diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md index d5a83c1e36..72d4740064 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md @@ -14,7 +14,7 @@ ms.author: v-anbic ms.date: 09/03/2018 --- -# Enable and configure antivirius always-on protection and monitoring +# Enable and configure antivirus always-on protection and monitoring **Applies to:** diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index 1ef9d7b879..ee54572b4c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -69,13 +69,13 @@ Functionality, configuration, and management is largely the same when using Wind ## Related topics -[Windows Defender AV in the Windows Security app](windows-defender-security-center-antivirus.md) -[Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) -[Windows Defender AV compatibility](windows-defender-antivirus-compatibility.md) -[Evaluate Windows Defender AV protection](evaluate-windows-defender-antivirus.md) -[Deploy, manage updates, and report on Windows Defender AV](deploy-manage-report-windows-defender-antivirus.md) -[Configure Windows Defender AV features](configure-windows-defender-antivirus-features.md) -[Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -[Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md) -[Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) +- [Windows Defender AV in the Windows Security app](windows-defender-security-center-antivirus.md) +- [Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) +- [Windows Defender AV compatibility](windows-defender-antivirus-compatibility.md) +- [Evaluate Windows Defender AV protection](evaluate-windows-defender-antivirus.md) +- [Deploy, manage updates, and report on Windows Defender AV](deploy-manage-report-windows-defender-antivirus.md) +- [Configure Windows Defender AV features](configure-windows-defender-antivirus-features.md) +- [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) +- [Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md) +- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index b3f2bb7cac..5b78a213a9 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -53,7 +53,7 @@ Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d3 Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 -Block only Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869 +Block Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869 Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c The rules apply to the following Office apps: @@ -112,8 +112,6 @@ Malware and other threats can attempt to obfuscate or hide their malicious code This rule prevents scripts that appear to be obfuscated from running. -It uses the [AntiMalwareScanInterface (AMSI)](https://msdn.microsoft.com/en-us/library/windows/desktop/dn889587(v=vs.85).aspx) to determine if a script is potentially obfuscated, and then blocks such a script, or blocks scripts when an attempt is made to access them. - ### Rule: Block Win32 API calls from Office macro Malware can use macro code in Office files to import and load Win32 DLLs, which can then be used to make API calls to allow further infection throughout the system. @@ -160,7 +158,7 @@ With this rule, admins can prevent unsigned or untrusted executable files from r - Executable files (such as .exe, .dll, or .scr) - Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file) -### Rule: Block only Office communication applications from creating child processes +### Rule: Block Office communication applications from creating child processes Office communication apps will not be allowed to create child processes. This includes Outlook.