From 5e03a04e8b5a0e009b7788317c6e19d4435ba54d Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 29 Aug 2018 15:59:18 -0400 Subject: [PATCH 1/9] Corrected Jan-Feb links to point to Microsoft not Kaspersky Corrected two links that point to Kaspersky reviews instead of Microsoft reviews I believe this is the correct link: https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2018/microsoft-windows-defender-antivirus-4.12-180674/ --- .../intelligence/top-scoring-industry-antivirus-tests.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 662286f60b..0b05818396 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -39,8 +39,8 @@ The below scores are the results of AV-TEST's evaluations on **Windows Defender |Month (2018)|Real-World test score| Prevalent malware test score | AV-TEST report| Microsoft analysis| |---|---|---|---|---| -|January| 100.00%| 99.92%| [Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports)| -|February| 100.00% | 100.00%|[Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports)| +|January| 100.00%| 99.92%| [Report (Jan-Feb)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2018/microsoft-windows-defender-antivirus-4.12-180674/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports)| +|February| 100.00% | 100.00%|[Report (Jan-Feb)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2018/microsoft-windows-defender-antivirus-4.12-180674/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports)| March |98.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)| April|100.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)| May|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) |[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports) **Latest**| From 2436cef74470475ce5cf0173d432db1a000f6732 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 29 Aug 2018 16:38:11 -0400 Subject: [PATCH 2/9] Update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 99973955de..cb0b0f1a87 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -68,7 +68,6 @@ This section covers requirements for each feature in Windows Defender EG. |--------|---------| | ![not supported](./images/ball_empty.png) | Not supported | | ![supported](./images/ball_50.png) | Supported | -| ![supported, enhanced](./images/ball_75.png) | Includes advanced exploit protection for the kernel mode via [HVCI](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity) | | ![supported, full reporting](./images/ball_full.png) | Includes automated reporting into the Windows Defender ATP console| From 70eeefe4f47c7aac43091cdf2d95d9f2778f598c Mon Sep 17 00:00:00 2001 From: skycommand Date: Thu, 30 Aug 2018 01:18:46 +0430 Subject: [PATCH 3/9] Typo fix Typo fix. Windows 10 has a "Pro" edition, but not "Professional" edition. --- .../windows-defender-application-guard/wd-app-guard-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index 0fb816ceab..7df9687c2d 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -14,7 +14,7 @@ ms.date: 07/09/2018 **Applies to:** - Windows 10 Enterprise edition, version 1709 or higher -- Windows 10 Professional edition, version 1803 +- Windows 10 Pro edition, version 1803 Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by rendering current attack methods obsolete. From d83c45e888b551202b3035535428e61e3eca964e Mon Sep 17 00:00:00 2001 From: skycommand Date: Thu, 30 Aug 2018 01:19:39 +0430 Subject: [PATCH 4/9] Typo fix Typo fix. It is called "Windows 10 Pro", not "Windows 10 Professional". --- .../windows-defender-application-guard/reqs-wd-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md index 413a76b74a..7fec753587 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md @@ -14,7 +14,7 @@ ms.date: 11/09/2017 **Applies to:** - Windows 10 Enterprise edition, version 1709 or higher -- Windows 10 Professional edition, version 1803 +- Windows 10 Pro edition, version 1803 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. From 7378d096321ba3e9cea8f8e4844eb1543f6ba276 Mon Sep 17 00:00:00 2001 From: skycommand Date: Thu, 30 Aug 2018 01:22:42 +0430 Subject: [PATCH 5/9] Typo fix Typo fix. It is called "Windows 10 Pro", not "Windows 10 Professional". --- .../windows-defender-application-guard/install-wd-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md index 037fb26536..a05785d879 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md @@ -17,7 +17,7 @@ Before you can install and use Windows Defender Application Guard, you must dete Applies to: - Windows 10 Enterprise edition, version 1709 or higher -- Windows 10 Professional edition, version 1803 +- Windows 10 Pro edition, version 1803 Employees can use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, you must install Application Guard and then the employee must manually start Microsoft Edge in Application Guard while browsing untrusted sites. For an example of how this works, see the [Application Guard in standalone mode](test-scenarios-wd-app-guard.md) testing scenario. From d3393141c61e0690cfdafc19b4cbc0cbc652b36f Mon Sep 17 00:00:00 2001 From: skycommand Date: Thu, 30 Aug 2018 01:25:21 +0430 Subject: [PATCH 6/9] Typo fix Typo fix. It is called "Windows 10 Pro", not "Windows 10 Professional". --- .../configure-wd-app-guard.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index af72b5b90d..7c6ba31f4d 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -38,10 +38,10 @@ These settings, located at **Computer Configuration\Administrative Templates\Win |Name|Supported versions|Description|Options| |-----------|------------------|-----------|-------| -|Configure Windows Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Professional, 1803|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:
  • Disable the clipboard functionality completely when Virtualization Security is enabled.
  • Enable copying of certain content from Application Guard into Microsoft Edge.
  • Enable copying of certain content from Microsoft Edge into Application Guard.

    **Important**
    Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.| -|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Professional, 1803|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
  • Enable Application Guard to print into the XPS format.
  • Enable Application Guard to print into the PDF format.
  • Enable Application Guard to print to locally attached printers.
  • Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.
**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.| -|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher

Windows 10 Professional, 1803|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.

**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. | -|Allow Persistence|Windows 10 Enterprise, 1709 or higher

Windows 10 Professional, 1803|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.

**Disabled or not configured.** All user data within Application Guard is reset between sessions.

**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**
  1. Open a command-line program and navigate to Windows/System32.
  2. Type `wdagtool.exe cleanup`.
    The container environment is reset, retaining only the employee-generated data.
  3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`.
    The container environment is reset, including discarding all employee-generated data.
| +|Configure Windows Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:
  • Disable the clipboard functionality completely when Virtualization Security is enabled.
  • Enable copying of certain content from Application Guard into Microsoft Edge.
  • Enable copying of certain content from Microsoft Edge into Application Guard.

    **Important**
    Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.| +|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
  • Enable Application Guard to print into the XPS format.
  • Enable Application Guard to print into the PDF format.
  • Enable Application Guard to print to locally attached printers.
  • Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.
**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.| +|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.

**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. | +|Allow Persistence|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.

**Disabled or not configured.** All user data within Application Guard is reset between sessions.

**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**
  1. Open a command-line program and navigate to Windows/System32.
  2. Type `wdagtool.exe cleanup`.
    The container environment is reset, retaining only the employee-generated data.
  3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`.
    The container environment is reset, including discarding all employee-generated data.
| |Turn on Windows Defender Application Guard in Enterprise Mode|Windows 10 Enterprise, 1709 or higher|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.

**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.| |Allow files to download to host operating system|Windows 10 Enterprise, 1803|Determines whether to save downloaded files to the host operating system from the Windows Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Windows Defender Application Guard container to the host operating system.

**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.| |Allow hardware-accelerated rendering for Windows Defender Application Guard|Windows 10 Enterprise, version 1803

(experimental only)|Determines whether Windows Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Windows Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Windows Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Windows Defender Application Guard will automatically revert to software-based (CPU) rendering.

    **Important**
    Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.

**Disabled or not configured.** Windows Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.

**Note**
This is an experimental feature in Windows 10 Enterprise, version 1803 and will not function without the presence of an additional registry key provided by Microsoft. If you would like to evaluate this feature on deployments of Windows 10 Enterprise, version 1803, please contact Microsoft for further information.| From f8b98f5c93b26fecdd3e67611df691eddd66d56a Mon Sep 17 00:00:00 2001 From: skycommand Date: Thu, 30 Aug 2018 01:25:49 +0430 Subject: [PATCH 7/9] Typo fix Typo fix. It is called "Windows 10 Pro", not "Windows 10 Professional". --- .../test-scenarios-wd-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md index cffffca2da..d697706824 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md @@ -16,7 +16,7 @@ We've come up with a list of suggested testing scenarios that you can use to tes **Applies to:** - Windows 10 Enterpise edition, version 1709 or higher -- Windows 10 Professional edition, version 1803 +- Windows 10 Pro edition, version 1803 ## Application Guard in standalone mode You can see how an employee would use standalone mode with Application Guard. From 382743302591c117d44cea1fecf7e8afb868dc15 Mon Sep 17 00:00:00 2001 From: skycommand Date: Thu, 30 Aug 2018 01:27:02 +0430 Subject: [PATCH 8/9] Typo fix. Typo fix. It is called "Windows 10 Pro", not "Windows 10 Professional". --- .../windows-defender-application-guard/faq-wd-app-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index dcea68cace..7ac04e7b20 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -14,7 +14,7 @@ ms.date: 11/07/2017 **Applies to:** - Windows 10 Enterpise edition, version 1709 or higher -- Windows 10 Professional edition, version 1803 +- Windows 10 Pro edition, version 1803 Answering frequently asked questions about Windows Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. @@ -32,7 +32,7 @@ Answering frequently asked questions about Windows Defender Application Guard (A | | | |---|----------------------------| |**Q:** |Can employees download documents from the Application Guard Edge session onto host devices?| -|**A:** |In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.

In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device.| +|**A:** |In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.

In Windows 10 Enterprise edition 1709 or Windows 10 Pro edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device.|
| | | From 1bbeedf456f6d183153ddb742bbc72eed8099398 Mon Sep 17 00:00:00 2001 From: ajjonesycomau Date: Thu, 30 Aug 2018 10:57:32 +1000 Subject: [PATCH 9/9] Fixed broken link Reformatted markdown for the download link. --- .../windows-credential-theft-mitigation-guide-abstract.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md index dca351a7eb..9ad00797a5 100644 --- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md +++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md @@ -15,7 +15,7 @@ ms.date: 04/19/2017 **Applies to** - Windows 10 -This topic provides a summary of the Windows 10 credential theft mitigation guide, which can be downloaded from the [Microsoft Download Center](https://download.microsoft.com/download/C/1/4/C14579CA-E564-4743-8B51-61C0882662AC/Windows 10 credential theft mitigation guide.docx). +This topic provides a summary of the Windows 10 credential theft mitigation guide, which can be downloaded from the [Microsoft Download Center](https://download.microsoft.com/download/C/1/4/C14579CA-E564-4743-8B51-61C0882662AC/Windows%2010%20credential%20theft%20mitigation%20guide.docx). This guide explains how credential theft attacks occur and the strategies and countermeasures you can implement to mitigate them, following these security stages: - Identify high-value assets