deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 04:43:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

remove server

Browse Source
This commit is contained in:
Joey Caparas
2020-07-02 12:09:12 -07:00
parent d44fa478ce
commit b2d394f3f2
3 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/threat-protection/TOC.md
View File

@ -446,6 +446,7 @@
##### [Create indicators](microsoft-defender-atp/manage-indicators.md)
###### [Create indicators for files](microsoft-defender-atp/indicator-file.md)
###### [Create indicators for IPs and URLs/domains](microsoft-defender-atp/indicator-ip-domain.md)
###### [Create indicators for certificates](microsoft-defender-atp/indicator-certificate.md)
###### [Manage indicators](microsoft-defender-atp/indicator-manage.md)
##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)

7
windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
View File

@ -36,16 +36,15 @@ You can create indicators for certificates. Some common use cases include:
It's important to understand the following requirements prior to creating indicators for certificates:
- This feature is available if your organization uses Windows Defender Antivirus and Cloud<EFBFBD>based protection is enabled. For more information, see [Manage cloud<EFBFBD>based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
- This feature is available if your organization uses Windows Defender Antivirus and Cloud-based protection is enabled. For more information, see [Manage cloud-based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
- The Antimalware client version must be 4.18.1901.x or later.
- Supported on machines on Windows 10, version 1703 or later.
- Supported on Windows Server 2016 and Windows Server 2019 and later
- The virus and threat protection definitions must be up-to-date.
- This feature currently supports entering .CER or .PEM file extensions.
>[!IMPORTANT]
> - A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. Alternatively, a custom (self-signed) certificate can be used as long as it<EFBFBD>s trusted by the client (Root CA certificate is installed under the Local Machine 'Trusted Root Certification Authorities').
>- The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality <20> only leaf certificates are supported.
> - A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine 'Trusted Root Certification Authorities').
>- The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.
>- Microsoft signed certificates cannot be blocked.
#### Create an indicator for certificates from the settings page:

3
windows/security/threat-protection/microsoft-defender-atp/indicator-file.md
View File

@ -35,10 +35,9 @@ There are two ways you can create indicators for files:
### Before you begin
It's important to understand the following prerequisites prior to creating indicators for files:
- This feature is available if your organization uses Windows Defender Antivirus and Cloud<EFBFBD>based protection is enabled. For more information, see [Manage cloud<EFBFBD>based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
- This feature is available if your organization uses Windows Defender Antivirus and Cloud-based protection is enabled. For more information, see [Manage cloud-based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
- The Antimalware client version must be 4.18.1901.x or later.
- Supported on machines on Windows 10, version 1703 or later.
- Supported on Windows Server 2016 and Windows Server 2019 and later.
- To start blocking files, you first need to [turn the **Block or allow** feature on](advanced-features.md) in Settings.
- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time.