From 39ef4bc9a1053b5e036bbae7465a94dcd782f707 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 25 Aug 2020 16:57:10 +0500 Subject: [PATCH 01/57] Update microsoft-defender-atp-mac.md --- .../microsoft-defender-atp-mac.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 62d68dcdee..3f296b7a24 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -67,6 +67,18 @@ Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints. +### Licensing requirements + +Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers: + +- Microsoft 365 E5 (M365 E5) +- Microsoft 365 E5 Security +- Microsoft 365 A5 (M365 A5) + +> [!NOTE] +> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices. +> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed. + ### Network connections The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them. From 4607899d82de69af92819cff09dd4bfd77c71cdb Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 25 Aug 2020 21:16:09 +0500 Subject: [PATCH 02/57] Update linux-install-manually.md --- .../linux-install-manually.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 1746f4fcb3..b756561136 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -48,6 +48,12 @@ In order to preview new features and provide early feedback, it is recommended t ### RHEL and variants (CentOS and Oracle Linux) +- Install `yum-utils` if it isn't installed yet: + + ```bash + sudo yum install yum-utils + ``` + - Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config/`. In the below commands, replace *[distro]* and *[version]* with the information you've identified: @@ -71,12 +77,6 @@ In order to preview new features and provide early feedback, it is recommended t sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc ``` -- Install `yum-utils` if it isn't installed yet: - - ```bash - sudo yum install yum-utils - ``` - - Download and make usable all the metadata for the currently enabled yum repositories: ```bash @@ -328,4 +328,4 @@ When upgrading your operating system to a new major version, you must first unin ## Uninstallation -See [Uninstall](linux-resources.md#uninstall) for details on how to remove Microsoft Defender ATP for Linux from client devices. \ No newline at end of file +See [Uninstall](linux-resources.md#uninstall) for details on how to remove Microsoft Defender ATP for Linux from client devices. From cee429d94e43e66837ff4b4d710461b3cba52f21 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 26 Aug 2020 12:11:52 +0500 Subject: [PATCH 03/57] Update windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 3f296b7a24..6526e63f1a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -76,7 +76,7 @@ Microsoft Defender Advanced Threat Protection for Mac requires one of the follow - Microsoft 365 A5 (M365 A5) > [!NOTE] -> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices. +> Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices. > Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed. ### Network connections From 146fb0e3db1993cd94e73d513bbcb9fabfc4a87f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 12 Sep 2020 18:05:56 +0530 Subject: [PATCH 04/57] removed download link, added explanation as per the user report #8242 , so I removed the download link and added an explanation. --- windows/client-management/troubleshoot-tcpip-netmon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index f708897928..ed8b6090cf 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -19,7 +19,7 @@ In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is > [Note] > Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide). -To get started, [download and run NM34_x64.exe](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image. +To get started, **run NM34_x64.exe**(we are leaving this page available for those who have downloaded the tool previously). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image. ![Adapters](images/nm-adapters.png) From 994a5681699589c5b76f7b6d7c21c46d5ebc037e Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 16 Sep 2020 16:01:26 +0500 Subject: [PATCH 05/57] Update vpn-conditional-access.md --- .../identity-protection/vpn/vpn-conditional-access.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index df414d1e79..c368ed6c90 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -72,8 +72,8 @@ Two client-side configuration service providers are leveraged for VPN device com - Provisions the Health Attestation Certificate received from the HAS - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification ->[!NOTE] ->Currently, it is required that certificates be issued from an on-premises CA, and that SSO be enabled in the user’s VPN profile. This will enable the user to obtain Kerberos tickets in order to access resources on-premises. Kerberos currently does not support the use of Azure AD certificates. +> [!NOTE] +> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. ## Client connection flow The VPN client side connection flow works as follows: From 3ef62e034a03c7100773f4bdffd0aa561030895d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Sep 2020 17:24:27 +0530 Subject: [PATCH 06/57] Update windows/client-management/troubleshoot-tcpip-netmon.md accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/client-management/troubleshoot-tcpip-netmon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index ed8b6090cf..f9f1d95096 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -16,7 +16,7 @@ manager: dansimp In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. -> [Note] +> [!NOTE] > Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide). To get started, **run NM34_x64.exe**(we are leaving this page available for those who have downloaded the tool previously). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image. From 3d7029f03d2ceadcfc1bd519dab10f70d27e0a4c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Sep 2020 23:58:39 +0530 Subject: [PATCH 07/57] Update windows/client-management/troubleshoot-tcpip-netmon.md accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/client-management/troubleshoot-tcpip-netmon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index f9f1d95096..7f7855bca2 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -19,7 +19,7 @@ In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is > [!NOTE] > Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide). -To get started, **run NM34_x64.exe**(we are leaving this page available for those who have downloaded the tool previously). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image. +To get started, [download and run NM34_x64.exe](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image. ![Adapters](images/nm-adapters.png) From 6571339263ff06e2be3f1e05fc31e3838d10b38f Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 23 Sep 2020 11:15:05 +0500 Subject: [PATCH 08/57] Update note about CA root requirements --- .../hello-for-business/hello-hybrid-cert-whfb-settings-pki.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 8a785dcf5f..a0855330fb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -95,8 +95,7 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. > [!NOTE] -> * The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. -> * If you are using a 3rd party CA, add the certificate to the NTAuth store. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail. +> The domain controller's certificate must chain to a root in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a third-party CA, this may not be done by default. If the domain controller certificate does not chain to a root in the NTAuth store, user authentication will fail. ### Enrollment Agent certificate template From a085daa017093f21ad92d2879d44ed16828a06cb Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 24 Sep 2020 11:52:00 +0500 Subject: [PATCH 09/57] Update hello-hybrid-key-whfb-settings-dir-sync.md --- .../hello-hybrid-key-whfb-settings-dir-sync.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index ce98019039..d4a889088a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -39,7 +39,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 2. Click the **Users** container in the navigation pane. 3. Right-click **Key Admins** in the details pane and click **Properties**. 4. Click the **Members** tab and click **Add** -5. In the **Enter the object names to select** text box, type the name of the Azure AD Connect service account. Click **OK**. +5. In the **Enter the object names to select** text box, type the name of the service account used as an AD DS Connector account. Click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. ### Section Review From 21c9b5278405cc3a9420ff2d96f86e5169023407 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 24 Sep 2020 11:39:36 -0700 Subject: [PATCH 10/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...-baselines-microsoft-defender-antivirus.md | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 514ee0334b..8111a003d1 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 09/10/2020 +ms.date: 09/24/2020 --- # Manage Microsoft Defender Antivirus updates and apply baselines @@ -66,6 +66,31 @@ All our updates contain: * integration improvements (Cloud, MTP)
+ September-2020 (Platform: | Engine: ) + + Security intelligence update version: **** + Released: **** + Platform: **** + Engine: **** + Support phase: **Security and Critical Updates** + +### What's new +- Require administrative privileges for quarantine restore +- Support for XML formatted events +- Provide CSP support to ignore exclusion merge +- New management interfaces for:
+ - UDP Inspection + - Network Protection on Server 2019 + - IP Address exclusions for Network Protection +- Improve visibility into TPM logs +- Improved Office VBA script scanning + +### Known Issues +No known issues +
+
+
+
August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5)  Security intelligence update version: **1.323.9.0** From 55d6d377f63a65069a10a2d2774f301799ce7927 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 24 Sep 2020 11:50:29 -0700 Subject: [PATCH 11/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...tes-baselines-microsoft-defender-antivirus.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 8111a003d1..1dc23f0a42 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -61,17 +61,17 @@ For more information, see [Manage the sources for Microsoft Defender Antivirus p For information how to update or how to install the platform update, please see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform). All our updates contain: -* performance improvements -* serviceability improvements -* integration improvements (Cloud, MTP) +- performance improvements +- serviceability improvements +- integration improvements (Cloud, MTP)
September-2020 (Platform: | Engine: ) - Security intelligence update version: **** - Released: **** - Platform: **** - Engine: **** + Security intelligence update version: **versionnumber** + Released: **releasedate** + Platform: **platformnumber** + Engine: **enginenumber**  Support phase: **Security and Critical Updates** ### What's new @@ -104,7 +104,7 @@ No known issues * Improved scan event telemetry * Improved behavior monitoring for memory scans * Improved macro streams scanning -* Added "AMRunningMode" to Get-MpComputerStatus Powershell CmdLet +* Added `AMRunningMode` to Get-MpComputerStatus PowerShell CmdLet ### Known Issues No known issues From dbfaabe9b039eb3f19d3cee07b7ef169e33312f2 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 26 Sep 2020 23:03:36 +0500 Subject: [PATCH 12/57] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-hybrid-key-whfb-settings-dir-sync.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index d4a889088a..3bd0bbe112 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -39,7 +39,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 2. Click the **Users** container in the navigation pane. 3. Right-click **Key Admins** in the details pane and click **Properties**. 4. Click the **Members** tab and click **Add** -5. In the **Enter the object names to select** text box, type the name of the service account used as an AD DS Connector account. Click **OK**. +5. In the **Enter the object names to select** text box, type the name of the service account used as an AD DS Connector account and click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. ### Section Review From fe887186cd821dda6759aa04fd584a526df5f364 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Mon, 28 Sep 2020 09:27:17 +0200 Subject: [PATCH 13/57] Update account-lockout-threshold.md Added note. --- .../security-policy-settings/account-lockout-threshold.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 3db828212a..20f886d1ec 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -87,6 +87,9 @@ For more information about Windows security baseline recommendations for account This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. +> [!NOTE] +> A lockout threshold policy will apply to both local member computer users and Domain Users, in order to allow mitigation of issues as described under "Vulnerability". The Built-In Administrator account however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot logon to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory). + ### Vulnerability Brute force password attacks can use automated methods to try millions of password combinations for any user account. The effectiveness of such attacks can be almost eliminated if you limit the number of failed sign-in attempts that can be performed. From 4e505d87b8094bf57886f2ddcedd10e43a847c78 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 14:03:29 -0700 Subject: [PATCH 14/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...manage-updates-baselines-microsoft-defender-antivirus.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 087ceb8a30..819f0d2e96 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -74,9 +74,9 @@ All our updates contain: September-2020 (Platform: | Engine: )  Security intelligence update version: **versionnumber** - Released: **releasedate** - Platform: **platformnumber** - Engine: **enginenumber** + Released: **September 28, 2020** + Platform: **4.18.xxxx.x** + Engine: **1.1.14500.2**  Support phase: **Security and Critical Updates** ### What's new From f4ffb284c25858f152691bf00615eabd84d6aa32 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 14:16:19 -0700 Subject: [PATCH 15/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 819f0d2e96..b628cd0111 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -73,7 +73,7 @@ All our updates contain:
September-2020 (Platform: | Engine: ) - Security intelligence update version: **versionnumber** + Security intelligence update version: **1.xxx.x.x**  Released: **September 28, 2020**  Platform: **4.18.xxxx.x**  Engine: **1.1.14500.2** From 2ad5f1b2418209f0e2e5c02010a041cffb54a2e8 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Wed, 30 Sep 2020 17:07:15 +0200 Subject: [PATCH 16/57] Update windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../security-policy-settings/account-lockout-threshold.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 20f886d1ec..55f3b22031 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -88,7 +88,7 @@ For more information about Windows security baseline recommendations for account This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. > [!NOTE] -> A lockout threshold policy will apply to both local member computer users and Domain Users, in order to allow mitigation of issues as described under "Vulnerability". The Built-In Administrator account however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot logon to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory). +> A lockout threshold policy will apply to both local member computer users and domain users, in order to allow mitigation of issues as described under "Vulnerability". The built-in Administrator account, however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot sign in to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory). ### Vulnerability From a0591322a45cf907c9f98cbc062e15cc6e151d29 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 30 Sep 2020 22:15:34 +0500 Subject: [PATCH 17/57] Link Update Updated a link to the correct source. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7972 --- .../create-wip-policy-using-intune-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 73946540c5..b3788ff49e 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -622,7 +622,7 @@ You can restrict which files are protected by WIP when they are downloaded from - [What is Azure Rights Management?](https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms) -- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/intune/deploy-use/create-windows-information-protection-policy-with-intune) +- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy) - [Intune MAM Without Enrollment](https://blogs.technet.microsoft.com/configmgrdogs/2016/02/04/intune-mam-without-enrollment/) From 40b9101057aefe8a750fca3f005877f3410b662a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:03:04 -0700 Subject: [PATCH 18/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...ates-baselines-microsoft-defender-antivirus.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index b628cd0111..c3033503c9 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 09/28/2020 +ms.date: 09/30/2020 --- # Manage Microsoft Defender Antivirus updates and apply baselines @@ -33,8 +33,7 @@ There are two types of updates related to keeping Microsoft Defender Antivirus u > [!IMPORTANT] > Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. > This also applies to devices where Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). - -> [!NOTE] +> > You can use the below URL to find out what are the current versions: > [https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info](https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info) @@ -47,7 +46,7 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft > Microsoft Defender Antivirus: KB2267602 > System Center Endpoint Protection: KB2461484 -The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See the [Utilize Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection. +The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for more details about enabling and configuring cloud-provided protection. Engine updates are included with the security intelligence updates and are released on a monthly cadence. @@ -73,10 +72,10 @@ All our updates contain:
September-2020 (Platform: | Engine: ) - Security intelligence update version: **1.xxx.x.x** - Released: **September 28, 2020** - Platform: **4.18.xxxx.x** - Engine: **1.1.14500.2** + Security intelligence update version: **1.323.2248.0** + Released: **September 30, 2020** + Platform: **4.18.2008.9** + Engine: **1.1.17400.5**  Support phase: **Security and Critical Updates** ### What's new From daf36105d2edd742ad443c51b2fd68ae3f668b3b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:10:23 -0700 Subject: [PATCH 19/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index c3033503c9..adb4829210 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -46,7 +46,7 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft > Microsoft Defender Antivirus: KB2267602 > System Center Endpoint Protection: KB2461484 -The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for more details about enabling and configuring cloud-provided protection. +Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). See [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for more details about enabling and configuring cloud-provided protection. Engine updates are included with the security intelligence updates and are released on a monthly cadence. From b562dba450907a92fb7f6acb904b1344c4fa1711 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:10:46 -0700 Subject: [PATCH 20/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index adb4829210..ac8877221c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -52,7 +52,7 @@ Engine updates are included with the security intelligence updates and are relea ## Product updates -Microsoft Defender Antivirus requires [monthly updates (KB4052623)](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as "platform updates"), and will receive major feature updates alongside Windows 10 releases. +Microsoft Defender Antivirus requires [monthly updates (KB4052623)](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as *platform updates*), and will receive major feature updates alongside Windows 10 releases. You can manage the distribution of updates through [Windows Server Update Service (WSUS)](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus), with [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/sum/understand/software-updates-introduction), or in the normal manner that you deploy Microsoft and Windows updates to endpoints in your network. For more information, see [Manage the sources for Microsoft Defender Antivirus protection updates](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus). From a697f1f09b394e2d0e84ab963dbbf3c478cf85ed Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:12:14 -0700 Subject: [PATCH 21/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index ac8877221c..f2e94d18d5 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -46,7 +46,7 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft > Microsoft Defender Antivirus: KB2267602 > System Center Endpoint Protection: KB2461484 -Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). See [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for more details about enabling and configuring cloud-provided protection. +Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). Engine updates are included with the security intelligence updates and are released on a monthly cadence. From c46a8872e0d506457aba79cba5990e415fc72f2c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:14:51 -0700 Subject: [PATCH 22/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...age-updates-baselines-microsoft-defender-antivirus.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index f2e94d18d5..9cbf64e44c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -48,13 +48,18 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). -Engine updates are included with the security intelligence updates and are released on a monthly cadence. +Engine updates are included with security intelligence updates and are released on a monthly cadence. ## Product updates Microsoft Defender Antivirus requires [monthly updates (KB4052623)](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as *platform updates*), and will receive major feature updates alongside Windows 10 releases. -You can manage the distribution of updates through [Windows Server Update Service (WSUS)](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus), with [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/sum/understand/software-updates-introduction), or in the normal manner that you deploy Microsoft and Windows updates to endpoints in your network. +You can manage the distribution of updates through one of the following methods: + +- [Windows Server Update Service (WSUS)](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus) +- [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/sum/understand/software-updates-introduction) +- The usual method you use to deploy Microsoft and Windows updates to endpoints in your network. + For more information, see [Manage the sources for Microsoft Defender Antivirus protection updates](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus). > [!NOTE] From d16b6f5426f6eaae8f929e7b9cd330b055bcb3a4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:16:21 -0700 Subject: [PATCH 23/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 9cbf64e44c..53ca8e0b20 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -63,11 +63,11 @@ You can manage the distribution of updates through one of the following methods: For more information, see [Manage the sources for Microsoft Defender Antivirus protection updates](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus). > [!NOTE] -> We release these monthly updates in phases. This results in multiple packages showing up in your WSUS server. +> We release these monthly updates in phases. This results in multiple packages visible in your WSUS server. ## Monthly platform and engine versions -For information how to update or how to install the platform update, please see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform). +For information how to update or how to install the platform update, see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform). All our updates contain: - performance improvements From 968150f66320afdab8bdb38bc7623412dcacf2e7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:18:52 -0700 Subject: [PATCH 24/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...age-updates-baselines-microsoft-defender-antivirus.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 53ca8e0b20..8976e1952a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -193,7 +193,7 @@ No known issues ### What's new * WDfilter improvements -* Add more actionable event data to ASR detection events +* Add more actionable event data to attack surface reduction detection events * Fixed version information in diagnostic data and WMI * Fixed incorrect platform version in UI after platform update * Dynamic URL intel for Fileless threat protection @@ -218,7 +218,7 @@ No known issues * CPU Throttling option added to [MpCmdRun](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) * Improve diagnostic capability -* reduce Security intelligence timeout (5min) +* reduce Security intelligence timeout (5 min) * Extend AMSI engine internal log capability * Improve notification for process blocking @@ -298,8 +298,7 @@ When this update is installed, the device needs the jump package 4.10.2001.10 to
## Microsoft Defender Antivirus platform support -As stated above, platform and engine updates are provided on a monthly cadence. -Customers must stay current with the latest platform update to be fully supported. Our support structure is now dynamic, evolving into two phases depending on the availability of the latest platform version: +Platform and engine updates are provided on a monthly cadence. To be fully supported, keep current with the latest platform updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest platform version: * **Security and Critical Updates servicing phase** - When running the latest platform version, you will be eligible to receive both Security and Critical updates to the anti-malware platform. @@ -333,6 +332,6 @@ Article | Description ---|--- [Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. -[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next log on. +[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon. [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. From f292385ae885ea2e5f5f0b3531d4f4ced1d33279 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:22:33 -0700 Subject: [PATCH 25/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 8976e1952a..4f7c4b6487 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -75,7 +75,7 @@ All our updates contain: - integration improvements (Cloud, MTP)
- September-2020 (Platform: | Engine: ) + September-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5)  Security intelligence update version: **1.323.2248.0**  Released: **September 30, 2020** From 4194c77adc002251cde61f060128a47c52a19653 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:23:43 -0700 Subject: [PATCH 26/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 4f7c4b6487..af9bf51dfc 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -84,8 +84,8 @@ All our updates contain:  Support phase: **Security and Critical Updates** ### What's new -- Require administrative privileges for quarantine restore -- Support for XML formatted events +- Admin permissions are required to restore files in quarantine +- XML formatted events are now supported - Provide CSP support to ignore exclusion merge - New management interfaces for:
- UDP Inspection From 2ab48a7377511cdca60e7ee3b21a6aaad3800e30 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:25:12 -0700 Subject: [PATCH 27/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...anage-updates-baselines-microsoft-defender-antivirus.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index af9bf51dfc..bd78df412c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -73,8 +73,7 @@ All our updates contain: - performance improvements - serviceability improvements - integration improvements (Cloud, MTP) -
-
+
September-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5)  Security intelligence update version: **1.323.2248.0** @@ -86,12 +85,12 @@ All our updates contain: ### What's new - Admin permissions are required to restore files in quarantine - XML formatted events are now supported -- Provide CSP support to ignore exclusion merge +- CSP support for ignoring exclusion merge - New management interfaces for:
- UDP Inspection - Network Protection on Server 2019 - IP Address exclusions for Network Protection -- Improve visibility into TPM logs +- Improved visibility into TPM logs - Improved Office VBA script scanning ### Known Issues From 6efb4093ac61e9ea185e561f0a5b669f294a4a9c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:27:37 -0700 Subject: [PATCH 28/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index bd78df412c..ee0b0a0392 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -325,7 +325,7 @@ The below table provides the Microsoft Defender Antivirus platform and engine ve Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet). -## In this section +## See also Article | Description ---|--- From 48767c0dfbcbe0007a46fa0328b3cbb66fb1052d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:29:42 -0700 Subject: [PATCH 29/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index ee0b0a0392..4b5b85ad5e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -73,7 +73,8 @@ All our updates contain: - performance improvements - serviceability improvements - integration improvements (Cloud, MTP) -
+
+
September-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5)  Security intelligence update version: **1.323.2248.0** @@ -97,7 +98,7 @@ All our updates contain: No known issues
-
+
August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) From a7829eab53c69983d7858208144a25df110aa651 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:31:56 -0700 Subject: [PATCH 30/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 4b5b85ad5e..d58c458af0 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -77,7 +77,7 @@ All our updates contain:
September-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) - Security intelligence update version: **1.323.2248.0** + Security intelligence update version: **1.323.2254.0**  Released: **September 30, 2020**  Platform: **4.18.2008.9**  Engine: **1.1.17400.5** From a7165397977f54582e9e999236809a1b992da21a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:36:16 -0700 Subject: [PATCH 31/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...updates-baselines-microsoft-defender-antivirus.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index d58c458af0..532efafb74 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -84,21 +84,15 @@ All our updates contain:  Support phase: **Security and Critical Updates** ### What's new -- Admin permissions are required to restore files in quarantine -- XML formatted events are now supported -- CSP support for ignoring exclusion merge -- New management interfaces for:
- - UDP Inspection - - Network Protection on Server 2019 - - IP Address exclusions for Network Protection -- Improved visibility into TPM logs -- Improved Office VBA script scanning +* Improved telemetry for BITS +* Improved Authenticode code signing certificate validation ### Known Issues No known issues
+
August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) From 2af14fefad3230d65e31e74d6dafc968d983d60b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:39:34 -0700 Subject: [PATCH 32/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...-updates-baselines-microsoft-defender-antivirus.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 532efafb74..98d0b7997c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -84,8 +84,15 @@ All our updates contain:  Support phase: **Security and Critical Updates** ### What's new -* Improved telemetry for BITS -* Improved Authenticode code signing certificate validation +- Admin permissions are required to restore files in quarantine +- XML formatted events are now supported +- CSP support for ignoring exclusion merge +- New management interfaces for:
+ - UDP Inspection + - Network Protection on Server 2019 + - IP Address exclusions for Network Protection +- Improved visibility into TPM logs +- Improved Office VBA script scanning ### Known Issues No known issues From d4b13d28e30a41158a378751cfb9d20bec2f05c4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:51:50 -0700 Subject: [PATCH 33/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 98d0b7997c..5757a00f5f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -75,11 +75,11 @@ All our updates contain: - integration improvements (Cloud, MTP)
- September-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5) + September-2020 (Platform: 4.18.2009.5 | Engine: 1.1.17400.5)  Security intelligence update version: **1.323.2254.0**  Released: **September 30, 2020** - Platform: **4.18.2008.9** + Platform: **4.18.2009.5**  Engine: **1.1.17400.5**  Support phase: **Security and Critical Updates** From 28b797679fc2c0cb4748b3da50a5e8ab2bb1ba44 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Sep 2020 14:52:54 -0700 Subject: [PATCH 34/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 5757a00f5f..6237e1b473 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -75,12 +75,12 @@ All our updates contain: - integration improvements (Cloud, MTP)
- September-2020 (Platform: 4.18.2009.5 | Engine: 1.1.17400.5) + September-2020 (Platform: 4.18.2009.5 | Engine: 1.1.17500.2)  Security intelligence update version: **1.323.2254.0**  Released: **September 30, 2020**  Platform: **4.18.2009.5** - Engine: **1.1.17400.5** + Engine: **1.1.17500.2**  Support phase: **Security and Critical Updates** ### What's new From 7f317ac2b550b65c4a1ff39f21883e05ffdeb636 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 1 Oct 2020 15:37:44 +0500 Subject: [PATCH 35/57] Update windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../create-wip-policy-using-intune-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index b3788ff49e..fa3972ea0e 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -622,7 +622,7 @@ You can restrict which files are protected by WIP when they are downloaded from - [What is Azure Rights Management?](https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms) -- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy) +- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy) - [Intune MAM Without Enrollment](https://blogs.technet.microsoft.com/configmgrdogs/2016/02/04/intune-mam-without-enrollment/) From c7650732e8652a74e98bc0656137e2156decafdc Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Thu, 1 Oct 2020 10:30:10 -0700 Subject: [PATCH 36/57] Minor fixes to WDAC vs AppLocker Clarify wording in WDAC system requirements, remove 'legacy' reference, and add back AppLocker recommendation for not enforcing DLLs and drivers --- .../wdac-and-applocker-overview.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md index f076b612e7..9bde7a0cc3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md @@ -44,7 +44,7 @@ Note that prior to Windows 10, version 1709, Windows Defender Application Contro ### WDAC System Requirements -WDAC policies can only be created on devices running Windows 10 build 1903+ on any SKU, pre-1903 Windows 10 Enterprise, or Windows Server 2016 and above. +WDAC policies can be created on any client edition of Windows 10 build 1903+ or on Windows Server 2016 and above. WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10. @@ -65,12 +65,13 @@ AppLocker policies can be deployed using Group Policy or MDM. ## Choose when to use WDAC or AppLocker -Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. AppLocker is a legacy technology which will continue to receive security fixes but will not undergo new feature improvements. +Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements. In some cases, however, AppLocker may be the more appropriate technology for your organization. AppLocker is best when: - You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS. - You need to apply different policies for different users or groups on shared computers. +- You do not want to enforce application control on application files such as DLLs or drivers. AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where it is important to prevent some users from running specific apps. As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions. From 97663ee37bbe6264fe7f79253e68ee5379ec00a6 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Thu, 1 Oct 2020 10:35:14 -0700 Subject: [PATCH 37/57] Add link to WDAC feature availability --- .../wdac-and-applocker-overview.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md index 9bde7a0cc3..9fe4c819a1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md @@ -48,6 +48,8 @@ WDAC policies can be created on any client edition of Windows 10 build 1903+ or WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10. +For more information on which individual WDAC features are available on which WDAC builds, see [WDAC feature availability](feature-availability.md). + ## AppLocker AppLocker was introduced with Windows 7 and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end users from running unapproved software on their computers, but it does not meet the servicing criteria for being a security feature. From 62d7263951667a33e02bb79dd4b5eb19e44f7b62 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 1 Oct 2020 13:54:44 -0700 Subject: [PATCH 38/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...e-updates-baselines-microsoft-defender-antivirus.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 6237e1b473..7f303320f6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -75,12 +75,12 @@ All our updates contain: - integration improvements (Cloud, MTP)
- September-2020 (Platform: 4.18.2009.5 | Engine: 1.1.17500.2) + September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)  Security intelligence update version: **1.323.2254.0** - Released: **September 30, 2020** - Platform: **4.18.2009.5** - Engine: **1.1.17500.2** + Released: **October 6, 2020** + Platform: **4.18.2009.7** + Engine: **1.1.17500.4**  Support phase: **Security and Critical Updates** ### What's new @@ -92,7 +92,7 @@ All our updates contain: - Network Protection on Server 2019 - IP Address exclusions for Network Protection - Improved visibility into TPM logs -- Improved Office VBA script scanning +- Improved Office VBA module scanning ### Known Issues No known issues From a726b924a7c034e4899fc1f40ec970d8ab6a6c0d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 1 Oct 2020 13:57:59 -0700 Subject: [PATCH 39/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 7f303320f6..cdf9ef435b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -91,7 +91,7 @@ All our updates contain: - UDP Inspection - Network Protection on Server 2019 - IP Address exclusions for Network Protection -- Improved visibility into TPM logs +- Improved visibility into TPM measurements - Improved Office VBA module scanning ### Known Issues From 057b8059a6447fca3a24e6b1bab98bb529faf723 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 1 Oct 2020 13:59:37 -0700 Subject: [PATCH 40/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index cdf9ef435b..fca05b951d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -72,7 +72,7 @@ For information how to update or how to install the platform update, see [Update All our updates contain: - performance improvements - serviceability improvements -- integration improvements (Cloud, MTP) +- integration improvements (Cloud, Microsoft 365 Defender)
September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4) From 3cc9c7c8794de8dbd002f3f98ab34302e90653ee Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 6 Oct 2020 09:03:40 -0700 Subject: [PATCH 41/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 26ec6cd69a..8456e86597 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -75,15 +75,16 @@ All our updates contain: - integration improvements (Cloud, Microsoft 365 Defender)
- September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4) + September-2020 (Platform: 4.18.2009.x | Engine: 1.1.17500.4)  Security intelligence update version: **1.323.2254.0**  Released: **October 6, 2020** - Platform: **4.18.2009.7** + Platform: **4.18.2009.x**  Engine: **1.1.17500.4**  Support phase: **Security and Critical Updates** ### What's new + - Admin permissions are required to restore files in quarantine - XML formatted events are now supported - CSP support for ignoring exclusion merge From 675e90c75bc6917f15df7383af4abb24723c39d2 Mon Sep 17 00:00:00 2001 From: Shannon Leavitt Date: Tue, 6 Oct 2020 10:37:56 -0600 Subject: [PATCH 42/57] Pencil edit --- ...s-baselines-microsoft-defender-antivirus.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 8456e86597..d1cb0e3d28 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -111,15 +111,15 @@ No known issues  Support phase: **Security and Critical Updates** ### What's new -*Admin permissions are required to restore files in quarantine -*XML formatted events are now supported -*CSP support for ignoring exclusion merge -*New management interfaces for: -+UDP Inspection -+Network Protection on Server 2019 -+IP Address exclusions for Network Protection -*Improved visibility into TPM measurements -*Improved Office VBA module scanning +- Admin permissions are required to restore files in quarantine +- XML formatted events are now supported +- CSP support for ignoring exclusion merge +- New management interfaces for: + - UDP Inspection + - Network Protection on Server 2019 + - IP Address exclusions for Network Protection +- Improved visibility into TPM measurements +- Improved Office VBA module scanning ### Known Issues No known issues From 919bd754123d66a41ec0207e99cac043c9daf48e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 6 Oct 2020 15:05:42 -0700 Subject: [PATCH 43/57] Applied "> [!NOTE]" --- .../account-lockout-threshold.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 55f3b22031..ab09ef2ca5 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -77,8 +77,11 @@ None. Changes to this policy setting become effective without a computer restart ### Implementation considerations Implementation of this policy setting is dependent on your operational environment. You should consider threat vectors, deployed operating systems, and deployed apps, for example: + - The likelihood of an account theft or a DoS attack is based on the security design for your systems and environment. You should set the account lockout threshold in consideration of the known and perceived risk of those threats. + - When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases. + - Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold. For more information about Windows security baseline recommendations for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). @@ -95,17 +98,23 @@ This section describes how an attacker might exploit a feature or its configurat Brute force password attacks can use automated methods to try millions of password combinations for any user account. The effectiveness of such attacks can be almost eliminated if you limit the number of failed sign-in attempts that can be performed. However, a DoS attack could be performed on a domain that has an account lockout threshold configured. An attacker could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the account lockout threshold, the attacker might be able to lock every account without needing any special privileges or being authenticated in the network. -> **Note:** Offline password attacks are not countered by this policy setting. +> [!NOTE] +> Offline password attacks are not countered by this policy setting. + ### Countermeasure Because vulnerabilities can exist when this value is configured and when it is not configured, two distinct countermeasures are defined. Organizations should weigh the choice between the two, based on their identified threats and the risks that they want to mitigate. The two countermeasure options are: + - Configure the **Account lockout threshold** setting to 0. This configuration ensures that accounts will not be locked, and it will prevent a DoS attack that intentionally attempts to lock accounts. This configuration also helps reduce Help Desk calls because users cannot accidentally lock themselves out of their accounts. Because it does not prevent a brute force attack, this configuration should be chosen only if both of the following criteria are explicitly met: + - The password policy setting requires all users to have complex passwords of 8 or more characters. - A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment. + - Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account. [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack. + Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems. ### Potential impact From dcbeadfeada3227c4d52dd24ad616f2ed1b5247c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 6 Oct 2020 16:54:13 -0700 Subject: [PATCH 44/57] Added image border and spacing --- .../vpn/vpn-conditional-access.md | 22 ++++++++++++++----- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index c368ed6c90..fc09e68a62 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -48,25 +48,29 @@ The following client-side components are also required: - Trusted Platform Module (TPM) ## VPN device compliance + At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the <SSO> section. Server-side infrastructure requirements to support VPN device compliance include: -- The VPN server should be configured for certificate authentication -- The VPN server should trust the tenant-specific Azure AD CA -- For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO) +- The VPN server should be configured for certificate authentication. +- The VPN server should trust the tenant-specific Azure AD CA. +- For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO). After the server side is set up, VPN admins can add the policy settings for conditional access to the VPN profile using the VPNv2 DeviceCompliance node. Two client-side configuration service providers are leveraged for VPN device compliance. -- VPNv2 CSP DeviceCompliance settings +- VPNv2 CSP DeviceCompliance settings: + - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client attempts to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD. - **Sso**: entries under SSO should be used to direct the VPN client to use a certificate other than the VPN authentication certificate when accessing resources that require Kerberos authentication. - **Sso/Enabled**: if this field is set to **true**, the VPN client looks for a separate certificate for Kerberos authentication. - **Sso/IssuerHash**: hashes for the VPN client to look for the correct certificate for Kerberos authentication. - **Sso/Eku**: comma-separated list of Enhanced Key Usage (EKU) extensions for the VPN client to look for the correct certificate for Kerberos authentication. + - HealthAttestation CSP (not a requirement) - functions performed by the HealthAttestation CSP include: + - Collects TPM data used to verify health states - Forwards the data to the Health Attestation Service (HAS) - Provisions the Health Attestation Certificate received from the HAS @@ -76,16 +80,22 @@ Two client-side configuration service providers are leveraged for VPN device com > Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. ## Client connection flow + The VPN client side connection flow works as follows: -![Device compliance workflow when VPN client attempts to connect](images/vpn-device-compliance.png) +> [!div class="mx-imgBorder"] +> ![Device compliance workflow when VPN client attempts to connect](images/vpn-device-compliance.png) When a VPNv2 Profile is configured with \ \true<\/Enabled> the VPN client uses this connection flow: 1. The VPN client calls into Windows 10’s Azure AD Token Broker, identifying itself as a VPN client. + 2. The Azure AD Token Broker authenticates to Azure AD and provides it with information about the device trying to connect. The Azure AD Server checks if the device is in compliance with the policies. -3. If compliant, Azure AD requests a short-lived certificate + +3. If compliant, Azure AD requests a short-lived certificate. + 4. Azure AD pushes down a short-lived certificate to the Certificate Store via the Token Broker. The Token Broker then returns control back over to the VPN client for further connection processing. + 5. The VPN client uses the Azure AD-issued certificate to authenticate with the VPN server. ## Configure conditional access From e25ba0b403693a4cc75a650ade5a2cc5d715aabf Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 6 Oct 2020 18:11:23 -0700 Subject: [PATCH 45/57] m365solution-scenario --- .../manage-atp-post-migration-configuration-manager.md | 4 +++- .../manage-atp-post-migration-group-policy-objects.md | 4 +++- .../manage-atp-post-migration-intune.md | 4 +++- .../manage-atp-post-migration-other-tools.md | 4 +++- .../microsoft-defender-atp/manage-atp-post-migration.md | 4 +++- .../mcafee-to-microsoft-defender-onboard.md | 1 + .../mcafee-to-microsoft-defender-prepare.md | 1 + .../mcafee-to-microsoft-defender-setup.md | 3 ++- .../microsoft-defender-atp/migration-guides.md | 1 + 9 files changed, 20 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md index 6d04ee080e..c086033e55 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: article ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md index 016d29c822..512edb5f3c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: article ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md index eeefc94bfd..eb630aad88 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: article ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md index 4eb3a79282..111459747f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: article ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md index 417f5267d3..246b542364 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: conceptual ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md index 3422d29ce9..d38a5977e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md @@ -17,6 +17,7 @@ audience: ITPro ms.collection: - M365-security-compliance - m365solution-McAfeemigrate +- m365solution-scenario ms.custom: migrationguides ms.topic: article ms.date: 09/24/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md index a22a3a83d5..fe973d1a59 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md @@ -17,6 +17,7 @@ audience: ITPro ms.collection: - M365-security-compliance - m365solution-mcafeemigrate +- m365solution-scenario ms.topic: article ms.custom: migrationguides ms.date: 09/22/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md index 7e0da8d519..8813e53523 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md @@ -16,7 +16,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-mcafeemigrate +- m365solution-mcafeemigrate +- m365solution-scenario ms.topic: article ms.custom: migrationguides ms.date: 09/22/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md index 193a2a1360..308308a4d0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md +++ b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md @@ -11,6 +11,7 @@ ms.prod: w10 ms.localizationpriority: medium ms.collection: - M365-security-compliance +- m365solution-scenario ms.custom: migrationguides ms.reviewer: chriggs, depicker, yongrhee f1.keywords: NOCSH From 45967fe5b7eb7b85f088b21f92259a6db5bb402a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 6 Oct 2020 18:14:02 -0700 Subject: [PATCH 46/57] m365solution-scenario --- .../onboarding-endpoint-configuration-manager.md | 3 ++- .../microsoft-defender-atp/onboarding-endpoint-manager.md | 3 ++- .../threat-protection/microsoft-defender-atp/onboarding.md | 3 ++- .../microsoft-defender-atp/prepare-deployment.md | 3 ++- .../microsoft-defender-atp/production-deployment.md | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index d839dabec7..c09d936fcd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -14,7 +14,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md index 31593b47cc..76f2c2c7e7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md @@ -14,7 +14,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index feeca610db..6ac048cf9d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -14,7 +14,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 1217b7de99..9e4e98ffb5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -15,7 +15,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 6e8ce89f59..4a974f0e24 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -15,7 +15,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- From a58d7d00f1351e174404c6f38853505fb11386a0 Mon Sep 17 00:00:00 2001 From: schmurky Date: Wed, 7 Oct 2020 19:48:46 +0800 Subject: [PATCH 47/57] Update passive --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 74c6ee2735..be374197ff 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -77,7 +77,7 @@ The following table summarizes the functionality and features that are available |Automatic disabled mode |No |Yes |No |No |No | - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself). -- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. +- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode. - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) (currently in private preview) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items. - In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. From 9021c8114720e4caa426776c5cc45b68dbd798ef Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 7 Oct 2020 19:42:32 +0530 Subject: [PATCH 48/57] removed invalid path , added correct path while reading this article, i found an invalid registry path, so I removed the path and added the correct path and added a screenshot. --- .../microsoft-defender-atp/enable-network-protection.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index a6090f9ae7..2d96393904 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -33,12 +33,14 @@ Check if network protection has been enabled on a local device by using Registry 1. Select the **Start** button in the task bar and type **regedit** to open Registry editor 1. Choose **HKEY_LOCAL_MACHINE** from the side menu -1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Policy Manager** +1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Windows Defender Exploit Guard** > **Network Protection** 1. Select **EnableNetworkProtection** to see the current state of network protection on the device * 0, or **Off** * 1, or **On** * 2, or **Audit** mode + + ![networkprotection](https://user-images.githubusercontent.com/3296790/95341270-b738b280-08d3-11eb-84a0-16abb140c9fd.PNG) ## Enable network protection @@ -107,7 +109,7 @@ Confirm network protection is enabled on a local computer by using Registry edit 1. Select **Start** and type **regedit** to open **Registry Editor**. -2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection +2. Navigate to **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection** 3. Select **EnableNetworkProtection** and confirm the value: * 0=Off From f6be1fd70afde097ac197fce2eaeaadded20ce8a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 7 Oct 2020 10:53:22 -0700 Subject: [PATCH 49/57] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...-baselines-microsoft-defender-antivirus.md | 29 ++----------------- 1 file changed, 2 insertions(+), 27 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index d1cb0e3d28..69288217fe 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -74,39 +74,14 @@ All our updates contain: - serviceability improvements - integration improvements (Cloud, Microsoft 365 Defender)
-
- September-2020 (Platform: 4.18.2009.x | Engine: 1.1.17500.4) - - Security intelligence update version: **1.323.2254.0** - Released: **October 6, 2020** - Platform: **4.18.2009.x** - Engine: **1.1.17500.4** - Support phase: **Security and Critical Updates** - -### What's new - -- Admin permissions are required to restore files in quarantine -- XML formatted events are now supported -- CSP support for ignoring exclusion merge -- New management interfaces for:
- - UDP Inspection - - Network Protection on Server 2019 - - IP Address exclusions for Network Protection -- Improved visibility into TPM measurements -- Improved Office VBA module scanning - -### Known Issues -No known issues -
-
- September-2020 (Platform: 4.18.2009.X | Engine: 1.1.17500.4) + September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)  Security intelligence update version: **1.325.10.0**  Released: **October 01, 2020** - Platform: **4.18.2009.X** + Platform: **4.18.2009.7**  Engine: **1.1.17500.4**  Support phase: **Security and Critical Updates** From 69b918851e2664befcaf0155b5a43b0a75d41336 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 15:29:34 -0700 Subject: [PATCH 50/57] new procedure for drivers --- windows/deployment/upgrade/quick-fixes.md | 61 ++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index fa2817f19b..c4a602aacd 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -38,6 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
  • Check the system drive for errors and attempt repairs. More information.
  • Run the Windows Update troubleshooter. More information.
  • Attempt to restore and repair system files. More information.
    • +
  • Check for unsigned drivers and update or uninstall them. More information.
  • Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
  • Temporarily uninstall non-Microsoft antivirus software. More information.
    • @@ -152,9 +153,67 @@ To check and repair system files: ``` > [!NOTE] - > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). + > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system). +### Remove unsigned drivers + +Drivers that are not properly signed can block the upgrade process. To check your system for unsigned drivers: + +1. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. Type **sigverif** and press ENTER. +6. The File Signature Verification tool will open. Click **Start**. +7. After the scanning process is complete, click **Advanced**, and then click **View Log**. +8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager. For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages). + +>[!NOTE] +>If a file is corrupted, it might display as unsigned. Be sure to [repair the system drive](#repair-the-system-drive) and [repair system files](#repair-system-files) before attempting to replace unsigned drivers. + +#### Optional: Use sigcheck + +[Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. + +To use sigcheck: + +1. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. +2. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. +6. Next, generate a list of drivers using driverquery.exe. To do this, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: + + ```cmd + C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt + + ``` +7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the procedure above. Copy the path to the driver. +8. To check the driver, type **sigcheck64 -u -e \** and press ENTER. See the following example: + + ``` + C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\DolbyMATEnc.dll + + Sigcheck v2.80 - File version and signature viewer + Copyright (C) 2004-2020 Mark Russinovich + Sysinternals - www.sysinternals.com + + c:\windows\system32\DolbyMATEnc.dll: + Verified: Unsigned + Link date: 6:43 PM 9/20/2028 + Publisher: n/a + Company: Microsoft Corporation + Description: Dolby MAT Encoder DLL + Product: Microsoft« Windows« Operating System + Prod version: 10.0.18362.1 + File version: 10.0.18362.1 (WinBuild.160101.0800) + MachineType: 64-bit + + ``` +In addition to unsigned drivers, drivers might be signed with an invalid certificate, requring the driver to be updated or removed so that Windows upgrade can continue. + ### Update Windows You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer. From a979898513556b30d2ff01c437794b1307fc117c Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 15:41:27 -0700 Subject: [PATCH 51/57] typo and add graphic --- windows/deployment/images/sigverif.png | Bin 0 -> 38498 bytes windows/deployment/upgrade/quick-fixes.md | 9 ++++++--- 2 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 windows/deployment/images/sigverif.png diff --git a/windows/deployment/images/sigverif.png b/windows/deployment/images/sigverif.png new file mode 100644 index 0000000000000000000000000000000000000000..0ed0c2fd0c452ba73af39bdfa1ef0494fee155c8 GIT binary patch literal 38498 zcmc%xdpy(qA3u(Frj$d8a+*WYkxS(;hpik^$+1G_P$;nwbDB9^m7Hy)oJ~l$9F{Pa zQ$b$sh*`&HXx^V_z)$R3Vwy+dhD1y z<6iT*ymu2X?lJB{(miftE1YRy1qqeQ?cuY{D|(2^h|NQhAtp&jBw$r|AR~m<)4bv- z7O*ks${T#n-yG$ye{kKLbQRsG=dXh!b;J@#|E9tDRvy^HO*4IXSs5U zbhp|U=~Rt*jm>e5J)7N8YZ`wBHk}x>scF5B>21j|44v#!1f*HhcV9gGD_p|=?ph&# zgUAp63Fg!J*9A8fH|jJi*7I5!G{m`F)hZ?AqAr!PUprKM34A%-(7CZ~bC$SSu}~7l zE%|fr@SE>Y_pK_Q!-!m7!SRk=7hk*)1lk=zrehb4gh}vaA<3N;)^z2AjjkS-9b`<3k=H$=MH3B z1G)k;*RQ>_Yb<+`-T8+`y?>SAovYU~%l#z(+!ECtWnD}6xcz!>34-siA7h;y+X0+v3b zI&hbIIt%ISm3txhmH#CrLc{bZpEnw{8p59&HQb;?t@{BYS)54L*yu)1RMEy9Yg2s- zLt!Pr%SSe$CpRR~GKKO1@{OcN!znXOki23&C-{w0l!sn$vC_AcY4Hb6PFL6=E$qBl zL0I|AZLAFf%V1;0kH6B^%C+ZTTdN%9p8c~r(5bP)dE3>KPKOEmKE^o3I<)yQd=x!j zb8U>|_4{>?S|*8n_@l54n$8PX z{<7qe;o&Wif<|4LwX0GakrIzpA z4(B6lLQ=#l%O?wBuDdH`>Q%@$_WuRnr}gjHr$Q(M=x0sC;a&9_H2U^x|D;AuqkkA; zr+oJYU0GHfC?EON5F!H^Z=gpT_5SY(=&dKzcNh-BGu}t8n~f9`jPgRtz~znoO8wRP z$)^5(dwn?{uAUtDJ)z&%&8_`S-28&sNZ5R(Joh2ad1kN@VAeR0W{sb_;2|S&r=VeE zr>oWzgvE*f?~A@^@Samw9_#=06ZgFs>Bsv%R1A`wX&6!QUH-7cK{#=I*LTs_&o@fp zg0=sd;xK!AKJS_9>TX_Ga|3f{y$)VIh({7zU6{cNn8jc!C=IM_dJWeeNG!2t|DTKI z8|XVh>qPzgX+tIE6xlE02)z=)|<=g*x}E=VEH%mQ8-ZhS@!<{{3+fL zF#jW;zm^}hD$O5voz{qmr+~1*Wi%{G+`HI%r$!XBcrBYh3Smy;P;ewcI+UCLV=1%u# z+?rPQkDC95{3*UzD15~;YQ=L|=nxI$J-qVRVxpM>3VtR-A)hYjFnSw!M89QhCnw9m zw3Ox$??16AU~p{z>etPr|HgGufWUb$`@C4|YGP}tY{$IQM$?@Zrn`CRSZ~QQ8IhX> z9TBQl65gGQ$4ejl7jc6&0ph>%H@$doP^%x?E7wZ_$G0$^wKOiRwhq5XEjHo}s7%@Z zCrAc(!6lyj+5BHR5fgyxJscYr@6LGQKCSW5tNNti3KJZ?F!-SN(#aqHOCkmMaHVy~ z<4EhWJ)X$S`v2k>67qpDe^wR+wB|d7oDmH3d`vLn{qT%3a|Z=jhLjWshwdomIaxgb zMb4alH^<>mwCOYxY5n?3hObx{jKRhW`WAV%LPA7bMDk<#L_VkXCK$Up-2f@*kZ?;b zEu0;9a+jMHGh*gG|CP^8AXTm=WPcNod~v-ve-{`2Y>2Eu-`vbk8l)1(yG)c4gH~bn@Uv#L667F^g}XZjZN6MiUr(os z{Q(M(2O>SzWX>hiszOSMa<|?Zm)`rJi;&y59BzQJ#Z~E&^D0 zz{_vRKHU6QP&u9D@P8Shfp~b8UFRW#9}&@th9^!+C?DuDGC(wCT7&Ut_X5@$G(S?( zr=Xz!8wFZ1@)VK$!b>jX%)sfR1YENAF}=_pf1}d!iyF^{CWX#na>acQeR9uo6=^be z-^p-L?{>+7RQX96jcQtH-M+$fw5LJznXne;#8ITC!5cM$sCTbOmL)FDZ-f|r&XoCK zyhDc-XrRuW1&o+sHwRS>=B`C)4-L0*cK#`6{yApp)6g#$kXCl3N zZO9Eg`Qv#{*s+r?!nSe{x-6LmwJ>rfyT+GJTrSI=G$81MD$Mq2RTYz5xEn9umo$MO zWbMjH7@qFEo=Xc0Xzq(zWH-N8jZ%ooCBNhZBXV)U%aQ+94&T+)BLc9I&-9QgnhN)1 zz|p0JiUu=}vNErHve|uq)~_?a3emKlM9bk;O0eOy@8BpsRsW@-UwVYSj6ihpPoK)V z@|k~2)0PxBrt1o+=1t$*Z^H6G{Ice0a;oG>QM#(T|Ew3nXIn^1l0&btcwKSiC>7)C4epe6_gd^slGb?Fn(m; z^3is2)ti?+4z!!e6ORo%l{}6t{zpOeN)DZJxU@v1ZUr@^zMBP)eh>2dxWLvydor@^ zp-&y6;64F8Yln=Ql|HR~4J(6hu$>tz&m0pb4gRIDKOdiN;Cka9mTjs3{_$Be!Wc=E zhy0Zwr*U!sKOVBVIyF}{emI)@qM@t00-;dQGO@-WlE-mC+-4d5D#}xQCK1hYtk)P= zXB9_2octpND2Oid_1c4tGW^J1Eo2j{!R+OX+9)`gW?PWXuX?ulE4HfjG61F1~+%o)UqqDJzvnN2xFB+fh7@Pezj682UtM&9PF5K{HY5jyW?(STN z@AT5D^MoC=3Z15A7`1kVju_|C(Q0zRRS^a0?#nV`xkIh9YiPn@Oav|x0t-j=qVUK{ zgFk7$@Eq?hs2j!HK@lxvj)b?Il6Abz&zUh>Elt<%#qg`I4$J57o~^z3a`|n?811^) zd=69SR5E5`U~R<4P=U9RY?d4KoTn>F0`m;6GG16SG+R5ExzYxs3|KM0OxV&;K_9#L zZ!IxbST#UY$Q3ED(X`dq(b;Bls*g|-HviKv1}#n8TVe9+NDpr$_ir+2tAH5Yq ziHQEk!iXtI%l%gh4Agc1Ya&9O9$EiKcjg;@zWR^q|MdU(|I>q!IpW?)f2?u<%DQy# zZ)=9zwomJiN0Yu-p!(a3PV6`_@W+5VZF`pe+wZ1`yt4lH%I%Wge+;Jj-$oXHI)L5( zf4|vWLVbS3%KQ&?KLAx@N}laPj%3fZxy?#6MV%(kPmPVle*SL07|r0$&-K#siJqYw zYEyu6jOPh!O_JX8HUwS*wKZe@Ife~`E#m{0&_86OOj$a=#{yToSKAuv z#r#a#XY*x74Vof2n`3Q-1Ys`(e;!0coR1RkWvKSaR+VAas(5K7OQS9NA@V-RT;q@s zkJ;pWY4S?|CpP39iKv<9Nqdh~D31^>sTvEio}Y_zK@L^3@dauqw^FQEms-W zl0m4J76Z%?#5%~uy{m+gL*S7J_I$OrnQ_hDSzcBsAB({>MSuw$sDU1RGrutuZ4aF_ zkS@a(us-Xe6frMd+OinK*_0XX_cb!GIaYz~$q{b~`2rtZhuaeesq1^l`b{h`5(k#c zKM#HvZZ*mMJlqC0*T;;Q|A96(Dz&6qY~`-bRiifiJyDQ2vu(VsO@HHa-c)T+w~%A` z(W;ZATCv;CH>!%NfZs4GpaG*@)LOCeFlSzMofwWAnnAAPI|y~zRKd_+rr=^EV7SjI z;$m*DK4!3;p~h(9WILRm^7wIz#abAS^zmEd=T-*f-H1~C0yIMs;o+i;e2E$7g{ABk zHRYW{b>(&S_vw zxe($)JbA8oiz;&&m93pTjgepI=8@J_V$@d*)D9rd&;mrrCvpdcBJY&~{hfn)&(pVM zpi9o7!2Qs)#V;@eHBUn0LZp*3-};6Nrw#febpMwQt?R7HA&prydjLpiP4CysGOuFa zQO}%O*J8F1%JEoTa=4HFnf%0KljREmgkRzCjR(AR*`p+bFc3p9uc~_-AV`n=Z~j7} zaK4in0ELh7V%+l#QLR5SVx!lrsVysqP(gj8Oh(e!gfpeosW z%IW{~{D?SX#_;>A0$zJrepHW7(p%F+hcaFE{Z92Ct0JN6JE6S0EjsDsciNlhT#I0_ z&>_816^#3WZV7(%BkO59;khfSn)_8hvZ5RI_vu^#U;vCeGt44y62{w4?8;)3fZcWZ z%9rn{+3<1Uv|v;vG*f{y-mLvDf&ioIE*N0YiH94O@4TnIKQeGUDS^zKmBhs>lYgV18Sh@dQ$KH|AQM65Unlr zDTM_b`Ga0734RJfZ(bG9>;GbBb#NvZ;u_`7&||=@4A8wWv>ra54(AZ@dz5dV`szjf zMZX_XMa~U%N&gqOA~t9;A`LGF$S{1v{yn2gHo&F($!93XcB|BKx=F4dAb`%ssJpK7 zms-~f-Y#6){LXL~$X~lisRAxINb{h1|7I1t|NEi*wDa_lQee|&0F%vDZf^?FN1Z3j z8-fu;`?o=a8}x>sbq0k5%6r1$dvj?n^g(xsL4G&cKXDQc9yc6FWC*oo%W5U-q1R){ zw%!4t@7bKxg5Now*ZP2Bm54vGnPt8CEjelj8lGg`^`2Ss^_~JKd^|rb7P<%{aq%wr zaeqy6Jc-v0gkZ6=zUC(|FW)v1&cmdMZ3~R1P%)pX z^DcCSl_RgIWQT}ud=XWrIO;xc3&h#H)+Bil-X?1Ped{iPhIR4+=B3v*Ib(KGfS6A+ zZGKMnQ*mdm14v;OEmM>Q#En>Pd`ZL!ju;S(&#B)WA(x9a*P!b7FmK^L0cd6Ph&SXn zi`R+qgYtRypw(sg4DG3Ku0&BX3^EeVJT1z0c#qKhZXOG)if>*33q}Tt1xXvS&-9 zos#QbOYA`M@#Du%-O@LL9dH@XwHi~XIz(qz|*=kKaKvPK&^6FGn(5Gx_5i?8}a6L8cxt0x;IR%)9beE%kWXj8Tth9-t<+d zO(}RES+X!A)F8vSAaXxBoZloRSW}9=%BFG@e|~cW!h3d<+uY*!B{n9Kr2*O%E(fD> z{fZ$Qg$M2cWSpl#6U)c>!JIY~XEG&{8cb-<3gSR5K|+TBuQz+G`IeYLx`h#hF{!r% z%wsTdY`p@*dIZMU(6e?l9}%%p!Q%JU{`cFso^pE4pN5WR%EWCAQilsj!Z*^mG1~2(9pUW-E}h) z$ryCd3U2yX&SdS?)d_CY(jG>8vgS#zv{*I@+-aUYPfYocS5A*t_cEvd_`=D z>FVCppbn&mI@3vpRY0~}&-eF>kLdtAfRmH`lZ_W)>pyz|rDm9?OZG;*vDM}3TpH0z zdQWOb9^Xbc+(|8el#Q9B;`W)LOdrsfwMyuLAE%%->qo4bB0n_+Pxk1Uk=dP`=)b_6 zP(Zt%rGcL7Ke*}lKGZDE$KMMmdKcycqOQ~73jJd;I)CE%-F1Seafh~Q98pmnylH(k zs@f{5i@xSX_`rR?CriI(t_%hq1I`CAFn1NE&QvW2M#xj{!jcEj@G)5M&hK+UrS>0YmGZylrFtaUUgr%8H$rL@)btVg zV)L22N$)B#jY~|}w8CTU(C2N5J{6eLbYcZ!Zdfh<=^=MxP(-L9Hd00e=@Q%2@s_&6 z=qC|==2w;=oO$`tfb|ATgI3ZU{huZB;Dpxul`b-atFM}rVdc|9ua}S;w*Tf3ZB=8j^kb~gaE&fm z_>|)`gjbe_u^^GPW?$#t<_zG7213u0gJOZWsp{pR>%axQ+1whkk3l`8Q>Zq9JOc-_ z8wduivW)$?dgSd0)VZ8@FicaK-cB>S8>_Z|Y zY*9LRy(<8y0ZJNuI1+q^tkruGntz+q&_NoB5S9Aw{?eZ>{w|DI@Fx6r}?*`bROH_S{%d12eP9H*j>LvRnr$39+(aEh_ zb6^3wodwm7)UbO?h>R?2By*vKjnSs>FdxjKoF;ySzvi^pjUncO1ZpM_s)MaU%PN~U z%CDIX-EI^G@cmOu*#6W**6ETH z10jOe+sLAm@kF4pIPgkzqEUp9b?M20=qB~8QH{ziiP*=i*S$NiDb->u>WqfnTcDo; z)h@MsRAPOK`M4({G}M*cGkUU|aVeOa?MIy&jgvB3i*zz0G@do{vTPhFu7b*esCy02 zI=}QhkSl~tfaAXt7t{tgi|EE4?XJ45=rQ+x^{IVK$sPRlkf+MABNoM;K|Ya4A0+g z=UN2v>Km6`GiD=j>cZ~^*D%V|jpDoM9u%HlOTQy^r}D<7rR+&|3t#SY zm{KQG3XLVrkk7ODU#4jIfH|OyLJsUcb(0oJ2%_Unh2g;8$Q5-`-dJ0`dl>z}V!7=8 zAy-&a)cTc}@+*1b1M$nbW?NgJecvY?ee}pQ0$ifFK0<#H- z`_!?mn@U3^j9m6_@q4rMVD37EX#f^UsJDrws8R9iV^R>P!e3vA=l2Cgp7B)hBRow8 zqFSiuiHJ5bo8tDy^>`kg3>}56_qhMab|su|mhzlpI_I!+8J2%;yL@=9pmjY8w2{o` z@k3YhsXTyK)J_wG8YnCO%7WTv@Qk^>TU8g%!1Lw$XxPT%VGSH$entG_=)17?-2QAm zYyxDW4(XlOx>+CDwDgQWiHFE_ID%3(2S5qUya?l5*eC~#!m-v;0THVdK8MeqFX3;B z0XFA3yW^v{`TV6Z4L-wFebg^s^44Dg;5rLk#cpV};&^(}FEoAGmwhsR?I)+t>I4 z54vHIb;-sre9m`0dM4Pvxu4y#towIm3HfzBS@O1=%cy^>y<*9`u z3`fr?pFFT&y=WjnX@YjKphZ~;1AgUp>bdH-l88=M6CbndxZ&8J#T%|foIwnhQ=@CN z59TYE11sN<+Z~rrcMLo_F#Y5K(2t&5drLu!ZiGvPG9~MKo;Le_MbS6 zF|XxsR?NW<;^<-C72&it<>d`T-}09FliTd0k(#U0)O1oNlw{Q~AsDvHU50 zu~F_yy+VtMM8JVEm*!E>Ny~l9H$!3?G;VuLY3je1&oE7GX&616v}pCWil6qxpWqHs0mfU@;^K8d+gPKl|pO{5dH58eCfhg~SaF6W<1KQ_HtW~y!` zUsLL%#s%iP_nub9ocdVSd=PrYmvAc{xsWneO(;axVSDpD!oKvbvFr*q`QUJdPHS;E zJ*1^be^Ao9VBh6AdT_Jz9cbh|D0RwV$kgySn0R6!14R9uplu9?QR7N?mr?F=n0vFJ z2~;674bzje!w6f8@VgD0Q<%YH8XXeF7u~E&F~Y&6#?RLYwaXT@H)J(SBjU>I)w&ER5KUINCvX6ks% zbu;kPB{%o$Y~@;(TIaG>zWPAF`z7@e zbbz3STt}IaJINHkx;T(`4E`pXGeUo`unOV1Rf2rUZxA!rT&3*HZj?|qxYI}wx0gp9DaWaItsu`$+Uw8{ZBY~7I_7gIPrXHx6d+@hvwjlrDHm!>IYtQx>lTW3 zG|4t{F13BWZhp6Gbm6qJ+K%kv3ZyI7aKQOhvQB@<9->hh`{r}(t}c3~;~I6A>+qqE zmKTrNH@nQ{-wdC}|1GmV(^7ChjLJb54btj|r_@`gW^xZNS9kJvok5dn^wLr8`AxCz zz9t^0!;~=xs`6LM6<_o(uy&Q86o?jB`q!P$8-h!R)tx^OKd3#SyQu!00j}6fteqQ=ExqtCxL?Ms~r)Qb*2opK4X=J0}{S z>^Py+Q(1LcVmM_=m8h5;D=DVg5!f^U2bl+&Ok`V^$a^=V1Ud%Vu^zzRF-?d{eP|?% zlMt}PgIW-5^hBheDJSB1z(YDB^@nOZ8W2#*4(^5e9`Dc;{pd^@z+SoU4Fwl={xhXm zr2unr_o6p^nXDd;m8{oHwSVdEr?VZU-JvO@)d}~x^5_usN)<<`QR=Mc4kvE+0w8Kt zAs-bvJkw_y)`QPwZ9b_FPsyN>q8%}@jhN^Z*=I%(ri+FHPaRayujZ~n0Z(Qld=TJW zxXD^Dz39N>oL1Izgbi4A%&~dtEB8;IDW?7UH@*3s>Q+_R>GWxn9u-Y2xxLYuD6e(K?REQ-c!hH4NThPgh-o6r+U!HJR zBHTIIry!K7uKD-8Z}M)7*L{}nDsbYo0qxY4@FbNI_vVof6K`_gPz(nWDK+7g5mHd| z&`h7+vK~u^fKCidxci?rk_RWnArkCq0^1}a$ofvI=(1w(<4*4ZEq|nDtx}7G5>_E- zc>UDSkd%oNEH4>i(S6A`Rpc%qqP8x7=w)V+gM4)G>6q*F1_1=cugZ0CN?kbh#9HNZ z`W+xESlOuCgjT`_-#XKWDlyaE15PI0_flQz8qbsrqh9A?D@CvC4>ZMYZ7bleZsoyh zLHqUh%%X&v%M#zUMHdFAai#;=%_kPU`xr$Uw4y6yCmHqvmOab35RYsUX4>2|aa8)} zsR`7@M0@CP&(T7%(ci|epe=Q#cA6~`7O&1`|IFSW@-4GN&jrRKC09Dd!3ZHAE$hP{ z{duO>R)uc$m0PTM?i5^li5g*NVheGZ)J|5?2%r=q&62p{bV2iWXeusE*StMf#=Y`x zh5NZYkH*Wwm49`y6~vw5%k#V@w0G+DdwG)=sGe@4rcV)IGut1EIIA*Ge>LK3#+Ov#|C z%Si}*&J9qzE-Cx9WAv?Ojzt4zN!roDDwaN}x0WE1ig=rnCpoX-hbiG1qpHMHU#L?4 zgTNu3$Ag+L9cBGYBB4#GA(_oAW?ZW5@u4ZLrWLkE%NO~rO`8ePtz--9j%D72AUaJY zyR`PM1W){h4iJZw*F5mKw9Af?GAvm{3ZRlS+e_I_X_GPt1XNA$2v_}+YPWK=QX?Ar zZa?msI0D3hG_XK#ifGV5 zZ>sUuPSLP}q~QF*P=V;1JnxrOs@TWNH~m*~u|;;Y6Xfzzx5Slm+*L(VB1K2>J=LzZ zwfXc&VbSwkw_Y8^I`z*_9n9Ms5~}I9k|4<(mC-^GEd9(ri8V~ShnvK`{Q(2oNqmJ({Iq9zYC(?havp@S;AYv(SO$i3ES$8}t- zQmWHbWvY@oJqv@6Fg_(krv23R#dSgrxwsK-v$IOas&TxaZRw2IGCx7FVaG|TE#Fpj z2NXw#s%g0tSdxG8)4z&bJC5Jqd)b*)GD7e40xx1+223CeL!=O8a`caNoO3Ze4wQZm zF5_qO`ewCO-GRNnJ}j|?xE99#3ZLf{5uI=Ai-M>%I<(Rgc@Vn*8`$7TCaWS+=UV*48+85{nxu0)SPPL;& zu97y6v}(|mK9o`0b?a}4`bbmH^cg2LnN=YLoA zD1GijE@(?VoV^@-9a@Xs++!@yX?pd9!gaX;n=Z0DW`}n}(~X|jTsU2qEQ5kXy!1rD zrS(K~+UvgrCNnfAd@5B*%4IhwDgrJh2X=SZT_1<6Yk}KKflmi)f2Z>L--1-05j+0R znZ%yU`~4NzN<_4|&!NeKO6}!w{#Se_URMTG*esR-a4C~YQ<}v3Bkil+`!C*M`)ak@ z7w&r`AF|*>>ob$=+OMe)4Rn(MC@(fT95{wWUh;+N3-;YKlZncCzN}8zwMg!e!N1Hs zCP=En`tXKT(Qmn?ddG(FkO*)3#tFicFBNo0!vM5ZU%L*|0D8eu);0%5js5AZzN{4n zd8WG9yy)Zd*(jKPXQrUc@ zdrj()t9PG?<9ZoVf2;HVL!q^FvBMtimtL9L9&i0}VE?CK3J?8YU{&`u)>Kw(q4%8p zr(wK-(F2%?%aBCKRjoE;O^15-sgK69G-tG7!X3x`x3LejPGWpex}HmvCN1&rLka=P z*t*J3vYPa3o0*ZUrHpS);tx07q_^rMXsb?sFYrB=EZpVe(;adfndc=un<;i1Tm2&T zn3#k+)vU2vic#7pj5CE4PT961$<>_)^uJy7(B>%Br<+wKmv3`NCq5d`(%kd(N=bOi zXCVH8yWF>#ac`XEgwdOvBW8gyLk2E0_rEda;=dPH`MfgXaT@**SWkfUqE4jShJyE% zNA2RjY_MlNHMeKU2T)N>asFxdGk#sgy2~vxle2v& z@%-Vr3U&a%#zc$!&vk@v(kF4le3Kz=@!9eBgwGo{)5hVCE$d+un_>u8@><{BSjY8) zB@j@k*l!l4Z5e{M#%J9i#d;n?yN)`vBnEsbJ5usK#RCH!9Zr3Hn+;5OI}_S|p-L;e zKKF~CxckYHgU&NI3wH`vU&ajjr+LU5yGUGJ9+p#jYpe3^hj$-xWO`bxn*8jTm5qlM zUU8Q_rBBSZbufM7qA={TH$y#e>1_5Dyc2ct(w0UD{aO8|$sb;g{g;@YWiETM^qWtN z-x^mOkJ*o6YTjQYT=1}mI>k{OX6o~%Z|ZFOm7M*cB+g(+3GZA1o23c7!6itZ;hlO67Y1a@`$e&=ds=)FDRz<`yPI*Jt!FtL0MkZk?w0FiMc&FM#Yls{< z(|7I9sS2IFg2MSzVJ784oS!t~Vh5I+LLnhrI!hC3OkTQnV}{}^Qf>%r-re5#6z!9j zEsvPsme^+%{E32N(AxNWIJ2_ll}r{+wLgL0?6>$3cj{}UYGLQEuNZj7aA%f7NrP$X z1LuNCIFk=ZdUZPN?<<(Z|>uJ;D`8`y*e_T1% z)aC5uDC9M0teo_akAl({&vMAMbS5Lf!)lqG;#I&aZy(D5D<0hgXW&pWbDdWtc>uZv^rXe>?JnF>8EN~}D!G$bcgy@s=m7>=|`T+e;e+MNTO>h?E<>>UV3OBbe81b`Ow#|;N8PdveAN5QE!Y3 z>%d)swf#N{Xt5ti&AHzi$=NOl^~T>+V`kz0tG?s86hqP0G3z05XL(}+F-It?gy3XPG;0VjP-=gkRqLCa=2@v6D#{B9Vn595bZ3SWhwr2#odgQ5r@mm!g(}5pNtj+P* zf2-Se0l&Y6lq!8vB~}8MFZ}e05=xCJZp5;ULUp=QV;RP$YcenZHs+IqDxs>yc`^0)!M<9a$` z)Y~|-4&y-JYMaGlQBfSRMTOr6Sg=d#Dsjj=m2#}_y=-2<@(NNZMzSP0d7p_k{sFxy zt<_9#=u}7CDg4#klH38~M=Dd*(_;RZvlrtG!NUHvb*jsKQhjo66NY5G#hoI%g_V@@ z2H~eERCRKZAT2~c+G!%?rpzHly}i|m!I--5_@#8Qe>G)F(1NFqDR?JSrHoki)-mT(Gfs>7MgTv&RkYG5o@x9kgc9IGWVU< z`7(Dwe62_8RK4O*DmgNJd|10Ix#dG%58MxAZXt{r7(q z{5h*&j&n8VA_s8sjD(iOtF*roJMF4{H9HiWOP9Ivl?ER5@v!74oo8oaw2vL389PmW zJJL>~DU#yiZvhJbVdj0`eS7>bDfr!6vhD(@8&dtIUByg!fTAI5;~%x6hG0k1w64F} z>XMhioV7~3RrNnfAF`G7J^BMu#xd@mdUT^W7-G;~v8^sS(^^w~EoGAA3y&B7d8|Le zeh4;Q-!M3*$-mr2<;Zkaa*PY@&pA`hCImWOx6Nf!32QH}7`w1FJU?bmh3|h(@h&1v z>Ub}T9sB2qSRVxxmEf2`i4zFtmWaFjZg#}9+U+Rf!*N5wcahU@A7k$#UlmWdAKn4^ ziR1B71jMYm$xH0$U?Yb{_FRgQhsZj1^70K&Kd7k2y;Up7VveA{=XeGrwF! zi?y{OV&r>p-}2!u{Q<%E1zM&_qCaB9_3Oaf)_VO@`PAv6WMM(u1pmcwNGxRl2WE~e zPFwjGjhHy@y78J6@NFfN0wi~sXlq>t(~nse4s(^-oD=NFE8^b9+$mQ?0F)_(ac8}i za8mf{6gOv;W4c4|k{|Tz)x8q&$gpI2UV+KKNoTMn<~zaLZ(}KjiX}0bD??hwe(tfU_83N1)oIH7ymJg zY{A~}O^%=cDs?p(J9kA$+#y*Nm!1|Z%NVbKNffab%w6wP^|J09=uU3zD<2*v1FlW{ zk+)uBfxJ~4kN7b&Kg0dh9Px^ug7z=UN<7JBy8zA!5+E3TT&Uo4CS9wx5-oKAo#^=HH_8+f4#iM@{0C`u)w#4ly*b+R@kvp>QX6U-SKs_gEy| z06cG$3z0zkF*}*Jd>__RbW-}Kfkd6h$mxk-M&i=t0RuN5KeunWpY=@i+TUM2S2$&e z1r13x-ht?wKT4m#8RFmXl;=qqcQh0Kgnw?QApBk&>+82xz80{P#iBl$>aRms^6e6JJXT)9-r$ z(slZItBjai&gY}H22494aat)mbNBnMn#90~FxTi?#~l}Cn#H>E#xFxWupO#hj%pI_ z)B1fRAXP#9uKc376R|#6R@T(9NVpVxrrPi2bWDqElyyQ_Cd ztvi%+^5~^~So*u0Rz|&ls!~pj0F$@ImHM6PgOG1Y;Uiw8YPq~inGp{ULgW789&}gJ zo59}GbMsE@DLhbS3U*shN7X_`@MorgmkvEhCE2_&4KT#iVkg&;TG0+%g^Y`~hJ_eq zMzwh`@qkT-(Gz=`MT}w036um)+`U}Zu9kbt5!xqlZHgyy&|Q-^Z*(RNkl-shvEfnZBFiwj`l6{M4kr1$Fgb=Kp^EvSJ+X z{3=5^Lfkmz>9F6y17kiC0Z?9ppW|*|VPZg{a^(X`rEL1s&MLRK1;xHNDv>E8EB;fi zF7Fpjwe4VRi|{FL$7V&_e`s;1Dv=5Q#8+NDJuc=YEAffDCZ>FiP_zhE9|HQ`fo2Lv zwZt82K*m`fdWgHfK1lnOF1B@WOFZCrSLKQqoTZbW*&e5Hg?FZxV?XF*WbT)L6ag=+TSC^f>ghWTT(thD}CR7znaJAS&5An_fce` zt^|-a)rm^pATE5E4(W-=Qei6CXt*oXsR#H(#vkDv2`BR(pe7qt60Yo=i2eU)@#5yJ z8&4Qlup_>yHeH<1Sw!b_sN}CJH@QouE=Q($Vsva)vZX2yc$w;tEB0s=zG)vKoM9_{ z(Gt2X>XaFzb9?vsiSt)6W@+~sA&)I3*pAUnT!)I?z{^e~Iy|$#2peRHI-Bp_ldM~7 znyX^JF791MI}6xq=9yb5(5OG4+$d50pgvdJy~cr_+X?N4AjF}<)l;_MLg7lR5_X6P zKSUL$m9hLWBf_b^`n^2u*fG0(84hV4DMP6mL4x;+eKW-)9x`x-nG5V}m_;HQpPiZ* zROnh*N!k5lkp%FbtfuRYi=a^u6n*-CY)SgAuG(lIg=TX>Br+3(~`#4DBq>D6>P z&Rqef%nh6FKEjQtz=P0SnY4>$`X+ky_tZm5>sRLm(+qzgw&TFZj@Vn=M`4SxgU5}0 zV7E?Dn-HsSE3$BET?XUR)x-Vn5f+&4!9K7bY8}vp4`5-0My)W?0;TvUTDK3j?W8(0 zW#)F_rIDBEE!P470OfZ3-7+SlMN1YhiZwo!<7#Cq-I8S5Nt`3R;ov0eQjWYkXb)6 zb>^Foy(3?(h@PQ8uwWeD6#KrKQ}DX6P3fJ6(m{wtB`zUHa`LO zqvJT_r>qjPhydmN`U7#)n2F0tE5`^_9TS%u5P_;o7^7h~tFe)@x=_Fl!AtWa?m)MP zeHfqJ2P+$i>T#!PpLLeUAuqr$2in{!GbQZClC-)k*X|7joyq>*5hi%+jWLs)Y0~Tn zbv2)?pG`r(oO|YlVc8JkyQ!uNr&!>e|afI|YP>2H`k6qw8b%bvxvoH(&7%f9SQ%cw=2laVv zvGwhB)}RC87;96ZRhy8-d9e~gVrx-bP>c+y68f;@f zaLyRn7b8gq4QX9VMt)|>Ml$wz1d1GPdtj`mbq(-t+6I5ip@>kpy|1>^y|RVC0nNY$ z7W|WkT`yNWgXi>Nc1BeESY$ZdqjVT$-x#J8q-zP3`NV(<^J#>pT^GP^@@e<3S0cSa z@~9x1aW`nz*g%wcyQ+7p7cjua`Je|om}hRMzz9_bK7H!|FXav*T&s=(n(TB$HaB77 zw8h+KORF@Bs|r}E`<5NiTt5SI9{eVY#{jst-O;TFqg_-!*>8IO^db-C^Tj(t#g^AM zx*0aqd=;0RDq0V;9~fqp=b*ub@DDvIjG9{hw1yoeCz9Ra$iM?u8#Ok-)~c?ms?%CQ zBd7qL8kIb;wzZSmJZZcuM4(81U&_vi*)oBCV#)^;KWeFZ`AWcQq3yDn(ti>5OTkyV8RmfA=sGmtsa=|ZVjYR-gZk^*~g3j2}Z=(^p zvWtV@n+&0ep3u2SUXGR-@nZ)t7OKDC5D*Cqch4IkbEmn2Q+aAsbE`(uXPh)$4{_Em zg8-kZySg^%;6m#OE5|!y;F#8MD$+DK6e-1{!CqvaXC;2w%^=YyikzZ=YHPZ`-?2Lu z>+TKOeB3@3d#H~%-ZY3=JOe!JmP9{6QzbaRianw%?^Ce1mUS_w6n*D-*YWI9$0%{; zksGhI15(V15Lx$g(m+5BTw8Felw`FgwZ5T>DV66Q3_6fcubzyVKA1}}YD{jUNWpq7 zE6uf81=KN3fD|scyg6GM;J8U7`UQjL^|d`;?39jaI^W)Z?LR^#RYCr9pPO!AVy94K+Z8lMFP*Gg zL-l6r`C(dvkUMACt?OYA^Jvp`5^sXeOIJYh>jj~ALDgaZ8-3|-!^a$VHCzqs4w{V> zH4TUjUsC!YVOV18hivH}{{ude<-h7GQNiWRYE;NxHTs1Z2Q$e<(K@=) zH|_N3Z2bY1$(`OA$ztUrVpg9)wb$R+G_IzUPjj_B-w;RjIGKQuxuyKaH7}y(5jHmG zbJeB*QPT>BLfS55)*U7cb?*(*kL-6P;ZY#+#`yMmtC{|YMqX3`I=C_srs3h`06lpF zO9(B$+`}M4ZX3EHSYkK5HPi1BV<_uAzY7&sfVD1i^bF99Jo!716_uAiRKmMauY?`Q)U9 z#StVa@(?%R*#=ba^+Ozg9UEy>A&%s&0V+d6;+d|26}|C;9t4*0%oplju^y~yu%Id0TV z#u%${uucKAav)HFbedImp5c6A08iItw}1pEZV7^~!U{LC5=BUrL`tF)e>}nh4fw65 zTE}!v96tk@*Er!j#wlF&_N#AhJue~@{|L@gk#-x2m*HI&J*;(QGQnWV=kQnY-Xl4C z@6L@UVS7%pEglpF8^p$YB~5~66thcfw2bcrDRdNyx&v9TKm)D=8G0rx>I;hIoUKpd zjNGg3cC71|X6k9rT6a5gjpO~hg`NqdbWAgjNs1l3CK@B(v{*2?+#h?-oz^x`4Y;t# za7H7RGavTW`}vQ^0zOn?3E+hS#FE@YC;9?Abbd_zU+PSA^OY4|Rjk)SopTWj4l#Az z4atU6)glOD#=8ZyUJdo1H)sK649voswX2#z{Ci_i60U+>rJ`EkB&Ok41GtZ%osX>yNk#^F8bDdHTl|I?X3qGPG@TP4?& zdUof2d_OTf+Rww_n#WgG@n;vA?s#0Ria1z1HGA1NViGvVn*pHtg}8X^;PS z?i;yfQkD+FeHvASX9W7H5I&RhUOF|gk=P@ivi(qnsR3__$A1fDU6Xv<_tCr-CWM6&fmIVJ23};!EI)=M)a82 ze3{8gYTW2`G#XZq44?NX+X1S6KY&reyk`tgkw~&(eBD_Fw@GGG_w~Ibjrnw@ytnp259-Yoq4m0O9&UX;EUGSLkoT-sw;P)K zg+H2IIQO|FY-BmF;VU-A8P*}^@j|10ieqjn$^ryK~@xLn5vA^AohZQ7* zNN~H&jkT+pv^`z=%s z6FVK_{*>2mde&OzizzepRmbL`^!XT9UMShH$5y2dCKmR|va1Z?!?hKiiykNn@oM|w z7pUPFOVZ5!DQ&GziLqb7(=j=|j2-eM9NQr+K}(H#RRT$w?^X}}tC^tKao{xwo2Z0f zg6yyTEtj7`%x=b{`;(J&0@5wg&;KMf{IeA1TRvA``R0R&V$%2ch$|H=F#v^uZJ2?T z9_U5t7#0aD5Mi8$%PP7s@4!rZ)EVt zhj+Q|-45O8+tw2uEYNiIqe6MZ?u8^IQDY9#Tv>i6bJ|USs+^>Px!lHM3Xg^q@_JYB z)t>P8bPeRsUMZ+L>UD$|>-G4$&RJ=e7Ti;`fcW1pA<`N5ui5Q*`?4-3hE$nEU4Evw zXG_;uNvfWR2G`k9AbK{~#4FfjsPG16?04@pRer1J^w44-Mhgd6eQM~G#OrN`AkHPr zn$y&6)KN*VL*ubP1NF#QjkD-d4A`Ng@O?1n{%^%opS00dahEqHgi})L6KP_~`X7qy z>e4V~$vOG>Vycr#Q#fiv=-tGlaHr?0YcBf_c_5#>5oFNdgq&HuMBNO`?%z8}7CD2c z(-*|O9rv^qA!o{Vi4)|WO8B;^{ir5}LbHTO0dupxoDxk~l$ab4-~tQRF%Cx7O+G}d z<0JDXB>~QysGI-lKc1_fp+2}b{|qJJ%}LD0+x66+dxMX}9kWQS&?`TIq?*Z{;c4kH zsG848Vbn=#+NDpGz05k;1NrAkJhWtr9;zN zk)^#71NE9t;{wAuy>91{A9W_l>JYfqx?vAAy!g1P#HhRX51P;CpRVq_FkS1FKvC(k z5I-AyestQ*4KP5JiY7BiXEb3D#Sw2|UrpX`Jqq&fDLo2zbf zwI5)~viZTC%-caPcdb=NdZfz;%e8jd(*r4TD|5IHri3&VuCv!7+-rcF`TXN>L|Ia{ zJ^A987x8(F>J4HSdq_J>joco*aLjk|5~*0Ze_!lIn@{&HbgW~rf`yWX9;5PrrEM7Y zg5K>LWRfgD;+-vd@}4|+!yW_EgC}qmJMJqCv1F3uz>oP(YRl@lUD+^WV0g)}SgGhH z;Q)#DkY5S~n+6sR7O*qwPhIIi2?`STD-J$BFkZDAo!&z@JRw7IG)c6SN@R+tFpt|+ zTak|Bj78>wP!kSU5nuNw4xhoYkN*xy!DQ`rw4r-t;>w;G#%0a9RP-)7A!5;(rNl|n ze$G4W29b~RN;b&WkE=KailUovcz;lMerZ-1gi)JUmkQf$cXY#_<8br& zc4@^btX#V?JiKKacv`jF!x$uKbbsh+zekA*8-Q1n?-0O~PBlqnwlh`lqZ?099X{hK zR+Sln1l#KP z=^s0j*e^j;;3#o;TJ%Y}=#GKK<8R%>KdU*~fN#*yqJ#})k7+JJf(njKb@P=)Te#_d{j;Wis0}k4Q}(t&|52Do#+Ag>^Blf97LyH%c>Z%!rn!^P zk80NiIkJ=TitEE`Ce5w=Y(U(u>LVz0J30)1^K0EhcA74-=K9YSPXIOHL9DCh<@z%< zu`#6blfBroKjcW8Na-5uvrqB{e#WsSf4#MsQj`y*vtnNy-UrI~bIxygMyPA2HK?ytvxUbivAePt?OP z4aYMH;cZjZ+_M-1AJG{0LFTvsYp&mTk&o@rer`yWWIAMw^yW+m@ofZJ8|v@RGDNQ9 zo(lSZ{?G~BOznhSP(%KaqkL`gKa-#@pxahlqO$hl?;G_#TKYv-{qyse<@jY~wbFKw zcR1_>{Ogy`P>DcTe(rDu5Uo!J~v!Wr4jUEac zv$0DBVSI4U>d!EIm`W96jYx7EX?c|D1nCN9FATA}#<4n3${8!>bgq@mFL1a`Xffpn zKNf??Qv$l;;m_=!G&Hc!l0ZXS|}-uPKxZ9uI)j(^AJ^7x3K2$$RlY<~hh^Z;8rH~f-U96A(&uKU_5 zQ*c;v%~erl@v(Axz~@s>{g3N-95VO-e8~n9P8>CdXRYV z@xynBWb91_!m{m6m~AGmF|%hDx~y%SA<3X5OTulbeerIoo`Vr!f|GAok`4_( z14vtJ&o112m=9G8nRrbMGY($$M@O|xY_Pv7w40x|`wMpKbgxUz{1s?YGj*c;h0K`! z_3flq(01L(ex?v6yW@tUiOX#K-+mO|oV4Tfsv#Vd;6AjZYdZVz)%tJEIX{_Rj}3Qz}kl1>kk9c4yK=;EFB#oL~|yGk8Vcm zu$fAh4&|FdO6TMrx>7JmLJT>SS5WcCq5xxi_qk2; zv^x@=R7Yd|M4+VT@fV*tnfXpiG7~GCuEqmF4fj}$qh_!;b3rNO0jBEN=S>}|Bhj+> z)Es4T^PGcH7?7=bN{T(J50Yogmu^kGgT$d~%>bwe>FXnxyvY6zD^t5zuZEM0AX*F% znBwP1Ab#F&da!D;7t}+zif*@>a!S(>#Z4r!l<_aOui*Y^MB2RR7`I+{BpzxL@;&H? zcT+;eZD6KVT~g66YQEOF?lAu#ZZD6&{o=9K$hMalPhBY6QNWtM#IwKfQEQs3G}gm7 z92Dl=&9&2(g(wmEtSY)EneLekecVmOcnb(r8(J~g>+ISdHX5n&Q3}=c3Kdwu_VGq^ zM!dDc4wzj{@t4xJNQbl+D5Nlayv3?T&3txcJ1BgZ28+vhU0Hwj600`G^YrXUsrTgV zWi61mT|X1r5&g^=;>oL-`?S<6ZiC7+$`$I`@xM2%d=7H7*QDYu9^nQ1~{F z>l57rhmu%TkwHK^gq@iX&%Q)?{0U)y9~L1U)!af*&5<@wudnI3Nq&kq9^&Ys)y+i& z3&3V=O`%j?{EsSfD?A7llzSd^zML7J(gzYhN%d{>oq0OX)K1WQ%8j=wkV>{nAITOd z-W=lc;eAcdM5@II4~*uH058C>W&pCa0?b=)Q3{jF3bF4^{EiWgU{#3EyvDeSz!iQj#FO~+MwiLuM52JMJ=}k;EJ^u=*T*l) z6^I=&-Nm2i*Iak-1Ql;}F?|RB9HOwFa33inB&}G1`SxZjyz!!m4AWqCHfqU}9U*Fy zgim9C3U{`RGBF&YRO0Rm@v*+-RhmW56p9v^{1k}FhP_`t93JTma4W2~o#sUkQ7z@V zDle#8)Pb?Fq_}X#%H-1*_QqpTh&&ZwHR-DN(;RvZrmHjdytFQ#cAW&1w&6LCV#;?F zP%mzmX>_=D2-ZS!x5afjVO?2@G!1<1Xk$4(w2JHt5PWX?LkOW~QIoQ?ylFLsH zmDN@+{(f4JP)U#9KdKE6c1rddC3s%Ro^zS}G^aJbA!Vw{$J$#wSFz*~`;QUq^k&ci zd(dFZ*d%ED_*b#my&^VJGty{s8er6H9;oHERo|Gjyuq`Yg+8?@GQOl+is+6U@QXp4 z!Db>rUqv$O(D`cXAuL6bjXETww;0v?V3A}Y!*2lK9)8I())fvxePE)~z+~DgpDiC7 zmK}8gEi!l$^VWZQ)KsWjEl>U~6#EV@;X)A+@`%PK4Y9Cos}pLRM`P={&LKC?p;J-m zl^$(UduM|5f*24*5;llkK5kP@k)OZ7*y_G+yz*s3PNkIr$ zHhgY(6zfg8oIJ~oBrf;OX7y$!neY!*dl$a;4CT{H{+57wmwi4|L(g=54%w0n*eO%b zZs^yGe&JRB?SWf?2bQ?lJ-e{mPJb^Au?wTu{x>u+l*5~K!=p`oOU-R}YlS!;Eb0mh zy@^HRF6;?ju5}ymO2J~hlI2)TP-@68J6)w|7$K;4WSE;bu4fVC%0UA&-5CG_3UA@Cn{XL2{bq=HdA z==wdhxk8G)GeVn0l$E zyY7Wg>oK!Qw_uhYZ&+Qm;^d58d4SR$GZIykjjDtm?8uVQ%8xkwf(#HWq)8T1C17=Y z05aY~zu~)|b@kMFtv=pE1^c@G10S+Ez>z+8Uxlk#Sk63|Nf#KVLV5Si%N-Z%Z+y0J z4AOPNwzrGNU75Qdk2>BIzKN{x&A8MOuoK!dMWDj?0lEr3TBkSskHMYsA!tu+Zg)(u zX@bspcre-TsHOLbw7#ah@0*8hVm7q3?rwF?v|=oW?0yiOJb`6J?;BCdD=a{`2A6UL-y#I>9wPqChL8 zCcZly2-6p9#2k1#l=0i=bK{p9{`n`hmWgD?K1Puj;kh$bsm7wA5A^=YdZY1o?@N81uu|&zj^{C6yaWjWv(*(; z+B7PdH=28AwGmZ$@s#TGNlH1r$L#WitG$NmIf*K?^sH)F7tMW2?sAAy(JfP>GxgRd+M|9-;UO?N{sq)w#z?D&*v!yTr?=nmg3x94~?YzgLI&lGrN z412WqmRExNOr@REKGf{8CQld*@Gf{?n`rl&&8f+&!!CZAKtHTG>5p0lD(ip08rah* zi8G&s^=g6!7P61d&i23C;1!D~qyju0n_`HzCF{X03047}`Oevit@QaaCF;k$#93PT zT)b;D90FwtLfhlnP`$Y5zrX3AVJDD@2Lq8l_p3zlQH4pEmjR6T?#RPWWDaaGI3Wb> zkuKV5$;Ofgf_!q~!--RwxA94()fbgq1qX`=U2__emtP#}Xj2~UI2EbY3*li==QyrX z9*yAj7UUt5nYq`@_j77`O)FH=FqEZ#hN|~+NaVZ-Z|BofrP)t^TMRBlH4I?)azHSv z+I!j!Cx?uEEyUVs0f;8@%NR!F|-Mv(H zu#lkAHCk-(OOM3_mV5x*$m6Ds;!$&QeSS67gkGoi$ZPDS>9e!>-v7M56ic4o{r0jI z2#~hJdl3dy`f%-p$Dt96a2DIDoQT;5NpBQqv9gm?Y+*n#?9#RKC6H=DfzERF*#bT* zY9Q`IFJDiW#as%^$p?wkHGu3?P8cl5PqGrwSP2tV#vn503S*j2a;)@259WbQ4g(QO zL-FoXRjGUz245!c^zNW$28h#pnesmH1Y@rcTDn5T>VG$h@Ox7`j!&2k&t3p%K%Y3! z(&QinX^5)9lJ1#AvX1pyIKJ9du^i_T>~*$&;=EWtF7@oHy~Q=(jdIsTFVV>1=3O4^ z^xx-*4#B84z<-LQO2t#r!Je_dkPXS5<$E=F%D&R*6!5;kN0&W{myeO)I^7ybYih5K@lmy2u?1#%c_#_A}n02OFCdD^Z>LdW}`0V0Qfv^_yi+d-Z- z#C4!s%2R@P^M#cg*C_y+Co<{&fCZ(x-{3Fup6)un486Blm$xaO7H)HC9fqCrZ=G-F=Z=MTJt`IOUn2HY{kc$7z;+)~7v(~h>V1Au( z;y{cX>Pb(^M5s=Rwhk(SftLM_u=6%(G-rzT&s!MVjNDR6+GXiSvbN#sj0n|ID^~EE zd=H`I+ErS1`=p$Jm4bs&m&<#w#FRxVPa7V|zkI?0RT(_%Pr)lg?ne!^ zE!STD&uWiU6UL)BimC?@lCbcP)pFpNWMRP3l31-E0RI2jYK+CXWbStYH%3)pNMyi5 zpPL0%`>!`M-9p=p^f)B)=kRx?@jQG4;%yRao3uZ(BOgj49+x{Mq>Vhj)F$EXrhFM__C7w1pmx3*KRmkW6=OypCB&FWxoIw*ql*1{gJrfP9EG~tc_Qe4+t#|a2_8bo#kpaef8nOFsiv2eGgn=d+dtPFp+ECnLGvC7x+K}AWM{6cX+Zo*;05+ z-#!20V?6ni3rTzJZ9;RzTOHho((Ma2w^Za?kl3o zil$$Unna|1KJ=v%qz)J-H_IWL^2-mq7Y>-Y%5qyVb{lINnI>TmuMeN|(!Jz+lfun3 zJrPq2^5kbZLAK%g{7VV?%xV>;p2Gm|RHx|U5(3y-plo3*zOECw{0>Y6*QHV(CW zS>3Z3gSlT~ew``qAJs%g@cEfe`Sog+4TzCbC8OT>xmlr&2@oULIbM3W-%e_Ktnq+f zfkpB*;Q`p=9g?`CPp^bS%{zC}6c9xuk+B{F0d)$Y&Mh|k+9yr3|ww&tPi+z0SMZPUmxw)<=q3+FN3e<%fvPJ z0j7-}d^IrAV+^{y(Yf(d1JRE%OA|j$tzNp@J2J6mtWy#dTlR*bMjzvK1tN(*VQV{Q zqppPd3#EL$6kW1m;Q5`tK}mXl8Y?`yg2dAVFi}IRpi_Ku26gFbknCn{&o~qp<9&!! zu~<{n4Q1(!i|vQc$2On2)*Wfk#fUYPVN`9Bd+VJPQ0&{)w<%gRZu%&$o=|N>ZAhb& z{kuero+?qz1(Gn=6!RkUS7<*$V-ET*tjB_={}3u}jQ-;^XcF7(H-lc$MyJdIn|I#$ z!r@$B?{1M^o_NGU>wHT&M31Ms1!6we-ErHnfA$Xa9*`ye#uV(+Up>nLF(D_wO#4@^ zd5a|EY%~V3Xh(9LCBcgv3W5?)~^vlu1{G+K7!6}ImZy2od;!gX?!RxWh!Vm_YlIMVz&n&bHN zyAiwpTX6{`^Nsh2&>`#CKC$P-m6Lk-0D>b)VUj_^wNE!64c-J{0<3K@7A}u8sXCR8IaR^oq(G|~UCf()?d+bnf)F0F* zzCI~)zjR$-Z{e#pKL6i#=o6n^?2?Tpp8b7He0nshGP;kM79{pZ?p^PlK5}W1KP!=G z^DlP9OPZ;#xg zqGc<3McTL%f@YU`9;a|4mF)5z%yDSUKK^eJbk+NPVldzAssz1n518(?6J^4?Y*f>2 zoHwM;>-fZQy*8q0Js4Q1OMN-WJzn2&oP+QQzPLk74byuBorQRSBml%{PYZMqrJ8o6 z()z^hHZP8oS8k1Ogw-{yKP%<-z?1Ng9jhnNe`ENoMyye#Fn&&l>wS|wn2MZ)=;q2_ z%ibh!1X zaokx+!VZ|i>zVuxJkg|?I{`VBF0ya)HAc6IzlUqSIl6^P@{{XTseSv&2NYH3n2(_e z?+`Qge5U^bfZnYTIktF-jUU5?T@4f}A07s;K}d{ep-_?LJMKyB7!S)$sSaxxNncB% zhYr(-B(wmV>x=%85h{x{+-XNnlLoQ}&bT63_B|a#d(IHMZ@?LwzeG}>UJA8XGgfY@5=CPob}FdRN$#397TC^4ZnX(Djti$+mh3L{3B4zAp0d6rFPS zb*kuOBr+(`Bc3)Sw&R36&9k?d2KyoQjh{z*V+d}8yaZYkO|5{#o6=p(Y(Fj_gtHTR zX|wK@568b~;)~{t#b$T?)-s)2ggS0hkUDBF9>CJE_m&s z$Cyr@V&~$qg62Mz#mKf!nCR3^G$(+VjO&lw#tmj@U++L9g((EWL&^C2<4}gAl-Q7JQfwke1Lt3`db@2 zb3TWS5*mAWW!vOgk{n}uCLn@JSrH=R)AkMUM1%22_)mYAbx!9QxKX%@CS%Yy3gWQg zcRTdYmYmd2Dk8%U{Xl-oXjNR+4Ei6)lM-cDH^jrmOnHr!WAYTGoV?dnK&bLg#%fEP zI3WQNtKj13x^l3um55oZy9hmZ#@B}@63kmX7%pddMQ>S9XHGFA15vBmWJoUR7FckGbaO_eI*N}C`me3tz7iVU7-h1@*Y7Okivw^#-4sEyO z9BfOZ>m{h{BOSb-cB!BrQ+RteCRqz#n}jMR*?R$^-b+p-Cx&ys3}^yBAvgFOpjXcx z%C!970r5dIOro)rC@i&QB)kC0eZT>;hUSDT42@F5V z69HC4wj?Y7(d5QISgIzgb*~t?kctoLz$HgD((I&_wKM}}WS%+$JJB1Y`g&ZtK8`v( zt$DCY7ecB(CwjTWbRV|9gyaPJWQsf&ohWw3s$!Ay-tE8{guc2Ol}+Z)?tfi`CU!=o zaq7hvOmMihcW{ISx?0z)I`$) z!rDi&$1J2G?7$Edjei>K%a>@nN+>N6iSM!qDu~LTfAI#jQej-AIuPPHaNS5AQvd1y zo>5az1K1OG<@&_{&ujMs!w@wx$lXVb8yt_$;RJ^rZ0riQZ1XM-X`2gEmu40-Sa464 z?+kCjD&qa3Ozo?|;W7~WWs0XD5Lc<0ajE^JCosPZeK$|94dYpLL1iF*gG4Wg)q!$bkM-}cm2LV_tyxAHeq6GPG@ zxvdL*vjkkp-tSl+!Ky!xuSA_V2WUW#yHX&-2OOKPaqOMdPHUOEriEpIMHBWFm=JCZ zN{pCb3;hKie)=M*BmPX0x8Oj9E3=XeE`P^=j480TS9P1D%d=-C?+OR^&|QYH4~Gu6 zlk-Afk_(I{wU0tz)Z!mc{dol zy9BK&$VTBm>*8YmBfKMi<(^SulU$|gBmH+4UmewHQ;(Gs^qsI9EJ9ODawmn(mFwVy zmv_PHr_y^$w2+0rKz?v4+fGNZnQ8o>`HXNoAe<>rwT6_viOxOJx8`p4OrdqtRX?1muQN%} zd(K8&*FT-+$)O`OpN1X?B0AQSrFXUT`y^H%;m;3~7_PNEQ#?@d>(*k`Q(s za`vC^Xe{&9<*Lt)yr!>+uh0wPs_!O|gM}7AyfE52YFkkU2G6qGQ`wPF-8Z{``S?w0 zaG3FUN?0HN2@cfzbpF2ah%d1t8DI*W~B?p9%a*+t4m1>Ma(v^bE|1t=4S1TCdCHBv%fv{<*4D!%j ztCPKuEThqaxi?X82%l)By9mmP8p@&t;-@7b)IO(&Ffv@|c(%?T1aRncOp-qTu1W z3dSQkt8Yf-bx?9C%b;ayg zJ z2wwR8FWXm7T^v292h2~O!VMIRtUa-Nm@V922HV$iv(*uVve!jrOl6uoaNyeFwuJ#U z=A!<2A7o2_08}`OM}TlCXBt?$@C5(ix*MIr1!efB6+&X|4I<2Z+zs49mBLt=)WwwB zOWQLDxolfw)V9Itw?FdbtEDo&F-V1H*u{O|A`kDt)>HA?Xo5~-SRlY4cwF03Pb%{ux*Mh-UO-b7|fq!-R3$w_^oH&Z|Vg(2(AP!`lu z_-tr`Uh5O1uIEJ5@b@nLZTME%p;dh$^819sXNmtD)R1KsofVt|g$AM;qf6;ix;4!v zOly!333pCG#@rNm*yZFFay~^B5Nmmre6IT2nHZmlvL}V@6zZP>6xM4C;{Y((Q3rS* zLIB@2xkFK!GYY<;a2Jquukl$IOIrV%_*Mj5Nm#Q%Wg&SgRitKM>Kb^|cdPGc7he%j zCUp>dly$=+K1V=19%@rdSKN!yUKNgYZltOaP7Uu0vlFvyquJwr_*-re>2}G$hJ4uEM(ja9wS~c|8+QzSFENT-D zPMZv6?xRe4Y@m22Hmj#~(4+k=;oiAYIR)J(dzj?;;eD8+&L20IG-sP$IXPv`IQZ-u0PMzs(B6w&ifdw z?Pe+IkKe3sOR(Z=7Mez)lLk`y(WOK)QK61xSmWl%7X6lPC2HgBayJ%{xf*g?O^biy zQsu>tu$~$zPk$b+r(JA@2SPj==*G%dZ-O^sXEkc-4%WOwBpoE_HJ7wZm7T!FKxo>* zVrNJ$3dvXxI3LyQk0Ol{XvDb~PkN6&6H#%#E9&Q$;hFdRdzECFNAxBbv@P3?dk^np zn4o|87nbvlTe3hpo(%u8Ikog;0hkK_Gl~dV5vm5^##Z>hBt{9?uEbKb-+AX?}icmD-kr{c6F6S zLBjf3g#Hj8S8*KxttCXj+SB_Gr7G0L0esUDV~_HaWu)UfSy2IwO6Pjl0_5b;gS>&+ zOtvaCN$-QIaRb$G$R#6`dZRzy-@~TdzUj#L&J!hcBto#4hQ-G`RmX&G1G)treY5Yr z!wj@jU6iHkTol_Ey8VqiU1xl?mhnFm)@!OAdD^Y;_mUGqqjrJRj{6$WH0vh8JtLG! zpg}N|(w&XMRbl}z`Vg(&u{0?v0bSmdY2HMnG)pwertJO?AQmb)ifrdunCxg0NYxP@ zpfQdQyQE9b;S!%TA+E}`RJF*#cl%eZ(BGEeZeUp=EW7BdJlS&6VWxhF;g53W9De|b zDks)_E|@IX7;-^>Qr~*G79HAmpD`%uWh17dnhlLRCKajYcwksMkRce zGiW=QK`@$psTPDOG^67OZlze|A~(*QD&mF^mh!+hy+4=pYm>IfTOnvkPlucjMjN^P=xpu0fza)8ZY1aD%hqos|}7 zx;Y@$U_6_XJH(B&-RnNBT3Fsf5qrcQZw0dDlSQKM)AlNP4B(1iOpaaqaIdRT!C@M@DAT>0U!zO7m|Hg_?xfZ^md$|#+=cm&l%6gXz{SR@!(+G z))s0#6-S&aG>nVfbw50aeW;V>Z`omeysYi6?wBe<4uo^X$|4`Y(>%DwsD&=vsaV$?k?3E>Xbwaz=}7I&y9X*hm5`w5d+{vSECbMVpTI5SUvY-M z8sGzrSOu{~1jx0Q)Ghk{1Qp01?B@I&41jF_6q8ByZl{QRy1rvZ4g^blP@B6X~k(S6KjW%nuR(3Vq>iRw8|&7b$I;46DX7Z zOV-0O6ROiJsn?ogll#9X@8$UII(2g7BZ=OtRJ|VDv6J_+?Uz7739%h(Xqf_Sja2kqO}3Kr>If0)7c?b;+s+p0K%$Rax)8jFlyO5kV0Y0AqiFmTS9}(Lv1!uC(oU=wGLUq_wfnGCs3ZE##+}uaZ+tzmT~yo z@B^fO><5<52>01vd?#ylbzRkkj z0d}z>(5a&@xwHve{Y(6V7r3-hOsaam#MR}e$`ZN$6=M=2u@uo9_}PJnAlq>eGw~se zayLI-$xsO<5KeSNykRD{19|l8Qg2Hd9htiLQp)xNZFz6uk)b~gp%az|#t(ModNx)K z0`aBQJ5|4}LzOy#%_eI%h3eo3853)C!u%s_GsEiN=ge8JXAGja7!R@&SyWV4p2PER zT-wuOCk=JR)*hIJSb1jvU;J$4q zX}s!I3<1No*P7J&fudXkOiztU)Rh;FsbYV-^5;I!E#jgceI|GtoGbPv)H=)n;uXrP zVv@lz>9Uly0Y{{6AP-j>{P1HiJM0Y^Ax zc}|wai>m!}M8?=lL#p&C>`T@UNjP67|>a0$}`TH#(5DXHK%dOG5XW* zwA0=me{2x1xVUq7j7KRt;bbPV%&|3?s(J)%#MR!zFL!S0#;7eaeA^Vy>(izcRZ%x( zOIQG47}U;+3~;(hzXkVZO=ns2jrFE2oU$Wc7?e+Bm_YIE&PB%T@6`zJ)o|8ql2_IV zPtW`2a)^G$qK7)t5JNb4Uw5A?H~Rfm6MmL#_Eoq!zgAaPg-BxM-vB^uLat+b?HNvo zG$!c7xSaB=Un0uNUzGM68OlhUgSvaP z*dZ3kx>56Fj0VEFBPU*qk{<_)cb;+{o>u-sZ5$*Us6nQaXfH8bJ5=u-DG9|esp%fb1$L(Yhk{Jl1Q|ZjsHz&8z0Q+w7q^sn zI_#tFqTz>^0H?J&?cN?5fzn5V!MpemNmK1BG0EZ2YPxKb(m=j8@d*$B8gqzMq9ghg z@}i_!*aOup{K{Ec@ZWy(Ce`uvuUkSIX8yF4x<>r_Jmpn^rY_!M=pauYt_o4PLNZqV zXgh$cM3;##!qRyAPh3dzPJU8SUcjN(b4uqs7Wla>SewaEqdAl|Mj9Pii~f87eViA0 zdgn)C{lm2jf8q@vTx%6R3h)0>D57rw275GnP$8&xTK2EsF0FWxU72xVd zRO8mC=KjuT1r28t*e`VEL z!+&!9OSm}o)iX{3+(L8C`8#%U$G0v441oVHUndO!p;bcvUwP5>|NmzH&s&R-}U~=ukf^ z2im;m;J(!z3U*yw_9xTXhFRW*Vb;cKex8&rh0hh}wuO1P-f70_SZ5VAq z+vcwT@vnxMZ?Cg?BNXsi;Q!JYKf7hKT=MNmQ}KK1n;xH;VY7UfSb#X;WApEug~Tgh z|0v0e*ZtQ!eH=GcJpD(@Cw6|Q)hA~D^BcCN&&ssAvd>qh`y8<%-(mW|+=W~W8TBP9 zPN4<-nGgJL0Ecc^xj)>n^o2Sd6??Gnp-b%Y796pDUJ(`DME-g?YAY|w=-;RI4=Yid zcV3gU`YbBmnS1DNzi~Imrq|||{1|IX&S2y`Kg0gR`a3B+vrR|u17Nc9stJ_QSES@? zx9np^!{ZgJ3A=pQgVm$jkKbiVoFEw6)Y>r>y~X;Re;^y>0~o8?iJjvk62{Q03QE1w zbd>e9{Fw{r-**2fmAcd%jh&J=^%C$OPLgFK75I0|`YGx{c$(?MXRXJ=|7w`G2s-q3 z9{6nn4~avhjwOdCU@Y|A2=Lt4XZ}C{uV4Do^u<);ZvDhEq|qeum%p$?K~&B?fy(%j zU&ti;`SKP!ocC01?5FMHvD|S~P;B_J+*%>y519Laf`9qDA+!i0wRkUClt&E|@?yo5 ztzp0ow7|u?K(AQ+0vU$zU7%M$o7aD7t8rX8%b9*VxUO1U77UseqBoRMgOY00$7gL0 zCs9tR2G)?wH_b9p{3hqd5`v4T!Jb0{8=Ou?UkbGlsNWc zU}!mGN36F1y-&Yd8e4GVZC=IClR!`N^ZvTb@@0ruZxj61wohy0Jv1U7#+fdrT-$iD z)N+i|JI1)2^UjU23L7z<`Zq{&&3CWP9OJJeW~7-P|e*S#(X&#UIH?x zI2lCq`M+wr)}W@6ER0%~jLS;}k?imqR#8M8QE*lscZd@hP$2^gSOf?RG87NxWzYmn zMj$+fl?1cODvwkKA20$jGDtMUhyemP!Ylz2g$RfPMFL3>Lf*;V1kkPhxmDYB|J+-B zPn~o6bf50i-RG<^v zvFAJ9Ji&(jKCUlVl=#1OJA7yaOgyC-ie8A#^rdpids|LU&dPZU-DKW1`71E(l&T)B z1=9$nd}@kuia)=n+3|wNQe0#S6T?}1@`sk3vX!U_OxWka;q`J5YqYG|MyS;suC^u)S&MFD)6yS&)ea7 zB*Y6-VcMG9zDxb6^A5aYE>$#i)t{$rPb*xMd4tCu>qqbM%xaa(n7~H-{D}e7nt*dZ zZrB=vSqec$M@mXZCB-d3#y-c#OJVAz00BTW*TjgX8Rt5RF|@H3X-ri*C~IRTS@2Yf7=hsDq@3;hsR)% zul4^R%yv7dwoXzoH!a6XONKH>EQr(V>7}A21gT;Wx=`MbP|Dh4wk}ZyAop$!GySv{_ z>Q*~s#p}Z53_VZ5t%A>VHFmz*0juTV;{0p@qJqIvGcb(Y0yZb4arzYlS|@4feQ%ZK zUU@#NmS~JzT0zBjiiIKV#E_rn19%geovG=~JPi;{De(dT-0S2&YXx!L{#n+NnNc+3 z>a-zk{nep&2bU|wN6V$F zH_O8~@-T@&T!lX&2|Z3JNp5hO42sKCKMzij&`rP=25XCNskB@KgR9h~Dsq^D8LCc5 zeF~QdRyRd(g0nm)e!Z4|<{_+79V$h+@I5(K_S2vI88}i-b?(X}D_!;P$-bHyoQB}2 z`xl@JGMY_sf%Ozw3Rmp!w8m}^(<;e&G%8y22&%{^U~tAPT`ma3*&&Td)sR1R4br~+ zyWbtiKEgPVAXCg*?(z390}hl|bXT97DGVs{UbADzEs7NS8Z~^|i@52B52yn#8C*n1 zK6n|oj+kcM`fPE_&HB3#*Iwp6tMphiEW^yhOioFdgVMob*$G(>6b7l2In4}n%6|z<8EKUe&amK-^uBxAK@w<7!ch;@O`&3zKos&@ zENH!B=suL`hW1HW-(5bSIaYB@bka8aNR3OQJOYd;1*wLc_)rXm^~y z#2%Ztc+mOD9<#6!9u2R%^dNiKZ7j02 z=(5SWZrmRcekgDKqAvMFt-Sek(Or0Eux#uC$Uq-z_k#QDPqjdTZBbPgw=Cua*Hekf d5MQupSbux>oI~!etS|vfFf8<&R%k-uzX9vP2P*&o literal 0 HcmV?d00001 diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index c4a602aacd..b6a64d28e9 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -3,7 +3,7 @@ title: Quick fixes - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Learn how to quickly resolve many problems which may come up during a Windows 10 upgrade. +description: Learn how to quickly resolve many problems, which may come up during a Windows 10 upgrade. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy @@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
  • Check the system drive for errors and attempt repairs. More information.
  • Run the Windows Update troubleshooter. More information.
  • Attempt to restore and repair system files. More information.
    • -
  • Check for unsigned drivers and update or uninstall them. More information.
    • +
  • Check for unsigned drivers and update or remove them. More information.
  • Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
  • Temporarily uninstall non-Microsoft antivirus software. More information.
    • @@ -166,6 +166,9 @@ Drivers that are not properly signed can block the upgrade process. To check you 4. If you are prompted by UAC, click **Yes**. 5. Type **sigverif** and press ENTER. 6. The File Signature Verification tool will open. Click **Start**. + + ![File Signature Verification](../images/sigverif.png) + 7. After the scanning process is complete, click **Advanced**, and then click **View Log**. 8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager. For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages). @@ -212,7 +215,7 @@ To use sigcheck: MachineType: 64-bit ``` -In addition to unsigned drivers, drivers might be signed with an invalid certificate, requring the driver to be updated or removed so that Windows upgrade can continue. +In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. ### Update Windows From eb8290ee4e9c8549c262b119fe6b504af852d925 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 15:47:09 -0700 Subject: [PATCH 52/57] added txt --- windows/deployment/upgrade/quick-fixes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index b6a64d28e9..837199548a 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -215,7 +215,7 @@ To use sigcheck: MachineType: 64-bit ``` -In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. +In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. Sigcheck will report whether or not the certificate chain is valid. ### Update Windows From 697519637081d513b664800c47556840e8e712c5 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 15:53:11 -0700 Subject: [PATCH 53/57] fix link --- windows/deployment/upgrade/quick-fixes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 837199548a..a4619b4f14 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
  • Check the system drive for errors and attempt repairs. More information.
  • Run the Windows Update troubleshooter. More information.
  • Attempt to restore and repair system files. More information.
    • -
  • Check for unsigned drivers and update or remove them. More information.
    • +
  • Check for unsigned drivers and update or remove them. More information.
  • Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
  • Temporarily uninstall non-Microsoft antivirus software. More information.
    • @@ -193,7 +193,7 @@ To use sigcheck: C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt ``` -7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the procedure above. Copy the path to the driver. +7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the [procedure above](#remove-unsigned-drivers). Copy the path to the driver. 8. To check the driver, type **sigcheck64 -u -e \** and press ENTER. See the following example: ``` From ffd4ebc8dca3e52f965f995c58fe7e15c6259f97 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 16:00:14 -0700 Subject: [PATCH 54/57] update resolution proc doc --- windows/deployment/upgrade/resolution-procedures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index a96205d6fd..6b8a9587d2 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -36,7 +36,7 @@ A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1 The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). -To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. +To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers). See the following general troubleshooting procedures associated with a result code of 0xC1900101:

    @@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
    Contact your hardware vendor to obtain updated device drivers.
    Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
    Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
    This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
    Review the rollback log and determine the stop code.
    The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
     
    Info SP Crash 0x0000007E detected
    Info SP Module name :
    Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
    Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
    Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
    Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
    Info SP Cannot recover the system.
    Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
     
    Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
     
    1. Make sure you have enough disk space.
    2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
    3. Try changing video adapters.
    4. Check with your hardware vendor for any BIOS updates.
    5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
    Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
    This can occur because of incompatible drivers. | -| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
     
    Ensure that you select the option to "Download and install updates (recommended)."
     
    Computers that run Citrix VDA
    You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
     
    This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
     
    **Resolution**
     
    To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
     
    You can work around this problem in two ways:
     
    **Workaround 1**
     
    1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
    2. Run the Windows upgrade again.
    3. Reinstall Citrix VDA.
     
    **Workaround 2**
     
    If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
     
    1. In Registry Editor, go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
    2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
    3. Go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
    4. Delete the **CtxMcsWbc** entry.
    5. Restart the computer, and then try the upgrade again.
     
    **Non-Microsoft information disclaimer**
    The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
    This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | +| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
     
    Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
     
    Computers that run Citrix VDA
    You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
     
    This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
     
    **Resolution**
     
    To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
     
    You can work around this problem in two ways:
     
    **Workaround 1**
     
    1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
    2. Run the Windows upgrade again.
    3. Reinstall Citrix VDA.
     
    **Workaround 2**
     
    If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
     
    1. In Registry Editor, go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
    2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
    3. Go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
    4. Delete the **CtxMcsWbc** entry.
    5. Restart the computer, and then try the upgrade again.
     
    **Non-Microsoft information disclaimer**
    The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
    This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | ## 0x800xxxxx From 4f348378a25dd517ec6ad2c951d3ca9bbb0a70d9 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 16:12:42 -0700 Subject: [PATCH 55/57] update --- windows/deployment/upgrade/quick-fixes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index a4619b4f14..3f2fc11c16 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -187,7 +187,7 @@ To use sigcheck: 3. Right-click **Command Prompt** and then left-click **Run as administrator**. 4. If you are prompted by UAC, click **Yes**. 5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. -6. Next, generate a list of drivers using driverquery.exe. To do this, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: +6. A list of drivers with their path is displayed in the File Signature Verification tool (step #7 in the previous procedure). Optionally, you can generate a list of drivers using driverquery.exe. To use driverquery, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: ```cmd C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt From 5713121545fdc0cf96777a410047500c510d1837 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 8 Oct 2020 02:12:53 -0700 Subject: [PATCH 56/57] update --- windows/deployment/upgrade/quick-fixes.md | 88 ++++++++++--------- .../upgrade/resolution-procedures.md | 4 +- 2 files changed, 49 insertions(+), 43 deletions(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 3f2fc11c16..e69527eeb0 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
  • Check the system drive for errors and attempt repairs. More information.
  • Run the Windows Update troubleshooter. More information.
  • Attempt to restore and repair system files. More information.
    • -
  • Check for unsigned drivers and update or remove them. More information.
    • +
  • Check for unsigned drivers and update or repair them. More information.
  • Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
  • Temporarily uninstall non-Microsoft antivirus software. More information.
    • @@ -156,9 +156,15 @@ To check and repair system files: > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system). -### Remove unsigned drivers +### Repair unsigned drivers -Drivers that are not properly signed can block the upgrade process. To check your system for unsigned drivers: +Drivers that are not properly signed can block the upgrade process. Drivers might not be properly signed if you: +- Disabled driver signature verification (highly not recommended). +- A catalog file used to sign a driver is corrupt or missing. + +Catalog files are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. This can cause the upgrade process to fail. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver. All drivers should be signed to ensure the upgrade process works. + +To check your system for unsigned drivers: 1. Click **Start**. 2. Type **command**. @@ -169,53 +175,53 @@ Drivers that are not properly signed can block the upgrade process. To check you ![File Signature Verification](../images/sigverif.png) -7. After the scanning process is complete, click **Advanced**, and then click **View Log**. -8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager. For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages). +7. After the scanning process is complete, if you see **Your files have been scanned and verified as digitally signed** then you have no unsigned drivers. Otherwise, you will see **The following files have not been digitally signed** and a list will be provided with name, location, and version of all unsigned drivers. +8. To view and save a log file, click **Advanced**, and then click **View Log**. Save the log file if desired. +9. Locate drivers in the log file that are unsigned, write down the location and file names. Also write down the catalog that is associated to the driver if it is provided. If the name of a catalog file is not provided you might need to analyze another device that has the same driver with sigverif and sigcheck (described below). +10. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. ->[!NOTE] ->If a file is corrupted, it might display as unsigned. Be sure to [repair the system drive](#repair-the-system-drive) and [repair system files](#repair-system-files) before attempting to replace unsigned drivers. - -#### Optional: Use sigcheck - -[Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. - -To use sigcheck: - -1. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. -2. Click **Start**. -2. Type **command**. -3. Right-click **Command Prompt** and then left-click **Run as administrator**. -4. If you are prompted by UAC, click **Yes**. -5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. -6. A list of drivers with their path is displayed in the File Signature Verification tool (step #7 in the previous procedure). Optionally, you can generate a list of drivers using driverquery.exe. To use driverquery, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: - - ```cmd - C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt + [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck: +11. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. +12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -u -e \** and press ENTER. See the following example: ``` -7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the [procedure above](#remove-unsigned-drivers). Copy the path to the driver. -8. To check the driver, type **sigcheck64 -u -e \** and press ENTER. See the following example: - - ``` - C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\DolbyMATEnc.dll + C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\drivers\afd.sys Sigcheck v2.80 - File version and signature viewer Copyright (C) 2004-2020 Mark Russinovich Sysinternals - www.sysinternals.com - - c:\windows\system32\DolbyMATEnc.dll: - Verified: Unsigned - Link date: 6:43 PM 9/20/2028 - Publisher: n/a - Company: Microsoft Corporation - Description: Dolby MAT Encoder DLL - Product: Microsoft« Windows« Operating System - Prod version: 10.0.18362.1 - File version: 10.0.18362.1 (WinBuild.160101.0800) - MachineType: 64-bit + c:\windows\system32\drivers\afd.sys: + Verified: Signed + Signing date: 6:18 PM 11/29/2017 + Signing date: 6:18 PM 11/29/2017 + Catalog: C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_163_for_KB4054518~31bf3856ad364e35~x86~~6.1.1.2.cat + Signers: + Microsoft Windows + Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. + Valid Usage: NT5 Crypto, Code Signing + Cert Issuer: Microsoft Windows Verification PCA + Serial Number: 33 00 00 00 4B 76 63 2D 24 A2 39 9A 8B 00 01 00 00 00 4B + Thumbprint: B8037C46D0DB7A8CEE502407469B0EE3234D3365 + Algorithm: sha1RSA + Valid from: 11:46 AM 3/1/2017 + Valid to: 11:46 AM 5/9/2018 + (output truncated) ``` -In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. Sigcheck will report whether or not the certificate chain is valid. + +13. Optionally, you can generate a list of drivers using driverquery.exe, which is included with Windows. To save a list of signed and unsigned drivers with driverquery, type **driverquery /si > c:\drivers.txt** and press ENTER. See the following example: + + ```cmd + C:\>Driverquery /si + + DeviceName InfName IsSigned Manufacturer + ============================== ============= ======== ========================= + Microsoft ISATAP Adapter nettun.inf TRUE Microsoft + Generic volume shadow copy volsnap.inf TRUE Microsoft + Generic volume volume.inf TRUE Microsoft + (truncated) + ``` + For more information about using driverquery, see [Two Minute Drill: DriverQuery.exe](https://techcommunity.microsoft.com/t5/ask-the-performance-team/two-minute-drill-driverquery-exe/ba-p/374977) and [driverquery](https://docs.microsoft.com/windows-server/administration/windows-commands/driverquery). ### Update Windows diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 6b8a9587d2..1d75d19367 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -36,7 +36,7 @@ A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1 The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). -To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers). +To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers). See the following general troubleshooting procedures associated with a result code of 0xC1900101:

    @@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
    Contact your hardware vendor to obtain updated device drivers.
    Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
    Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
    This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
    Review the rollback log and determine the stop code.
    The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
     
    Info SP Crash 0x0000007E detected
    Info SP Module name :
    Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
    Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
    Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
    Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
    Info SP Cannot recover the system.
    Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
     
    Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
     
    1. Make sure you have enough disk space.
    2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
    3. Try changing video adapters.
    4. Check with your hardware vendor for any BIOS updates.
    5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
    Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
    This can occur because of incompatible drivers. | -| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
     
    Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
     
    Computers that run Citrix VDA
    You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
     
    This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
     
    **Resolution**
     
    To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
     
    You can work around this problem in two ways:
     
    **Workaround 1**
     
    1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
    2. Run the Windows upgrade again.
    3. Reinstall Citrix VDA.
     
    **Workaround 2**
     
    If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
     
    1. In Registry Editor, go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
    2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
    3. Go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
    4. Delete the **CtxMcsWbc** entry.
    5. Restart the computer, and then try the upgrade again.
     
    **Non-Microsoft information disclaimer**
    The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
    This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | +| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
     
    Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers).
     
    Computers that run Citrix VDA
    You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
     
    This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
     
    **Resolution**
     
    To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
     
    You can work around this problem in two ways:
     
    **Workaround 1**
     
    1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
    2. Run the Windows upgrade again.
    3. Reinstall Citrix VDA.
     
    **Workaround 2**
     
    If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
     
    1. In Registry Editor, go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
    2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
    3. Go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
    4. Delete the **CtxMcsWbc** entry.
    5. Restart the computer, and then try the upgrade again.
     
    **Non-Microsoft information disclaimer**
    The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
    This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | ## 0x800xxxxx From 96a295c4f02ced1e7a2ea0f33f9ee8a9d84535bf Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 8 Oct 2020 02:34:44 -0700 Subject: [PATCH 57/57] up --- windows/deployment/upgrade/quick-fixes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index e69527eeb0..f1d655d44b 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -183,7 +183,7 @@ To check your system for unsigned drivers: [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck: 11. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. -12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -u -e \** and press ENTER. See the following example: +12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -i \** and press ENTER (or sigcheck -i for a 32 bit OS). See the following example: ``` C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\drivers\afd.sys