Merge branch 'master' into aljupudi-5548201-htmltomd-batch03

2025-05-12 21:37:22 +00:00 · 2021-11-10 13:01:43 -05:00 · 2021-11-10 13:01:43 -05:00 · cf4b36b218
commit cf4b36b218
parent d58ffa414c 36d459da26
3 changed files with 34 additions and 34 deletions
--- a/windows/security/threat-protection/intelligence/submission-guide.md
+++ b/windows/security/threat-protection/intelligence/submission-guide.md
@ -23,7 +23,7 @@ If you have a file that you suspect might be malware or is being incorrectly det

 ## How do I send a malware file to Microsoft?

-You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/wdsi/filesubmission).
+You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission).

 We receive a large number of samples from many sources. Our analysis is prioritized by the number of file detections and the type of submission. You can help us complete a quick analysis by providing detailed information about the product you were using and what you were doing when you found the file.

@ -31,7 +31,7 @@ After you sign in, you will be able to track your submissions.

 ## Can I send a sample by email?

-No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/wdsi/filesubmission).
+No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission).

 ## Can I submit a sample without signing in?

@ -43,7 +43,7 @@ The [Software Assurance ID (SAID)](https://www.microsoft.com/licensing/licensing

 ### How do I dispute the detection of my program?

-[Submit the file](https://www.microsoft.com/wdsi/filesubmission) in question as a software developer. Wait until your submission has a final determination.
+[Submit the file](https://www.microsoft.com/en-us/wdsi/filesubmission) in question as a software developer. Wait until your submission has a final determination.

 If you’re not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary.

@ -51,7 +51,7 @@ We encourage all software vendors and developers to read about [how Microsoft id

 ## How do I track or view past sample submissions?

-You can track your submissions through the [submission history page](https://www.microsoft.com/wdsi/submissionhistory).
+You can track your submissions through the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory).

 ## What does the submission status mean?

@ -63,7 +63,7 @@ Each submission is shown to be in one of the following status types:

 * Closed—a final determination has been given by an analyst

-You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/wdsi/submissionhistory).
+You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory).

 ## How does Microsoft prioritize submissions

--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@ -10,7 +10,7 @@ ms.reviewer: jogeurte
 ms.author: jogeurte
 ms.manager: jsuther
 manager: dansimp
-ms.date: 04/14/2021
+ms.date: 11/06/2021
 ms.technology: windows-sec
 ms.topic: article
 ms.localizationpriority: medium
@ -32,7 +32,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
 > [!NOTE]
 > To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.

-## Script-based deployment process for Windows 10 version 1903 and above
+## Deploying policies for Windows 10 version 1903 and above

 1. Initialize the variables to be used by the script.

@ -56,23 +56,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
   & $RefreshPolicyTool
   ```

-### Deploying signed policies
-
-In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. 
-
-1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt: 
-
-    ```powershell
-    mountvol J: /S
-    J:
-    mkdir J:\EFI\Microsoft\Boot\CiPolicies\Active
-    ```
-
-2. Copy the signed policy binary as `{PolicyGUID}.cip` to `J:\EFI\Microsoft\Boot\CiPolicies\Active`.
-
-3. Reboot the system.
-
-## Script-based deployment process for Windows 10 versions earlier than 1903
+## Deploying policies for Windows 10 versions earlier than 1903

 1. Initialize the variables to be used by the script.

@ -93,3 +77,25 @@ In addition to the steps outlined above, the binary policy file must also be cop
   ```powershell
   Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary}
   ```
+
+## Deploying signed policies
+
+In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. 
+
+1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt: 
+
+    ```powershell
+   $MountPoint = 'C:\EFI'
+   $EFIDestinationFolder = "$MountPoint\Microsoft\Boot\CiPolicies\Active"
+   $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
+   mkdir $EFIDestinationFolder
+   mountvol $MountPoint $EFIPartition
+    ```
+
+2. Copy the signed policy to the created folder:
+
+    ```powershell
+   Copy-Item -Path $PolicyBinary -Destination $EFIDestinationFolder -Force
+    ```
+
+3. Restart the system.
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
@ -37,14 +37,11 @@ You can prevent users from modifying settings in the Exploit protection area. Th
 You can only prevent users from modifying Exploit protection settings by using Group Policy.

 > [!IMPORTANT]
->
-> ### Requirements
->
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.

 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.

-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.

 3. Expand the tree to **Windows components > Windows Security > App and browser protection**.

@ -59,14 +56,11 @@ You can choose to hide the entire section by using Group Policy. The section wil
 This can only be done in Group Policy.

 > [!IMPORTANT]
->
-> ### Requirements
->
-> You must have Windows 10, version 1709 (the Fall Creators Update). The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.

 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.

-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.

 3. Expand the tree to **Windows components > Windows Security > App and browser protection**.

@ -77,4 +71,4 @@ This can only be done in Group Policy.
 > [!NOTE]
 > If you hide all sections then the app will show a restricted interface, as in the following screenshot:
 >
-> ![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
+> ![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png)