From 73dae35e6d551cc6bb4f77935518b8bc2c5a9ac3 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 6 Jul 2017 12:20:56 -0700 Subject: [PATCH 01/14] update table in events --- .../troubleshoot-windows-defender-antivirus.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 4e7c275117..27f48d105f 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -49,7 +49,11 @@ The table in this section lists the main Windows Defender Antivirus client event 4. In the details pane, view the list of individual events to find your event. 5. Click the event to see specific details about an event in the lower pane, under the **General** and **Details** tabs. - + From c25079a0c997ec109f018b6949f515311886ff90 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 6 Jul 2017 12:44:54 -0700 Subject: [PATCH 02/14] table layout --- .../troubleshoot-windows-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 27f48d105f..7c2cea1ee2 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -57,7 +57,7 @@ td {
- + @@ -101,7 +101,7 @@ td { - + From b06aae53ccfa1a62be7b9cbdfc7cf0c1c2b45dc6 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 6 Jul 2017 13:04:39 -0700 Subject: [PATCH 03/14] table layout --- .../troubleshoot-windows-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 7c2cea1ee2..db6ec62930 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -56,8 +56,8 @@ td {
Event ID: 1000Event ID: 1000

Symbolic name:
Event ID: 1001Event ID: 1001

Symbolic name:

- - + + From ee2deab98f461419b4c6bd8fe02f04b5de0e338c Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 6 Jul 2017 15:08:11 -0700 Subject: [PATCH 04/14] table layout and bafs video move --- ...figure-block-at-first-sight-windows-defender-antivirus.md | 5 ++--- .../troubleshoot-windows-defender-antivirus.md | 2 +- ...-microsoft-cloud-protection-windows-defender-antivirus.md | 5 +++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index 0321537068..9e5993ed22 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -43,12 +43,11 @@ You can also [specify how long the file should be prevented from running](config ## How it works -When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. The following video describes how this feature works. +When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. The Block at first sight feature only uses the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the EXE file is checked via the cloud backend to determine if this is a previously undetected file. - + If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe. diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index db6ec62930..855cf855ca 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -57,7 +57,7 @@ td {
Event ID: 1000
Event ID: 1000

Symbolic name:

- + diff --git a/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index 5a534796e0..354b545edb 100644 --- a/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -31,6 +31,11 @@ Cloud-delivered protection for Windows Defender Antivirus, also referred to as M Enabling cloud-delivered protection helps detect and block new malware - even if the malware has never been seen before - without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver, while our cloud service can deliver updated protection in seconds. +The following video describes how it works: + + + Cloud-delivered protection is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies. The following table describes the differences in cloud-delivered protection between recent versions of Windows and System Center Configuration Manager. From 4fc6aaadb9e5712a4a7e1c1284593dc53940361a Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 6 Jul 2017 16:07:52 -0700 Subject: [PATCH 05/14] table layout --- ...troubleshoot-windows-defender-antivirus.md | 132 +++++++++--------- 1 file changed, 64 insertions(+), 68 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 855cf855ca..49b904ed40 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -49,15 +49,11 @@ The table in this section lists the main Windows Defender Antivirus client event 4. In the details pane, view the list of individual events to find your event. 5. Click the event to see specific details about an event in the lower pane, under the **General** and **Details** tabs. - +
Event ID: 1000Event ID: 1000

Symbolic name:

- + @@ -101,7 +97,7 @@ td { - + @@ -144,7 +140,7 @@ td { - + @@ -189,7 +185,7 @@ td { - + @@ -233,7 +229,7 @@ td { - + @@ -277,7 +273,7 @@ td { - + @@ -342,7 +338,7 @@ Description of the error. - + @@ -416,7 +412,7 @@ UAC - + @@ -471,7 +467,7 @@ UAC - + @@ -529,7 +525,7 @@ Description of the error. - + @@ -574,7 +570,7 @@ Description of the error. - + @@ -623,7 +619,7 @@ Description of the error. - + @@ -668,7 +664,7 @@ For more information please see the following:

- + @@ -717,7 +713,7 @@ Description of the error. - + @@ -749,7 +745,7 @@ Description of the error. - + @@ -785,7 +781,7 @@ Description of the error. - + @@ -864,7 +860,7 @@ Name of the file. - + @@ -946,7 +942,7 @@ UAC - + @@ -1076,7 +1072,7 @@ The above context applies to the following client and server versions: - + @@ -1173,7 +1169,7 @@ Description of the error. - + @@ -1316,7 +1312,7 @@ Description of the error. - + @@ -1355,7 +1351,7 @@ Description of the error. - + @@ -1396,7 +1392,7 @@ Description of the error. - + @@ -1448,7 +1444,7 @@ Description of the error. - + @@ -1535,7 +1531,7 @@ Description of the error. - + @@ -1577,7 +1573,7 @@ Description of the error. - + @@ -1637,7 +1633,7 @@ Description of the error. - + @@ -1691,7 +1687,7 @@ Description of the error. - + @@ -1721,7 +1717,7 @@ Description of the error. - + @@ -1757,7 +1753,7 @@ Description of the error. - + @@ -1787,7 +1783,7 @@ Description of the error. - + @@ -1846,7 +1842,7 @@ Description of the error. - + @@ -1914,7 +1910,7 @@ Description of the error. - + @@ -1985,7 +1981,7 @@ Description of the error. - + @@ -2017,7 +2013,7 @@ Description of the error. - + @@ -2052,7 +2048,7 @@ Name of the file. - + @@ -2101,7 +2097,7 @@ Description of the error. - + @@ -2126,7 +2122,7 @@ Description of the error. - + @@ -2160,7 +2156,7 @@ Description of the error. - + @@ -2187,7 +2183,7 @@ Description of the error. - + @@ -2214,7 +2210,7 @@ Description of the error. - + @@ -2241,7 +2237,7 @@ Description of the error. - + @@ -2297,7 +2293,7 @@ Description of the error. - + @@ -2344,7 +2340,7 @@ Description of the error. - + @@ -2371,7 +2367,7 @@ Description of the error. - + @@ -2397,7 +2393,7 @@ Description of the error. - + @@ -2437,7 +2433,7 @@ Description of the error. - + @@ -2471,7 +2467,7 @@ New Windows Defender configuration value. - + @@ -2538,7 +2534,7 @@ or Hang - + @@ -2565,7 +2561,7 @@ or Hang - + @@ -2591,7 +2587,7 @@ or Hang - + @@ -2616,7 +2612,7 @@ or Hang - + @@ -2643,7 +2639,7 @@ or Hang - + @@ -2676,7 +2672,7 @@ or Hang - + @@ -2725,7 +2721,7 @@ This section provides the following information about Windows Defender Antivirus Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes.
Event ID: 1000Event ID: 1000

Symbolic name:
Event ID: 1001Event ID: 1001

Symbolic name:
Event ID: 1002Event ID: 1002

Symbolic name:
Event ID: 1003%2

Symbolic name:
Event ID: 1004Event ID: 1004

Symbolic name:
Event ID: 1005Event ID: 1005

Symbolic name:
Event ID: 1006Event ID: 1006

Symbolic name:
Event ID: 1007Event ID: 1007

Symbolic name:
Event ID: 1008Event ID: 1008

Symbolic name:
Event ID: 1009Event ID: 1009

Symbolic name:
Event ID: 1010Event ID: 1010

Symbolic name:
Event ID: 1011Event ID: 1011

Symbolic name:
Event ID: 1012Event ID: 1012

Symbolic name:
Event ID: 1013Event ID: 1013

Symbolic name:
Event ID: 1014Event ID: 1014

Symbolic name:
Event ID: 1015Event ID: 1015

Symbolic name:
Event ID: 1116Event ID: 1116

Symbolic name:
Event ID: 1117Event ID: 1117

Symbolic name:
Event ID: 1118Event ID: 1118

Symbolic name:
Event ID: 1119Event ID: 1119

Symbolic name:
Event ID: 1120Event ID: 1120

Symbolic name:
Event ID: 1150Event ID: 1150

Symbolic name:
Event ID: 2000Event ID: 2000

Symbolic name:
Event ID: 2001Event ID: 2001

Symbolic name:
Event ID: 2002Event ID: 2002

Symbolic name:
Event ID: 2003Event ID: 2003

Symbolic name:
Event ID: 2004Event ID: 2004

Symbolic name:
Event ID: 2005Event ID: 2005

Symbolic name:
Event ID: 2006Event ID: 2006

Symbolic name:
Event ID: 2007Event ID: 2007

Symbolic name:
Event ID: 2010Event ID: 2010

Symbolic name:
Event ID: 2011Event ID: 2011

Symbolic name:
Event ID: 2012Event ID: 2012

Symbolic name:
Event ID: 2013Event ID: 2013

Symbolic name:
Event ID: 2020Event ID: 2020

Symbolic name:
Event ID: 2021Event ID: 2021

Symbolic name:
Event ID: 2030Event ID: 2030

Symbolic name:
Event ID: 2031Event ID: 2031

Symbolic name:
Event ID: 2040Event ID: 2040

Symbolic name:
Event ID: 2041Event ID: 2041

Symbolic name:
Event ID: 2042Event ID: 2042

Symbolic name:
Event ID: 3002Event ID: 3002

Symbolic name:
Event ID: 3007Event ID: 3007

Symbolic name:
Event ID: 5000Event ID: 5000

Symbolic name:
Event ID: 5001Event ID: 5001

Symbolic name:
Event ID: 5004Event ID: 5004

Symbolic name:
Event ID: 5007Event ID: 5007

Symbolic name:
Event ID: 5008Event ID: 5008

Symbolic name:
Event ID: 5009Event ID: 5009

Symbolic name:
Event ID: 5010Event ID: 5010

Symbolic name:
Event ID: 5011Event ID: 5011

Symbolic name:
Event ID: 5012Event ID: 5012

Symbolic name:
Event ID: 5100Event ID: 5100

Symbolic name:
Event ID: 5101Event ID: 5101

Symbolic name:

- + @@ -2767,7 +2763,7 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi - - @@ -2846,15 +2842,15 @@ data that does not allow the engine to function properly. - - - @@ -2980,7 +2976,7 @@ The following error codes are used during internal testing of Windows Defender A
External error codesExternal error codes
Error code

This error indicates that there might be a problem with your security product.

 +

  1. Update the definitions. Either:
      @@ -2828,7 +2824,7 @@ data that does not allow the engine to function properly.
+

0x80508023

+

ERR_MP_FULL_SCAN_REQUIRED

+

This error indicates that a full system scan might be required.

+

Run a full system scan.

- + @@ -3010,10 +3006,10 @@ The following error codes are used during internal testing of Windows Defender A - - - + @@ -1341,13 +1341,7 @@ Description of the error.
Hashes: <Hashes>

- - - - - @@ -2711,7 +2705,7 @@ Description of the error.
Internal error codesInternal error codes
Error code

ERROR_MP_UI_CONSOLIDATION_BASE

 +

This is an internal error. The cause is not clearly defined.

 +

  1. Update the definitions. Either:
      From 9d9676875feee2afb7f8a58068f57c6ef756929c Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 17:28:24 +0000 Subject: [PATCH 06/14] Updated configure-block-at-first-sight-windows-defender-antivirus.md --- ...configure-block-at-first-sight-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index 9e5993ed22..c0c0237884 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -45,7 +45,7 @@ You can also [specify how long the file should be prevented from running](config When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. -The Block at first sight feature only uses the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the EXE file is checked via the cloud backend to determine if this is a previously undetected file. +The Block at First Sight feature only uses the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file. From 2b35168498f2a51b132f8974b17f899ab0477a8a Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 17:49:13 +0000 Subject: [PATCH 07/14] Updated troubleshoot-windows-defender-antivirus.md --- ...troubleshoot-windows-defender-antivirus.md | 109 +++++++++--------- 1 file changed, 54 insertions(+), 55 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 49b904ed40..93dd05c241 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -185,7 +185,7 @@ The table in this section lists the main Windows Defender Antivirus client event
%2Event ID: 1003

Symbolic name:
Note This event will only be logged if the following policy is set: ThreatFileHashLogging unsigned.
-
-## Windows Defender client error codes +## Windows Defender Antivirus client error codes If Windows Defender Antivirus experiences any issues it will usually give you an error code to help you troubleshoot the issue. Most often an error means there was a problem installing an update. This section provides the following information about Windows Defender Antivirus client errors. - The error code @@ -2719,6 +2713,8 @@ This section provides the following information about Windows Defender Antivirus - Advice on what to do now Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes. + + @@ -2741,8 +2737,7 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi - - @@ -2821,6 +2815,14 @@ data that does not allow the engine to function properly. @@ -2835,8 +2837,7 @@ data that does not allow the engine to function properly. - @@ -2849,8 +2850,7 @@ data that does not allow the engine to function properly. - @@ -2873,8 +2873,7 @@ data that does not allow the engine to function properly. - @@ -2891,8 +2890,7 @@ data that does not allow the engine to function properly. - @@ -2909,8 +2907,7 @@ data that does not allow the engine to function properly. - @@ -2927,8 +2924,7 @@ data that does not allow the engine to function properly. - @@ -2945,10 +2941,8 @@ data that does not allow the engine to function properly. - @@ -2963,8 +2957,7 @@ article.

- @@ -2993,9 +2986,8 @@ The following error codes are used during internal testing of Windows Defender A

- @@ -3008,20 +3000,11 @@ The following error codes are used during internal testing of Windows Defender A - @@ -3317,6 +3308,14 @@ The following error codes are used during internal testing of Windows Defender A
External error codes

This error indicates that you might have run out of memory.

-		 +

What to do now

  1. Check the available memory on your device.
    2. @@ -2762,20 +2757,11 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi

This error indicates that there might be a problem with your security product.

-		 +

What to do now

    -
  1. Update the definitions. Either:
      -
    1. Click the Update definitions button on the Update tab in Windows Defender. Update definitions in Windows Defender

      Or,

      -
      2. -
    2. Download the latest definitions from the Microsoft Malware Protection Center. -

      Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions.

      -
      3. -
    -
    2. -
  2. Run a full scan. -
    3. +
  3. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    4. +
  4. Run a full scan.
  5. Restart the device and try again.

@@ -2807,6 +2793,14 @@ data that does not allow the engine to function properly.

This error indicates that Windows Defender failed to quarantine a threat.

+

What to do now

+

+

    +
  1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    2. +
  2. Run a full scan.
    3. +
  3. Restart the device and try again.
    4. +
+

This error indicates that a reboot is required to complete threat removal.

+

What to do now

+

+

    +
  1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    2. +
  2. Run a full scan.
    3. +
  3. Restart the device and try again.
    4. +
+

This error indicates that the threat might no longer be present on the media, or malware might be stopping you from scanning your device.

-		 +

What to do now

Run the Microsoft Safety Scanner then update your security software and try again.

This error indicates that a full system scan might be required.

-		 +

What to do now

Run a full system scan.

This error indicates that manual steps are required to complete threat removal.

-		 +

What to do now

Follow the manual remediation steps outlined in the Microsoft Malware Protection Encyclopedia. You can find a threat-specific link in the event history.

This error indicates that removal inside the container type might not be not supported.

-		 +

What to do now

Windows Defender is not able to remediate threats detected inside the archive. Consider manually removing the detected resources.

This error indicates that removal of low and medium threats might be disabled.

-		 +

What to do now

Check the detected threats and resolve them as required.

This error indicates a rescan of the threat is required.

-		 +

What to do now

Run a full system scan.

This error indicates that an offline scan is required.

-		 -

Run Windows Defender Offline. You can read about how to do this in the Windows Defender Offline -article.

+

What to do now

+

Run [Windows Defender Offline](windows-defender-offline.md).

This error indicates that Windows Defender does not support the current version of the platform and requires a new version of the platform.

-		 +

What to do now

You can only use Windows Defender in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection.

-

Check your Internet connection, then run the scan again.

-		 +

Windows Defender Antivirus can't access the Internet.

+

What to do now

Check your Internet connection, then run the scan again.

This is an internal error. The cause is not clearly defined.

-		 +

What to do now

    -
  1. Update the definitions. Either:
      -
    1. Click the Update definitions button on the Update tab in Windows Defender. Update definitions in Windows Defender

      Or,

      -
      2. -
    2. Download the latest definitions from the Microsoft Malware Protection Center. -

      Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions.

      -
      3. -
    -
    2. -
  2. Run a full scan. -
    3. +
  3. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    4. +
  4. Run a full scan.
  5. Restart the device and try again.

@@ -3303,6 +3286,14 @@ The following error codes are used during internal testing of Windows Defender A

This is an internal error. It might be triggered when malware removal is not successful.

+

What to do now

+

+

    +
  1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    2. +
  2. Run a full scan.
    3. +
  3. Restart the device and try again.
    4. +
+

This is an internal error. It might have triggered when a scan fails to complete.

+

What to do now

+

+

    +
  1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    2. +
  2. Run a full scan.
    3. +
  3. Restart the device and try again.
    4. +
+
From 89d62da7b1b34b493bf7147a783547d1d6766e97 Mon Sep 17 00:00:00 2001 From: Tanya Bittenmaster <30839220+tbit0001@users.noreply.github.com> Date: Wed, 6 Sep 2017 13:58:41 -0400 Subject: [PATCH 08/14] Update menu items --- ...oints-vdi-windows-defender-advanced-threat-protection.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md index 6d00f63c3e..8d28359a61 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md @@ -26,7 +26,7 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might - Instant early onboarding of a short living session - - A session should be onboarded to Windows Defender ATP prior to the actual provisioning + - A session should be onboarded to Windows Defender ATP prior to the actual provisioning. - Machine name persistence - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name. @@ -42,14 +42,14 @@ You can onboard VDI machines using a single entry or multiple entries for each m 2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`. >[!NOTE] - >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer. + >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer. 3. The following step is only applicable if you're implementing a single entry for each machine:
**For single entry for each machine**:
a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`.
>[!NOTE] - >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer. + >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer. 4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**. From 03bdf5d322d11303b414701cd9f99b848a30783a Mon Sep 17 00:00:00 2001 From: Tanya Bittenmaster <30839220+tbit0001@users.noreply.github.com> Date: Wed, 6 Sep 2017 13:59:40 -0400 Subject: [PATCH 09/14] Update menu items --- ...ics-dashboard-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md index 1ec66ba4c3..4a5e44b615 100644 --- a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md @@ -58,7 +58,7 @@ Click on each control to see the recommended optimizations. ![Improvement opportunities](images/atp-improv-ops.png) -The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action. When added together, the total number makes up the nominator in the fraction for each segment in the Improvement opportunities tile. +The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action. When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile. Recommendations that do not display a green action are informational only and no action is required. From caf0f25977de47e5300b135485624d57616ce191 Mon Sep 17 00:00:00 2001 From: Tanya Bittenmaster <30839220+tbit0001@users.noreply.github.com> Date: Wed, 6 Sep 2017 14:01:12 -0400 Subject: [PATCH 10/14] Update menu item --- .../exposed-apis-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md index 2a5b60e599..239c463a13 100644 --- a/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 09/05/2017 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). +Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). In general, you’ll need to take the following steps to use the APIs: - Create an app From 877e78ca6e014cb150749b244be81897fd2137f7 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 18:11:50 +0000 Subject: [PATCH 11/14] Updated troubleshoot-windows-defender-antivirus.md --- ...troubleshoot-windows-defender-antivirus.md | 194 +++++++++--------- 1 file changed, 94 insertions(+), 100 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 93dd05c241..997073d317 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -37,11 +37,11 @@ The tables list: Windows Defender AV records event IDs in the Windows event log. -You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender client event IDs](troubleshoot-windows-defender-antivirus.md#windows-defender-av-ids) to review specific events and errors from your endpoints. +You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume the events to review specific events and errors from your endpoints. -The table in this section lists the main Windows Defender Antivirus client event IDs and, where possible, provides suggested solutions to fix or resolve the error. +The table in this section lists the main Windows Defender AV client event IDs and, where possible, provides suggested solutions to fix or resolve the error. -**To view a Windows Defender client event** +**View a Windows Defender AV client event** 1. Open **Event Viewer**. 2. In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender**. @@ -325,7 +325,7 @@ Description of the error.

User action:

-

The Windows Defender client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error. +

The Windows Defender AV client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error.

To troubleshoot this event:

    @@ -436,7 +436,7 @@ UAC

    -

    Windows Defender has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:

    +

    Windows Defender AV has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:

    User: <Domain>\\<User>
    Name: <Threat name>
    @@ -489,7 +489,7 @@ UAC

    -

    Windows Defender has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:

    +

    Windows Defender AV has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:

    User: <Domain>\\<User>
    Name: <Threat name>
    @@ -549,7 +549,7 @@ Description of the error.

    -

    Windows Defender has restored an item from quarantine. For more information please see the following:

    +

    Windows Defender AV has restored an item from quarantine. For more information please see the following:

    Name: <Threat name>
    ID: <Threat ID>
    @@ -594,7 +594,7 @@ Description of the error.

    -

    Windows Defender has encountered an error trying to restore an item from quarantine. For more information please see the following:

    +

    Windows Defender AV has encountered an error trying to restore an item from quarantine. For more information please see the following:

    Name: <Threat name>
    ID: <Threat ID>
    @@ -642,7 +642,7 @@ Description of the error.

    -

    Windows Defender has deleted an item from quarantine. +

    Windows Defender AV has deleted an item from quarantine. For more information please see the following:

    Name: <Threat name>
    @@ -687,7 +687,7 @@ For more information please see the following:

    -

    Windows Defender has encountered an error trying to delete an item from quarantine. +

    Windows Defender AV has encountered an error trying to delete an item from quarantine. For more information please see the following:

    Name: <Threat name>
    @@ -736,7 +736,7 @@ Description of the error.

    -

    Windows Defender has removed history of malware and other potentially unwanted software.

    +

    Windows Defender AV has removed history of malware and other potentially unwanted software.

    Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.
    User: <Domain>\\<User>
    @@ -768,7 +768,7 @@ Description of the error.

    -

    Windows Defender has encountered an error trying to remove history of malware and other potentially unwanted software.

    +

    Windows Defender AV has encountered an error trying to remove history of malware and other potentially unwanted software.

    Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.
    User: <Domain>\\<User>
    @@ -804,7 +804,7 @@ Description of the error.

    -

    Windows Defender has detected a suspicious behavior. +

    Windows Defender AV has detected a suspicious behavior. For more information please see the following:

    Name: <Threat name>
    @@ -883,7 +883,7 @@ Name of the file.

    -

    Windows Defender has detected malware or other potentially unwanted software. +

    Windows Defender AV has detected malware or other potentially unwanted software. For more information please see the following:

    Name: <Threat name>
    @@ -938,7 +938,7 @@ UAC

    User action:

    -

    No action is required. Windows Defender can suspend and take routine action on this threat. If you want to remove the threat manually, in the Windows Defender interface, click Clean Computer.

    +

    No action is required. Windows Defender AV can suspend and take routine action on this threat. If you want to remove the threat manually, in the Windows Defender AV interface, click Clean Computer.

    @@ -966,7 +966,7 @@ UAC

    -

    Windows Defender has taken action to protect this machine from malware or other potentially unwanted software. +

    Windows Defender AV has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:

    Name: <Threat name>
    @@ -1028,7 +1028,7 @@ Description of the error.
    Signature Version: <Definition version>
    Engine Version: <Antimalware Engine version>

    NOTE: -

    Whenever Windows Defender, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:

      +

      Whenever Windows Defender AV, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:

      • Default Internet Explorer or Microsoft Edge setting
      • User Access Control settings
      • Chrome settings
        • @@ -1068,7 +1068,7 @@ The above context applies to the following client and server versions:

        User action:

        -

        No action is necessary. Windows Defender removed or quarantined a threat.

        +

        No action is necessary. Windows Defender AV removed or quarantined a threat.

        @@ -1095,7 +1095,7 @@ The above context applies to the following client and server versions:

        -

        Windows Defender has encountered a non-critical error when taking action on malware or other potentially unwanted software. +

        Windows Defender AV has encountered a non-critical error when taking action on malware or other potentially unwanted software. For more information please see the following:

        Name: <Threat name>
        @@ -1165,7 +1165,7 @@ Description of the error.

        User action:

        -

        No action is necessary. Windows Defender failed to complete a task related to the malware remediation. This is not a critical failure.

        +

        No action is necessary. Windows Defender AV failed to complete a task related to the malware remediation. This is not a critical failure.

        @@ -1192,7 +1192,7 @@ Description of the error.

        -

        Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software. +

        Windows Defender AV has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following:

        Name: <Threat name>
        @@ -1262,7 +1262,7 @@ Description of the error.

        User action:

        -

        The Windows Defender client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant User action steps below.

        +

        The Windows Defender AV client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant User action steps below.

        @@ -1325,7 +1325,7 @@ Description of the error.

        Message:

        @@ -1334,7 +1334,7 @@ Description of the error. @@ -1410,7 +1410,7 @@ Description of the error. @@ -1461,7 +1461,7 @@ Description of the error. @@ -1590,7 +1583,7 @@ Description of the error. @@ -1649,7 +1637,7 @@ Description of the error. @@ -1928,7 +1916,7 @@ Description of the error. @@ -2112,7 +2100,7 @@ Description of the error.

        Description:

        @@ -2139,7 +2127,7 @@ Description of the error. @@ -2200,7 +2188,7 @@ Description of the error.

        Description:

        @@ -2227,7 +2215,7 @@ Description of the error.

        Description:

        @@ -2254,7 +2242,7 @@ Description of the error. @@ -2280,7 +2268,7 @@ Description of the error. @@ -2357,7 +2345,7 @@ Description of the error.

        Description:

        @@ -2383,7 +2371,7 @@ Description of the error.

        Description:

        @@ -2411,7 +2399,7 @@ Description of the error. @@ -2483,7 +2471,7 @@ New Windows Defender configuration value. @@ -2577,7 +2565,7 @@ or Hang

        Description:

        @@ -2602,7 +2590,7 @@ or Hang

        Description:

        @@ -2629,7 +2617,7 @@ or Hang

        Description:

        @@ -2657,10 +2645,10 @@ or Hang @@ -2690,7 +2678,7 @@ or Hang
        Action -

        Windows Defender has deduced the hashes for a threat resource.

        +

        Windows Defender AV has deduced the hashes for a threat resource.

        -

        Windows Defender client is up and running in a healthy state.

        +

        Windows Defender AV client is up and running in a healthy state.

        Current Platform Version: <Current platform version>
        Threat Resource Path: <Path>
        @@ -1368,7 +1368,7 @@ Description of the error.

        -

        Windows Defender client is up and running in a healthy state.

        +

        Windows Defender AV client is up and running in a healthy state.

        Platform Version: <Current platform version>
        Signature Version: <Definition version>
        @@ -1382,7 +1382,7 @@ Description of the error.

        User action:

        		 -

        No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported on an hourly basis.

        +

        No action is necessary. The Windows Defender AV Antivirus client is in a healthy state. This event is reported on an hourly basis.

        -

        Windows Defender signature version has been updated.

        +

        Windows Defender AV signature version has been updated.

        Current Signature Version: <Current signature version>
        Previous Signature Version: <Previous signature version>
        @@ -1434,7 +1434,7 @@ Description of the error.

        User action:

        		 -

        No action is necessary. The Windows Defender client is in a healthy state. This event is reported when signatures are successfully updated.

        +

        No action is necessary. The Windows Defender AV client is in a healthy state. This event is reported when signatures are successfully updated.

        -

        Windows Defender has encountered an error trying to update signatures.

        +

        Windows Defender AV has encountered an error trying to update signatures.

        New Signature Version: <New version number>
        Previous Signature Version: <Previous signature version>
        @@ -1509,14 +1509,7 @@ Description of the error.

        This error occurs when there is a problem updating definitions.

        To troubleshoot this event:

          -
        1. Update the definitions. Either:
            -
          1. Click the Update definitions button on the Update tab in Windows Defender. Update definitions in Windows Defender

            Or,

            -
            2. -
          2. Download the latest definitions from the Microsoft Malware Protection Center. -

            Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions.

            -
            3. -
          -
          2. +
        2. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
        3. Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.
        4. Contact Microsoft Technical Support.
          5. @@ -1548,7 +1541,7 @@ Description of the error.

        -

        Windows Defender engine version has been updated.

        +

        Windows Defender AV engine version has been updated.

        Current Engine Version: <Current engine version>
        Previous Engine Version: <Previous engine version>
        @@ -1563,7 +1556,7 @@ Description of the error.

        User action:

        		 -

        No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the antimalware engine is successfully updated.

        +

        No action is necessary. The Windows Defender AV client is in a healthy state. This event is reported when the antimalware engine is successfully updated.

        -

        Windows Defender has encountered an error trying to update the engine.

        +

        Windows Defender AV has encountered an error trying to update the engine.

        New Engine Version:
        Previous Engine Version: <Previous engine version>
        @@ -1609,19 +1602,14 @@ Description of the error.

        User action:

        		 -

        The Windows Defender client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update.

        +

        The Windows Defender AV client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update.

        To troubleshoot this event: +

          -
        1. Update the definitions. Either:
            -
          1. Click the Update definitions button on the Update tab in Windows Defender. Update definitions in Windows Defender

            Or,

            -
            2. -
          2. Download the latest definitions from the Microsoft Malware Protection Center. -

            Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions.

            -
            3. -
          -
          2. -
        2. Contact Microsoft Technical Support. -
          3. +
        3. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
          4. +
        4. Run a full scan.
          5. +
        5. Restart the device and try again.
          6. +
        6. Contact Microsoft Technical Support

        -

        Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

        +

        Windows Defender AV has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

        Signatures Attempted:
        Error Code: <Error code> @@ -1667,7 +1655,7 @@ Description of the error.

        User action:

        		 -

        The Windows Defender client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Windows Defender will attempt to revert back to a known-good set of definitions.

        +

        The Windows Defender AV client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Windows Defender AV will attempt to revert back to a known-good set of definitions.

        To troubleshoot this event:

        1. Restart the computer and try again.
          2. @@ -1703,7 +1691,7 @@ Description of the error.

        -

        Windows Defender could not load antimalware engine because current platform version is not supported. Windows Defender will revert back to the last known-good engine and a platform update will be attempted.

        +

        Windows Defender AV could not load antimalware engine because current platform version is not supported. Windows Defender AV will revert back to the last known-good engine and a platform update will be attempted.

        Current Platform Version: <Current platform version>
        @@ -1735,7 +1723,7 @@ Description of the error.

        -

        Windows Defender has encountered an error trying to update the platform.

        +

        Windows Defender AV has encountered an error trying to update the platform.

        Current Platform Version: <Current platform version>
        Error Code: <Error code> @@ -1769,7 +1757,7 @@ Description of the error.

        -

        Windows Defender will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Windows Defender platform to maintain the best level of protection available.

        +

        Windows Defender AV will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Windows Defender AV platform to maintain the best level of protection available.

        Current Platform Version: <Current platform version>
        @@ -1801,7 +1789,7 @@ Description of the error.

        -

        Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.

        +

        Windows Defender AV used Dynamic Signature Service to retrieve additional signatures to help protect your machine.

        Current Signature Version: <Current signature version>
        Signature Type: <Signature type>, for example:
          @@ -1860,7 +1848,7 @@ Description of the error.

        -

        Windows Defender used Dynamic Signature Service to discard obsolete signatures.

        +

        Windows Defender AV used Dynamic Signature Service to discard obsolete signatures.

        Current Signature Version: <Current signature version>
        Signature Type: <Signature type>, for example:
          @@ -1900,7 +1888,7 @@ Description of the error.

        User action:

        		 -

        No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions.

        +

        No action is necessary. The Windows Defender AV client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions.

        -

        Windows Defender has encountered an error trying to use Dynamic Signature Service.

        +

        Windows Defender AV has encountered an error trying to use Dynamic Signature Service.

        Current Signature Version: <Current signature version>
        Signature Type: <Signature type>, for example:
          @@ -1999,7 +1987,7 @@ Description of the error.

        -

        Windows Defender discarded all Dynamic Signature Service signatures.

        +

        Windows Defender AV discarded all Dynamic Signature Service signatures.

        Current Signature Version: <Current signature version>
        @@ -2031,7 +2019,7 @@ Description of the error.

        -

        Windows Defender downloaded a clean file.

        +

        Windows Defender AV downloaded a clean file.

        Filename: <File name> Name of the file.
        @@ -2065,7 +2053,7 @@ Name of the file.

        -

        Windows Defender has encountered an error trying to download a clean file.

        +

        Windows Defender AV has encountered an error trying to download a clean file.

        Filename: <File name> Name of the file.
        @@ -2086,7 +2074,7 @@ Description of the error.

        Check your Internet connectivity settings.

        -

        The Windows Defender client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue. +

        The Windows Defender AV client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue.

        -

        Windows Defender downloaded and configured Windows Defender Offline to run on the next reboot.

        +

        Windows Defender AV downloaded and configured Windows Defender Offline to run on the next reboot.

        -

        Windows Defender has encountered an error trying to download and configure Windows Defender Offline.

        +

        Windows Defender AV has encountered an error trying to download and configure Windows Defender Offline.

        Error Code: <Error code> Result code associated with threat status. Standard HRESULT values.
        @@ -2173,7 +2161,7 @@ Description of the error.

        Description:

        		 -

        The support for your operating system will expire shortly. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.

        +

        The support for your operating system will expire shortly. Running Windows Defender AV on an out of support operating system is not an adequate solution to protect against threats.
        -

        The support for your operating system has expired. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.

        +

        The support for your operating system has expired. Running Windows Defender AV on an out of support operating system is not an adequate solution to protect against threats.
        -

        The support for your operating system has expired. Windows Defender is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.

        +

        The support for your operating system has expired. Windows Defender AV is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.

        -

        Windows Defender Real-Time Protection feature has encountered an error and failed.

        +

        Windows Defender AV real-time protection feature has encountered an error and failed.

        Feature: <Feature>, for example:
          @@ -2268,7 +2256,7 @@ Description of the error.
        Result code associated with threat status. Standard HRESULT values.
        Error Description: <Error description> Description of the error.
        -
        Reason: The reason Windows Defender real-time protection has restarted a feature.
        +
        Reason: The reason Windows Defender AV real-time protection has restarted a feature.

        You should restart the system then run a full scan because it's possible the system was not protected for some time.

        -

        The Windows Defender client's real-time protection feature encountered an error because one of the services failed to start. +

        The Windows Defender AV client's real-time protection feature encountered an error because one of the services failed to start.

        If it is followed by a 3007 event ID, the failure was temporary and the antimalware client recovered from the failure.

        @@ -2310,7 +2298,7 @@ Description of the error.

        -

        Windows Defender Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.

        +

        Windows Defender AV real-time protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.

        Feature: <Feature>, for example:
          @@ -2320,7 +2308,7 @@ Description of the error.
      • Network Inspection System
        • -
        Reason: The reason Windows Defender real-time protection has restarted a feature.
        +
        Reason: The reason Windows Defender AV real-time protection has restarted a feature.

        		 -

        Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was enabled.

        +

        Windows Defender AV real-time protection scanning for malware and other potentially unwanted software was enabled.
        -

        Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was disabled.

        +

        Windows Defender AV real-time protection scanning for malware and other potentially unwanted software was disabled.

        -

        Windows Defender Real-time Protection feature configuration has changed.

        +

        Windows Defender AV real-time protection feature configuration has changed.

        Feature: <Feature>, for example:
          @@ -2450,12 +2438,12 @@ Description of the error.

        -

        Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.

        +

        Windows Defender AV configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.

        Old value: <Old value number> -Old Windows Defender configuration value.
        +Old Windows Defender AV configuration value.
        New value: <New value number> -New Windows Defender configuration value.
        +New Windows Defender AV configuration value.

        -

        Windows Defender engine has been terminated due to an unexpected error.

        +

        Windows Defender AV engine has been terminated due to an unexpected error.

        Failure Type: <Failure type>, for example: Crash @@ -2516,7 +2504,7 @@ or Hang

        User action:

        		 -

        The Windows Defender client engine stopped due to an unexpected error.

        +

        The Windows Defender AV client engine stopped due to an unexpected error.

        To troubleshoot this event:

        1. Run the scan again.
          2. @@ -2551,7 +2539,7 @@ or Hang

          Description:

        		 -

        Windows Defender scanning for malware and other potentially unwanted software has been enabled.

        +

        Windows Defender AV scanning for malware and other potentially unwanted software has been enabled.
        -

        Windows Defender scanning for malware and other potentially unwanted software is disabled.

        +

        Windows Defender AV scanning for malware and other potentially unwanted software is disabled.
        -

        Windows Defender scanning for viruses has been enabled.

        +

        Windows Defender AV scanning for viruses has been enabled.

        -

        Windows Defender scanning for viruses is disabled.

        +

        Windows Defender AV scanning for viruses is disabled.

        -

        Windows Defender has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software.

        +

        Windows Defender AV has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software.

        -
        Expiration Reason: The reason Windows Defender will expire.
        -
        Expiration Date: The date Windows Defender will expire.
        +
        Expiration Reason: The reason Windows Defender AV will expire.
        +
        Expiration Date: The date Windows Defender AV will expire.

        -

        Windows Defender grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.

        +

        Windows Defender AV grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.

        Expiration Reason:
        Expiration Date:
        @@ -2706,13 +2694,13 @@ Description of the error. ## Windows Defender Antivirus client error codes -If Windows Defender Antivirus experiences any issues it will usually give you an error code to help you troubleshoot the issue. Most often an error means there was a problem installing an update. -This section provides the following information about Windows Defender Antivirus client errors. +If Windows Defender AV experiences any issues it will usually give you an error code to help you troubleshoot the issue. Most often an error means there was a problem installing an update. +This section provides the following information about Windows Defender AV client errors. - The error code - The possible reason for the error - Advice on what to do now -Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes. +Use the information in these tables to help troubleshoot Windows Defender AV error codes. @@ -2723,7 +2711,6 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi - @@ -2791,7 +2786,7 @@ data that does not allow the engine to function properly.

        @@ -2955,10 +2950,10 @@ data that does not allow the engine to function properly.

        @@ -2975,7 +2970,6 @@ The following error codes are used during internal testing of Windows Defender A - From 30388edb198f52faf677f9870a8709a6979fe063 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 18:16:47 +0000 Subject: [PATCH 12/14] Updated troubleshoot-windows-defender-antivirus.md --- .../troubleshoot-windows-defender-antivirus.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 997073d317..178a164669 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -1312,7 +1312,7 @@ Description of the error. - + @@ -2700,14 +2700,12 @@ This section provides the following information about Windows Defender AV client - The possible reason for the error - Advice on what to do now -Use the information in these tables to help troubleshoot Windows Defender AV error codes. +Use the information in these tables to help troubleshoot Windows Defender AV error codes. +### External error codes
        Error code Message displayed Possible reason for errorWhat to do now
        @@ -2779,6 +2766,14 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi

        This error indicates that there might be an engine configuration error; commonly, this is related to input data that does not allow the engine to function properly.

        +

        What to do now

        +

        +

          +
        1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
          2. +
        2. Run a full scan.
          3. +
        3. Restart the device and try again.
          4. +
        +
        -

        This error indicates that Windows Defender failed to quarantine a threat. +

        This error indicates that Windows Defender AV failed to quarantine a threat.

        What to do now

        @@ -2891,7 +2886,7 @@ data that does not allow the engine to function properly.

        This error indicates that removal inside the container type might not be not supported.

        What to do now

        -

        Windows Defender is not able to remediate threats detected inside the archive. Consider manually removing the detected resources. +

        Windows Defender AV is not able to remediate threats detected inside the archive. Consider manually removing the detected resources.

        -

        This error indicates that Windows Defender does not support the current version of the platform and requires a new version of the platform. +

        This error indicates that Windows Defender AV does not support the current version of the platform and requires a new version of the platform.

        What to do now

        -

        You can only use Windows Defender in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection. +

        You can only use Windows Defender AV in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection.

        Error code Message displayed Possible reason for errorWhat to do now
        @@ -2986,7 +2980,7 @@ The following error codes are used during internal testing of Windows Defender A

        		-

        Windows Defender Antivirus can't access the Internet.

        +

        Windows Defender AV can't access the Internet.

        What to do now

        Check your Internet connection, then run the scan again.

        Event ID: 1120Event ID: 1120

        Symbolic name:

        - - - @@ -2959,14 +2957,12 @@ data that does not allow the engine to function properly.
        External error codes
        Error code Message displayed Possible reason for error
        - -The following error codes are used during internal testing of Windows Defender AV. +### Internal error codes + +The following error codes are used during internal testing of Windows Defender AV. - - - From e90ec0028f8646e475e3e2ce0b884cc9f292e53d Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 18:31:24 +0000 Subject: [PATCH 13/14] Updated troubleshoot-windows-defender-antivirus.md --- ...troubleshoot-windows-defender-antivirus.md | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 178a164669..cd2c6ccda5 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -2488,29 +2488,14 @@ or Hang - - - - From 27ff4311916302a0fa62a34768bd4def59d8db93 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 6 Sep 2017 20:48:27 +0000 Subject: [PATCH 14/14] Merged PR 3053: Fix metadata --- windows/configuration/wcd/wcd-accounts.md | 2 +- windows/configuration/wcd/wcd-admxingestion.md | 2 +- windows/configuration/wcd/wcd-applicationmanagement.md | 2 +- windows/configuration/wcd/wcd-assignedaccess.md | 2 +- windows/configuration/wcd/wcd-automatictime.md | 2 +- windows/configuration/wcd/wcd-browser.md | 2 +- windows/configuration/wcd/wcd-callandmessagingenhancement.md | 2 +- windows/configuration/wcd/wcd-cellular.md | 2 +- windows/configuration/wcd/wcd-certificates.md | 2 +- windows/configuration/wcd/wcd-cleanpc.md | 2 +- windows/configuration/wcd/wcd-connections.md | 2 +- windows/configuration/wcd/wcd-connectivityprofiles.md | 2 +- windows/configuration/wcd/wcd-countryandregion.md | 2 +- windows/configuration/wcd/wcd-desktopbackgroundandcolors.md | 2 +- windows/configuration/wcd/wcd-developersetup.md | 2 +- windows/configuration/wcd/wcd-deviceformfactor.md | 2 +- windows/configuration/wcd/wcd-devicemanagement.md | 2 +- windows/configuration/wcd/wcd-dmclient.md | 2 +- windows/configuration/wcd/wcd-editionupgrade.md | 2 +- windows/configuration/wcd/wcd-embeddedlockdownprofiles.md | 2 +- windows/configuration/wcd/wcd-firewallconfiguration.md | 2 +- windows/configuration/wcd/wcd-firstexperience.md | 2 +- windows/configuration/wcd/wcd-folders.md | 2 +- windows/configuration/wcd/wcd-initialsetup.md | 2 +- windows/configuration/wcd/wcd-internetexplorer.md | 2 +- windows/configuration/wcd/wcd-licensing.md | 2 +- windows/configuration/wcd/wcd-maps.md | 2 +- windows/configuration/wcd/wcd-messaging.md | 2 +- windows/configuration/wcd/wcd-modemconfigurations.md | 2 +- windows/configuration/wcd/wcd-multivariant.md | 2 +- windows/configuration/wcd/wcd-networkproxy.md | 2 +- windows/configuration/wcd/wcd-networkqospolicy.md | 2 +- windows/configuration/wcd/wcd-nfc.md | 2 +- windows/configuration/wcd/wcd-oobe.md | 2 +- windows/configuration/wcd/wcd-otherassets.md | 2 +- windows/configuration/wcd/wcd-personalization.md | 2 +- windows/configuration/wcd/wcd-policies.md | 2 +- windows/configuration/wcd/wcd-provisioningcommands.md | 2 +- windows/configuration/wcd/wcd-sharedpc.md | 2 +- windows/configuration/wcd/wcd-shell.md | 2 +- windows/configuration/wcd/wcd-smisettings.md | 2 +- windows/configuration/wcd/wcd-start.md | 2 +- windows/configuration/wcd/wcd-startupapp.md | 2 +- windows/configuration/wcd/wcd-startupbackgroundtasks.md | 2 +- windows/configuration/wcd/wcd-surfacehubmanagement.md | 2 +- windows/configuration/wcd/wcd-tabletmode.md | 2 +- windows/configuration/wcd/wcd-takeatest.md | 2 +- windows/configuration/wcd/wcd-theme.md | 2 +- windows/configuration/wcd/wcd-unifiedwritefilter.md | 2 +- windows/configuration/wcd/wcd-universalappinstall.md | 2 +- windows/configuration/wcd/wcd-universalappuninstall.md | 2 +- windows/configuration/wcd/wcd-usberrorsoemoverride.md | 2 +- windows/configuration/wcd/wcd-weakcharger.md | 2 +- windows/configuration/wcd/wcd-windowsteamsettings.md | 2 +- windows/configuration/wcd/wcd-wlan.md | 2 +- windows/configuration/wcd/wcd-workplace.md | 2 +- windows/configuration/wcd/wcd.md | 2 +- 57 files changed, 57 insertions(+), 57 deletions(-) diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md index d3dd731cdf..7e89dfdb30 100644 --- a/windows/configuration/wcd/wcd-accounts.md +++ b/windows/configuration/wcd/wcd-accounts.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md index daa6ca5eb8..52223258ad 100644 --- a/windows/configuration/wcd/wcd-admxingestion.md +++ b/windows/configuration/wcd/wcd-admxingestion.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-applicationmanagement.md b/windows/configuration/wcd/wcd-applicationmanagement.md index f032ce168c..af27cea5f0 100644 --- a/windows/configuration/wcd/wcd-applicationmanagement.md +++ b/windows/configuration/wcd/wcd-applicationmanagement.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md index ad5d7551fb..201fc633e1 100644 --- a/windows/configuration/wcd/wcd-assignedaccess.md +++ b/windows/configuration/wcd/wcd-assignedaccess.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-automatictime.md b/windows/configuration/wcd/wcd-automatictime.md index abb8bbd179..52d9845460 100644 --- a/windows/configuration/wcd/wcd-automatictime.md +++ b/windows/configuration/wcd/wcd-automatictime.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md index 787b6fa65b..a8af54b4f9 100644 --- a/windows/configuration/wcd/wcd-browser.md +++ b/windows/configuration/wcd/wcd-browser.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-callandmessagingenhancement.md b/windows/configuration/wcd/wcd-callandmessagingenhancement.md index bb07ccc02c..f3905fe8bc 100644 --- a/windows/configuration/wcd/wcd-callandmessagingenhancement.md +++ b/windows/configuration/wcd/wcd-callandmessagingenhancement.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md index 64258bbe02..7ea42d279d 100644 --- a/windows/configuration/wcd/wcd-cellular.md +++ b/windows/configuration/wcd/wcd-cellular.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md index 6347a4795d..4e414b4677 100644 --- a/windows/configuration/wcd/wcd-certificates.md +++ b/windows/configuration/wcd/wcd-certificates.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md index ec1f5eaadc..fa14dead06 100644 --- a/windows/configuration/wcd/wcd-cleanpc.md +++ b/windows/configuration/wcd/wcd-cleanpc.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md index 1ce0db8e5b..07f2fffa0f 100644 --- a/windows/configuration/wcd/wcd-connections.md +++ b/windows/configuration/wcd/wcd-connections.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index bb7d3366c0..2a71e900c4 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md index aea53e22de..84e1e611f1 100644 --- a/windows/configuration/wcd/wcd-countryandregion.md +++ b/windows/configuration/wcd/wcd-countryandregion.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md index 1cf770db9b..6f954aec14 100644 --- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md +++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md index e7c4378477..76c7f07631 100644 --- a/windows/configuration/wcd/wcd-developersetup.md +++ b/windows/configuration/wcd/wcd-developersetup.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md index dc1e5cd524..c9d4434a24 100644 --- a/windows/configuration/wcd/wcd-deviceformfactor.md +++ b/windows/configuration/wcd/wcd-deviceformfactor.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md index 9297174468..297225f5a1 100644 --- a/windows/configuration/wcd/wcd-devicemanagement.md +++ b/windows/configuration/wcd/wcd-devicemanagement.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md index 4efec80320..27a6b9dd36 100644 --- a/windows/configuration/wcd/wcd-dmclient.md +++ b/windows/configuration/wcd/wcd-dmclient.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md index cb2fd133b6..76e05d28ae 100644 --- a/windows/configuration/wcd/wcd-editionupgrade.md +++ b/windows/configuration/wcd/wcd-editionupgrade.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md b/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md index 833b66a43a..2203a1cb2b 100644 --- a/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md +++ b/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md index 5e394b2f6b..df61861e90 100644 --- a/windows/configuration/wcd/wcd-firewallconfiguration.md +++ b/windows/configuration/wcd/wcd-firewallconfiguration.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md index b3a53776ff..cf0f7c1983 100644 --- a/windows/configuration/wcd/wcd-firstexperience.md +++ b/windows/configuration/wcd/wcd-firstexperience.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md index bbad0c9cb9..08eff6065d 100644 --- a/windows/configuration/wcd/wcd-folders.md +++ b/windows/configuration/wcd/wcd-folders.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-initialsetup.md b/windows/configuration/wcd/wcd-initialsetup.md index db5b9cee8b..a579fca408 100644 --- a/windows/configuration/wcd/wcd-initialsetup.md +++ b/windows/configuration/wcd/wcd-initialsetup.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-internetexplorer.md b/windows/configuration/wcd/wcd-internetexplorer.md index d1a2e56c56..e3290e6905 100644 --- a/windows/configuration/wcd/wcd-internetexplorer.md +++ b/windows/configuration/wcd/wcd-internetexplorer.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md index 5b3ebb4f41..7ae7661ea8 100644 --- a/windows/configuration/wcd/wcd-licensing.md +++ b/windows/configuration/wcd/wcd-licensing.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md index 4a1bfc4a7a..afe5f92c1c 100644 --- a/windows/configuration/wcd/wcd-maps.md +++ b/windows/configuration/wcd/wcd-maps.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-messaging.md b/windows/configuration/wcd/wcd-messaging.md index a00378d147..871e87042c 100644 --- a/windows/configuration/wcd/wcd-messaging.md +++ b/windows/configuration/wcd/wcd-messaging.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-modemconfigurations.md b/windows/configuration/wcd/wcd-modemconfigurations.md index dc45dff1ef..98bae12f8b 100644 --- a/windows/configuration/wcd/wcd-modemconfigurations.md +++ b/windows/configuration/wcd/wcd-modemconfigurations.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-multivariant.md b/windows/configuration/wcd/wcd-multivariant.md index 37a5519dfd..fa8c0d735f 100644 --- a/windows/configuration/wcd/wcd-multivariant.md +++ b/windows/configuration/wcd/wcd-multivariant.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md index 7eb31bc61c..3689226767 100644 --- a/windows/configuration/wcd/wcd-networkproxy.md +++ b/windows/configuration/wcd/wcd-networkproxy.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md index 5906d70cdd..be9d9f4d69 100644 --- a/windows/configuration/wcd/wcd-networkqospolicy.md +++ b/windows/configuration/wcd/wcd-networkqospolicy.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-nfc.md b/windows/configuration/wcd/wcd-nfc.md index c03217c87e..1b56de1940 100644 --- a/windows/configuration/wcd/wcd-nfc.md +++ b/windows/configuration/wcd/wcd-nfc.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md index 7a72de6bb0..e609255e3d 100644 --- a/windows/configuration/wcd/wcd-oobe.md +++ b/windows/configuration/wcd/wcd-oobe.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-otherassets.md b/windows/configuration/wcd/wcd-otherassets.md index f5f33e19a2..ff79d72f5f 100644 --- a/windows/configuration/wcd/wcd-otherassets.md +++ b/windows/configuration/wcd/wcd-otherassets.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md index 27f82ea825..a5aaee541d 100644 --- a/windows/configuration/wcd/wcd-personalization.md +++ b/windows/configuration/wcd/wcd-personalization.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index 72357237a0..f672b70b05 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md index 5ed43d8d18..7ab3bd2e35 100644 --- a/windows/configuration/wcd/wcd-provisioningcommands.md +++ b/windows/configuration/wcd/wcd-provisioningcommands.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md index d771bbee7b..744e0acd11 100644 --- a/windows/configuration/wcd/wcd-sharedpc.md +++ b/windows/configuration/wcd/wcd-sharedpc.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-shell.md b/windows/configuration/wcd/wcd-shell.md index 8d7ad0b7ff..a0b581cb04 100644 --- a/windows/configuration/wcd/wcd-shell.md +++ b/windows/configuration/wcd/wcd-shell.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md index ce6de17758..df459903c7 100644 --- a/windows/configuration/wcd/wcd-smisettings.md +++ b/windows/configuration/wcd/wcd-smisettings.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index 25fcc57075..3256dea604 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md index 06c5b20b7a..3e9d1ca9b2 100644 --- a/windows/configuration/wcd/wcd-startupapp.md +++ b/windows/configuration/wcd/wcd-startupapp.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md index 6b0840c310..2e5c3fa161 100644 --- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md +++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md index f2da4a2dd6..4a6dbb3dd3 100644 --- a/windows/configuration/wcd/wcd-surfacehubmanagement.md +++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md index a8d2ea900a..5f454d89bb 100644 --- a/windows/configuration/wcd/wcd-tabletmode.md +++ b/windows/configuration/wcd/wcd-tabletmode.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md index 75613f3b2e..c498ffd865 100644 --- a/windows/configuration/wcd/wcd-takeatest.md +++ b/windows/configuration/wcd/wcd-takeatest.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-theme.md b/windows/configuration/wcd/wcd-theme.md index 2d3e643f85..bc5710c264 100644 --- a/windows/configuration/wcd/wcd-theme.md +++ b/windows/configuration/wcd/wcd-theme.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md index fe65f8413f..5ba21b01a3 100644 --- a/windows/configuration/wcd/wcd-unifiedwritefilter.md +++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md index 6ba1b3993a..50f88c2fdc 100644 --- a/windows/configuration/wcd/wcd-universalappinstall.md +++ b/windows/configuration/wcd/wcd-universalappinstall.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md index 17bbc8f15b..70cd723052 100644 --- a/windows/configuration/wcd/wcd-universalappuninstall.md +++ b/windows/configuration/wcd/wcd-universalappuninstall.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md index 7175b5e14b..31685f534d 100644 --- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md +++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md index f1316bc77a..92f8844d81 100644 --- a/windows/configuration/wcd/wcd-weakcharger.md +++ b/windows/configuration/wcd/wcd-weakcharger.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md index b9ee438e22..26c23a84ce 100644 --- a/windows/configuration/wcd/wcd-windowsteamsettings.md +++ b/windows/configuration/wcd/wcd-windowsteamsettings.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md index 6b641db70f..80bbb26cf5 100644 --- a/windows/configuration/wcd/wcd-wlan.md +++ b/windows/configuration/wcd/wcd-wlan.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md index 901e30a048..8db1aa11a4 100644 --- a/windows/configuration/wcd/wcd-workplace.md +++ b/windows/configuration/wcd/wcd-workplace.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md index 38f6061d9f..080f9e469f 100644 --- a/windows/configuration/wcd/wcd.md +++ b/windows/configuration/wcd/wcd.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 ---
        Internal error codes
        Error code Message displayed Possible reason for error

        To troubleshoot this event:

          -
        1. Try to restart the service.
            +
          • Try to restart the service:
            • For antimalware, antivirus and spyware, at an elevated command prompt, type net stop msmpsvc, and then type net start msmpsvc to restart the antimalware engine.
            • For the Network Inspection System, at an elevated command prompt, type net start nissrv, and then type net start nissrv to restart the Network Inspection System engine by using the NiSSRV.exe file.
            • -
          • If it fails in the same way, look up the error code by accessing the Microsoft Support Site and entering the error number in the Search box, and contact Microsoft Technical Support.
            • -
        -

        -
        -

        User action:

        -        		 -

        The Windows Defender AV client engine stopped due to an unexpected error.

        -

        To troubleshoot this event: -

        1. Run the scan again.
          2. -
        2. If it fails in the same way, go to the Microsoft Support site, enter the error number in the Search box to look for the error code.
          3. -
        3. Contact Microsoft Technical Support. -
          4. +
        4. If it fails in the same way, look up the error code by accessing the Microsoft Support Site and entering the error number in the Search box, and contact Microsoft Technical Support.