deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/rs2' into dhrs2-servicing

Browse Source
This commit is contained in:
Dani Halfin
2017-03-30 16:36:50 -07:00
parent b902571245 00efb5c1d8
commit cf69ae4eb6
7 changed files with 28 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
windows/keep-secure/configure-exclusions-windows-defender-antivirus.md
View File

@ -12,7 +12,7 @@ localizationpriority: medium
author: iaanw
---
# Configure and validate file and folder exclusions in Windows Defender AV scans
# Configure and validate file, folder, and process-opened file exclusions in Windows Defender AV scans
**Applies to:**
@ -33,9 +33,9 @@ author: iaanw
- Microsoft Intune
- Windows Defender Security Center
You can exclude certain files, folders, processes, and process-modified files from being scanned by Windows Defender Antivirus.
You can exclude certain files, folders, processes, and process-opened files from being scanned by Windows Defender Antivirus.
The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md).
The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md). Exclusions for process-opened files only aply to real-time protection.
Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization.
@ -48,5 +48,5 @@ Topic | Description
---|---
[Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md) | Exclude files from Windows Defender AV scans based on their file extension, file name, or location
[Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) | You can exclude files from scans that have been opened by a specific process
[Configure exclusions in Windows Defender AV on Windows Servery](configure-server-exclusions-windows-defender-antivirus.md) | Windows Server 2016 includes automatic exclusions, based on the defined Server Role. You can also add custom exclusions
[Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) | Windows Server 2016 includes automatic exclusions, based on the defined Server Role. You can also add custom exclusions

14
windows/keep-secure/configure-extension-file-exclusions-windows-defender-antivirus.md
View File

@ -42,7 +42,7 @@ Exclusion | Examples | Exclusion list
Any file with a specific extension | All files with the .test extension, anywhere on the machine | Extension exclusions
Any file under a specific folder | All files under the c:\test\sample folder | File and folder exclusions
A specific file in a specific folder | The file c:\sample\sample.test only | File and folder exclusions
A specific process | The executable file c:\test\process.exe | File and folder exclusions list
A specific process | The executable file c:\test\process.exe | File and folder exclusions
This means the exclusion lists have the following characteristics:
- Folder exclusions will apply to all files and folders under that folder.
@ -95,7 +95,7 @@ You can [configure how locally and globally defined exclusions lists are merged]
7. Click **OK**.
![The Group Policy setting for file and folder exclusions](images/defender/wdav-extension-exclusions.png)
![The Group Policy setting for file and folder exclusions](images/defender/wdav-path-exclusions.png)
8. Double-click the **Extension Exclusions** setting and add the exclusions:
@ -106,7 +106,7 @@ You can [configure how locally and globally defined exclusions lists are merged]
9. Click **OK**.
![The Group Policy setting for extension exclusions](images/defender/wdav-path-exclusions.png)
![The Group Policy setting for extension exclusions](images/defender/wdav-extension-exclusions.png)
<a id="ps"></a>
@ -184,7 +184,7 @@ See [Add exclusions in the Windows Defender Security Center app](windows-defende
<a id="wildcards"></a>
## Use wildcards in the file name and folder path or extension exclusion lists
You can use the asterisk **\***, question mark **?**, or environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the file name or folder path exclusion list.
You can use the asterisk \*, question mark ?, or environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the file name or folder path exclusion list.
>[!IMPORTANT]
>Environment variable usage is limited to machine variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account.
@ -196,8 +196,8 @@ The following table describes how the wildcards can be used and provides some ex
Wildcard | Use | Example use | Example matches
---|---|---|---
***** (asterisk) | Replaces any number of chararacters | <ul><li>C:\MyData\my\*.zip</li><li>C:\somepath\\\*\Data</li></ul> | <ul><li>C:\MyData\my-archived-files-43.zip</li><li>Any file in C:\somepath\folder1\folder2\Data</li></ul>
**?** (question mark) | Replaces a single character | <ul><li>C:\MyData\my\?.zip</li><li>C:\somepath\\\?\Data</li></ul> | <ul><li>C:\MyData\my1.zip</li><li>Any file in C:\somepath\P\Data</li></ul>
\* (asterisk) | Replaces any number of characters | <ul><li>C:\MyData\my\*.zip</li><li>C:\somepath\\\*\Data</li></ul> | <ul><li>C:\MyData\my-archived-files-43.zip</li><li>Any file in C:\somepath\folder1\folder2\Data</li></ul>
? (question mark) | Replaces a single character | <ul><li>C:\MyData\my\?.zip</li><li>C:\somepath\\\?\Data</li></ul> | <ul><li>C:\MyData\my1.zip</li><li>Any file in C:\somepath\P\Data</li></ul>
Environment variables | The defined variable will be populated as a path when the exclusion is evaluated | <ul><li>%ALLUSERSPROFILE%\CustomLogFiles</li></ul> | <ul><li>C:\ProgramData\CustomLogFiles\Folder1\file1.txt</li></ul>
@ -276,6 +276,6 @@ $client.DownloadFile("http://www.eicar.org/download/eicar.com.txt","c:\test.txt"
- [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md)
- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
- [Configure exclusions in Windows Defender AV on Windows Servery](configure-server-exclusions-windows-defender-antivirus.md)
- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md)
- [Customize, initiate, and review the results of Windows Defender AV scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)

20
windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md
View File

@ -1,5 +1,5 @@
---
title: Configure and validate exclusions for files opened by specific processes
title: Configure exclusions for files opened by specific processes
description: You can exclude files from scans if they have been opened by a specific process.
keywords: process, exclusion, files, scans
search.product: eADQiWindows 10XVcnh
@ -12,7 +12,7 @@ localizationpriority: medium
author: iaanw
---
# Configure and validate exclusions for files opened by processes
# Configure exclusions for files opened by processes
**Applies to:**
@ -40,8 +40,8 @@ This topic describes how to configure exclusion lists for the following:
Exclusion | Example
---|---
Any file on the machine that is opened by any process with a specific file name | Specifying "*test.exe*" would excude files opened by: <ul><li>*c:\sample\test.exe*</li><li>*d:\internal\files\test.exe*</li></ul>
Any file on the machine that is opened by any process under a specific folder | Specifying "*c:\test\sample\\*" would exclude files opened by:<ul><li>*c:\test\sample\test.exe*</li><li>*c:\test\sample\test2.exe*</li><li>*c:\test\sample\utility.exe*</li></ul>
Any file on the machine that is opened by any process with a specific file name | Specifying "*test.exe*" would exclude files opened by: <ul><li>*c:\sample\test.exe*</li><li>*d:\internal\files\test.exe*</li></ul>
Any file on the machine that is opened by any process under a specific folder | Specifying "*c:\test\sample\\**" would exclude files opened by:<ul><li>*c:\test\sample\test.exe*</li><li>*c:\test\sample\test2.exe*</li><li>*c:\test\sample\utility.exe*</li></ul>
Any file on the machine that is opened by a specific process in a specific folder | Specifying "*c:\test\process.exe*" would exclude files only opened by *c:\test\process.exe*
When you add a process to the process exclusion list, Windows Defender AV will not scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-windows-defender-antivirus.md).
@ -89,7 +89,7 @@ You can [configure how locally and globally defined exclusions lists are merged]
<a id="ps"></a>
**Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans:**
Using PowerShell to add or remove exclusions for files based on the extension, location, or file name requires using a combination of three cmdlets with the `-ExclusionProcess' parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/defender).
Using PowerShell to add or remove exclusions for files that have been opened by processes requires using a combination of three cmdlets with the `-ExclusionProcess' parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/defender).
The format for the cmdlets is:
@ -110,7 +110,7 @@ Remove items from the list | `Remove-MpPreference`
>If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list.
For example, the following code snippet would cause Windows Defender AV scans to exclude any file that is opened by process:
For example, the following code snippet would cause Windows Defender AV scans to exclude any file that is opened by the specified process:
```PowerShell
Add-MpPreference -ExclusionProcess "c:\internal\test.exe"
@ -156,14 +156,14 @@ See [Add exclusions in the Windows Defender Security Center app](windows-defende
The use of wildcards in the process exclusion list is different from their use in other exclusion lists.
In particular, you cannot use the question mark **?** wilcard, and the asterisk **\*** wildcard can only be used at the end of a complete path. You can still use environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the process exclusion list.
In particular, you cannot use the question mark ? wildcard, and the asterisk \* wildcard can only be used at the end of a complete path. You can still use environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the process exclusion list.
The following table describes how the wildcards can be used in the process exclusion list:
Wildcard | Use | Example use | Example matches
---|---|---|---
**\*** (asterisk) | Replaces any number of chararacters | <ul><li>C:\MyData\\*</li></ul> | <ul><li>Any file opened by *C:\MyData\file.exe*</li></ul>
**?** (question mark) | Not available | \- | \-
\* (asterisk) | Replaces any number of characters | <ul><li>C:\MyData\\*</li></ul> | <ul><li>Any file opened by *C:\MyData\file.exe*</li></ul>
? (question mark) | Not available | \- | \-
Environment variables | The defined variable will be populated as a path when the exclusion is evaluated | <ul><li>%ALLUSERSPROFILE%\CustomLogFiles\file.exe</li></ul> | <ul><li>Any file opened by C:\ProgramData\CustomLogFiles\file.exe</li></ul>
@ -212,6 +212,6 @@ See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use
- [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md)
- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
- [Configure exclusions in Windows Defender AV on Windows Servery](configure-server-exclusions-windows-defender-antivirus.md)
- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md)
- [Customize, initiate, and review the results of Windows Defender AV scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)

BIN
windows/keep-secure/images/defender/wdav-powershell-get-exclusions-variable.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.5 KiB

After

Width:  |  Height:  |  Size: 9.1 KiB

3
windows/keep-secure/troubleshoot-windows-defender-antivirus.md
View File

@ -2,7 +2,8 @@
title: Windows Defender AV event IDs and error codes
description: Look up the causes and solutions for Windows Defender Antivirus event IDs and errors
keywords: event, error code, siem, logging, troubleshooting, wef, windows event forwarding
ms.assetid: EE488CC1-E340-4D47-B50B-35BD23CB4D70
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library

3
windows/keep-secure/windows-defender-antivirus-in-windows-10.md
View File

@ -2,7 +2,8 @@
title: Windows Defender Antivirus
description: Learn how to manage, configure, and use Windows Defender AV, the built-in antimalware and antivirus product available in Windows 10.
keywords: windows defender antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security
ms.assetid: 6A9EB85E-1F3A-40AC-9A47-F44C4A2B55E2
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library

17
windows/plan/windows-10-enterprise-faq-itpro.md
View File

@ -49,7 +49,7 @@ Many existing Win32 and Win64 applications already run reliably on Windows 10 wi
### Is there an easy way to assess if my organizations devices are ready to upgrade to Windows 10?
[Windows Upgrade Readiness](https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics) (formerly known as Upgrade Analytics) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without additional infrastructure requirements. This new service guides you through your upgrade and feature update projects using a workflow based on Microsoft recommended practices. Up-to-date inventory data allows you to balance cost and risk in your upgrade projects.
[Windows Analytics Upgrade Readiness](https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics) (formerly known as Upgrade Analytics) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without additional infrastructure requirements. This new service guides you through your upgrade and feature update projects using a workflow based on Microsoft recommended practices. Up-to-date inventory data allows you to balance cost and risk in your upgrade projects. You can find additional product information at [Windows Analytics](https://www.microsoft.com/en-us/WindowsForBusiness/Windows-Analytics).
## Administration and deployment
@ -64,15 +64,9 @@ Updated versions of Microsoft deployment tools, including MDT, Configuration Man
Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with System Center Configuration Manager](https://technet.microsoft.com/itpro/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit).
### Are there any deployment tools available to support Windows 10?
Updated versions of Microsoft deployment tools, including Configuration Manager, MDT, and the Windows Assessment and Deployment Kit (Windows ADK) have been released adding support for Windows 10. For most organizations currently using MDT or Configuration Manager to deploy Windows, deployment of Windows 10 will change very little.
For more information on deployment methods for Windows 10, see [Windows 10 deployment tools](https://technet.microsoft.com/library/mt297512.aspx) and [Windows 10 deployment scenarios](https://technet.microsoft.com/library/mt282208.aspx).
### Can I upgrade from Windows 7 Enterprise or Windows 8.1 Enterprise to Windows 10 Enterprise for free?
If you have Windows 7 Enterprise or Windows 8.1 Enterprise and current Software Assurance, you are entitled to the upgrade to Windows 10 Enterprise through the rights of Software Assurance. You can find your product keys and installation media at the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
If you have Windows 7 Enterprise or Windows 8.1 Enterprise and current Windows 10 Enterprise E3 or E5 subscription, you are entitled to the upgrade to Windows 10 Enterprise through the rights of Software Assurance. You can find your product keys and installation media at the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
For devices that are licensed under a volume license agreement for Windows that does not include Software Assurance, new licenses will be required to upgrade these devices to Windows 10.
@ -104,12 +98,7 @@ For more information on pros and cons for these tools, see [Servicing Tools](htt
### Where can I find information about new features and changes in Windows 10 Enterprise?
For an overview of the new enterprise features in Windows 10 Enterprise, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index) and [What's new in Windows 10, version 1703](https://tnstage.redmond.corp.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1703?branch=rs2) in the TechNet library. You can find information You'll find info on features like these:
- Modern deployment - Zero-touch deployment, bulk AD enrollment with provisioning, UEFI conversion tooland
- Windows Analytics - Upgrade Readiness, and Update Compliance
- Windows as a service enhancements - Differential feature update support, express update support for System Center Configuration Manager and third-party management software
- Mobile application management (MAM) and enhanced MDM
- Advanced security with Windows Defender - App Guard, Credential Guard, App Control, ATP) and Windows Hello
For an overview of the new enterprise features in Windows 10 Enterprise, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index) and [What's new in Windows 10, version 1703](https://tnstage.redmond.corp.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1703?branch=rs2) in the TechNet library.
Another place to track the latest information about new features of interest to IT professionals is the [Windows for IT Pros blog](https://blogs.technet.microsoft.com/windowsitpro/). Here youll find announcements of new features, information on updates to the Windows servicing model, and details about the latest resources to help you more easily deploy and manage Windows 10.