deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-30 06:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Indented content in list items

Browse Source
This commit is contained in:
Gary Moore 2020-12-17 16:59:08 -08:00 committed by GitHub
parent 258b1b91dc
commit b9b89c535d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
View File

@ -64,15 +64,16 @@ Now that you're moving from Symantec to Microsoft Defender for Endpoint, you'll
1. As a local administrator on the endpoint or device, open Windows PowerShell. 1. As a local administrator on the endpoint or device, open Windows PowerShell.
2. Run the following PowerShell cmdlets: <br/> 2. Run the following PowerShell cmdlets:
`Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features` <br/>
`Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
> [!NOTE] `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
> When using the DISM command within a task sequence running PS, the following path to cmd.exe is required. `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
> Example:<br/>
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`<br/> > [!NOTE]
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`<br/> > When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
> Example:<br/>
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`<br/>
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`<br/>
3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/> 3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
`Get-Service -Name windefend` `Get-Service -Name windefend`
@ -174,10 +175,12 @@ To add exclusions to Microsoft Defender for Endpoint, you create [indicators](ht
3. On the **File hashes** tab, choose **Add indicator**. 3. On the **File hashes** tab, choose **Add indicator**.
3. On the **Indicator** tab, specify the following settings: 3. On the **Indicator** tab, specify the following settings:
- File hash (Need help? See [Find a file hash using CMPivot](#find-a-file-hash-using-cmpivot) in this article.) - File hash (Need help? See [Find a file hash using CMPivot](#find-a-file-hash-using-cmpivot) in this article.)
- Under **Expires on (UTC)**, choose **Never**. - Under **Expires on (UTC)**, choose **Never**.
4. On the **Action** tab, specify the following settings: 4. On the **Action** tab, specify the following settings:
- **Response Action**: **Allow** - **Response Action**: **Allow**
- Title and description - Title and description
@ -203,12 +206,14 @@ To use CMPivot to get your file hash, follow these steps:
6. In the query box, type the following query:<br/> 6. In the query box, type the following query:<br/>
```kusto ```kusto
File(c:\\windows\\notepad.exe) File(c:\\windows\\notepad.exe)
| project Hash | project Hash
``` ```
> [!NOTE]
> In the query above, replace *notepad.exe* with the your third-party security product process name. > [!NOTE]
> In the query above, replace *notepad.exe* with the your third-party security product process name.
## Set up your device groups, device collections, and organizational units ## Set up your device groups, device collections, and organizational units