|J=luG)r7>c^zlDVeHbl))8T_WDJ6LReNIpZIa#((@M->8A zA$yk~Yo!fgD2gry23$rRo(!-+8~k_{q)^-zKWsOe$DROiN=p(AuPL1jmBh_D^&bg)`sWtrFr193_;)fY28u50CRB_^-S3dthjID&v_*vbQukld2j);!#-JC zG$@#t?MINdjCSRh>D>f>pehX04sS)KVWVAzhXoC+Sd8xJOqZK-nwM61`KOzef2?N} z`Qlf@R05LVWuOqk<2xpR=MXj zwBGfJ?1C zo$QVsSx-t_GA1;yUSl1fJG>x3L_-rPx)@_MWN2SEVHc8l;GulvLP<@H$LdC!Hit=bQaVRsG*_J3 zAoL@00>6;?6^;v; zN(tI_F6 z#)67+kHz+sSvMC7eo?BIEQH(vHOd(F>swxTgG^(tc}cpg-f&GM)7ZJi=J;j;C$-A} ztvyMnC)P~uYamon7_q4|REo;G3zq?^2YKXYi4~uls-lUr$Ce{LHM1V!lIEWXkKJZ7 zmy4T-q|@8SCD{V@DR;n}%vd*O+}BHUUv27`+vK&8RSb!%_0Kib!IVA&MDWv6BTaC>rB{-b=Uwm2 z^to+x42hSyR3gaf{a|F|%gX<*##DG1{wX_W%JC!x0)=_OPXDi0S!~1Kn%mxZvOF9D z%moY}D4YQ4lHd74K&ug4&8=g|)2zxr8O{BP*@^+z^g2&j#bx?|R<-E&8YeEtx}%HT z4~;@lT;MXIq|Of|S&e)nW#>`Lf;ciuyIt^n)>B8d)e+amFsR8HFk{0}kq@1X^Dugi z!DH1|T>;c4G6E8s>S%|C;u{_LnDSl~S>aPCZ53St0`7EKmmpGh=Oh_Wu`hM4L>sKG zJ;-wHHc}40)Py1J8uZ0@uVFo|a3PlEZ!ji6MY(FSLaAAtzdk*&CNry#nCfd+Ro8L7 z50eaOx>$pOvr1Gb8DM^Kcxz=Qefp&q(3F{saT5YS_AkAkdwkp!S3Dz>^a$(_%=9V3 z(r+vc&565vAp~?h1>jRgCV-q|3@Uv26&X^Vh3PJ=@0C+)oqdfQ>`)*kO0~-ECfwPx z(l25OirE#QoHj-kw2WTfiwP|X1#winG)5lApzmu3APhP9gZW&4xCyZ}0vu(0ZQ{Gv zN&bnob5K&4%?iTI62ZwfYp42!Y2DHth>a}&P5&n3{hMF-pFBhH_M;3V!Wt1F4q*L6 z>ZGboXxDXE@pd<-y|84vm@^c->Qq?Ad)8=XBbXSYBufwwTdz1jww~c&*3)wSHUMJl zrWZl^FlU%xAxJdBMPIBI#w+W$|Cn1Jr?i(Klgu9Vjt_8gkt;&h^~?oc?Im;D*uQ_e zVC!pSMg|<5lSXaLI@TQClf_@w1Ca+>VlBrCl5Yw?cIpK|nDIC4y?TQ;33Pf)N>=ti zCZmpKU!%oV(t^cK{?-+^?9Y$gz=Ny;*iwBo=)BL9Tw#aVU4}W8E{Z5(Rfpddvuf(@ zVK-$!hD77`Ve#td4t-mqK+5e*W~umD%uKgd^yfDSPYL$srPOhJQC^7Eo65ZSRg?77 zI$b2v`;%YN&lD=lCX`xJ;qgD@O-=kkKuDh^p^e6QA1vTr~EKl|%=eY3M z4JHirxlne1Bq@sGY~X72K!_(^6P6@$iix}fN-scnVsh(pb@|d>IJ{vr3{@L1&nwJ) zcHnamIFv3Y8d`M_U6S+XdDzp3d4hfyQNL2NG0tvLs8-F= zSM!lX8awVe=FmhwQtG6N^cdqr@+KJG@383AWfr|#n4~keMY5~X=U-T9*F>^QtB`{` z91&MBmj5Ii6ji6sWMymW60d<+P9&g&W?%9y;C8CqwqB=|+-s;l*5tM|h`-eZxIgpl zO;1El&`86yQk^wi9a!RzIMkhEiNMvy;MeDl>g2kYi?P_`do0@fbK^W1(m<%a|^qW zJ%dzE3>G9sXOuoXJwmarW{PDL&zO|{z|WFOe?HkRM~8tT)clLhTP>buaUQJuy>shf zF*u_y&QkE_G;A^{EL?HE0iVe{dMLwerZP zOiK_!Gu+6MfpCtE9ySXQ=FXfR(2Bkq$PCv3)w2W{;JtgNA<+|#BU1bXt$2IqT)snl zg|Iuh|Hr+#`3K18RMkpY^~C_g%K0yLSu*YcseKb}#=2T*VI0HIOt;g%`%8@Hg=TWb z41`MEyu^JtF>cjmKC!YCh&$4*!jPbZ%F?*HU;)!%CiTzO$ zL|rn6u*dQy;78P!3GT0=DJ!}W(qqkRRj-6CTz`4*>4-z}^x#~FU8)sg=fsxo~iccZt->=TMQ8Sy24@(k{%aQ z2y?Q-;%MUK6)w=Ocd?lW3Y9-jhL}#gKJ0@?cV~MT4eSGof=C{8Q^nqae$&3CHu)wi z8TKVr(UKZ;Q;P!&@!O2_+BH92u@cxCE%<8BBYoLJ4J=K+EdQks8S|hoxVfY|6k7Vc zRCX;BarA-1tCR}OOB`sz9*Z_CvpM9X9}%nE^rOy7SRlAlYg>?@3OBjd!qFz+us+Z4 z6Zrd#52vSMD}U*UbAstt#LMW;*2JUo*xu(6L#A|Zk#J~%&dh!jRJuDJL6obhDC47~ zj$Ryw2@Vv}+2 zy;`PxMs_0gWAI?FrsqVeQ6?d!HAsOj_i5>Mjcuuu+PZD*-qdQXr-qYkgXs23*jnvA z{Kn~s*RGi6tB|;~KdS1oz^%WP?rCpnZ7t$X3ZF|&FP(}6Ht`mE;gFH>5?VWc>sBjHwJJZ}b1(slk>QHRxyNy$=c3!QRaUV_BxwnmU zsyjM=9EyN9WkP9yI)6rpRadYFR%raiDC4*@A-m>xt| zGpT|9t(qBAgqS)8X zbR@VsW=kilX=1D1sOtdRh$GJwOV0s0O*KSiqj{P&5dq$uy7M3Cbo0$=lb>lQ)k2CML z2VGr0GlJvrp24Mc5J7z{&`F#pm)ZGBniEa$BKYfF5@*FNvF$Fr9IHYk5`4*~*eK4# zD;?s4A)}Plj4jzG{Z}||iU}I$g^slCzsmzFr{&W@kNHnv(oZan*5>2$v{&4i3Wy#` zvSOYl#vYh?;?B3CXg9}qc)q>;iO8jOdk0l~>|aplFSS z`TasnTqIi#`+Tw4441xJDO4SpJ9U{cgxEIvUQPAPoL9X!khk+u{Xv!rLSDqTKrvH^xbio`UyfH?kL zv%t5XTLwZ(bFUpV(KQFzoa}kngzfun(KP2keF=0;f2u5=*08JHMpa5|Bu7fCsfjgP z63sh;Xg_uNSrD3mZ^#^OM|FR=mI4`(B$3wrha}F#Mq@FCm5yqL}QKE<%&E*JUY9*$+P9Q zyy123nmP zCKY|$fun2L)(K&AA7_+!mj|{n`QyC0u7*l^vDN+fZEI9|oU(AA8-g?HN&H0mDb;+3 zHZ=Zn@xi>~?4TNgKbOa`=5iJr7mp(xx+)N+11EFQRK|C=Q8IP2CtNZRUix9>gm3>0 z$3b|gS@!<;5WCXg?51J$A-DSmJ}P&BLH)=Vd2eT6D68O0V~ZGLc%f&WCj6D!PTYcH zY*m6qOD#}0QodTJ0L*Ob`SV24-Xdu%n!>5oZMO-Wf%j>0Uw{Jj2#OB3AoyU#JR+m5 zCz5f@QWIFV$AC0B)PHh9{&}a1V9m>1E|9VSdetjrt+i1F90rmn@l1Ow-8DrCn>Vjs z8k%nQ@eF-jqD<_>dXD}WLlLF@srd2 zcihG~&{_^NbdDjoWngaaO8lo0VaBzk?%$)M06$^u6Nleo@a!&~K?{#z8UK6V>z;G- zwM+2%sIqFa)(f?ci{!d|rfdL(Z$sGTGy2>+DKM^_(#>51 zwWMvl4o{dy-Oas$LxyV*>JdJFnEn}Ub12rb{9@X}o%TgnTH#$=%e{c^Hhmg$(l?`f zLPRrR8f3s|k=DQgwvEPk%XElLjOV{z0G#)A zgibB#<%IA{Eq4U-llb3nI!}+B4!&f6P7+_$wZiQ-Ivl4!^m0ex7EE!`uQchOEcgLY zj5k7gd&aK0=f~r`Lp&c{`Cn6N4obk;k~w^Gf-Gl-?`(l7^3s^a7!^|_yg_=b%G4fB zet4D=nJPu(2ue5>*%-mfly8e9lL=4Y9sb=w*gR=_Kr-l^*Kzu?Jks#4{OjL0s?5R) ze44=Q-SFw73whHiz!e%-1i;@551uja?-${ox_No{OO5eO&5=hQHc;}t3*p+8eOh`M zmiHBS<+pR0wW!Icp2U)m@vdiY!H#cjD#uS8~yEXKga}r!-&aKQr2jMT$=3A61rIPbfwFv3C3A zy%77iXT8&(O)4nG49l`#u=4pVu8H3qT-m!?he z37L<9X|a<$NLDuC`P>_4&XZM0GX7tQ1)@=Ip2oZa;s_57cq0OSJ~HFR-MSpiPRke1 zFX&RL#MYkyNZTl&+ST9V!aiH*8>C8bO7a8K?m31u`!mp8;hLzfAKX2c;=Ftj!`rhc zvP=^&^C_WpFVWhqd%Q-6rTHZNYHe__?9GgcmrnZov?Bcn{hK&D96aR3z|83udb^i> zn&6|k-eV5&jx*YepTLGn)w4r*;&J)&9TE2DDUc?^l2g|uWXo~#{@QMR@TC=bEaFt? zRGeph%9(%|g4TAH^Ua+WUfe4MS3h&w6CS2|vh^Yz{BQ|W*IDi%_>MEK#o+{#q;=NEGnl!wk@n-ceXM$ zbaK<=#BLW@EPOwu;oM(DGKs2iQhE5&0q}j*><>@aDs^Nr=%xQDR?s$+_7qwdN>iH& zHr1-_asnCuT*u-r$4_+cf1s5ZYJENoO^F2J*(+&Wan?!srQ{QQ!$oTk^qUb2$Y$I+ z+$S@@(gn_<-x|Y8m~qE%p5H$`7hevGdF^Oc!!OU*==Lrl`z3sW%VzN#FkM=osC1C@RW5+R}K|J2Yw*lfpV3g!bdnI(hT~r2!wT59Kc z+E-cxtpL-oAQ`fWc=OlL$}?qM?C{`=2=xc=)y(%60&z|ZbH#Ix?$aUxPELpX{=m-> zVf9{xGen`;O8}6Y%*mgRS-fj^TU42$=9^&Z%7r45AN(%+LVqQ63UX0Bb5mv887_vx z#}Ksu^`VHw^O%Ah)vnR`=FR2+bikd?c(OmlCMu*Dxkw= z%`CPg=|9tlU_U?GE)f(GiWn_Cef*nB z1>ZrXs&z`B>1StLj7vK>d5op$r{(Pa!cgMRSl*m9ZByR++r}*<{)G0%QUA&)W#}U& zBKVeAz}GS5Zl{a#$`T*BB6#{8ydA_L|~kso>Of==&aUiU*EexC-vlYqEw;9 zcFmDQTdrPHXE)z!;I)iA|Llb6OSBKIg$s{(4IThTL=rIUd&BYu9t& zF%O)Ip)oG~igizpD<+jUT(Rnvy_a^xIc0BZ9P023MR*v=$aEi zY;lf0XEd1=Qy<*81R`4~zircmme)r)R}zDd{=&)eaTn8f?NKewvt-4HgP$09{~SEr zS-llYIw$$lM-VmbwJ=BZBiaZ?3T6wU!F>Sp5H7u!xq*m16&TLgF$ z(gj^hM!V3yyM^Bxwfu+sYeZH?%Jw0se7xVm9yrL>2z&0@Ir8-@3Ws&58-r|K`o-faUZbxFp6+VUUPM2-_ESC( zsaP?nZc$^-NKB4Y1;|Jid8^WTpji=o2W%`QRqN0dWiO;+9rsgonG3&*;3y+a1H&!E z3@D|U`9<_KY=*&8`{kMv6EgeRsS`^MA2uidX?XZD>+s~t7TyJJ5-)|(WEfuGpR*#+ z9bhn&mZX2j0?U&XmoIESGbPL%Tw|GDzqAlO4f41Of*Ac~w}5e(tdpfPDK9+G^dS_9 z+5AOSo*7sR?Q_(JTx7Q^_?!b#Iy_`#ZE4;K3jpx`VeebhGJn3CrQz= zVy}zW^Rl0y-r3YD!K*^T5|eYAnw-8Vxko62b(HAF(?65mHjUcfK7c$7I$aN)-GhYf z-5;+@r{!VSBJNli1HaZ`(z8%NHQ2@9tdz+jxA z+*F|oRA;N7y_qZC`{ucdryQ$F7cIWVa|xN%gF&Z^u>6uSLSXq5S4`=e4;$}HKTKce znu8e0YJdCSh^YS|2b~5uv1Gps;htsuGx%23de{YGM@DXz!3lOK1qwPe5EgG>fRYU9^dlvT!LqUUtox*7#Zkmtl^EO3gcUYQ3=p7UDliKN> z6daMZ^n%0)p{{tY=78EY3#B?M(s?0`}INLl4q1&l1~D^~+Xk`^bec6N?RW3$54hURpIc zbcD`-8JrZhGNa9xvuyDV6SGqizS=1uLod@RHjCjXTGUonaX36b#9sK)D*_x(zjbOO zc*1n8){tB!&5h}YKR4ZF>5J-gxfne`p5e%L<5;IonLYYdP@iDckPmguYX5sz+Nacf zfU~-TFuc-=N8pP-g5&1;2fi79ug}zih&e>WjiHc|imBeMtZt+!bFH)mjk)LWH$%qu zmYhAx&!c15`$P9YUk?n9I<@u*!*&W*#aV#n11-%(BdZ@D4mU@hI+YD zS^*J?)4M)E@}P}imj7i?pFD3p_PM4!9qV%mN3U~45rj;@$@q1pC+l$(m6iE(`tQF5 zv$PMF?udbP(wzV2zglbUzS6K2j=)j6z078zEXukV_bW%vsi*HIlhd8OdF5yyxf zTlg!{65$$7134qwORJ3f;4MyQ2{1&p_d781O6Wi2RdL>Y^WNmF`dsRZ@zomoc1Y`{WP!SCl<} zOR(OK;?ww)W2P&U9wo;37gm3iEOEd}^V!%u>I}i+pETT>M$t0k(F}uGdW~eBk>wZhK9Y`eeN7Ct%;FdykM-_ z|M@E($|^Mo4te8qiL8Xl-L*k&y9l0iC5Qw=&8?o6Y4G-Yk!cPx!a>m&-h6V3#{u1~ ztZm%6JuS!+40&E;x<+JyGRya$@Tkv>v?b@~h*}-Nt!iW1+V~(qBqAhR9W28|p@Dy~ zW0&{s12gGy!umLCZ~6b$TFI71p(1!X!1|k!rE#$H9SoL5SlLp6NTnafNc$m#^9GWc z4TRcTB4gcOOR|8AS8ZEyB_H8mhL}7o<|!J>*Qr-BcFrN&QkhBfm#jZ<I!R83VLVpRaYtND#UsV^zSIS`+gk-OVco zbgH);r-sQ541)RDR5Ty)lUZ1bTU5+rQwPP5`MQ7#FZhyW=z-hF&SWP|@R%}cf%XHbq!M-= z%fM(rtAY=ptZ3aNWTHStTQ4X+8#_Pqx^l7V)#&oR@$W@RICTYzH$1bRsE@tN6bB$w zi|8@B-B|EGzU~D9w-vWzuK8^_g$6e{fz$1+7+C5)L@{ulpUI>`PJkZ~?BV(fFw(s> zj+UHwz9<%dqV*{@-R@1{&~P0z$0pU`#}qQu>Waop}41R!h?GCz!HIW)7ed|>`S@zg5CG8n?4FagT9%3 zS=tmnxh1D)lf}^6A4CDjypEcOL6MZ@-uq+uQolB!*UV9aCiG$nIB-J==N^z~$#2j=gNONAFnVT{S_oJCz*y!Q(}0Qpz_n zDQ7DERTVCghLAf}J){Y)zLg!IUi3`#!q+pKjH|YMEQmGDMgr;(SGyku+yc6+vYg1u zSHVWeh6A>Ag?)%MJo9I6YYhGM@b{#o>eaMy@1=e$>R7FK%`lKbTW4R_$=}}0Z*98s z7fwHf9|%7yxmdb>^}%|VWUGh9*q#MYn$0in-am%ZL-{{0;^5l$@iT7Fmukz9D><|m zyE)eA&wO>Z_353-JNub$wV9l|-n%pP%ob)2g?U4*s&X8(hYB}qJ)GyRa7=yehR2xJ zSrZ%BN6(-Ho~c@`N9dFcEx^uR7M&H(+LoonoSpnmkyJ8aLVQ0Utk0+Qm&Rk17U(jf z42z+_sn3GXawe1Q!>TM}^UZKbNxp5{ z%G`;UB+IJO|GL4q?h~d7)g`@C0S{=jJ3AxL6_JT9Cj1d?o!tMXb>MSmr^~xu7Uffn z(D~EBt2SW#8u=v!rXI9ztorQ*0q*;YpsnX;)zg5;`^ePMQO|LD)`eTz_r(hci+&?< zXXfUc(zRR_j;nr_ikjl=7&z!MB&Gju z9hma+(VSuV6x$eaR)c3Au`u*DzTKdCLLN1@%3#}?|3??IjZOxfGH_(J#?TD~`j+_g084Qd{* zFtluWQe+tdRsjY_-s1UUr36vcO3Urc=^lm?&YKx^h`-gfj-lLosHF=Ta|3e1DHj`d z-L@Z<51Y2f;7U-lxuZx(WIv=T?b4V1R*j@%bW>$YJ)3Z?a9_{V4etj2-uB941zCrO6dmlhHDn{wbZ8i9so8RYcc2}4_do?1+ zpyew^V{;YGh?*T2=EfZJ&HlxIVNs(FR;jg#e0im0`HS1g`N8lAIUWOMzqnWckOC#e z!K%wxu{(h~AJ`IVXsGD^rs0l6^K;jU% z+M$o#Cs8aNpwMn)ZEw6Raq>&=JkB>&Z*ds4WXe$puQ#A@QS(LlpqRyQeA;2TH(&gM zO`=F^d@A zGxqi}%UFCP@aAdh=xT51=NH^#KRFByQ5({FX6pfFGG#pExQbjkmdBL1RvQsGHkh`Z z6ByvD_~eX3RUwLo1}4Y9-{Z@#Q6Rvly5%JpfM>ze*> zhv?ob#Ou|0|BJ{@A+2qCqvUe(!>m8f3Uw*eWWIk6 zJExXhIU!tqRS5Ge4=s6&Ev}GZfMv0|-|!7}A(p*<6kYCRh_SLg`@P!m{Xnrk$z7_X z?sNVDoRT8EpXFj1-^v3au7uD`hh)lGncs~JtYfE8#V7lo`Ag@FnAp~sdJoW{%`IG! zK)A&(Rji+D5UmfpTi;c}$qABA>TbpcOnkABzF@buFR;2Wl>q#%U&y*{Y`dzObMUeT z2N3Jo4~VS~l+tGm^NQa-!z~!F;S~wcbO?$2F>i8H8!PeK_UY}QrEBB31Z{EHl==xT zwH+CE`tn_-&iS?YLp6_Sm$-7Q93>ytaW$7V^+shSQ2~>m(*v(1&c^ijtT#q&SgRI{ z?6bZ|WGn|c!QE5mEGkb^#Tam@`~y)mp|x(b!FS)>q>9{flqc;}gi zLuJJ-J-XmR-t_EY%Z{b!7DFF}6+UNm9)0DG z=BMM*l&5&EJ-WI^@p#NP=UQTF!vH^yK&nGFw;*KYciv_drpUj6aV=!Fnai4}h1&>u zd-`FsQsHaj&+^>gL~$$X*Pm5EC{#_~hLtSqu)Q|CeX49NunVSt(K)8|M)2nRYI?7* z^7DB%(F$ar%U&N}m^zIW&Q5CyS>R+3f1NM2jy)(TAZy8-MmbTh#4`S|*1|Ez1Zl(j z?%CO9=2!yw+ni)a|G4g!>|o8c&l+KKQLVAzR1#M{IKZJaHDN58!1Cg^%Ma0XRb~ z_+4ZUYam%*YvZnM@)`m|&AJ!851n@5YFL=Ry(+a^?{x;?FG4Bj2QG4fjnmE{-*06m|n=zO-Z(Ggrret{LuZk4#VFvQ1PVw%JgKXFy~%HtaVwpoiG zu`(gv_lW!SFf(kgAjohWXrE2Iu1Jmz4;Codh|JX9YZs~g5F`LJp@KULd4_H#%6y8Y zQReJ9%gLmauQCstUXIgNb~mp&$zWv`3jB0&seh-L%qU@UG-L{n8R%k}oXGY$S8z3r z4j&dbhD3kmX~|>wk!q~Qi@Nm!kVBNcR+5OMh;0TP+J~%E#pY;)bUhtSiA3GE6t=(8 zf2{F?N`KE*yT;*RJ3F|jHy1w9W)nhmf1oOIi}zY+I`{`{C-iRSoG#Ghrah-?%uDIl zhf=s$Z1$bwAt`v~B|9_|#sS@VmPOr39N@5%u|_0Vwx_VQ~aRzQ1c zcm(4SxvAgA=d-TH;y|gaAJsI54;M&@QkW8GvMO3pJ1#2XXo z-k{jOL;lG8^fOqZxAx8J{Dycgtukdb2JyJ0>9v=?g9(M8m0(UX34n)m0il#U&vw!f zcO+Bm$P*bLCF39t(Ron5MS5`jU#X%KDT)9rqc#!SBwq$fNSW+T4$2IHnxa|AUp%1URMq~ zk0-~_Fi1;Iq+UwKoRnYjCHC9qQ#uEhY#RF3-HcNz^4RqeSJcJ(L{RUSyCCaKr!tOf z^amK+465_y^oiuT`liT}QjzeStY#h}c2P0PiY4J7P~FFdc=vrINU7=Ka%al>yO+S; zn%0R)IN$#7y%7n@`zE=y+JYsgygv7>7qVb3BVLWVA#f8D$u%1cy7E4%Vw(K&OoBkK zbA$%JW+sCiuHULogmBX)An+}NKB$x?&bF(9r1FN@;_Q-v@g{g#qThe^ZvW-pc^2&l zYnwd-an`v4B+wWA|F9TW(nZ zFo&w{D6}8n_(Ua!8Q{T9z56KyL%`Sm5`g5x?45Npu;a!|Y>o-pYb`RvHePdgEQTs! zSHI^ERBr(cvfxFi)23SxK!W(0972gk14^M%QWU!3yNDsPn$KZ^)w|`-_OZU7@)ivR zv6*hlsty}X$gFHVXtwC50bLy?o_zouiTr!!uO9zs3cmyO3-do^c1N+ znCwX&s=u}SW!uX2pl2&`9l0Kk-Dr-K13X_R7kvuvx+Zw?CAqzK2BTDpQ*c7BkS4DM>9gp;H((~{g@go#*cQ$b(%k{N`Z8k^z! z>OX5rD7pDD+CiqPO>cmc?p}|);lc^@a_0PLHnPinOp7@Q0K)e(IFu~e7j_*(cVl9C z#EUqfeByV6zc{xUpOU}+JuenYKznlMsW$ZWos53|Aw3T>u$w1$csk0@l>x*mV4}P~ zIUI}^XaRJY`XYLYWbX->$*DesCQF|*WT7*v)KX}U+yEHVd0G+hh)n~NsVPlvKA3^s zr;+IHUcL9myF4W$o6B5({5j>B{-3bx1G$RY*e*_BnrHWPUCK7vkV`)BVylT z(&sQ%{(6wUWG{~$a2AY89OwxjqeHNh$2Ex?S3~e4++fZmR=QBakk~}|TFiyGp*}p< z?=ZDh7w*vL7Vr}saD}VPUYdVBRDsL!3W4KkS8yOa=p&lqEBJ5=Fw3-ra_jTmH_{$0 z?^~wgBEhebKENSTRC7LpSJnCh`>wgMX;{z_7YCn3+4E?Gw^NQdP=AWdnU()7+ng~= z8s-(yzl4D*I%<1T!|tZh_Y}Fc6utV=qKuK$JXZ&TnAa0!oA{1+}jIP2`<6f$`$;k9gUkK*;jNc+3c0mREVyH~z+ z06dw4cAW6$_a`fvcOYP(M*^$6SgDuy72|4L-KBbz$i4yb_N@gO$V|q`xbD2Y=nl;}oEFiVs zrgu#T{Nk5-pgFl~!_V)kCm(P7G%%OYG0^^btUHDE+H1-^(k}KF-2E`mz?DmNLvz2} z5{CSNwO*se#GfOgzG`?qY&O_T6$L_P*pgJp$W(+GIsxAIxb`SvT zr((0#7U#v*%cb>?^*VF6D{;cpc^TC?zMt|%V|8;NGOkl&Es=Yegmz+V2MTzzw^GFTrRYJ zz{;YXL=&99j;OATIm}?rK2ikAX#x-2SS^SE3T1Jyd4KaQ#H?qOG_B3@OR1T|cNs8GH=$sAslH4{hl3JqkO*XT z07V2U_F}r{-IPy;L1l@e)h=LV6IWH742Dk;9U+!fOX^f?e0pFUBF8vC>izjS8+ffzE=auj|5E#RMQB1EgWd+yypH%9LuQ z)J4!ZmbtG`;{UaU`oAQJ8JZaOX*y$fDyz9n*M&T@fj&TuSw!0ek;fBqs3q;uP3b7dVpb5-xPrGadzuRIHP3StaSX}1_3|RU&G0(T+)9| z4dA5t8z(&qf51n&_bOE)o=1HYyZH-f(_N)pVqGxN7~OBZ#Z}Z0rdw>kS8)iCN)KtN zvi<5t%!BO(<$l_Tz#slH9_EcLBzX`9{4+w24r?a3`h3yz9shz^c|haJ+T*iY+)lyb z+ad*K*!AT}7p0sqMcEk8gWo%1fl!m${EbSEFhET(-lwXv>QLe!?fEaPu3bIkeAoX4 z(dbZ)nS{oi0-caW|DIFR^u^TZy1muOc-eA(YB?0EKF8Vc2L9+cYPmL_{a1ZE3xL58 zytKd^tyu7;ZS{_^5=8WXeWbe+cnfs@hI~}h*I@;GKJ0G1(l8;Nbch?6Kl3@V%g$|D z69|bXX(zbBTVa!*X3wTVPS=}vQnwCr1sXZw$31N;BmK)C zf!j>qD_|^Pt|>OCoU@mCjXN+^Js?C#Q4Aba9_cZux-VkPS=YRe^c49^L6y~ucYd{PNiMM6kECW zGkCeTD&F@&uJ2%1X)?O&DDjgCWwPf&(+r5@3-p95b-yOGzUKv53Q|LNgHl6x3PTOu-EpqL=Xu`$`JMB=AI_IE zU-;?3+;d;|6??C>_S!{UHb=SkaqI4$8P#XKRj8ISgUPmuKK(rNul&ND<-y>DsR#`A zo}Q$>yfRh@>yXceq9s~kfiEVYgBiA@k0RbiQC3+ywM>ph5vIO8Ua!})v8E9WMRh*m zdmoYuVL>^ZShL~&_-Qq(=ZH_rpl4kjQYfC&9Xr#aQ^dkvTveOw57zcbi7eT7>qWuo zIIi;AG4#J#_#}z6VX^2Uh4H6gKpEi+@z>W1N zHy0wsF{*@dIb*|m6J@;U8uW|Az{_{;ve= zw&TA#zW)jj{tI>g+qC|h`@jD?QvVMhq`fS__kBjY(wm)`2H6^N^=%xyB~tq^FwW{P z&#N&p(BN#K(>7~-%M@*?1e(;(K|PK9U2KkMUzszB+D>1!$rx9c$xnuf*@FZNi^jP! z{CB_UuNI&{+}NCz9+3uRWpnTy@eA?JiP-Dru!%ar*6h5Bc=Hzg?yRmZO><M8MNvEm{Kd;JLLun4>#LNu?jq%cq@fPiB-YY)Sppi_F zM^drqXz{6UhB5|mQ$LNKoHXh+ka{eDVhfvh5+vx#6n4Ub>mV?Rs4BR3XM91-gtNfY zcx3(xwCU^98RC+qd8R@yVoFN24!L&BRRB-hegZawl0P~ryBhnhpgzTJe=A5ptcLf4 zuRH|k=#V`N4!l8fVPZIBHC8BB_&=+5s4s^?zn;$@TJ5BcXtC$62O=ccdK};>0b0k) z8W=9seJcZ3om{C5snt5|RO!82R5)q57K;D$o#e9ZwPWwT$76hUrJOpM{lsb(Bk#k2 z@}^}E2F@|FPY#epwCs|)fdX1W@wD6o=P0r8LI|yFuZk)9^zEN=p_Zj3m77v;C1~QC zOL@K&q^A*yQZBca;rENJWVUE+l0ur2z#N21lI=4FS($KtPh0P+3I21PB43Th;@3K; zL$OxvM&k-X0WS9EkG_Fror{{2sM7>-$@a(n+d8|WAi&CF&xgSLt8>4S6au+Px9n^pT!|(x_K<^uFgi z+Nb=(x8k<%Ye-CLIo(n!c)T-j0`4?xEv!}rpF>hysV;&-w{`l^XV=DJut_uI--^)s z@FA-1vaC>au%e~^0c7+!W-rG0UI@uEk6?ijdLRKPAFuUD0#gk;pw}UDUB+#J`Xji z=Owz;g*zm@{c57P7qSVC%aJF?!Y$7U;~5aGay|RXw&6!_%oyw zQh9wxE_pFsB*4F{O=}40q{UyIs+<8iZJf#7Xh}LYyq|gA6di+DqQaPFKER{@4oaoH zJukl4bGQqV%+6N9*wG4`2%FSoGhc~>yO zf$cy^tIE5_I3an1b`?`csO3XxxTPk&>2Iiq5_#E3K%xmH0p>=NmTD!Up8GXle<3vwVFOb9)(HY zWcZ;=HmNW%3b1nvMQET!N`8ayxKK?3Y)!mpT7$4P-r@y2>DLi~IO(Spn&g&XTeNU< zh7DzGp$CMVR&~Ggge|I!zAzaiG1vmg$wo}N;3?(i@rI>zln@|%tyV|N4}>QgCD++@ z<{{6*Ot5G?=C&ZN0IuC_<_@N1?cJ;J8tAKTGu;H=1YIrh-!XZTf^t?TZ>gR3L#zI8DbNlo zlP}QT+j+w5#rg;0Q`?b#+^o6)NQqTj(W-ekUG&YyDuQ(j`#!PUqx{Bp{1T)E?t`Nq ztg^O)aH_Y(%SrQrW{>#+u~c~nNK{|eHa!}@ZueILWMf@6tlEE3@qwFJXe$6S?#*WJ z>uy6s{ddQQDmP70lEqRYd6ybd#%h9~lxwX(#eTeCx47K^ao#yxsN^7&m~w9PF)bjj z<6sVlhmszB2__(9pVu+K8%jRHZgeoH8DpoJ_iS_uo()Lo^ltK6C*=h`MYg24h#k0#jgxCpEo&hSm^p0U$%*NByyXaH?MVYu|eSGmh!Ze3E#; zi&d8Uh2Uikr~g2Yl(C-`;2Nz@2X9&)4JQ3QZF?uL_}SGHoG`ra?3A&nbPT*6Ti>9f zLu&!&xcx!#J=Z0SxNxFR<%x|&1h1fP<)1=wn{9nI-^w0!dW@r`lq%;cuF2~HyZ z$`X-I)@x(9NlZ7YRKLHxuuum~pI&IaiMBM4=X4YKv+0(Gu%Z1;I@V|y%^Nl2&T{;pMObS+ce zO|_BHKq~j_Pr!B{D!sI9H0BG1CD+5|E6;&DWr8h^Ts@DmiG3MGK068R>eati%4g9|$ zMd@5`50am0U09e@3DjK*nG1qD3G0!e`c$;rpSB)nX6CF*fjek<0!%5sE&PR&B)D!r z`Oca;Ck4VI%p0ovuv2;ib|@}TPQJP<(A1LBKnjwxjto^*Yybe*Ilq4W0ZiBSqCyT5utzcq)yb`(#ls=q zs&VL`bDgNW%EnCg4DG_fbR`}{uiO;&PEPa^rkb18|2NC~F$mpbuBv+EP^GKYeg0k! zy!$asWh)1|$M*Q9Ps7?zyL0k~BXAV|r{=Q*v8xF7XXF+=eBSr-;ry#9)wvev=$+B@ z9ffPlUUA~1_dnI6D}IIi2oMVYNpjhtQcb8?w*92QKeyzx_=GE7IwJ?4XBsxH{d!!_ zI88q4Qq#%9am~HmK(EVLUHUJ~`v}V)4KA!VB*8t8O|NB)kExO0|Jp%fdcdnWP|3Af z)HzSKU~#Zk9o|e-J_4%#Ll!IQOcx!{z<^cqjNhIJ)Zi(hboZ^x`l;1lOZ%;bZ_!zz zN}+H_t{Tlxw#CpJ^bEG)nu4Ri5LmF|z`{y$g;`)f@wMij!RXwC6HKUj}Rm5)xqmfW)QyK)gA3Is+G zdsa7Mw1aAf*(T=Kc3493Trxt&gFB(D4$#n&xr(T$w8rk`EBv$e&DYni@dDOn7J|3_ z8Yw(*YvTM*rkatE$nFgBKkxlph~pBCcUYiM9q8^t(i<|aLo&WQF;_wHwW7j=qtypOMs&BhUF&|rk>|d!=G7>?ytQFD#)4^?a`-2)$cS%<-nJJ(39?CSZ2u? zREAwY2de{^tegaLQX}N9^0n8iS}Xr(SNp|49Z@u<@RB3fS$PwV_5^yqV!A61G3Bl3 zJZU9IipZ{~l=)SjidSn$rpo*dv4{;lq5dP(*=%KYe>_Tez-7VR|KSMEq;;}0yHMj_ zF5+;G7Y#I-+nNFJ@o%C;b(9)|?JC>h#9Qxgt#_SWSH?j6(Z#3ZSN+o6wyBK*{sWD7 z)3%TA_(IW9C@Yvd6Mb)kZdMc;MiJbv zu0TZ%>}Zbbtj^W+l(Vu0wwALBdm^2nc!naTN@_p4W=l$QHlCZEtY*GYGI1Uh2myQ> zaWA?!<%^C07^R=VCC$or|C;4Ea3wQYhYRK1U^9so79xwK6fzdP!M0H`FB362tx@JP z9?Np^MkCd}yY*)d3-wf4kacwh0R!rJnYGi_1bJyMpM||9>Exo23QbA$Euls*{k3lV zc^Hxr5*(3TTu4|ayHUY+Xi?pv9%Yx+{Q=7@C8&o!rPXDp>B~ zmQR(lrrscOO4)09_s#$mK>=)EL34_vKG(Mpt2!E|mD1WkFIN~lsp86YWiG`mJi96c zZd)5?8NZb3GeZn9ja-_y>}t*}YuN@2CdTB~=}EKV;n!%C+vEd)F31_)N}dYMi?aV? ze6zItOX@?nEf^8i53PACAiOyAz$f(!Ir<^|>s3X?|6~HYl}d70;Ok>~D58;OB$`ZI zi~$mG?%dMS`VF8IN2-7^ZrM8wULxND?h^u6U-2i=I|t=z?XE{T=?5IcpZh4jQo5RJ z*XfcuIncK=Izj87E4=GAUM%?ykgS_(EiTxATr``!ImVb^lECf=k+V`4gdp1_WS_rwYOPXmLr(+dnVIA?A8Pi@*;Es}qb ze6zd%Arl_s(4XS5TCd&iao7G~#l}Iw znbCgntsO5={(0l8;>79K@IU9x)uAU+Y8PeORnzBI>vPLUiUeIHld4P>?=#{zJ;+=8 zIC=5>+G8%{Du)HTEVjvEXARxIt;PNyh6n`io?;Ba7|BJ%YTOk4|JInPucYJc593h4 zWg&flgF{1ti{;!-bRXifO!k_Bf=?l?ww_Y@Fz-GUQXF55mF}r0*4&SL`mcB1*TjM4 zn8$i|M;%@4fNT_#yS?e3sy1dzH$R|iLT9=l;ZJwL%YxCg|C)+ZBwB^cMUsb2Jz`b{ zClHiGS(lzM(-YcWL@RvrWr#0_te0C=&+Vx)x}S@s)9zmfsRlXOTjkfu&OQ(%cLj!7 zQzgI;PMuzb%yHD)l9hj;N4Wp11+Y6jZ(EVre?Txx??{GNk#{ErMM&S0D|&kVmZEin zQZzGsDInMUY^165*BU`IHC3K)#rgb%N7#os{k?em2zuZ5?%z-vKvo;NZ*YUcJ||ASKXWh_2(f?n;z-tQ;P%zS_6`P&no`!8)@OeZenBN;BVDe%Q|&Vttv{`ju?qb_hykqfA_oY41Te z4wVbJ;T>@tA@N|j@hA5tH)dOLt0>meqpi3}Y6Cr{a8i7Ci^@OvsG>6EXAWjK%ivO@ zPO#S+Gz|4yLjS~}Z?6qkkIST?sN@EmTa%xyrww_WO|XxI)@N%514`o`r-cp8Nxjsm z#)(BAi@o)~_6L!yg1&;Pww{rEimZWWWP1-B$maIL6MVUzF2Zb)L#y|B#RD@JpHLy6 z^(nI+@&+zdX;$9w;-W%Qhh+az+kMF1TdO%Ty24=4z&j)exPdxyZ)8L49T`A4)}mw( zqE|?cO&CVOX=R8Rp>5cl^rrc)g zF9vvYG|+SbFnbaNB0PW+%{l*DRaxvQ*qFt}+(AT)pbM4N8t?|8&)ViMZq`44-4>QF zV(IgNEdqzhn7k0u@s$-B#`jr;U)kGbU9)k)Bv34PNo2OJpM z_5i(c!kt2Hn_=~b{O{coZi?ugRrJUoR`D)AKBIyTbdW)7VUe`l~zHG2-CNs5~1o1Jy{nJdGc8%{n+>tD&|1>$c2N)al}acNA)yJ|3Bw1skgUsoNdUV4B^;2$x|%bgxOx(?&FNeDv{}u3HjdEhrlaT1iD>mEOK>INQy2kWl+Z2lF23!S z^g!Ln*lIKHQZa1J%Q7kVD^fS;9%M_S&KNs5HVOk&yaIJ%F67}BaB#Wect4k`?-hMa zHrYWv$xFW3JWp;tu~>RG3fEwI;t`RRT(*N_QiiyeuI{s zlj_B{5l+HU=q)jEtmrRlivC>uwMOHL6)!_Uz5R}Ec$eY_`D`>?d;hejb|3{9W2v23 zU~{jE#~)xRnFz$~x~bfFp#0|i=}2BlSHlsN6CDHnkrG(pDwB^JA!3IkVx=+90R2$B5+$c|Hgi}7IU>z zQ;3VYr}^SE&<8lon2J*+egr4r$;a;kA%K&)i4yo0C;^N|fPGPT=Ef{6S1+iyT%X4u zl$SXhBku8U^9u*hUHf0i`qk+PqN3~CLn@xKbqe{4`zg1BB8~fgm`MY#1iy-I19TXZ zi1t!&W&X!Yfr|cLFNIJ4^8IDyU-@u$C8wVmdfuaIAb&G8E3EWLB{)T>5!?c|ZDPJIPA#lnn z%c;sZuocQ4hxx}P-x8`3meMleM91}VOK`q7fMxk^luL`YzR>C*ic80(FR%c)1iFw; zrTY4i_ONkLnVgc-_DO*^f|-UPFB$Vhlx65GaY4rtyjtC_QkceBgFGaXGC&@b(YC5z z`G65r!9Bnpl5tr4OAf%^17rk50U@j(1*~e7M;lSIqCbblpB$S4HQqdVpv`6CZ=rkZ zM+KkmZEj4%2(QR_-#l~TRQF5g;hR;%B24LM2D~o6=#>LpJ4gX>TV(Q$VV25{#}dk} zdgZXdX!wUV;=?@~n1(irxa;a0l;BmtWdS9uSUP-5>)I?&EhI;ex74q2_MP5|=WLm@ zY1JoD5jHvOAiiPFgH~vD)%dH3slgKt@=4JbWPb+-ge;XtKkd3G<$EozXgtSfs{6FR zDZawj^{s;`OVOeI&vVW0>45 zDKzI4m$Bjct0{3NnPQXjONZO z4S&>}5>VSuz2-eJe{IK4Cpv!u(`tceIua;?{-fSfvNgIs&mxY(AoxHr@s2BfDdbTX zQ=e@@?_Y>MhbTUX*}%rp{qHqfm7f7E$_VCPwD4PpdN){;Xt8G#BMz>O4UM3|X%s-V zf*3b|S(wmV3*A#}Ei|G2Q&+)GxdRN5Q&Rx2IzwwshCThS}O5I%hPSCCx1F zigrHAWi&}m06w*7Gp=lVjolC&j=A`8`J|N3}H1z9M`_!c2L;zX|y+`?8wR9W$rY2O4<;;57@mu?&t)prJ zYs8&P0z^47z|OH~W6~X@r}VyQecr(Um_YKQ^uN_XTxo$={rRqLx1WV4Ai_Ksg>+&O zB9Y8b#4W5~d5hmIZrrNVQ5q=mvd9?Ml1rt4wTbNj@qYTGL;f9RY5oBv8*ZLY_i?EI zH}(jkvoX&|yvBzkzL@En@s8=1NVbf$ zYsd-(nK7DT|j4`%27MV=U@!k~}kqC?&mkv_MnZRmf zu4N8Eg@ivnl-d4mYOj5Z>M7e>#UU=Il1{tU0Eoc^`+?qQxCBU@-jk+gg%CIKj81HTc!l&t4BiL^O9Z zPYbkm2nKEU-Fd6xSGI>qT6%kl%Iq__A1HKOcP_^8j>C`UdjJsB&(8-I_8*=48CUKx z26+HZLSXYVMor(*%Oh@cb3nGCk4z zSdG0VAABuIGkhUBTTHzHs3&%4+$5s!s%UNRznwziM|b=z*9U7VFos1|Azn7$2&m}t%vw&G&dC|_q!OM1 zbq0lZ>7*UbV~1bF`duv4y5o&nkDODqq+i_nO7H_UD*9)+!qI&k8;-Ma4ootllPjzw zg&O}Ax;YL%Sydz+zvwNY8>?kwUn0J^JlI%F3(no9JQBY2u`YR(r7C`XODurvpbI@u6=quQKEh8(-XqVz*#!AtZW?2+*dV2vgbrQ z+6l33okrcEv1c3sn?xd86Cw5souM*v-3fx5hz|Q-r!vkowC1r=ivlETh-7c=N!cLW zYY6eq$3E><63QmpMm2X|LX%gxzvx7gbN30{93G&3iXl=$8rqY~>f4jBGT;2*i<>?1 zMP=x@1@K}>88$_^kgfJq94uHNy5K6gBN1n-Rd&Bg1CJ-W6gG*awhc2+h|7F1Ydn2c zoW(Y${=B@~@R%xcjwMOXrDe?}x|y-KCX{?LRm+0R>8_4l-w-XKZ`Gg&Mbx70$f?6K zh4dAXU*z$lYM;`A4%RKHQ!*zg5Yv12X7T-xUR5g~upb<-Pd(ya)DUl$_aGUWaT)g( z$#yjW9hK#WT%jEi8*b`JIG&G`PNi}cg%bl871Cjp1G?fUh+bmv5A3AnSh~$%ebanm zPtg{pU0imGn#R{{>MFSzUP4qAp=ybfmJscygOK*s2lbu5>>9K31`#y;ei2+(#0`6HN8nc!>poB{TLt_6asOfwc( zxRZ~ft_-pz{}dtm5|@OsE;ajCOHgex>n9xOrWzf-|{=w~VKE{FLak(CN zp2?+=(dy8e+ead6bgLZInYRnjJvrmG&b}i)TYGCF>+2dPE0dOd3WbEWvEQLy5wU;POnbP-#4=YI z>F(VFZfyeNIASVs%xTbv>ntXl`DT!^ zA|uL(%6^6!{f!2zX%|xNKj(pkqK}RX`Q9|YBa?@)IUl(``ngre;fqSBojk>vN<9-G z8R;C1GE{*{+|873JdiJ+oW^xbxyZa{pu&q^>c5?8uI^YO+y-L|jTH6rwDwSn?Ico@ zAHQ3@Lr53ZRKHRbiCWO5|6)OXav#h2oH2At{aj-58EUs|Rd{#@m6exaBzhXS5Fpge9qN-UAJj6jn)i$zWrBpVDye z*iyK3mp)OSy9Rj``q9$ctM+&V0IJQtWLu0l9oO!BVULhpuyXrEzPhd4=ga9uf8${) z??k+^{P%s5kr7(Oc=aLd6>wXJJ+`&y>{HMkQ{1+v7^xJXn<===tC$da5#g$DWVQ$y zFmJvfV$1UuB-46SLXy0+pWpF1O{e-A>SEb+;4^-)DFJCE;Po>C>H zm2<8gV8|J0+vN~6^X`##&3>QG%@*)tf2b?5qP2x}>?)V;sA9C1WNB?kWQe`^Lr~WU znUvL)v!c<}3JOB(V!(duw7n4??Fnch>5eX-h{+O#UkCrgMf{MBauLZSVs zXV+9fTa$%N6qu4Tiu+v-oCv+sx>)9MajA9A>`S`IAnb7Q$~Ij`SHZIcr_)NS^37C9 zUFq)aOf5#87%NwDC$T2+y3y$mbQqYuk{SV z5Dh|Vf=3pZ(V*|fz)vbpSpxXLFXxL|_m!prm!~#*M|-M<3ksH)V;7hgLB~4s{qKeO zA`+IGCY7)U;(whnLoe;@i;?U<6mmv`GpxnSU%0tbmJXEutXfb`prl_dPnnN8wHsC> z*_&gVSmn0X&fIOIRCX(pFFo!ZegPV!-Ty{q8N<%fQ9sPuxJ>29>AN2ms2Tj+2du10_8x?(c`KF*c_t9N&;NCScX~pxjJSWo;bDUj?zJ~_gox$io)D-%qpS#T0R9d6;X@Q$ z8TvcFea2sw2FQAuMeHmtti7rp~X~D%vl$~2ukjs$A3z!#Y8x>y1)lH&~ z#lBS6+QivEJq-!hmaZ~Pucn**mUK8o?U>ObIs&^hJgC3)^rD4FaCJpTst3BgM_hh# zwmgoTE9%8mv`+iQVyTUM)|$_+K3opZnUK9hRk7z;qk>WL1=~C{b{$7XlC;yWjQ$vW z|K4RMOTloN=)*#LjrFXO^y%s`!HEDzN=Wm;TLbgx8FB2jH>K-U*EPD~ki6N)N$bJG zo(1jvNL`xfF@-6vufXx)0xu4pBmouBoeb`PjYNRW5Za2D^+S`N^H_?~@i3u;Ufw6{ zJxBcn;aMSgGp|?%ntXI+Gy&YnP(VD_}OxjYib<{W`f!METaRn^(bx z;YEpmG^FuV`WDjTg`*cHTyU;73wLs|eb`bpHXb>&2om;(_HHL`m2<-Pb}Zh&I^#}| z_;!GY{X1haH1V90h`7q0Ak+r4ISorKnQoi-S2s~{kK59P z%ST9O;Ax}BPgQZ6hob8x+gg&I_yqK8GwX zidJ}m>03Ust=O_|b-lBkXfX3sg2PWMl6Pb2z@Ahins_|WEyQ8un@n-Nuz9!e+(>E2 z-i3ZlF@*||bIZ?$s!*3jveJ_??QN5)GO-ziMtLn*`ibLHoK|=)S@-JAJV?_v=7{-= zN5i4D@f{UJIZQ9r$}GQovH+cR1 zBfqY_v$fS&@cq7Um%}}xx*1%rqyv4=t!fh%#UR(Ha*lez&xv7YcKaT);$%PY8g&o1 z@0$D?5nG$M2;s+&5#KC5&FGG~nJ^h!_$)uj)osVp_1MFJ!n}ygPJ6h*eX4qO;`0#g z%QNC&ano^I#wOlc; z?L6+GgSdSpJF=eg5E}c*ZH;oF1sdCh!fHCUfQiPEy>yUO3Tr^f^KUIYUk|P)l|a_- z6`esMjJl#K2y>H=T3P*FlR!wvoOZuc>B5DFkaU>=kzzwOs7XILWV7d4sy2kCQOhg8xux+g$u!-{~>F!6;IH zPQHuRL^Jw_h<$j?OvfkLiORB|#w@mbN~I$=H)Avur&(yF>f>$ZfuC$#`)kQTmbGyn zcrM4Ubd#($$z7wKTzG6I3TK$Os*6PNGe-Nrrtd|m$x3V)r@v?2{8?)dbz+`p&Ti8? zs8=L{`rh^m$9c0RGP_-fZN@9<>8GSUKDig^WB%{cnMPD1BT3WPbl_adFol3>uPUy{ z)kN2CrPN4a^Wp?uddvi!=_a}RSx;_QaA=5e;(z_Jr?7t!iZkVf=+ak)FtiuRE4#qE z`5L)0l+}x>xF9a$Rc9(BLkBUz9<{Gx5u8E%J)^35NbV(`iV}6ihO6VpA>EnV@+}Z1 zJ1f~@J7w7I_fc6Lqpyx!{Hwj-T(ZO2@$4PP!j1=Pf<(DcT(9#G6t?vj|Ge_v&#A4} zHD%CixH+@DmeeHhQrtv($R zZsCkEVfh^OUFdW7Y5A8N6bKpQGvJ~89v!n0W-%6|lFHF)xGU7cc>8O*rm>$9kex~5 z&$b`ze2t43SRhr@kNo`q1oCA6X%joE#oc3zG*~QX=YBXpmcaz?G~4!hrW){iUi|d5$?X9RAb< zx^*W8uc?1|XAIWgvGb;xwC$4mmfp^6oOKPP_LQQo%NfFFQER+LgRh{4PQ>p7$G4=B zFb!X06MdsFsYD+MjIU-z;fiBg($r?3{WHl26P51{8cUs0gfDY_U#}!+J~MI5<9UDd zPUD%zPG)*K+h@TZxa)(`w`(qB;DEA}e|lFbANI9}?Y%@(DXW-jmAfN^oY!Sp;ox^L z2NE|~{=KI0Hn*eoNQ*nXXc>0;q?%}{JwhROaRLkJresGrwPtTrRvS-DV!26)E#ctt zu^Xk<1;5aWSFUw678h%u^;K?YO!236i)tUHlX2$yt{asor7U>n5z&mZE^GUcnRZ&8 z$=9z{cqsd`GYVcNrIfp1*xGy zl5kL7>4wV*5Lid=sEzF|F0OEYSB8hr(6wvEsQKixRagFzG+YBi^e!RCoD;LcQ$~*_ zW-bjec9R?u+l)mPZEpAu@@HKqj3H0|B$UkYjylvPxc8aN_m6&z(=?mf5`);_^Rb)q z*RLfY#O?3C6%4pEO)uSlYF^jy9-9>0X~pd~T_Y7W4xExU7jkzPS}gVi0u)w1=tw0x z))3($t8QmtTBpn&FqmxBFDM84x4uTI4@J&-pV~~R6oZ)b55FX_$urfk1}QG5#U~gT zxLt1~o-0j_N7=!vn)2usaE5qW3I&ySINPK{i|}R@cBwdcGZHkUR2MGH@e$?p!8)TB z!?jN~DznvaMk~+B2eO<-6XQ@v=F}@{Fcalauh=G6M$#CAmwQZ^T;B=mWR_owNZS}z z^x7zaP1QcZ^#SbT++Ez{B-9k4CA`mNIbim&Ylt!Q-Ikb82;aQwHQJivxJG-6j`deE z3`NVRNgO4}$_i20pRPQar6s}07>}uw45rTqV9xN@ z&6Dl6x)uT5FH|XfzyG#9B;jm_-;*1@YNb39dTQ4>mAn%}iF+IfHc9cLp$4YgMNrWh z!>qOEOH>_?`O|Lo4M8atux^oZ3lzpQcBkSjs{y`lET##mg^d^Z0YVkp3>n{zUiCVr z-QX(B6?4Ps)5)ZwPHC|t4PmD=+Ik>YB`rSbT6dqxU%=`$0qwhn%lB!$u6Ksm3Ag!& z%83Gm6mDSs5*OTK3*huvo)=MxQeoRA!9o1~I6TBSEByvW3R#w$5^Oy+XAF#Tw& zyMueDHoD4cC&(FI1c+f z7pWOgiiF8}B9#{5EaI@i*h`2w+}*s}v^irTCowFSoFf{5qxE98#Q5Bm-+7xB&m zE^C*Wo^20cRd?PygW;*(>~fu;0OwRCiw+s%MQc^)a=yzYYU(%1n#9HL1IiFNsqMko zIbp#7Gn1o^*W#bu?caUji3K^>V8`_3_VFJ5K$5?I-ZzJ9TN*@aPOeWwx}iRvmt3#% zN?3Ls>)i<`rPX@`vKx=wUJO#rE{F)DF!Tki%MDodZfy2yUVq|JnCtUUOiU1Q=4)=) zc}nbN!0AWc7}JQ}i1V#vgu~sFDGUw=O-D-RgE-dJxwn8wp)y>YOD(mc{Zvf;hqW(Z8$iz(Y=L(c=ipk+kvBFqcZ;nBxb zPj&fU!#Yb40~)uGNtU7})Jx&A$7J3`T-m407w2{^A_bH?_R@A=7okC6S67n(S4(_$ z8_%A|8mni#wa-|KUw~9|4qJCx9WK;Yw0yk_Zb+x80zl~}P% znrEI9*UpN74Aof-V|4JIVe6Y&jJ2jzCr?yneL!#bD}#jvhk?QMG%hk&Tdn;&#^Tp~t=Fh`d@TyF&e>Nr zpYrKlGZr>~dK;ipiDVzV&6LBx8o#(K@H9Y>yZLI9M(8*OA!*58u^yVlAI{u{=~Q2r zYut?5)a0j$di=XjP!1cxu__WLCuiW=TP#lnYS6D>)&$}7fr?ImALu=dIzMu;>$7vS z*k6n?q7MCEV;iGb*A6#OK$WcNI8EQa&Hh=OX6 zzK>Pw)L&FcKG$8xhX6oz1g{t#|MbIyi)f}#6!Je#=GiakLhb%7>5BvifC zhvN3*zABUdk8K?*F^+ymB;7b59;m(Z&OUx!EStz;Pps87LZft0_6vNg{^Q3r$zETv03HZn@!_M zZ+WwYvV(;O$1b6m6LlYMd*8hVpK*6wxGAVghmWsKZmc}=JXu**iCInscFknN_S>Ev zMSZkOEk3@&DzB*!g@+2v27Xe%BF*CH=)mNQ&OE8DhuYve;<+ueZ9E2U`gf#LYL=6u zHn*LWuC~eg(ec+Bq?csZ6j2+tx508&(N}?8?`ntVso|)_R{e5K5`8`Lyw;GcIW)-r zY<$`k4EHiecGVm8q2J5SDsNqKoDY5{8+I)#zhY|@jO7?FMi-Q+eL+kUu zKmQ3H^c%lk?I;!Oh>yn1ZVPlu3ol1lxZ_m|N#Y^}@AlvbfFnG|ix>}0dW}d==dPIh z%JX2eo+Yx(yi!lXV|}0|Ss34;ml8<&-YL1$Af=UG9qb!RC*Q>3Y?lq3CmdYYS{L5t z=wak12hAFB)31Agi0p@YH%RW>H4`2k4|g!~?;iWkxA~R9$40vooZxGw+A5_i{F>3_ z!2>VX46s+J!reM{@|90B;5e{)*F`9pb5%?`pHq25ss$tpm*!sTRs;)wYLG z;DoMiWMiAKI&h_kt*#u)!gYNwn1k2tasatvmR>4Cy0;h3sXkL6^JQ0$zBv&tIsmV_Uj3$H&?;$GtaK`lU`d9ZtwKyHV>qVvceqYdSL1M!Vd6 zwgiOtwjK9z)%Nn%+FHs+;_LXmi8v9gaQouK^W3g+$44VuYjPCwL^rpFcYEMx7GoF7 zTs2wM&28u%$^2$NX9$;^7>^i4Up*P>aHn(X4QBHKVm=_LYw4?}&SXR^Jid3{3hS4o zC#gIRiHPWp5d7A9HX+oD)1gnMt1rN}9ZU*JM}1uch3CzuFZIm3$;TJ%9YVr?b9M@a z#)OB*Q0&dUV&1P54F|ZYm{F~sW62jW{_*cYJA{)P`}(c?liYx=qFH&77-$GipG-v( z6XlMb9|USId-_=J-I<)1JJ=y?u|KbH;Eru}W$*aaB#IpiLN?(4~2rX6ubcc;&yf3 zWu6xx{?6Nf+7wHIa2Y+X|J#ZFJr_y;5;q_3O8vi1`~QFb{P;2 [-DisableRemediation] [-BootSectorScan]][-Timeout ] | Scans for malicious software -\-Trace [-Grouping #] [-Level #]| Starts diagnostic tracing -\-GetFiles | Collects support information -\-RemoveDefinitions [-All] | Restores the installed signature definitions to a previous backup copy or to the original default set of signatures -\-AddDynamicSignature [-Path] | Loads a dynamic signature -\-ListAllDynamicSignature [-Path] | Lists the loaded dynamic signatures -\-RemoveDynamicSignature [-SignatureSetID] | Removes a dynamic signature -
-The command-line utility provides detailed information on the other commands supported by the tool. + + +See [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender Antivirus](command-line-arguments-windows-defender-antivirus.md) for more information on how to use the tool and additional parameters, including starting a full scan or defining paths. + + + +**Use Configuration Manager to run a scan:** + +See [Antimalware and firewall tasks: How to perform an on-demance scan](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-firewall#how-to-perform-an-on-demand-scan-of-computers) for details on using System Center Configuration Manager (current branch) to run a scan. + + + +**Use the Windows Defender Security Center app to run a scan:** + +See [Run a scan in the Windows Defender Security Center app](windows-defender-security-center-antivirus.md#scan) for instructions on running a scan on individual endpoints. + + + +**Use PowerShell cmdlets to run a scan:** + +Use the following cmdlet: + +```PowerShell +Start-MpScan +``` + + +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. + +**Use Windows Management Instruction (WMI) to run a scan:** + +Use the [**Start** method of the **MSFT_MpScan**](https://msdn.microsoft.com/en-us/library/dn455324(v=vs.85).aspx#methods) class. + +See the following for more information and allowed parameters: +- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx) + + +**Use Microsoft Intune to run a scan:** + + +See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune: Run a malware scan](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#run-a-malware-scan-or-update-malware-definitions-on-a-computer) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details. + + +## Related topics + + +- [Configure scanning options in Windows Defender AV](configure-advanced-scan-types-windows-defender-antivirus.md) +- [Configure scheduled scans for Windows Defender AV](scheduled-catch-up-scans-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file diff --git a/windows/keep-secure/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/keep-secure/scheduled-catch-up-scans-windows-defender-antivirus.md index 0c16327c23..098ab1250c 100644 --- a/windows/keep-secure/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/keep-secure/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -1,7 +1,7 @@ --- title: Schedule regular scans with Windows Defender AV description: Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans -keywords: +keywords: schedule scan, daily, weekly, time, scheduled, recurring, regular search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -22,7 +22,7 @@ author: iaanw **Audience** -- Network administrators +- Enterprise security administrators **Manageability available with** @@ -37,7 +37,197 @@ author: iaanw > By default, Windows Defender AV will check for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) to override this default. -RANDOMIZE +In addition to always-on real-time protection and [on-demand](run-scan-windows-defender-antivirus.md) scans, you can set up regular, scheduled scans. + +You can configure the type of scan, when the scan should occur, and if the scan should occur after a [protection update](manage-protection-updates-windows-defender-antivirus.md) or if the endpoint is being used. You can also specify when special scans to complete remediation should occur. + +This topic describes how to configure scheduled scans with Group Policy, PowerShell cmdlets, and WMI. You can also configure schedules scans with [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scheduled-scans-settings) or [Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intunespecify-scan-schedule-settings). + +To configure the Group Policy settings described in this topic: + +1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. + +3. In the **Group Policy Management Editor** go to **Computer configuration**. + +4. Click **Policies** then **Administrative templates**. + +5. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below. + +6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. + + +Also see the [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) and [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) topics. + +## Quick scan versus full scan + +When you set up scheduled scans, you can set up whether the scan should be a full or quick scan. + +Quick scans look at all the locations where there could be malware registered to start with the system, such as registry keys and known Windows startup folders. + +Combined with [always-on real-time protection capability](configure-real-time-protection-windows-defender-antivirus.md) - which reviews files when they are opened and closed, and whenever a user navigates to a folder - a quick scan helps provide strong coverage both for malware that starts with the system and kernel-level malware. + +In most instances, this means a quick scan is adequate to find malware that wasn't picked up by real-time protection. + +A full scan can be useful on endpoints that have encountered a malware threat to identify if there are any inactive components that require a more thorough clean-up. In this instance, you may want to use a full scan when running an [on-demand scan](run-scan-windows-defender-antivirus.md). + +## Set up scheduled scans + +Scheduled scans will run at the day and time you specify. You can use Group Policy, PowerShell, and WMI to configure scheduled scans. + + +**Use Group Policy to schedule scans:** + +Location | Setting | Description | Default setting (if not configured) +---|---|---|--- +Scan | Specify the scan type to use for a scheduled scan | Quick scan +Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never +Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am +Main | Randomize scheduled task times | Randomize the start time of the scan to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments | Enabled + +**Use PowerShell cmdlets to schedule scans:** + +Use the following cmdlets: + +```PowerShell +Set-MpPreference -ScanParameters +Set-MpPreference -ScanScheduleDay +Set-MpPreference -ScanScheduleTime +Set-MpPreference -RandomizeScheduleTaskTimes + +``` + +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. + +**Use Windows Management Instruction (WMI) to schedule scans:** + +Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn455323(v=vs.85).aspx) class for the following properties: + +```WMI +SignatureFallbackOrder +SignatureDefinitionUpdateFileSharesSouce +``` + +See the following for more information and allowed parameters: +- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx) + + + + +## Start scheduled scans only when the endpoint is not in use + +You can set the scheduled scan to only occur when the endpoint is turned on but not in use with Group Policy, PowerShell, or WMI. + +**Use Group Policy to schedule scans** + +Location | Setting | Description | Default setting (if not configured) +---|---|---|--- +Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled + +**Use PowerShell cmdlets:** + +Use the following cmdlets: + +```PowerShell +Set-MpPreference -ScanOnlyIfIdleEnabled +``` + +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. + +**Use Windows Management Instruction (WMI):** + +Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn455323(v=vs.85).aspx) class for the following properties: + +```WMI +SignatureFallbackOrder +SignatureDefinitionUpdateFileSharesSouce +``` + +See the following for more information and allowed parameters: +- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx) + + +## Configure when full scans should be run to complete remediation + +Some threats may require a full scan to complete their removal and remediation. You can schedule when these scans should occur with Group Policy, PowerShell, or WMI. + + +**Use Group Policy to schedule remediation-required scans** + +Location | Setting | Description | Default setting (if not configured) +---|---|---|--- +Remediation | Specify the day of the week to run a scheduled full scan to complete remediation | Specify the day (or never) to run a scan. | Never +Remediation | Specify the time of day to run a scheduled full scan to complete remediation | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am + +**Use PowerShell cmdlets:** + +Use the following cmdlets: + +```PowerShell +Set-MpPreference -RemediationScheduleDay +Set-MpPreference -RemediationScheduleTime +``` + +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. + +**Use Windows Management Instruction (WMI):** + +Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn455323(v=vs.85).aspx) class for the following properties: + +```WMI +SignatureFallbackOrder +SignatureDefinitionUpdateFileSharesSouce +``` + +See the following for more information and allowed parameters: +- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx) + + + + +## Set up daily quick scans + +You can enable a daily quick scan that can be run in addition to your other scheduled scans with Group Policy, PowerShell, or WMI. + + +**Use Group Policy to schedule daily scans:** + +Location | Setting | Description | Default setting (if not configured) +---|---|---|--- +Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never +Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am + +**Use PowerShell cmdlets to schedule daily scans:** + +Use the following cmdlets: + +```PowerShell +Set-MpPreference Set-MpPreference -ScanScheduleQuickTime +``` + +See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. + +**Use Windows Management Instruction (WMI) to schedule daily scans:** + +Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn455323(v=vs.85).aspx) class for the following properties: + +```WMI +SignatureFallbackOrder +SignatureDefinitionUpdateFileSharesSouce +``` + +See the following for more information and allowed parameters: +- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx) + + +## Enable scans after protection updates + +You can force a scan to occur after every [protection update](manage-protection-updates-windows-defender-antivirus.md) with Group Policy. + +**Use Group Policy to schedule scans after protection updates** + +Location | Setting | Description | Default setting (if not configured) +---|---|---|--- +Signature updates | Turn on scan after signature update | A scan will occur immediately after a new protection update is downloaded | Enabled @@ -45,6 +235,10 @@ RANDOMIZE ## Related topics + +- [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) +- [Configure and run on-demand Windows Defender AV scans](run-scan-windows-defender-antivirus.md) +- [Configure scanning options in Windows Defender AV](configure-advanced-scan-types-windows-defender-antivirus.md) - [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) -- [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md) -- [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md) +- [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/keep-secure/use-group-policy-windows-defender-antivirus.md b/windows/keep-secure/use-group-policy-windows-defender-antivirus.md index 07133adfb1..3402536f1f 100644 --- a/windows/keep-secure/use-group-policy-windows-defender-antivirus.md +++ b/windows/keep-secure/use-group-policy-windows-defender-antivirus.md @@ -12,4 +12,33 @@ localizationpriority: medium author: iaanw --- -# Use Group Policy settings to configure and manage Windows Defender AV \ No newline at end of file +# Use Group Policy settings to configure and manage Windows Defender AV + +**Applies to:** + +- Windows 10, version 1703 + +You can use [Group Policy](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx) to configure and manage Windows Defender AV on your endpoints. + + + +In general, you can use the following procedure to configure or change Windows Defender AV group policy settings: + +1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. + +3. In the **Group Policy Management Editor** go to **Computer configuration**. + +4. Click **Policies** then **Administrative templates**. + +5. Expand the tree to **Windows components > Windows Defender Antivirus**. + +6. Expand the section that contains the setting you want to configure, double-click the setting to open it, and make configuration changes. + +7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). + +## Related topics + +- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file diff --git a/windows/keep-secure/use-intune-config-manager-windows-defender-antivirus.md b/windows/keep-secure/use-intune-config-manager-windows-defender-antivirus.md index 9f6c3a09b5..2cf071feeb 100644 --- a/windows/keep-secure/use-intune-config-manager-windows-defender-antivirus.md +++ b/windows/keep-secure/use-intune-config-manager-windows-defender-antivirus.md @@ -12,4 +12,18 @@ localizationpriority: medium author: iaanw --- -# Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV \ No newline at end of file +# Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV + +If you are using System Center Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Windows Defender AV. + +In both cases, the protection will be labelled as Endpoint Protection, although the engine is the same as that used by Windows Defender AV. + +See the [Endpoint Protection](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-protection) library on docs.microsoft.com for information on using Configuration Manager. + +For Microsoft Intune, consult the [Help secure Windows PCs with Endpoint Protection for Microsoft Intune library](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). + + +## Related topics + +- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file diff --git a/windows/keep-secure/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/keep-secure/use-powershell-cmdlets-windows-defender-antivirus.md index 7d975adcd1..4fde6f96c2 100644 --- a/windows/keep-secure/use-powershell-cmdlets-windows-defender-antivirus.md +++ b/windows/keep-secure/use-powershell-cmdlets-windows-defender-antivirus.md @@ -30,7 +30,7 @@ PowerShell cmdlets are most useful in Windows Server environments that don't rel PowerShell is typically installed under the folder _%SystemRoot%\system32\WindowsPowerShell_. -**Use Windows Defender PowerShell cmdlets** +**Use Windows Defender AV PowerShell cmdlets:** 1. Click **Start**, type **powershell**, and press **Enter**. 2. Click **Windows PowerShell** to open the interface. diff --git a/windows/keep-secure/use-wmi-windows-defender-antivirus.md b/windows/keep-secure/use-wmi-windows-defender-antivirus.md index 0d0a20403d..83c19a8f4f 100644 --- a/windows/keep-secure/use-wmi-windows-defender-antivirus.md +++ b/windows/keep-secure/use-wmi-windows-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Configure Windows Defender AV with WMI -description: Use WMI scripts to configure Windows Defender AV +description: Use WMI scripts to configure Windows Defender AV. keywords: wmi, scripts, windows management instrumentation, configuration search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -12,5 +12,23 @@ localizationpriority: medium author: iaanw --- -# Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV +# Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV +**Applies to:** + +- Windows 10 + +Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings. + +Read more about WMI at the [Microsoft Develop Network System Administration library](https://msdn.microsoft.com/en-us/library/aa394582(v=vs.85).aspx). + +Windows Defender AV has a number of specific WMI classes that can be used to perform most of the same functions as Group Policy and other management tools. Many of the classes are analogous to [Defender PowerShell cmdlets](use-powershell-cmdlets-windows-defender-antivirus.md). + +The [MSDN Windows Defender WMIv2 Provider reference library](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx) lists the available WMI classes for Windows Defender AV, and includes example scripts. + + + +## Related topics + +- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file diff --git a/windows/keep-secure/windows-defender-security-center-antivirus.md b/windows/keep-secure/windows-defender-security-center-antivirus.md index 971dd16747..335bce95e7 100644 --- a/windows/keep-secure/windows-defender-security-center-antivirus.md +++ b/windows/keep-secure/windows-defender-security-center-antivirus.md @@ -79,6 +79,7 @@ This section describes how to perform some of the most common tasks when reviewi > [!NOTE] > If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) topic describes how local policy override settings can be configured. + **Run a scan with the Windows Defender Security Center app** 1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**. From 334a66e34c9827874186e28ed58b34802bb28ac1 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Wed, 29 Mar 2017 06:54:09 -0700 Subject: [PATCH 11/11] prov from network folder --- windows/deploy/provisioning-apply-package.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deploy/provisioning-apply-package.md b/windows/deploy/provisioning-apply-package.md index 1125dd6985..94359d792b 100644 --- a/windows/deploy/provisioning-apply-package.md +++ b/windows/deploy/provisioning-apply-package.md @@ -64,7 +64,7 @@ Provisioning packages can be applied to a device during the first-run experience ### After setup, from a USB drive, network folder, or SharePoint site -On a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. +Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network forlder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation. ![add a package option](images/package.png)