From 0c509c21acf8c54e49697bbebef7ff5041ae6d47 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 20 Aug 2018 17:04:25 -0700 Subject: [PATCH 1/4] fixed app conttrol toc --- .../windows-defender-application-control/{oldTOC.md => TOC.md} | 0 .../exploit-protection-exploit-guard.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename windows/security/threat-protection/windows-defender-application-control/{oldTOC.md => TOC.md} (100%) diff --git a/windows/security/threat-protection/windows-defender-application-control/oldTOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/oldTOC.md rename to windows/security/threat-protection/windows-defender-application-control/TOC.md diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index 44502e777d..d75810ce2c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -16,7 +16,7 @@ ms.date: 08/09/2018 -# Protect devices from exploits with Windows Defender Exploit Guard +# Protect devices from exploits **Applies to:** From b189413a4c42027ba8ee5d7bfcba12ca8e81a644 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 20 Aug 2018 17:09:02 -0700 Subject: [PATCH 2/4] revised titles --- .../attack-surface-reduction-exploit-guard.md | 23 ++----------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 4fb58eaacc..1bf3aab943 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -23,34 +23,15 @@ ms.date: 08/08/2018 - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - - - - - - - - - Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. +Attack surface reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). ->[!TIP] ->You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. - -Attack surface reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). - -The feature is comprised of a number of rules, each of which target specific behaviors that are typically used by malware and malicious apps to infect machines, such as: +Attack surface reduction has a number of [rules](#attack-surface-reduction-rules), each of which targets specific behaviors that are typically used by malware and malicious apps to infect machines, such as: - Executable files and scripts used in Office apps or web mail that attempt to download or run files - Scripts that are obfuscated or otherwise suspicious - Behaviors that apps undertake that are not usually initiated during normal day-to-day work -See the [Attack surface reduction rules](#attack-surface-reduction-rules) section in this topic for more information on each rule. - When a rule is triggered, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Attack surface reduction would impact your organization if it were enabled. From e213032fb1bc0061695571caa848af67f59add97 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 20 Aug 2018 17:35:35 -0700 Subject: [PATCH 3/4] copyedits --- .../controlled-folders-exploit-guard.md | 25 +++---------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index a00c13b3aa..c376eab0fd 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -16,7 +16,7 @@ ms.date: 08/08/2018 -# Protect important folders with Controlled folder access +# Protect important folders with controlled folder access **Applies to:** @@ -24,35 +24,18 @@ ms.date: 08/08/2018 - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - - - - - - - - - - - - Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. - ->[!TIP] ->You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. - -Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder. -This is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/en-us/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage. +This is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage. A notification will appear on the computer where the app attempted to make changes to a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. The protected folders include common system folders, and you can [add additional folders](customize-controlled-folders-exploit-guard.md#protect-additional-folders). You can also [allow or whitelist apps](customize-controlled-folders-exploit-guard.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders. -As with other features of Windows Defender Exploit Guard, you can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Controlled folder access would impact your organization if it were enabled. +You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. ## Requirements From 2dd853e9c0bd03e3551d24d86ca926f744f31a0c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 20 Aug 2018 17:36:02 -0700 Subject: [PATCH 4/4] copyedits --- .../controlled-folders-exploit-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index c376eab0fd..a5c31c8baf 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -51,9 +51,9 @@ You can review the Windows event log to see events that are created when Control 2. Type **Event viewer** in the Start menu to open the Windows Event Viewer. -3. On the left panel, under **Actions**, click **Import custom view...** +3. On the left panel, under **Actions**, click **Import custom view...**. - ![Animation showing the import custom view on the Event viewer window](images/events-import.gif) + ![Animation showing the import custom view on the Event viewer window](images/events-import.gif) 4. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md).