deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client

Browse Source
This commit is contained in:
Patti Short
2018-11-02 10:02:51 -07:00
parent 7d2f6bc48c 31dc630817
commit b2dc48343d
3 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
View File

@ -14,7 +14,7 @@ ms.author: v-anbic
ms.date: 09/03/2018 ms.date: 09/03/2018
--- ---
# Enable and configure antivirius always-on protection and monitoring # Enable and configure antivirus always-on protection and monitoring
**Applies to:** **Applies to:**

18
windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
View File

@ -69,13 +69,13 @@ Functionality, configuration, and management is largely the same when using Wind
## Related topics ## Related topics
[Windows Defender AV in the Windows Security app](windows-defender-security-center-antivirus.md) - [Windows Defender AV in the Windows Security app](windows-defender-security-center-antivirus.md)
[Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) - [Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)
[Windows Defender AV compatibility](windows-defender-antivirus-compatibility.md) - [Windows Defender AV compatibility](windows-defender-antivirus-compatibility.md)
[Evaluate Windows Defender AV protection](evaluate-windows-defender-antivirus.md) - [Evaluate Windows Defender AV protection](evaluate-windows-defender-antivirus.md)
[Deploy, manage updates, and report on Windows Defender AV](deploy-manage-report-windows-defender-antivirus.md) - [Deploy, manage updates, and report on Windows Defender AV](deploy-manage-report-windows-defender-antivirus.md)
[Configure Windows Defender AV features](configure-windows-defender-antivirus-features.md) - [Configure Windows Defender AV features](configure-windows-defender-antivirus-features.md)
[Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) - [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
[Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md) - [Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md)
[Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)

6
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -53,7 +53,7 @@ Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d3
Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c
Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
Block only Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869 Block Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869
Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
The rules apply to the following Office apps: The rules apply to the following Office apps:
@ -112,8 +112,6 @@ Malware and other threats can attempt to obfuscate or hide their malicious code
This rule prevents scripts that appear to be obfuscated from running. This rule prevents scripts that appear to be obfuscated from running.
It uses the [AntiMalwareScanInterface (AMSI)](https://msdn.microsoft.com/en-us/library/windows/desktop/dn889587(v=vs.85).aspx) to determine if a script is potentially obfuscated, and then blocks such a script, or blocks scripts when an attempt is made to access them.
### Rule: Block Win32 API calls from Office macro ### Rule: Block Win32 API calls from Office macro
Malware can use macro code in Office files to import and load Win32 DLLs, which can then be used to make API calls to allow further infection throughout the system. Malware can use macro code in Office files to import and load Win32 DLLs, which can then be used to make API calls to allow further infection throughout the system.
@ -160,7 +158,7 @@ With this rule, admins can prevent unsigned or untrusted executable files from r
- Executable files (such as .exe, .dll, or .scr) - Executable files (such as .exe, .dll, or .scr)
- Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file) - Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
### Rule: Block only Office communication applications from creating child processes ### Rule: Block Office communication applications from creating child processes
Office communication apps will not be allowed to create child processes. This includes Outlook. Office communication apps will not be allowed to create child processes. This includes Outlook.