From 4cac115392ab4615a65e85638331d198ff23d265 Mon Sep 17 00:00:00 2001
From: Andrea Barr <81656118+AndreaLBarr@users.noreply.github.com>
Date: Thu, 17 Jun 2021 16:36:54 -0700
Subject: [PATCH 1/7] Adding Question and Answer

Added a question and answer as requested from Radia Soulmani .
---
 .../faq-md-app-guard.yml                                     | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
index 03baa2d537..98fc46090b 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
@@ -70,6 +70,11 @@ sections:
         answer: |
           Make sure to enable the extensions policy on your Application Guard configuration.
 
+      - question: |
+          I’m trying to watch playback video with HDR, why is the HDR option missing?
+        answer: |
+          In order for HDR video playback to work in the container, vGPU Hardware Acceleration needs to be enabled in Application Guard.
+        
       - question: |
           How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)?
         answer: |

From 4214f6193ad6590941d482a82942d27493561997 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Fri, 25 Jun 2021 12:56:06 -0700
Subject: [PATCH 2/7] update driver topic

---
 ...icrosoft-recommended-driver-block-rules.md | 161 +++++++++++++++++-
 1 file changed, 154 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 887fc765be..44f0200b2e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -1,9 +1,9 @@
 ---
 title: Microsoft recommended driver block rules (Windows 10)
-description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.
-keywords: security, malware, kernel mode, driver
+description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.  
+keywords:  security, malware, kernel mode, driver
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,7 @@ author: jgeurten
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 10/15/2020
-ms.technology: mde
+ms.date: 
 ---
 
 # Microsoft recommended driver block rules
@@ -30,7 +29,7 @@ Microsoft has strict requirements for code running in kernel. Consequently, mali
 - Hypervisor-protected code integrity (HVCI) enabled devices
 - Windows 10 in S mode (S mode) devices
 
-Microsoft recommends enabling [HVCI](../device-guard/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
+Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
 
 > [!Note]
 > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. 
@@ -127,6 +126,80 @@ Microsoft recommends enabling [HVCI](../device-guard/enable-virtualization-based
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha256" Hash="4F12EE563E7496E7105D67BF64AF6B436902BE4332033AF0B5A242B206372CB7" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1"  FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2"  FriendlyName="b4.sys Hash Sha1" Hash="4BBB9709D5F916FE78EAA15431F622761EFC496F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3"  FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4"  FriendlyName="netfilterdrv.sys Hash Sha1" Hash="A2DA5C397F737FA55D8F93D3CED5EB70AE09801F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5"  FriendlyName="netfilterdrv.sys Hash Sha1" Hash="C58B6EF848CA87AD9EC4368C45C8F1EB7FA6BD16"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6"  FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7"  FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8"  FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9"  FriendlyName="netfilterdrv.sys Hash Sha1" Hash="1923D1F21FAFFCD7D511E2B313FE9415E6AD90AE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="d4.sys Hash Sha1" Hash="E343AA3981393778F32DF94EFAC90FE35D6933A9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="81.sys Hash Sha1" Hash="05AC1C64CA16AB0517FE85D4499D08199E63DF26"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="b1.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="ni.sys Hash Sha1" Hash="FD081F7A372B939DB8523E222D118B87450D3D19"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="d.sys Hash Sha1" Hash="7C1BA790CA2AA03F30413D02F3A812FCCA1AB29F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_18" FriendlyName="bwrsh.sys Hash Sha1" Hash="73857ACDD7D7C9235F3E18C503A27E7C88C5FCB0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_19" FriendlyName="bw.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_20" FriendlyName="b3.sys Hash Sha1" Hash="969A945C93F54FCBF17548903131D4B86042DF7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_21" FriendlyName="b1.sys Hash Sha1" Hash="1F7804D9185B1910C43BD4104D58B96994FF8E49"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_22" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_23" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_24" FriendlyName="bwrs.sys Hash Sha1" Hash="3DEBE170B5A113407F9E86EE6ED9AE00C3D82C9F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_25" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_26" FriendlyName="d2.sys Hash Sha1" Hash="002223FDDC5658EA22B7A8979984A9B54F63B316"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_27" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_28" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_29" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_30" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_31" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_32" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_33" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_34" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_35" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_36" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_37" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1"  FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2"  FriendlyName="b4.sys Hash Sha256" Hash="DEC8A933DBA04463ED9BB7D53338FF87F2C23CFB79E0E988449FC631252C9DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3"  FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4"  FriendlyName="netfilterdrv.sys Hash Sha256" Hash="DDD83AF2E99C2E51F2BBBB5A1FAADF9F2DDBC3E39B086935621D6846A8530D76"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5"  FriendlyName="netfilterdrv.sys Hash Sha256" Hash="E6D0C06DEB74F0448391F2C14A08D5C1B7D263DC444ACC5C1CF57ACFE82DA6BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6"  FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7"  FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8"  FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9"  FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C174566743B47AE3C3BBB9F32D2856DE5959E06EC100B648853058EEFCDA43FA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="d4.sys Hash Sha256" Hash="823DA894B2C73FFCD39E77366B6F1ABF0AE9604D9B20140A54E6D55053AADEBA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="81.sys Hash Sha256" Hash="B430D3A0BDB837A5D6625D3B1CEF07ABD1953F969869FF6CF7BA398AE605431A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="b1.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="ni.sys Hash Sha256" Hash="AE79E760C739D6214C1E314728A78A6CB6060CCE206FDE2440A69735D639A0A2"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="d.sys Hash Sha256" Hash="0289FE12E675101CEE03934C1AF5CB73069A12170A88BD051E31A292B97F701B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_18" FriendlyName="bwrsh.sys Hash Sha256" Hash="37DDE6BD8A7A36111C3AC57E0AC20BBB93CE3374D0852BCACC9A2C8C8C30079E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_19" FriendlyName="bw.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_20" FriendlyName="b3.sys Hash Sha256" Hash="708016FBE22C813A251098F8F992B177B476BD1BBC48C2ED4A122FF74910A965"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_21" FriendlyName="b1.sys Hash Sha256" Hash="A3E507E713F11901017FC328186AE98E23DE7CEA5594687480229F77D45848D8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_22" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_23" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_24" FriendlyName="bwrs.sys Hash Sha256" Hash="221DFBC74BBB255B0879360CCC71A74B756B2E0F16E9386B38A9CE9D4E2E34F9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_25" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_26" FriendlyName="d2.sys Hash Sha256" Hash="CB57F3A7FE9E1F8E63332C563B0A319B26C944BE839EABC03E9A3277756BA612"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_27" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_28" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_29" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_30" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_31" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_32" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_33" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_34" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_35" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_36" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_37" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
     <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
     <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
     <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
@@ -352,6 +425,80 @@ Microsoft recommends enabling [HVCI](../device-guard/enable-virtualization-based
             <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256"/>
             <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE"/>
             <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37"/>
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>
@@ -385,4 +532,4 @@ Microsoft recommends enabling [HVCI](../device-guard/enable-virtualization-based
 
 ## More information
 
-- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md)
\ No newline at end of file
+- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md)

From 8c7a9c164c557f35bc0bb73f1d9e25a87d3d8966 Mon Sep 17 00:00:00 2001
From: Nazmus Sakib <mdsakib@microsoft.com>
Date: Fri, 25 Jun 2021 13:23:51 -0700
Subject: [PATCH 3/7] Add TPM2.0 recommendation

Update additional details on TPM2.0 usage/recommendation in feature table
---
 .../tpm/tpm-recommendations.md                      | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index 6179ba0c0a..6bde2d3d8d 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -111,21 +111,20 @@ The following table defines which Windows features require TPM support.
 
  Windows Features | TPM Required | Supports TPM 1.2  | Supports TPM 2.0  | Details  |
 -|-|-|-|-
- Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot
+ Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated.  
  BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Automatic Device Encryption requires Modern Standby](../bitlocker/bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) including TPM 2.0 support
  Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0.
  Windows Defender Application Control (Device Guard) | No | Yes | Yes
- Windows Defender System Guard | Yes | No | Yes
- Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported.
- Device Health Attestation| Yes | Yes | Yes
- Windows Hello/Windows Hello for Business| No | Yes | Yes | Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support.
+ Windows Defender System Guard (DRTM) | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
+ Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. Paired with Windows Defender System Guard, TPM 2.0 provides enhanced security for Credential Guard. Windows 11 requires TPM 2.0 by default to facilitate easier enablement of this enhanced security for customers.
+ Device Health Attestation| Yes | Yes | Yes | TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated.
+ Windows Hello/Windows Hello for Business| No | Yes | Yes | Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support. TPM 2.0 is recommended over TPM 1.2 for better performance and security. Windows Hello as a FIDO platform authenticator will take advantage of TPM 2.0 for key storage.
  UEFI Secure Boot | No | Yes | Yes
  TPM Platform Crypto Provider Key Storage Provider| Yes | Yes | Yes
  Virtual Smart Card | Yes | Yes | Yes
  Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM.
  Autopilot | No | N/A | Yes | If you intend to deploy a scenario which requires TPM (such as white glove and self-deploying mode), then TPM 2.0 and UEFI firmware are required.
  SecureBIO | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
- DRTM | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
 
 ## OEM Status on TPM 2.0 system availability and certified parts
 
@@ -133,4 +132,4 @@ Government customers and enterprise customers in regulated industries may have a
 
 ## Related topics
 
-- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
\ No newline at end of file
+- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)

From 46f1dd1f676094fb8b63692ebfe2ecd4cb04e8a7 Mon Sep 17 00:00:00 2001
From: David Strome <dstrome@microsoft.com>
Date: Fri, 25 Jun 2021 13:34:41 -0700
Subject: [PATCH 4/7] Remove SV docset

---
 .openpublishing.publish.config.json | 14 --------
 windows/sv/TOC.yml                  |  5 ---
 windows/sv/breadcrumb/toc.yml       |  3 --
 windows/sv/docfx.json               | 51 -----------------------------
 windows/sv/index.md                 | 11 -------
 5 files changed, 84 deletions(-)
 delete mode 100644 windows/sv/TOC.yml
 delete mode 100644 windows/sv/breadcrumb/toc.yml
 delete mode 100644 windows/sv/docfx.json
 delete mode 100644 windows/sv/index.md

diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 32eb1b181b..f9ebdac192 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -129,20 +129,6 @@
       "build_entry_point": "docs",
       "template_folder": "_themes"
     },
-    {
-      "docset_name": "sv",
-      "build_source_folder": "windows/sv",
-      "build_output_subfolder": "sv",
-      "locale": "en-us",
-      "monikers": [],
-      "moniker_ranges": [],
-      "open_to_public_contributors": true,
-      "type_mapping": {
-        "Conceptual": "Content"
-      },
-      "build_entry_point": "docs",
-      "template_folder": "_themes"
-    },
     {
       "docset_name": "win-access-protection",
       "build_source_folder": "windows/access-protection",
diff --git a/windows/sv/TOC.yml b/windows/sv/TOC.yml
deleted file mode 100644
index 01da3e1c0a..0000000000
--- a/windows/sv/TOC.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: Index
-  href: index.md
-
-
-
diff --git a/windows/sv/breadcrumb/toc.yml b/windows/sv/breadcrumb/toc.yml
deleted file mode 100644
index 48236190f9..0000000000
--- a/windows/sv/breadcrumb/toc.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-- name: Docs
-  tocHref: /
-  topicHref: /
diff --git a/windows/sv/docfx.json b/windows/sv/docfx.json
deleted file mode 100644
index e7955464fe..0000000000
--- a/windows/sv/docfx.json
+++ /dev/null
@@ -1,51 +0,0 @@
-{
-  "build": {
-    "content": [
-      {
-        "files": [
-          "**/*.md",
-          "**/*.yml"
-        ],
-        "exclude": [
-          "**/obj/**",
-          "**/includes/**",
-          "_themes/**",
-          "_themes.pdf/**",
-          "**/docfx.json",
-          "_repo.en-us/**",
-          "README.md",
-          "LICENSE",
-          "LICENSE-CODE",
-          "ThirdPartyNotices.md"
-        ]
-      }
-    ],
-    "resource": [
-      {
-        "files": [
-          "**/*.png",
-          "**/*.jpg"
-        ],
-        "exclude": [
-          "**/obj/**",
-          "**/includes/**",
-          "_themes/**",
-          "_themes.pdf/**",
-          "**/docfx.json",
-          "_repo.en-us/**"
-        ]
-      }
-    ],
-    "overwrite": [],
-    "externalReference": [],
-    "globalMetadata": {
-      "breadcrumb_path": "/windows/windows-11/breadcrumb/toc.json",
-      "extendBreadcrumb": true,
-      "feedback_system": "None"
-    },
-    "fileMetadata": {},
-    "template": [],
-    "dest": "windows-11",
-    "markdownEngineName": "markdig"
-  }
-}
\ No newline at end of file
diff --git a/windows/sv/index.md b/windows/sv/index.md
deleted file mode 100644
index 7a31c42d39..0000000000
--- a/windows/sv/index.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-title: SV
-description: SV
-ms.prod: w10
-manager: laurawi
-ms.topic: article
-author: greg-lindsay
-ms.author: greglin
----
-
-# .
\ No newline at end of file

From faeaeaddf09933dc0263f9b89e76065217129b2c Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Fri, 25 Jun 2021 14:17:28 -0700
Subject: [PATCH 5/7] Removed duplicate block events and file IOCs not intended
 to be blocked

---
 ...icrosoft-recommended-driver-block-rules.md | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 7d56cdbe9e..835c6da8f0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -126,6 +126,40 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha256" Hash="4F12EE563E7496E7105D67BF64AF6B436902BE4332033AF0B5A242B206372CB7" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1"  FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2"  FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3"  FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4"  FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1"  FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2"  FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3"  FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4"  FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
     <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
     <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
     <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
@@ -351,6 +385,40 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security
             <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256"/>
             <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE"/>
             <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>

From 8d5d5e2f5ad1cf5ec2d42c19692250213fa9a3cd Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 25 Jun 2021 16:20:23 -0700
Subject: [PATCH 6/7] Acrolinx "a existing"

---
 .../security/information-protection/tpm/tpm-recommendations.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index 6bde2d3d8d..2a29a3881a 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -95,7 +95,7 @@ For end consumers, TPM is behind the scenes but is still very relevant. TPM is u
 
 ### Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)
 
-- Since July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7 of the [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview) page). The requirement to enable TPM 2.0 only applies to the manufacturing of new devices. For TPM recommendations for specific Windows features, see [TPM and Windows Features](#tpm-and-windows-features).
+- Since July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of an existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7 of the [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview) page). The requirement to enable TPM 2.0 only applies to the manufacturing of new devices. For TPM recommendations for specific Windows features, see [TPM and Windows Features](#tpm-and-windows-features).
 
 ### IoT Core
 

From c163663490a9c6b53e407a7ea2145407739cac0d Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 25 Jun 2021 16:20:54 -0700
Subject: [PATCH 7/7] Fixed broken note

---
 .../security/information-protection/tpm/tpm-recommendations.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index 2a29a3881a..658a7d98d5 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -72,7 +72,7 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in
 
 > [!NOTE]
 > TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.
-
+>
 > Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode which will prepare the OS and the disk to support UEFI.
 
 ## Discrete, Integrated or Firmware TPM?