From c4e05bee82eba5736e53e971e2433929df88ec2c Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 4 Jan 2021 13:03:43 +0500 Subject: [PATCH 01/68] Procedural Changes An unnecessary step was added in the procedure and has been removed. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8408 --- .../mac-jamfpro-policies.md | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index 5faeec9c8d..f1017e4215 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -750,18 +750,14 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint ![Image of configuration settings](images/990742cd9a15ca9fdd37c9f695d1b9f4.png) -4. Navigate to **Advanced Computer Searches**. - - ![A screenshot of a social media post Description automatically generated](images/95313facfdd5e1ea361981e0a2478fec.png) - -5. Select **Computer Management**. +4. Select your computer and click the gear icon on the top, select **Computer Management** ![Image of configuration settings](images/b6d671b2f18b89d96c1c8e2ea1991242.png) -6. In **Packages**, select **+ New**. +5. In **Packages**, select **+ New**. ![A picture containing bird Description automatically generated](images/57aa4d21e2ccc65466bf284701d4e961.png) -7. In **New Package** Enter the following details: +6. In **New Package** Enter the following details: **General tab** - Display Name: Leave it blank for now. Because it will be reset when you choose your pkg. @@ -774,15 +770,17 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint ![A screenshot of a computer screen Description automatically generated](images/1aa5aaa0a387f4e16ce55b66facc77d1.png) -8. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**. +7. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**. + **Manifest File** is not required. Microsoft Defender Advanced Threat Protection works without Manifest File. + **Options tab**
Keep default values. **Limitations tab**
Keep default values. ![Image of configuration settings](images/56dac54634d13b2d3948ab50e8d3ef21.png) -9. Select **Save**. The package is uploaded to Jamf Pro. +8. Select **Save**. The package is uploaded to Jamf Pro. ![Image of configuration settings](images/33f1ecdc7d4872555418bbc3efe4b7a3.png) @@ -790,45 +788,45 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint ![Image of configuration settings](images/1626d138e6309c6e87bfaab64f5ccf7b.png) -10. Navigate to the **Policies** page. +9. Navigate to the **Policies** page. ![Image of configuration settings](images/f878f8efa5ebc92d069f4b8f79f62c7f.png) -11. Select **+ New** to create a new policy. +10. Select **+ New** to create a new policy. ![Image of configuration settings](images/847b70e54ed04787e415f5180414b310.png) -12. In **General** Enter the following details: +11. In **General** Enter the following details: - Display name: MDATP Onboarding Contoso 200329 v100.86.92 or later ![Image of configuration settings](images/625ba6d19e8597f05e4907298a454d28.png) -13. Select **Recurring Check-in**. +12. Select **Recurring Check-in**. ![Image of configuration settings](images/68bdbc5754dfc80aa1a024dde0fce7b0.png) -14. Select **Save**. +13. Select **Save**. -15. Select **Packages > Configure**. +14. Select **Packages > Configure**. ![Image of configuration settings](images/8fb4cc03721e1efb4a15867d5241ebfb.png) -16. Select the **Add** button next to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**. +15. Select the **Add** button next to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**. ![Image of configuration settings](images/526b83fbdbb31265b3d0c1e5fbbdc33a.png) -17. Select **Save**. +16. Select **Save**. ![Image of configuration settings](images/9d6e5386e652e00715ff348af72671c6.png) -18. Select the **Scope** tab. +17. Select the **Scope** tab. ![Image of configuration settings](images/8d80fe378a31143db9be0bacf7ddc5a3.png) -19. Select the target computers. +18. Select the target computers. ![Image of configuration settings](images/6eda18a64a660fa149575454e54e7156.png) @@ -844,7 +842,7 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint ![Image of configuration settings](images/c9f85bba3e96d627fe00fc5a8363b83a.png) -20. Select **Done**. +19. Select **Done**. ![Image of configuration settings](images/99679a7835b0d27d0a222bc3fdaf7f3b.png) From 8c4268ea229155638b6cb9a201fcaa9985a3a8ed Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 4 Jan 2021 13:33:46 +0500 Subject: [PATCH 02/68] Addition of a right A right was missing from the list. Added the basic info. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8551 --- .../security-policy-settings/user-rights-assignment.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md index 03d0a20cf4..6074db6073 100644 --- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md +++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md @@ -69,6 +69,7 @@ The following table links to each security policy setting and provides the const | [Manage auditing and security log](manage-auditing-and-security-log.md)| SeSecurityPrivilege| | [Modify an object label](modify-an-object-label.md) | SeRelabelPrivilege| | [Modify firmware environment values](modify-firmware-environment-values.md)| SeSystemEnvironmentPrivilege| +| [Obtain an impersonation token for another user in the same session]) | SeDelegateSessionUserImpersonatePrivilege| | [Perform volume maintenance tasks](perform-volume-maintenance-tasks.md) | SeManageVolumePrivilege| | [Profile single process](profile-single-process.md) | SeProfileSingleProcessPrivilege| | [Profile system performance](profile-system-performance.md) | SeSystemProfilePrivilege| @@ -78,6 +79,7 @@ The following table links to each security policy setting and provides the const | [Shut down the system](shut-down-the-system.md) | SeShutdownPrivilege| | [Synchronize directory service data](synchronize-directory-service-data.md)| SeSyncAgentPrivilege| | [Take ownership of files or other objects](take-ownership-of-files-or-other-objects.md) | SeTakeOwnershipPrivilege| + ## Related topics From 053da0a6581a34a3d11ed9fe2f0c921bc4725ab5 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 4 Jan 2021 09:09:40 -0700 Subject: [PATCH 03/68] Update windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-jamfpro-policies.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index f1017e4215..961a958e6f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -750,7 +750,7 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint ![Image of configuration settings](images/990742cd9a15ca9fdd37c9f695d1b9f4.png) -4. Select your computer and click the gear icon on the top, select **Computer Management** +4. Select your computer and click the gear icon at the top, then select **Computer Management**. ![Image of configuration settings](images/b6d671b2f18b89d96c1c8e2ea1991242.png) @@ -851,4 +851,3 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint - From 7682c17362d6802ae7a7019d280feb3a5263afd1 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 4 Jan 2021 09:22:32 -0700 Subject: [PATCH 04/68] Update windows/security/threat-protection/security-policy-settings/user-rights-assignment.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security-policy-settings/user-rights-assignment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md index 6074db6073..656b0c378b 100644 --- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md +++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md @@ -69,7 +69,7 @@ The following table links to each security policy setting and provides the const | [Manage auditing and security log](manage-auditing-and-security-log.md)| SeSecurityPrivilege| | [Modify an object label](modify-an-object-label.md) | SeRelabelPrivilege| | [Modify firmware environment values](modify-firmware-environment-values.md)| SeSystemEnvironmentPrivilege| -| [Obtain an impersonation token for another user in the same session]) | SeDelegateSessionUserImpersonatePrivilege| +| [Obtain an impersonation token for another user in the same session](impersonate-a-client-after-authentication.md) | SeDelegateSessionUserImpersonatePrivilege| | [Perform volume maintenance tasks](perform-volume-maintenance-tasks.md) | SeManageVolumePrivilege| | [Profile single process](profile-single-process.md) | SeProfileSingleProcessPrivilege| | [Profile system performance](profile-system-performance.md) | SeSystemProfilePrivilege| From 500fd2c72ee5fa5d5ce00dbe699dabac111a77e3 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 12 Jan 2021 10:50:21 +0500 Subject: [PATCH 05/68] Update use-vamt-in-windows-powershell.md --- .../volume-activation/use-vamt-in-windows-powershell.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index 7389bcd273..0fcb1ad99c 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -57,7 +57,7 @@ get-help get-VamtProduct -all ``` **Warning** -The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=242278). +The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/vamt). **To view VAMT PowerShell Help sections** From eb8843f637a817ceb46c8c58d9eb75c116ab8655 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 12 Jan 2021 11:59:56 +0500 Subject: [PATCH 06/68] Update hello-planning-guide.md --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 265aa7219d..fc57328704 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription. H If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet. -If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory account (additional costs needed for multi-factor authentication). +If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to have another subscription that includes Azure AD Multi-Factor Authentication license (like Microsoft 365), or use third-party Multi-Factor Authentication provider. If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet. Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature. From 7c7a13348fa00a44133e085964b25260ba80d04e Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 12 Jan 2021 14:37:28 +0500 Subject: [PATCH 07/68] Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index fc57328704..d99d54226f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription. H If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet. -If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to have another subscription that includes Azure AD Multi-Factor Authentication license (like Microsoft 365), or use third-party Multi-Factor Authentication provider. +If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to have another subscription that includes an Azure AD Multi-Factor Authentication license (like Microsoft 365) or to use a third-party Multi-Factor Authentication provider. If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet. Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature. From 7ced57c6927538be4219721a78fa1d09b0eb879a Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 13 Jan 2021 07:23:37 +0500 Subject: [PATCH 08/68] Update hello-planning-guide.md --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index d99d54226f..ba1692b00e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription. H If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet. -If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to have another subscription that includes an Azure AD Multi-Factor Authentication license (like Microsoft 365) or to use a third-party Multi-Factor Authentication provider. +If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to use a third-party Multi-Factor Authentication provider. If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet. Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature. From b83175dcb1eafe83648d424b07efa4bc40665622 Mon Sep 17 00:00:00 2001 From: msft-cjeich Date: Thu, 14 Jan 2021 12:17:20 -0800 Subject: [PATCH 09/68] Update web-content-filtering.md Text update to account for changes to our data provider. Also - 15 min for policy sync is incorrect. SLA should be 2hrs. Include other 3rd party browsers which NP supports. This is a server-side change which requires no client side changes. --- .../microsoft-defender-atp/web-content-filtering.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index d8daf9644c..b6d259a0f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -32,7 +32,7 @@ Web content filtering is part of [Web protection](web-protection-overview.md) ca Configure policies across your device groups to block certain categories. Blocking a category prevents users within specified device groups from accessing URLs associated with the category. For any category that's not blocked, the URLs are automatically audited. Your users can access the URLs without disruption, and you'll gather access statistics to help create a more custom policy decision. Your users will see a block notification if an element on the page they're viewing is making calls to a blocked resource. -Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome and Firefox). For more information about browser support, see the prerequisites section. +Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome, Firefox, Brave and Opera). For more information about browser support, see the prerequisites section. Summarizing the benefits: @@ -42,7 +42,7 @@ Summarizing the benefits: ## User experience -The blocking experience for Chrome/Firefox is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. +The blocking experience for 3rd party supported browsers is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. For a more user-friendly in-browser experience, consider using Microsoft Edge. @@ -54,11 +54,11 @@ Before trying out this feature, make sure you have the following requirements: - Access to Microsoft Defender Security Center portal - Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update. -If Windows Defender SmartScreen isn't turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device. +If Windows Defender SmartScreen isn't turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device. Chrome, Firefox, Brave and Opera are currently 3rd party browsers in which the feature is enabled. ## Data handling -We will follow whichever region you have elected to use as part of your [Microsoft Defender for Endpoint data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds. +We will follow whichever region you have elected to use as part of your [Microsoft Defender for Endpoint data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. ## Turn on web content filtering @@ -78,7 +78,7 @@ To add a new policy: 2. Specify a name. 3. Select the categories to block. Use the expand icon to fully expand each parent category and select specific web content categories. 4. Specify the policy scope. Select the device groups to specify where to apply the policy. Only devices in the selected device groups will be prevented from accessing websites in the selected categories. -5. Review the summary and save the policy. The policy may take up to 15 minutes to apply to your selected devices. +5. Review the summary and save the policy. The policy refresh may take up to 2 hours to apply to your selected devices. Tip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy. @@ -138,7 +138,7 @@ Use the time range filter at the top left of the page to select a time period. Y ### Limitations and known issues in this preview -- Only Microsoft Edge is supported if your device's OS configuration is Server (cmd > Systeminfo > OS Configuration). Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across Chrome/Firefox. +- Only Microsoft Edge is supported if your device's OS configuration is Server (cmd > Systeminfo > OS Configuration). Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across supported 3rd party browsers. - Unassigned devices will have incorrect data shown within the report. In the Report details > Device groups pivot, you may see a row with a blank Device Group field. This group contains your unassigned devices before they get put into your specified group. The report for this row may not contain an accurate count of devices or access counts. From 5893f5768835f358ad7dae1824a2cbaa12a1975c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 17 Jan 2021 14:42:06 +0500 Subject: [PATCH 10/68] Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md Co-authored-by: mapalko --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index ba1692b00e..8570ec4a63 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription. H If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet. -If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to use a third-party Multi-Factor Authentication provider. +If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multifactor Authentication through the use of security defaults. Some Azure AD Multifactor Authentication features require a license. For more details see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing) If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet. Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature. From 97136cf8c9ec2eba91ce0020b387d55baaeb0532 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 17 Jan 2021 14:47:53 +0500 Subject: [PATCH 11/68] Update hello-planning-guide.md --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 8570ec4a63..449642dfe7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription. H If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet. -If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multifactor Authentication through the use of security defaults. Some Azure AD Multifactor Authentication features require a license. For more details see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing) +If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing) If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet. Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature. From 2614a6dcebeef0d92a5c8245e4b797048e11cc14 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 20 Jan 2021 18:33:17 +0500 Subject: [PATCH 12/68] Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 449642dfe7..0c252830e7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription. H If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet. -If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing) +If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details, see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing). If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet. Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature. From 576057ec5bce89bcafe9d656d7ba013088bbf163 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 20 Jan 2021 18:36:10 +0500 Subject: [PATCH 13/68] Update hello-planning-guide.md --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 0c252830e7..cb3a0081f2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription. H If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet. -If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details, see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing). +If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details, see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing). If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet. Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature. From 704a3a87252a456ce34bc8242c86ddec26dbdb1c Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 21 Jan 2021 21:30:59 +0200 Subject: [PATCH 14/68] add info about network boundary https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8880 --- .../md-app-guard-overview.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 98150e0f15..0c47055df2 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -52,3 +52,4 @@ Application Guard has been created to target several types of devices: | [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a troubleshooting guide | | [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide | |[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| +|[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](https://docs.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.| From 4d281e31d100e182c94040de6bbde8ee1a8202b9 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Thu, 21 Jan 2021 12:54:14 -0800 Subject: [PATCH 15/68] Update waas-delivery-optimization.md Add Edge browser support to content type table. --- windows/deployment/update/waas-delivery-optimization.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index de5f866595..7337c717c1 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -65,7 +65,7 @@ For information about setting up Delivery Optimization, including tips for the b - Office installations and updates - Xbox game pass games - MSIX apps (HTTP downloads only) - - Edge browser installations and updates + - Edge browser installs and updates ## Requirements @@ -90,7 +90,8 @@ The following table lists the minimum Windows 10 version that supports Delivery | Win32 apps for Intune | 1709 | | Xbox game pass games | 2004 | | MSIX apps (HTTP downloads only) | 2004 | -| Configuration Manager Express Updates | 1709 + Configuration Manager version 1711 | +| Configuration Manager Express updates | 1709 + Configuration Manager version 1711 | +| Edge browser installs and updates | 1809 | > [!NOTE] > Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](https://docs.microsoft.com/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910). From 1e96248e32a1da6172b1b24587481405dba6c81c Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Thu, 21 Jan 2021 20:01:51 -0800 Subject: [PATCH 16/68] Update waas-delivery-optimization.md Add Dynamic updates support --- windows/deployment/update/waas-delivery-optimization.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 7337c717c1..599fd37ab1 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -62,10 +62,11 @@ For information about setting up Delivery Optimization, including tips for the b - DOMaxUploadBandwidth - Support for new types of downloads: - - Office installations and updates + - Office installs and updates - Xbox game pass games - MSIX apps (HTTP downloads only) - Edge browser installs and updates + - Dynamic updates ## Requirements @@ -92,6 +93,7 @@ The following table lists the minimum Windows 10 version that supports Delivery | MSIX apps (HTTP downloads only) | 2004 | | Configuration Manager Express updates | 1709 + Configuration Manager version 1711 | | Edge browser installs and updates | 1809 | +| Dynamic updates | 1903 | > [!NOTE] > Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](https://docs.microsoft.com/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910). From 244dc8bbb5d5464dea2fe6390c906766bc36e622 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Fri, 22 Jan 2021 13:09:33 -0800 Subject: [PATCH 17/68] Update waas-delivery-optimization.md Add link to Dynamic Updates blog post. --- windows/deployment/update/waas-delivery-optimization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 599fd37ab1..bbafcf8b44 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -66,7 +66,7 @@ For information about setting up Delivery Optimization, including tips for the b - Xbox game pass games - MSIX apps (HTTP downloads only) - Edge browser installs and updates - - Dynamic updates + - [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847) ## Requirements @@ -93,7 +93,7 @@ The following table lists the minimum Windows 10 version that supports Delivery | MSIX apps (HTTP downloads only) | 2004 | | Configuration Manager Express updates | 1709 + Configuration Manager version 1711 | | Edge browser installs and updates | 1809 | -| Dynamic updates | 1903 | +| [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847) | 1903 | > [!NOTE] > Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](https://docs.microsoft.com/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910). From 963bbb8f93de94590c0ed5948d0a965dd92d304e Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 25 Jan 2021 21:09:14 +0500 Subject: [PATCH 18/68] Update TOC.md --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index af35c57f47..122083cfeb 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -114,6 +114,7 @@ ##### [Enable exploit protection](microsoft-defender-atp/enable-exploit-protection.md) ##### [Customize exploit protection](microsoft-defender-atp/customize-exploit-protection.md) ##### [Import, export, and deploy exploit protection configurations](microsoft-defender-atp/import-export-exploit-protection-emet-xml.md) +##### [Troubleshoot exploit protection mitigations](microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md) ##### [Exploit protection reference](microsoft-defender-atp/exploit-protection-reference.md ) #### [Network protection]() From 463b8b0f8cf8d6b1066728d21cb4b34138608a98 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Mon, 25 Jan 2021 10:13:26 -0600 Subject: [PATCH 19/68] Update security-compliance-toolkit-10.md Removed 1709 as we dont support it any longer and pulled it from the DLC --- .../security/threat-protection/security-compliance-toolkit-10.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index fd8ba1f7f9..509869f9e5 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -34,7 +34,6 @@ The Security Compliance Toolkit consists of: - Windows 10 Version 1903 (May 2019 Update) - Windows 10 Version 1809 (October 2018 Update) - Windows 10 Version 1803 (April 2018 Update) - - Windows 10 Version 1709 (Fall Creators Update) - Windows 10 Version 1607 (Anniversary Update) - Windows 10 Version 1507 From f8e3f311ae43ba2b3c195b8c4a5c48b54c9c4869 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 25 Jan 2021 21:17:00 +0500 Subject: [PATCH 20/68] Update mandatory-settings-for-wip.md --- .../mandatory-settings-for-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index eb25f0556d..bf2e926154 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -28,7 +28,7 @@ This list provides all of the tasks and settings that are required for the opera |Task|Description| |----|-----------| |Add at least one app to the **Protected apps** list in your WIP policy.|You must have at least one app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics.| -|Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the **Manage the WIP protection mode for your enterprise data** section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).| +|Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage the WIP protection mode for your enterprise data](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).| |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it’s incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.

Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.| |Specify your enterprise IPv4 or IPv6 ranges.|Starting with Windows 10, version 1703, this field is optional.

Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics.| From 18bbbe6262a11c530e44a23e596395aaa921f787 Mon Sep 17 00:00:00 2001 From: Jeff Gilbert Date: Mon, 25 Jan 2021 17:58:10 -0500 Subject: [PATCH 21/68] Update create-wip-policy-using-intune-azure.md Updated per request from PM (dereka). --- .../create-wip-policy-using-intune-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index f36275b6ba..19f213f47f 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -444,7 +444,7 @@ To stop Windows from automatically blocking these connections, you can add the ` For example: ```console -URL <,proxy>|URL <,proxy>/*AppCompat*/ +URL <,proxy>|URL <,proxy>|/*AppCompat*/ ``` When you use this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the **Domain joined or marked as compliant** option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. From 285c15d89bcdbc854e1d7bd5fe8c1de59454cf6a Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 25 Jan 2021 17:12:21 -0800 Subject: [PATCH 22/68] Update windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/web-content-filtering.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index b6d259a0f2..87f0151c05 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -54,7 +54,7 @@ Before trying out this feature, make sure you have the following requirements: - Access to Microsoft Defender Security Center portal - Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update. -If Windows Defender SmartScreen isn't turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device. Chrome, Firefox, Brave and Opera are currently 3rd party browsers in which the feature is enabled. +If Windows Defender SmartScreen isn't turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device. Chrome, Firefox, Brave, and Opera are currently 3rd party browsers in which this feature is enabled. ## Data handling From 7d9fbb1011a636246f5b8ee1eeda47b309177d71 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 26 Jan 2021 17:28:49 +0500 Subject: [PATCH 23/68] Update network-protection.md --- .../microsoft-defender-atp/network-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 7fd98bd981..0cf3df8758 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -45,7 +45,7 @@ You can also use [audit mode](audit-windows-defender.md) to evaluate how Network ## Requirements -Network protection requires Windows 10 Pro, Enterprise E3, E5, and Microsoft Defender AV real-time protection. +Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender AV real-time protection. Windows 10 version | Microsoft Defender Antivirus -|- From 930fc4dc29b48afbc9db8b7dc0d2a7c8eb9cd62b Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 26 Jan 2021 17:32:17 +0500 Subject: [PATCH 24/68] Update troubleshoot-np.md --- .../threat-protection/microsoft-defender-atp/troubleshoot-np.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index 4bfdccfe50..82fcbb7ca7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -45,7 +45,7 @@ There are four steps to troubleshooting these problems: Network protection will only work on devices with the following conditions: >[!div class="checklist"] -> * Endpoints are running Windows 10 Enterprise edition, version 1709 or higher (also known as the Fall Creators Update). +> * Endpoints are running Windows 10 Pro or Enterprise edition, version 1709 or higher. > * Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Microsoft Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). > * [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled. > * [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled. From 74cb283b850d34b520e224c3427a835072f062bd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 08:56:15 -0800 Subject: [PATCH 25/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 9e49265a2f..d895dbaa84 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -11,7 +11,7 @@ ms.sitesec: library ms.pagetype: security ms.author: deniseb author: denisebmsft -ms.date: 01/25/2021 +ms.date: 01/26/2021 ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -35,7 +35,7 @@ In endpoint protection, a false positive is an entity, such as a file or a proce 1. [Reviewing and classifying alerts](#part-1-review-and-classify-alerts) 2. [Reviewing remediation actions that were taken](#part-2-review-remediation-actions) -3. [Reviewing and defining exclusions](#part-3-review-or-define-exclusions-for-microsoft-defender-for-endpoint) +3. [Reviewing and defining exclusions](#part-3-review-or-define-exclusions) 4. [Submitting an entity for analysis](#part-4-submit-a-file-for-analysis) 5. [Reviewing and adjusting your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings) 6. [Getting help if you still have issues with false positives/negatives](#still-need-help) @@ -131,7 +131,7 @@ If you find that a remediation action was taken automatically on an entity that 2. On the **History** tab, select the actions that you want to undo. 3. In the pane on the right side of the screen, select **Undo**. -## Part 3: Review or define exclusions for Microsoft Defender for Endpoint +## Part 3: Review or define exclusions An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. From 9570f49f975fab39c28c729a2aaa0ecef3cfe3d6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 09:08:43 -0800 Subject: [PATCH 26/68] crosslinking --- .../antivirus-false-positives-negatives.md | 7 ++++++- .../microsoft-defender-antivirus-compatibility.md | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md index 099dbc450f..e99e915192 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 06/08/2020 +ms.date: 01/26/2021 ms.reviewer: shwetaj manager: dansimp audience: ITPro @@ -35,6 +35,9 @@ What if something gets detected wrongly as malware, or something is missed? We c - [Create an "Allow" indicator to prevent a false positive from recurring](#create-an-allow-indicator-to-prevent-a-false-positive-from-recurring) - [Define an exclusion on an individual Windows device to prevent an item from being scanned](#define-an-exclusion-on-an-individual-windows-device-to-prevent-an-item-from-being-scanned) +> [!TIP] +> This article focuses on false positives in Microsoft Defender Antivirus. If you want guidance for Microsoft Defender for Endpoint, which includes next-generation protection, endpoint detection and response, automated investigation and remediation, and more, see [Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md). + ## Submit a file to Microsoft for analysis 1. Review the [submission guidelines](../intelligence/submission-guide.md). @@ -76,3 +79,5 @@ To learn more, see: [What is Microsoft Defender for Endpoint?](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) [Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) + +[Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 7a74769372..ad505f776b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -122,4 +122,5 @@ The table in this section summarizes the functionality and features that are ava - [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server-2016.md) - [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) - [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure) +- [Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md) - [Learn about Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about) From 79733d6899e099c607c3c2cfac9b538d7ed473e0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 09:10:21 -0800 Subject: [PATCH 27/68] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 4233bcca90..93e3809c2a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -93,5 +93,6 @@ All remediation actions, whether pending or completed, can be viewed in the [Act ## See also - [PUA protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) +- [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md) - [Automated investigation and response in Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air) - [Automated investigation and response in Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir) From c067a53cca66b8ef72f63d94c56a31f155531c38 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 09:11:50 -0800 Subject: [PATCH 28/68] Update helpful-resources.md --- .../helpful-resources.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md index 7d275ab90b..fd973e1a2a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md @@ -29,31 +29,31 @@ ms.technology: mde Access helpful resources such as links to blogs and other resources related to Microsoft Defender for Endpoint. ## Endpoint protection platform -- [Top scoring in industry +- [Top scoring in industry tests](https://docs.microsoft.com/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests) -- [Inside out: Get to know the advanced technologies at the core of Defender for Endpoint next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/) +- [Inside out: Get to know the advanced technologies at the core of Defender for Endpoint next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/) -- [Protecting disconnected devices with Defender for Endpoint](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Protecting-disconnected-devices-with-Microsoft-Defender-ATP/ba-p/500341) +- [Protecting disconnected devices with Defender for Endpoint](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Protecting-disconnected-devices-with-Microsoft-Defender-ATP/ba-p/500341) -- [Tamper protection in Defender for Endpoint](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-in-Microsoft-Defender-ATP/ba-p/389571) +- [Tamper protection in Defender for Endpoint](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-in-Microsoft-Defender-ATP/ba-p/389571) ## Endpoint Detection Response -- [Incident response at your fingertips with Defender for Endpoint live response](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Incident-response-at-your-fingertips-with-Microsoft-Defender-ATP/ba-p/614894) +- [Incident response at your fingertips with Defender for Endpoint live response](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Incident-response-at-your-fingertips-with-Microsoft-Defender-ATP/ba-p/614894) ## Threat Vulnerability Management -- [Defender for Endpoint Threat & Vulnerability Management now publicly +- [Defender for Endpoint Threat & Vulnerability Management now publicly available!](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/MDATP-Threat-amp-Vulnerability-Management-now-publicly-available/ba-p/460977) ## Operational -- [The Golden Hour remake - Defining metrics for a successful security +- [The Golden Hour remake - Defining metrics for a successful security operations](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/The-Golden-Hour-remake-Defining-metrics-for-a-successful/ba-p/782014) -- [Defender for Endpoint Evaluation lab is now available in public preview +- [Defender for Endpoint Evaluation lab is now available in public preview ](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Microsoft-Defender-ATP-Evaluation-lab-is-now-available-in-public/ba-p/770271) -- [How automation brings value to your security +- [How automation brings value to your security teams](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/How-automation-brings-value-to-your-security-teams/ba-p/729297) From 8c381211d597a1727bfdf4afcb05e1874ec85404 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 09:13:01 -0800 Subject: [PATCH 29/68] Update helpful-resources.md --- .../microsoft-defender-atp/helpful-resources.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md index fd973e1a2a..88e26c2252 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md @@ -57,3 +57,5 @@ Access helpful resources such as links to blogs and other resources related to - [How automation brings value to your security teams](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/How-automation-brings-value-to-your-security-teams/ba-p/729297) + +- [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md) \ No newline at end of file From e3fb119c6451ff8e454050d406126460f245ef88 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 09:14:47 -0800 Subject: [PATCH 30/68] Update manage-atp-post-migration.md --- .../microsoft-defender-atp/manage-atp-post-migration.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md index 2cb0d3548e..efb39aa306 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md @@ -18,7 +18,7 @@ ms.collection: - M365-security-compliance - m365solution-scenario ms.topic: conceptual -ms.date: 09/22/2020 +ms.date: 01/26/2021 ms.reviewer: chventou --- @@ -43,3 +43,6 @@ The following table lists various tools/methods you can use, with links to learn |**[Group Policy Objects in Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy)** |[Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services/overview) includes built-in Group Policy Objects for users and devices. You can customize the built-in Group Policy Objects as needed for your environment, as well as create custom Group Policy Objects and organizational units (OUs).

See [Manage Microsoft Defender for Endpoint with Group Policy Objects](manage-atp-post-migration-group-policy-objects.md). | |**[PowerShell, WMI, and MPCmdRun.exe](manage-atp-post-migration-other-tools.md)** |*We recommend using Microsoft Endpoint Manager (which includes Intune and Configuration Manager) to manage threat protection features on your organization's devices. However, you can configure some settings, such as Microsoft Defender Antivirus settings on individual devices (endpoints) with PowerShell, WMI, or the MPCmdRun.exe tool.*

You can use PowerShell to manage Microsoft Defender Antivirus, exploit protection, and your attack surface reduction rules. See [Configure Microsoft Defender for Endpoint with PowerShell](manage-atp-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-powershell).

You can use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus and exclusions. See [Configure Microsoft Defender for Endpoint with WMI](manage-atp-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-windows-management-instrumentation-wmi).

You can use the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) to manage Microsoft Defender Antivirus and exclusions, as well as validate connections between your network and the cloud. See [Configure Microsoft Defender for Endpoint with MPCmdRun.exe](manage-atp-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-microsoft-malware-protection-command-line-utility-mpcmdrunexe). | +## See also + +- [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md) \ No newline at end of file From 92f0b61c0674ae8e52cab1d67873b1ad9594da14 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 09:23:40 -0800 Subject: [PATCH 31/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index d895dbaa84..217c0ca4ff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -307,6 +307,9 @@ Depending on the [level of automation](https://docs.microsoft.com/windows/securi - [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels); and then - [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation). +> [!TIP] +> We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle. + ## Still need help? From 66e207e995f7d51a6d0f8f2e0301d2c609cfc185 Mon Sep 17 00:00:00 2001 From: Peter Lewis Date: Tue, 26 Jan 2021 17:28:04 +0000 Subject: [PATCH 32/68] fix title fix title which omitted full wording (replace "Set up Microsoft c for macOS device groups in Jamf Pro" with "Set up Microsoft Defender for Endpoint for macOS device groups in Jamf Pro") --- .../microsoft-defender-atp/mac-jamfpro-device-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md index 3b011e3606..73dc882a2c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md @@ -20,7 +20,7 @@ ms.topic: conceptual ms.technology: mde --- -# Set up Microsoft c for macOS device groups in Jamf Pro +# Set up Microsoft Defender for Endpoint for macOS device groups in Jamf Pro [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] From 99ddcfab0a6114688c9433efb418c6f987d0a1c8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 09:31:20 -0800 Subject: [PATCH 33/68] Update auto-investigation-action-center.md --- .../microsoft-defender-atp/auto-investigation-action-center.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index e929d6e210..0fb359840a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -170,3 +170,6 @@ When you click on the pending actions link, you'll be taken to the Action center - [See the interactive guide: Investigate and remediate threats with Microsoft Defender for Endpoint](https://aka.ms/MDATP-IR-Interactive-Guide) +## See also + +- [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md) \ No newline at end of file From 0ee619b4fcec0cb7011e5cf4f1e882a75be2b3b0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 10:22:42 -0800 Subject: [PATCH 34/68] Update edr-in-block-mode.md --- .../microsoft-defender-atp/edr-in-block-mode.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index 0304cdd397..75f4bba554 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -15,7 +15,7 @@ ms.localizationpriority: medium ms.custom: - next-gen - edr -ms.date: 01/07/2021 +ms.date: 01/26/2021 ms.collection: - m365-security-compliance - m365initiative-defender-endpoint @@ -70,7 +70,7 @@ The following image shows an instance of unwanted software that was detected and |Requirement |Details | |---------|---------| |Permissions |Global Administrator or Security Administrator role assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions). | -|Operating system |One of the following versions:
- Windows 10 (all releases)
- Windows Server 2016 or later | +|Operating system |One of the following versions:
- Windows 10 (all releases)
- Windows Server, version 1803 or newer
- Windows Server 2019 | |Windows E5 enrollment |Windows E5 is included in the following subscriptions:
- Microsoft 365 E5
- Microsoft 365 E3 together with the Identity & Threat Protection offering

See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide&preserve-view=true#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). | |Microsoft Defender Antivirus |Microsoft Defender Antivirus must be installed and running in either active mode or passive mode. (You can use Microsoft Defender Antivirus alongside a non-Microsoft antivirus solution.) [Confirm Microsoft Defender Antivirus is in active or passive mode](#how-do-i-confirm-microsoft-defender-antivirus-is-in-active-or-passive-mode). | |Cloud-delivered protection |Make sure Microsoft Defender Antivirus is configured such that [cloud-delivered protection is enabled](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus). | From 2b73b1d9c583dce0361b9cf4c9f953519d6b4f79 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 12:00:16 -0800 Subject: [PATCH 35/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 217c0ca4ff..9c411725bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -31,7 +31,9 @@ ms.custom: FPFN - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806) -In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives. These steps include: +In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution. + +If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives. These steps include: 1. [Reviewing and classifying alerts](#part-1-review-and-classify-alerts) 2. [Reviewing remediation actions that were taken](#part-2-review-remediation-actions) @@ -40,8 +42,8 @@ In endpoint protection, a false positive is an entity, such as a file or a proce 5. [Reviewing and adjusting your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings) 6. [Getting help if you still have issues with false positives/negatives](#still-need-help) -> [!IMPORTANT] -> This article is intended for security operators and administrators. +> [!NOTE] +> This article is intended as guidance for security operators and security administrators who are using [Microsoft Defender for Endpoint](microsoft-defender-advanced-threat-protection.md). ## Part 1: Review and classify alerts From 17d43cfd5707c0b32a5c96b5370503a93beed655 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 12:10:26 -0800 Subject: [PATCH 36/68] Update network-protection.md --- .../microsoft-defender-atp/network-protection.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 0cf3df8758..2a2ebcab64 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -45,13 +45,13 @@ You can also use [audit mode](audit-windows-defender.md) to evaluate how Network ## Requirements -Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender AV real-time protection. +Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender Antivirus real-time protection. -Windows 10 version | Microsoft Defender Antivirus --|- -Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled +| Windows 10 version | Microsoft Defender Antivirus | +|:---|:---| +| Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled | -After you have enabled the services, you may need to configure your network or firewall to allow the connections between the services and your endpoints. +After you have enabled the services, you might need to configure your network or firewall to allow the connections between the services and your endpoints. - .smartscreen.microsoft.com - .smartscreen-prod.microsoft.com From 8bfa5fd4bf9e6d15aea12d0cd09f0628b01bac3a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 12:14:51 -0800 Subject: [PATCH 37/68] Update troubleshoot-np.md --- .../microsoft-defender-atp/troubleshoot-np.md | 38 ++++++++++--------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index 82fcbb7ca7..79cdbc3b60 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium audience: ITPro author: dansimp ms.author: dansimp -ms.date: 03/27/2019 +ms.date: 01/26/2021 ms.reviewer: manager: dansimp ms.technology: mde @@ -24,14 +24,13 @@ ms.technology: mde **Applies to:** -* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - -* IT administrators +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- IT administrators When you use [Network protection](network-protection.md) you may encounter issues, such as: -* Network protection blocks a website that is safe (false positive) -* Network protection fails to block a suspicious or known malicious website (false negative) +- Network protection blocks a website that is safe (false positive) +- Network protection fails to block a suspicious or known malicious website (false negative) There are four steps to troubleshooting these problems: @@ -45,11 +44,11 @@ There are four steps to troubleshooting these problems: Network protection will only work on devices with the following conditions: >[!div class="checklist"] -> * Endpoints are running Windows 10 Pro or Enterprise edition, version 1709 or higher. -> * Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Microsoft Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). -> * [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled. -> * [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled. -> * Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**). +> - Endpoints are running Windows 10 Pro or Enterprise edition, version 1709 or higher. +> - Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [See what happens when you are using a non-Microsoft antivirus solution](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md). +> - [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled. +> - [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled. +> - Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**). ## Use audit mode @@ -61,9 +60,9 @@ You can enable network protection in audit mode and then visit a website that we Set-MpPreference -EnableNetworkProtection AuditMode ``` -1. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block). +2. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block). -1. [Review the network protection event logs](network-protection.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**. +3. [Review the network protection event logs](network-protection.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**. If network protection is not blocking a connection that you are expecting it should block, enable the feature. @@ -75,6 +74,8 @@ You can enable network protection in audit mode and then visit a website that we If you've tested the feature with the demo site and with audit mode, and network protection is working on pre-configured scenarios, but is not working as expected for a specific connection, use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md). +See [Address false positives/negatives in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives). + ## Exclude website from network protection scope To allow the website that is being blocked (false positive), add its URL to the [list of trusted sites](https://blogs.msdn.microsoft.com/asiatech/2014/08/19/how-to-add-web-sites-to-trusted-sites-via-gpo-from-dc-installed-ie10-or-higher-ie-version/). Web resources from this list bypass the network protection check. @@ -89,16 +90,17 @@ When you report a problem with network protection, you are asked to collect and cd c:\program files\windows defender ``` -1. Run this command to generate the diagnostic logs: +2. Run this command to generate the diagnostic logs: ```PowerShell mpcmdrun -getfiles ``` -1. By default, they are saved to C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. Attach the file to the submission form. +3. By default, they are saved to C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. Attach the file to the submission form. ## Related topics -* [Network protection](network-protection.md) -* [Evaluate network protection](evaluate-network-protection.md) -* [Enable network protection](enable-network-protection.md) +- [Network protection](network-protection.md) +- [Evaluate network protection](evaluate-network-protection.md) +- [Enable network protection](enable-network-protection.md) +- [Address false positives/negatives in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives) From 1bf91a1fd859e054e58303a537815bb4cfbe4c00 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 12:15:51 -0800 Subject: [PATCH 38/68] Update network-protection.md --- .../microsoft-defender-atp/network-protection.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 2a2ebcab64..29ed5acfbf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -79,11 +79,11 @@ You can review the Windows event log to see events that are created when network 3. This will create a custom view that filters to only show the following events related to network protection: - Event ID | Description - -|- - 5007 | Event when settings are changed - 1125 | Event when network protection fires in audit mode - 1126 | Event when network protection fires in block mode + | Event ID | Description | + |:---|:---| + | 5007 | Event when settings are changed | + | 1125 | Event when network protection fires in audit mode | + | 1126 | Event when network protection fires in block mode | ## Related articles From e2f432e0a8799480ccf021609a4e9d178d294237 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 12:28:01 -0800 Subject: [PATCH 39/68] Update md-app-guard-overview.md --- .../md-app-guard-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 0c47055df2..576fd34c27 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 12/17/2020 +ms.date: 01/27/2021 ms.reviewer: manager: dansimp ms.custom: asr From e6fb1e9cee0ae3f6ba9216514805cddc6a1c70f6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 12:28:24 -0800 Subject: [PATCH 40/68] Update md-app-guard-overview.md --- .../md-app-guard-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 576fd34c27..1187818d92 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -52,4 +52,4 @@ Application Guard has been created to target several types of devices: | [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a troubleshooting guide | | [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide | |[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| -|[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](https://docs.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.| +|[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.| From 2cbc3d3d36c30cbefa068412a6d603e077350e91 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 26 Jan 2021 13:00:19 -0800 Subject: [PATCH 41/68] Update customize-windows-10-start-screens-by-using-group-policy.md --- .../customize-windows-10-start-screens-by-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md index 3cd4ad2b71..ebadfd9803 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md @@ -1,5 +1,5 @@ --- -title: Customize Windows 10 Start and tasbkar with Group Policy (Windows 10) +title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10) description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain. ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545 ms.reviewer: From 8128755e7ef4ff40de3ec3af2895bcdd7ec59206 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 13:08:23 -0800 Subject: [PATCH 42/68] Update defender-endpoint-false-positives-negatives.md --- ...nder-endpoint-false-positives-negatives.md | 39 ++++++++++++++++--- 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 9c411725bb..d40358edae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -183,13 +183,40 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, you can c - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) -You can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following table: +You can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following sections: -| Indicator type and considerations | Prerequisites | -|:----|:----| -|**[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)**

Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files.

The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action. Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications.

Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes. | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)

Antimalware client version: 4.18.1901.x or later

Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019

[Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | -| **[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)**

Full URL path blocks can be applied on the domain level and all unencrypted URLs. IP is supported for all three protocols. Only external IPs can be added to the indicator list; indicators cannot be created for internal IPs.

For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.

There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.

Only single IP addresses are supported (no CIDR blocks or IP ranges)

Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge)

Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) | Network protection in Defender for Endpoint enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection))

Antimalware client version: 4.18.1906.x or later

Devices are running Windows 10, version 1709 or later

Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | -| **[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)**

`.CER` or `.PEM` file extensions are supported. A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities).

The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.

Microsoft signed certificates cannot be blocked.

It can take up to 3 hours to create and remove a certificate IoC. | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)

Antimalware client version: 4.18.1901.x or later

Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019

Virus and threat protection definitions are up to date | +#### Indicators for files + +When you [create an "allow" indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file), it helps prevent files that your organization is using from being blocked. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. + +Before you create indicators for files, make sure the following requirements are met: +- Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).) +- Antimalware client version is 4.18.1901.x or later +- Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 +- The [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) + +#### Indicators for IP addresses, URLs, or domains + +When you [create an "allow" indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain), it helps prevent the sites or IP addresses your organization uses from being blocked. + +Before you create indicators for IP addresses, URLs, or domains, make sure the following requirements are met: +- Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection)) +- Antimalware client version is 4.18.1906.x or later +- Devices are running Windows 10, version 1709, or later + +Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) + +#### Indicators for application certificates + +When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)**, it helps prevent applications, such as internally developed applications, that you organization uses from being blocked. + +`.CER` or `.PEM` file extensions are supported. A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). + +Before you create indicators for application certificates, make sure the following requirements are met: +- Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).) +- Antimalware client version is 4.18.1901.x or later +- Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 +- Virus and threat protection definitions are up to date > [!TIP] > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). From 9462c60ab32a5b72766646a6d88d2259a6688024 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 13:12:57 -0800 Subject: [PATCH 43/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index d40358edae..a055c2e2f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -208,9 +208,7 @@ Custom network indicators are turned on in the Microsoft Defender Security Cente #### Indicators for application certificates -When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)**, it helps prevent applications, such as internally developed applications, that you organization uses from being blocked. - -`.CER` or `.PEM` file extensions are supported. A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). +When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)**, it helps prevent applications, such as internally developed applications, that your organization uses from being blocked. `.CER` or `.PEM` file extensions are supported. Before you create indicators for application certificates, make sure the following requirements are met: - Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).) From 474099df034bf4f0f31aa59f9e6095a7d3208864 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 13:14:30 -0800 Subject: [PATCH 44/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index a055c2e2f7..f327f3bbc5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -329,7 +329,7 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett [Automated investigation and remediation](automated-investigations.md) (AIR) capabilities are designed to examine alerts and take immediate action to resolve breaches. As alerts are triggered, and an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. -Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization, as well as other security settings, remediation actions are taken on artifacts deemed Malicious or Suspicious. Remediation actions can occur automatically, or only upon approval by your security operations team. +Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization and other security settings, remediation actions are taken on artifacts deemed Malicious or Suspicious. Remediation actions can occur automatically, or only upon approval by your security operations team. - [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels); and then - [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation). From 2c8970880b66249c95bf2beea131184d0857517f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 13:19:51 -0800 Subject: [PATCH 45/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index f327f3bbc5..f32e43f1a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -183,7 +183,10 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, you can c - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) -You can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following sections: +You can create indicators for: +- [Files](#indicators-for-files) +- [IP addresses, URLs, and domains](#indicators-for-ip-addresses-urls-or-domains) +- [Application certificates](#indicators-for-application-certificates) #### Indicators for files From d572315a16f509b1a726b333916bf1bd4ef6f822 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 13:21:16 -0800 Subject: [PATCH 46/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index f32e43f1a9..89da6e7ecf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -211,7 +211,7 @@ Custom network indicators are turned on in the Microsoft Defender Security Cente #### Indicators for application certificates -When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)**, it helps prevent applications, such as internally developed applications, that your organization uses from being blocked. `.CER` or `.PEM` file extensions are supported. +When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates), it helps prevent applications, such as internally developed applications, that your organization uses from being blocked. `.CER` or `.PEM` file extensions are supported. Before you create indicators for application certificates, make sure the following requirements are met: - Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).) From 76d679eb5918639eca7dc1cde370ef7ae0d35f22 Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Tue, 26 Jan 2021 14:54:57 -0800 Subject: [PATCH 47/68] Adding art for false positive/negatives for Denise --- ...fender-endpoint-false-positives-negatives.md | 8 ++++++++ .../images/false-positives-indicators.png | Bin 0 -> 14102 bytes .../images/false-positives-overview.png | Bin 0 -> 27939 bytes .../images/false-positives-step-diagram.png | Bin 0 -> 19014 bytes 4 files changed, 8 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/false-positives-step-diagram.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 89da6e7ecf..43eebf368e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -33,8 +33,13 @@ ms.custom: FPFN In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution. +![Definition of false positive and negatives in Windows Defender for Endpoints](images/false-positives-overview.png) + If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives. These steps include: +![Steps to address false positives and negatives](images/false-positives-step-diagram.png) + + 1. [Reviewing and classifying alerts](#part-1-review-and-classify-alerts) 2. [Reviewing remediation actions that were taken](#part-2-review-remediation-actions) 3. [Reviewing and defining exclusions](#part-3-review-or-define-exclusions) @@ -184,10 +189,13 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, you can c - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) You can create indicators for: + - [Files](#indicators-for-files) - [IP addresses, URLs, and domains](#indicators-for-ip-addresses-urls-or-domains) - [Application certificates](#indicators-for-application-certificates) +![Indicator types diagram](images/false-positives-indicators.png) + #### Indicators for files When you [create an "allow" indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file), it helps prevent files that your organization is using from being blocked. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png new file mode 100644 index 0000000000000000000000000000000000000000..733db3cb46935defdc17fb312d25c927ea95f178 GIT binary patch literal 14102 zcmc(`X*^q7^fw+{)zZ=lEk%dhDvAzTHAQvOQq(-vaI0FOi7_H1p70g38aFzxVoC@atzg;+>Rp9_D;me|`FrW+r?>LgmH*XykCF*qu`yjaM?S zr+#cd+Guv+wuFk$+AF@eUZTb1^}Duh*WELBj_x@jt2Z3-CcNHwguJt0tUZt}G!mM! zDjnqnzni)%4e2%^izbhp7fKz=N(cE=QBhZ9xfSlUE#_J2?)&=NCsSrIa-!nZPBGy2 z<>P;Cx2XB~-f;<0dE)B-uQz{~`HZ|1Y?8@?DB?Iayoj~Q?`>x@gcB1?K5T1jdd&vO z*uq$Dk-lZ8-xP`Cy)V5lHhPtgDWyNdQENA)mHAwYKkho>PVk2 z2p#oedkQ?X*VovaD;SKF=z1p3HoUjw%S2$_E!rlRu8nM(SNedL?AkNEmsV9MUi z+Kg_CZbB!h001#>hU~;P9|jY*gqKX~ofS*8HW$ui=gErR^HZ&GPE-I+d}eB|&mW&0 zoOa*rPGRPB13xWRn@6wE+Wqv4Almbs0ys=H`p0x2v<0Mem@#Y$)XClII6W|g!~&}ZBuuq{+Ziv`7Q#B~~P{VHfibL#HOkx=U6gzvmm+x#g%a5Ua&0&A97| zO5FL7LgUrXHTQ(yS2U9so)Y1W^{=w&(R~dGYF-GxsQY7ns-4-4FF@jIvfR6Sf9AxG zTdh4wj>}oywQYUPD6N4Tj~Gids^psO?wD-;>+bV^6^r+{1);erlC^JHPdtQ|cUno?kc39_;SO-BEm^ zP8J^z41Z$VGoSB5?v1y|3eRmfU+B#RAZHg1&RwRS7pe%q4?-#m!;j@d+t{rDlVT>E z`nOm4X)qr$GB$J{s{jq~Keu*imbN#8@g}~nCMtzNrm~@J!UJ4Fg}Z{N%}&*JVgz@R z{jr{e`(>YJUzjz;3NZj2nRCDSqwkj}>#QAF(j8L?`2L0?5(W6}jc(Z3(REnk zkCLWL%a-5`Px?Z4D*~pU8+K(ahZFBG2J@utrA#d(Dn8~V^xSto(yhid<24BiqnpVc zqMnv^(rhM9wG*4LzP;eDBR&-HPBeEFO1@)_x8S<=A$+>YEdU z0^AI&f}9Ieln2{4dJk;{u_jot3&V!A)n^&K`e#MXtLlb(Y>Lj8LNI>a*d@~K+zta- zg7{6Tm++o4qF_g|^bujMum#2IdeZPC0+@W%r~0pVYi!iRQTqIFiqwy#hZ$Z->xw`|B4sIM@dX%vZZE8acXhi zlB2TM*G%hqQG4iT60{k-*NMUF?T0?LUAe?Ap!_Wt?vr0O^Buoy>3x4qOnM~ug2bCx zUq*G`LBW>(3eg#`IF7F|ZTwlUUGxl7`>OAw!FVXC-;4z51U08qv%=5srVNAC*A#Dm!r}_N}ayUpu9lIdGoqZItx8 zu-OIK>Jv2Ln=AbwTgO<>W7L`>BWBu6TYfm~%4~H7!~UvSI2V+p{pX@U_vT=-6}z!h zw_^jY5x5F#?Eju&n#K<> zoS}NV|EY?I{BdzL6ivM#x&m;?F#|qGXzh)wGyQ;M$j3-pZOf zaOs7W71!wlGQV-FMGnRbo)o17_v zLwV$-!KPJqvA;0#YI*!KY6*;&D>85!{ zY-v~VOIK2_B5}R7S5>|PHbdkbGqtgxaPn`VGdO4Iq-(t^L#Jm7V|RhE^UodgIqVel z#dwB-rP*9#>W7E*yHBks}ryD+;b!`K^3x>O)Ub#QjNmjI=6^A-ACU&Xk zoaNow($!RZ_`<8rUlibOi6K8+^_2V|n+lW!W|bTtc=2&V)opLguhsoRin4be4$v#x9=!ahj3TVJZ)=efJZ(p8XPH9?F^OPZPz`hg-cI!)A5O!NbjnP8_@PE&WoI%9@o*5$Gk(C^)TNu3m3s{?bkjKGc`^9e?MMz^o32tD`K)C4KD`E<&HKqbPX&^sUbeOcuhmAHz8$f0kEdY1`d4Eqs#baj~=o(730=4u&C*w0Qmy>}sKVXEig`i9W1)^=%`O5Wri*M|gRBE{D^rS?gRcUmU zvS3Q-!p~*}D7hbXG?-UcJzF(nhc457hjJDxoMElG_1L@R1zw9Zs@Vv@Hie(>L^H?3 zi$?2I-0Egu;8?k*JO=!QOC6UWakDRka-)3=o^JhktVBaVDx}c=U9f>g;Vj5M5!9hv zzC-N--%EHJsf91u``gYXoOyoIq6TE(nat?aN~%jRx6zf~u%ZlWK9Jf0rd`$@gH({s z?C4JIi66dH>^thz02ZJI7q6fD!^|42Y;nlJYBc*xZ`d9Cq#;@9esbsSf4qoHt3Wq0 zzOn31Is2kbxy*nj;+JoR6$<82OuT4AZTRS5K9A=c4LC}mD$^14!->HO z?8?@a(@k!9jHOl91+TqDNlULdW}tz!GmuC2k8Km6c7E@YmtwcVJxPdJ|3g7&i zI=F|_{j&N>mM^vH@;APzZT@LkNG9C@MY`WJ_$zMLAMW_)fcIF5t5Q#;zrq@)R8mwv zc4xWOA&!Ew!ar$h;O@;I?OFRNb$u-U^h;qkqIuovEs#<-XU+wU8vfDqU?s;p(ZcIv zdW_|h zJIsv|`R^rn^Z7318O7+Lm^S%}B(-iSI!sv{bnw z?~#>!^f!A?R<$#cKfqdr(Hl+|3k&!Iis6Lyv)cCLzDP>VnczRH6@Pr{%|LT-lUs5+ zVbaZM zopt|^5Zj$bM?L&XTjXLDh<@&U%ZNUP7r!s#6dn4C!7WWSy>=-RV9NF>)ta~jyj@cm zcDGIXdrMda;5H?$Mc5kFye@4^@zJX1f4KzJ2>u5<)5>Nx_s7QpDPpA(6tVch!fr$i z4*X2k0_nwk&Rw2J-=}S^?tJEqV>>>+Up;HEB1I1pRsJ_}rhI0A(_lH~4UO0;2FZYL zyPKWSx$E)%i+IvVWIBd~NeWguQ2Qop83~KNJ3OqTI&d}1>j&O@t-+FF_sqgpzEn#| zY6n?KwW}g~ak8g24R!*wNZC1lbGLJi&RSz~!x3dGCM>2%FO@)5&kXreg#2AIFPkp$ z^U&osCpxAXdz0C7j@dk*C@p)7r1bB)bqcq8kC9=tC2SWILfUbW&1fXdxhu}-q2mO0 z5_v3Fw7TarvUvr~H*L_F=Dc(-k=45a=}ck{tdbTuqe;UTZW}^!pCa)1?+U<&mQ~go zo!k@dwpNC6R(fDSNz(0j zeu0gL!+!jpG(T6u9Bn6?iZFtX%w_&m)9J>Ql@O9WS}hbakoP~-xjZTyzJCZtXI9Hi zU7C;L?H%oknn~=~F&ZCM*m+1vQEKZoSh1GyGC^q(d&=e-9qd1xbVF8d-pR)KXX%{7 zdS~dyaN_J91(FyztFE%vM6K6pFIBUqkrUMNJN<5%iefN9M={wj54l+HI9O3=wcXy* zvk1j2jE>JwufM{5LrN8uC1T*|H)9ZJn8~G(F?IOfJ}A#4Rzp`bTSsV{{Lr@?&(PJ! zj4EdN?7n*BR))^_@;f%aV*gqpb?N;wuhJ3h!gj=Ip0hh3#aKGFGL+wYGuYC&xUp&R zele$yQGvRTYk04;e60>V65ot_)Zh@FMUux08s5qL20B*-!>zP^Ag;^WQ2O8iAOHB7 zR#BbB$-3jv1vEQWzfNZ$R)Bc72`R~+%M$hQA}q&n%z)-+W*lgxnCuT-J;d7V4X)%? zUh1TSOAkWNuo?%}Ocd}0I!+EnhnVQ7)yVOIq{+_@)Ae)<_j&JBIJ};CZfCH5W<*98 z!u(|Tf!pzhZ7={Qv`W-r1)*lp6t{G4=#Pp{!$A}9pwH;ibx#;+8S){xTA}+x(z(9R z4GM#tV^-Yb?1z+ETZ-UZ_`sQ^>ep^WodW0xX!Dr9UXo#RGLqNdH|xHDGILs3g+6ZY zGn;w#Smk*`^do1&jWTgdR(Q0h{C+~NvfxEYehAuk%?nJE#VyVSI-Xj*#v*K#9zyhv zOI!l}ObZpmq+FA${J>nW*CuKId$Ov?89qx}s6ARJ0uU~ARL(~B>Q_CQNc#}d?0d_( z8uP{G#Fdmv(oJiUMb-`|@3~&@@wgH_Ml<%oW3%URp{92amsIwmdX1Nk{HeZpE@(w1 z>0_WrD)-vw$_v7gYtp0=0glDR@cYT9p(z>zqf3<_N~p3&>f}2Yov!^SX6`qBdJ{G% zvhfrOJ(!+|m6q1Wp{mYE&_eC?H31}LfCJpO<>enxZ%5u64iuC^emB1VfMO@KZ zrT?ZCU#u*vGgi3*Il0_E%l7k>B)C1wSXlpI4*WbgpDuT<7|Oen94PZs>q_^OT7^58 zIlcA>)$USqCG_mH%+cIC7SwWh+&@de0L|wn7OCzpJZu?q9wp6*^5t6dl_GSl-5gS+ zGh*G*0hES&L3nv8YnhkN79gl_+W@O&_}o6{d%s#4`?J2kbcg5Q?xo#?FA*|Nb|RI; zvcg2}Lg1FLLD5FHI`GIdhMDuq>(CiIz(@M3v7zlkE&zDyq7AU|z1mOf3100+SEMMy zF%;;H31}($AMU=f9mV?erEKFX7-4fcBuW#5Kne%Z{efJ~rsb?KtPo%!q1@csU z;>Xsr@Qul56WsHdR8_hAZ<8T2!ZP0y#0xUVQv4Z&R_TFX1-D)Lcy*}C$DD-#8U)0< zY)(fk+~!=a3q>nxTugl8;qGj81omaw?iIqd2+aPhVx=4U!%NoAJrFb!j7wdwb{nG- z=rt8q@M`&mQM~@buj)sO?w&^M$@)$dt00a{_-52Lal&J-kqbA(;+xle#H;uaLb;xH zv+$IAakU<*Htp$|Wx=Tt=`0&cNKMkPp4t>IqElnHd#2oBCZZ=9!#wipT2I>L%gHT? z?u$OSSA7I7BNBCGD(;+UkpZ*(|Z(R@DmacbXdIV>~3jGQ^O zRB6vt(JHFJfHL&dk~LoS*;`(toP8Jk1&#vcMKCT$+b^9-_vo5#=zpK5-i;fM+JB$G zE5HVLI9S>&m?-fC`z+|XP1JnLoW51aQynyeyPg>s^~gL!F?f~?ez}K_NLRXlsJM4e z4019fbx&T;qv6Kw*;@r7M(**AY}=)Doznu(@5AMiOXczp>sEV?oeT8$kTF3Pf)DBOO7MkvX}A-vh&ZA8F!}`Q$BDV@JUk^ zosY|2bkf zWUtWy5kbUTY+zL`uTLch`ZaY&jdA;!#b_W;C^}k;<{oFG_ScMyn2T2}xv;T!i(eS3 zt0#B<5wQbpliBo*Q)a;b{pa7KYX9-oC$7CF*6#c7fxTv%gEzKW>$7%$@!Su5dmtP0 zv?ua+73tE+_cUCf4e3be&*qTbE=VG;Gq5kk252y6QZ&H>lmjJsA@e20pK*0N#W%$6 z25nWNg^%s`mrCaV)G|#a*OVlpesmdg?21Eij8}FS?Ru&PT zkKZ1{#j;278Ma|DPfq+$(-q&4%!WRx?o#9h(ZIOTI%!v_#~NH6b&=LQjEj3tI;+B`-z<;E$%UhKdMW<3+dbjP ze}wMK%lx@QbyMkOcGKF}m^S}PfgBL4F9a{9L*MCJXG#O0)*c>ePIi5NLG@E zjcC;xbmKh%`n7m{dZvbo;7~GdR+c1shSHI1OHW+^0XoDPHHz2Bl1szNhGG#pkmt)^ zUQ>N{hu=jveFtgUYF{pt%X{m&`A*PBP9DvxM3H6s_R-K*vtrrPWnM!6;o1P|aEI3x zpIV$jST1V){;|>-HzJx$J*$~6R4n)|86~oUhx5wRev+qLKcHD68JN-~WSd&TfXfd2 zA!RgLHDZ|>(9#6Tirp%sZ^SP1O{2Z{|Dms|t6Rq+0c7r!+SX;{HXq_87^V(ZaI*p` zZ!3Bsf+Jb(^ekDU-=8G<3Xg7`)P>(}5G>+rX7pJgsa#--QZaGE0!IxK^wBb>jSh6JINFKa@0i5{vK;N-vM?UvJ0Yir* znbLzZ;NpeA75vhoNvp3vP;xoCf%|+J4dLI2M1%zYY5u_Kl1WC$Mv1%Zg|_nM%uO30 z6OVGCgC7Eg!6X%Z(7;xQGvTdj@8=_htT{Q-G^b5O8F|2qh4%i6qw zHHh3lo-o@qhk4eQxK(Mq35-d!XEiMhRh{rat_(0=UFdQV+!3h0Zy{56r1Kjw)VSzR8&qB00VHBXn(*C%A*s~>6! zAXNaj2)MTTs~c6fezt-?S|&%h{9|hsM?_wUL1VfZp!GZXdqj4<`?>1d0h6zg*UVd=P5n^{2a((jWiuO}~^{v%j5lHgUs?rG{zR_#J(Y zckkQ%OB$WUQh@`CYRw4YFSPL2FsFY{aiSY%;G+2`v~OA9zasU}EQWa9D6d*q$SOoL zYrY>Tq+h{ELUC~=i*-U2hEmVaR zE?A93yR5XhPiH?q{8R=Ilh{ixSrmD2`*{daxH@^Q+Muaw(4u0qzkBW_Ai90IgPCYJ zlWMQP|C&I9;KB0Mvd!Ygfr9FGCvP#mbfJL0wRzh)S4YUacxtl(H)hE5P?X}itShN* z>p%qC%`tPnjwh8gs}m4}O1eZ(GM~a?BpEGcZp?veRb?*}R~js7*9As=Qd9-|F zc{^t*Q2-zwoc0pVDuxX|ujGmiU2dvyYC&enX7fZqgposxOR!Wi1LRMYjhqgs+|2AK zygxE}OSo2T-g8(?)X;^^kjWS77!kOYTwbWeFDm_Bl^CiwZJKC-Uh_pQs*s9FdHjW8 zcYn)GA<^Le`8%@-m5ng){B3h%b(5fW%b^p^v5jj@?A*qhjuw2w_?&rQEtG|VFuHQ3 z{#ut_gvV*~y$`AY4jq!5uVOcPBA|<)XZnzTJ)fo#kFs>TjPg9>&b*F|SZOj{9rB@8 zTo;ShsE;PQkG-uV@aLgurrD?n05eDb_59Cxmv;;g4a~OT*X{rXg^DU}BYQn|e{}Co zgqc>Y{(9yay8QQ?)F&5d4smk@TdXFWGiQo$X#K+quur140gq)yei}rw2kzShCA;?C zc+~#z@G0)|6CH8`+Se#SxqwT_f(frMif-SO2%9-i-H=X^*%d&l%x6N#+NM6J3@?jZ zdNO0kYLM!ic|<(t5iLB-YQsCjazp@3TK;+>8o$U>TA`}flgfAg$#|Up&v~frryu{E z6Wg59+qJhJy*bY|`MkJL^R-vyD#N#wkTpAQWr-6t`w@H5h3Rb%n|$K0N&7TJC!~?I%caHK#BUjjr~6z>*Q!I0WP=lo-kK$ESzpVdNF&U_a6FW``zNMO;DZ!Vnk7U zJLP@z-|dG0hxYxyy?JLu7Q9g1}5RvpeGZLh$~YeVJiTJOuZMAg^y%oINeUZJ+;29Y)0OUjHnuc4PH_`Amwg6;)wwmGxxl+m zO+&b$5?r}?!EJ|`+kp17jBXNWt?gwvn|f2YXoSk}jATwnBTZ4dWBVNLs^IKdof(Yf zNY!Gk_;mefPovd~M4i5=Ren+$VQOVAngP9&G0VMiC2!1*z~B|JTURpr+!{Pol@)T( z{9XbVXdgM5i;GaV-eRrygwMbjS*w;BM1S~Ob|9l78QbU4Vr*(`bB~Z5*FS-1Zd-5U z0!2?5%=%DBHQh^fNTuYZ;mss6H3Yi5HrK}xa&eTAu-TQ&#e^O=HMJz$D@__(INx&u z8x_>~{9>5@RM)mK^@JIB7e-k7o3_?yBFEB=tQUYnGUqp0zkt&{K+{9b;Be84t!Rb-p|RkL5rVSqki0swaMM<|L--1x~bLC6Y5^ z;N4$mSRwmY*cql%Es(m}FOKNMf;GU{!I>~tbcHi3bTa@|L1sASjos5Ardn%%BO7sk zoRHgTmnK_e2}ffX#e>i>IHO|W0OLtI+qcek6XZ2tTxN$F;C!edt{`WMlAG*QTQ~j~ zcSK?BdHXWx;XrSnutug!=opD_312`K`n(T&G7$EPx{6BsvTBCN= zZ)&5JFVsGFA6$hn2hw!6FM0+0y`SqsGNUqzojUWy5mI(VT4ip&?skUHk+FL6n;Ke= z!_LkdRW?r5xD^#LOZR$+&BKs`>6>;Z`@-$Qe&y+KGdN`RSed^W@w)dpSM4c|R}AKC zkI|NqR`V{sYL(2~2CdBDgCs zCsk}FizRBA%sjy`T9PRd3De@)ep(Wr?@Yd9Sm3D z9dX#a0eRj3Wq!S)!t-(Ig`c#t?p$@SZvZGd@|`s<*@U$3+J%n*FQac_P8vJ49qUdO z#noF*pg(`Txy1_X#?qlNMNcivS;4Izi5Jo7l=MwP+AZn=^L(@hv1T(Ofn4!7IR4>? zS1mh$$4BMSYlRcWD=)BDZ<%Jzel0AyYe|W1VcPMb98!!I8KRYw(}e-M`;K`n4Tb#U zT9%)+T1BAgHFas zcD!2uccUYOnBQ;5jEVf9){Y9h z0AH&pA9-HirQ^%GxyC3}c2vx*OamX3`;PfaB(H_mT9BOog$OxocnmQ>%xO3eBaR`9 z(hyLssErqt;Z%Z`=Fp=(yUPRKW0(*Prx@%^N$quz-2|;TXubhl_FeHd;aUnt^0RJ1 zLy+Y&cHT5S)L9O*0*^{6)%rT@t)zcPmRs@iU6350= zm=*MIwsV6Ly)-GiZ*8N=e^^(IT- zL-Y$UJo}SGM4686#;|nfp(AMoHc02Y9eF~0kpb##6Bgq zF|z=x1uL{aS}8MP7lZ9a!cKH$*pStJhbihhdM?3tj;{2r<*?rf9;CaKUnFJ}GnWKQ zPcFiq-2TN$_4Eph@KjMW3?I=Z!(A-gvw#v)Y(tYbY;TZqnl2&W5Sksd_nt+dLkAWS z&DtohMF}=u%oGh4&a8J8b~&o(5@?JX&1AgO4=X`Ys#mQ@tvY!fy7ZH;I2(8K@KG^n zVnG@T#R>H!y;%b(4l4pz{YenYInQA_#(O-%MtUI^b<>J*ow@Ndqqtl6 zDwDAiS^HQ8?G|2fu7q6md(qVG=17|kT!jJk`3JE+Fj{CK*EHBMk1;H~?f%Pc7!7am z*wll<-9Y&8g<;%bQxT2xi%ODrzE{QmUES@umMB`Y0jF<5x&CZ5iDHeK#WObwiHIeGQnY;VX79+udYyh6m0;ROpp zW357WT3uxr>da*0@2D{`4A+iS({XmlMD-B}MX`2Fcy zUy_PZI>FN;tySs~KPZ56oS#%tnmDca5C>zA)jaCX`@$H1m4kAbB$e`ACz`dqgdpgPzjVdC%|H3ac8raNq!(hYnt{O zR8*KDA9AA)*7e4vul(E8){#s70aTLzKE;+@@m26CmOe!&Jp%Z2$p5=nImN_ zHRG&&7WZZ++&*Y*&2jw;{ESaoD0#t{F3qC;p}Zt!`Bg~8%;Yz!B#VZ-OBcTuR31kO za_D#b__V+`Kk27R2d@a%6Cbn@hD6*V&V z5|#=L^vs}kM3P+cW_=Cip01~_9aD0MVLQ3gul8mBoS!T>mJ`NlP4OfKxH09wxurKm z_%*l%s(fPQ+iO)e^sM7iUlIbHnbAmRuD<~u#?Jd$mSSwWt7&(U6{tI7-xs{~NS<2& zk^P{)^_S%Rl7tuO?-8QB)LTuf;hQsWGA1^9lGEw^R8Q7R9u~dP^^#-73g0{}N8>MP zm<&T^lDWs|5XO7VK*L`KfBM7y4YImdHbxOm5C`sOW19>^Q{AbCzKvj{ zrXV$Z=KYj1GF{hs^r+*YA$U=tWWj#Tk1exMhWR{3t61nu=G=nk(;bubTJXVwU>B|Nn5CZ)FAO%>lWxQngF`~Y#UOfO-t zFSeD}=-w}Tse5U;@T(Os%~`=hU9xNQrCAF$=^Dco9Id5R>opZj)n^9?3a$Rr6v#;3 z1Y385M5rS%Bn7H2I=NAXQlmenBY*l5m4gtK;R{y{$km2LA-9-82{@&;`zDooUyN;C zr*|aVnXp4n2fp?%;|kjLzKIR)RFjAhtpP58d0?h?kPbi`%F|XfQmd0p?~NJKPlqZ7 zlI2pEapeb(;9h8F5n?-`9+lSDbI)q}H5iXfri^*)X)r$OW|@%wegz+2T@lkC`KTT1 zW;pqx5?U5yH&H6?bAt6;&;~o@a0|rai-Ngv9cVW~icG3yXQpv5%tmI)TCK3xk+2ER zOA(R2E9vb0gNs-7bMeTI1Ppty;}|YnQ0$~%I%4ZuXs8uf{&7ItgSFuXAE+_O!YtTE zj-EVc#WjL-pONcpTN&)&SJGlymF~o-;qTT*y>$OHI`DxdQNQSn#;Cu;o`wDqgu7?$ zF!n^Zmf5dWu*)1ygA53h3lzKe;=YA)Y5}8TDBQo7+PS6-CtKLW53T{E5brqcFy1x% zl5KR>s^Tjo{?8_5i;Du;cE7)fW=Y)%lmDIXAo&^t zYT}PN3sB7;v_Jh2xw4GqCcyT9)U>k7Snp_VjdlmQu57`0%W~?ik!Px>hSX>c3HW}(?;vm#2P2o z`0BN&YYg=nXm+BzceVX7%vJxiHsOps2cQ6!?>L;+Bpt*xlaHx#>xXA3-;qHfj_q3w zrANgIe(@yzkvH#&_AnH0K-ZK3+>0NdJvM2aa#AFZ~xgj-VF;^h*zq5pe3ETOkn6Vx5;{qnzcQ<*um?lX2`u@%J;jy8HeW+st$6Ix- zaLdp!>ncJ`- z9D=IrP?H!M{F)kCm3%D&legKbEL+ShF5RYHULpL2^{=^Ld-`?~>thy808zp(~F?ki<2s;2h!#K%TRu?WwX z;yP-jo(N_W8YVurdXnwWVj=n-eIpmy{An4H_^ZmTm)E5a$$OVN4w=1oOZRb3b=8Qm zqKvx`1KvTz(9n8oB;CWcf6vL)1>Mdv@DhK-s|lPf-yfi|1bITh%A^9}1#HnW&A^{h zULWURftFcyg#XmzPZRCDidnqLEzrVQ2>!V%iRK>q+&48*Mz3#3z8o{iUNWb|(yHL=dypWD zQwjP{2c2~uqLDf6RpX@N;MVmgxY#fg7bOA7hc&tFUx^_*TnIOEVPAS{#^v7OyY`NV ztk}D-Zu(kXcBl3#rrGnG!}hK!d{?C)K27c9-W<>e&*~{XZ z3Q$zgnAq8l!`{4fDC#jyl;Z@h>TZ8s_J8W@38{TsQqBLy7WRU6^F(h3+`eIbz4EGe G?EeBWzMVb* literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png new file mode 100644 index 0000000000000000000000000000000000000000..e86ad1454deefca58b80b4c04d171bff693672e6 GIT binary patch literal 27939 zcmd42XH-*9^fnqrL_x(uQz@dNKp-FrN=K9yr1ug!BE5#*6cOnH2_U_NmJoWcDn$Z< z^bQJy5UL~;L%j!o_g(jX_Z%HtX>ZYjK%mP? ziZ3-mAgcEu(3wvc&I2vGiP%iw-$fTi19uRJ?)vH9nZcRBLlEc=Na^KsZSS# zhkIN;ympVXq)X|7mFs(lj~CDQcd&#CHeT1?#l7|_M>f{H6Cq&Mdo z6cm`B-)FQ(+!zXw;wT!KA*2=iuHe(O)Fjn())n4*{rN)Balb=0U9FXUN~>lS;SGqtQLbBkqGbCrduIn?C&+ic-p=8={15 zk2$|%{O$?ZSv20M?&$X;X8VWOqd617A}Uu(=CMixrBzZ)OQN_ZHE>7aVXO3^9z6bgYoS9IWdGreLjdXkX%c}67>X~pUiW4+tuc05j{1?|@jSfzh8gt@ z5J-g1hxa92R>qzed!YY;bblZS6g={1j5pV}$nQBzW6;v5^ik6M8)}U?6XScl(JG@~ z>eM4Jk4&QOw8{%Dy6Y^~Ff&8G>w#Zs;kVmQb`lciRGboN1tySt67(ru2?FdnNU@Sb zC=)VuX?R)xm9lI13IoA}7t%4IErpV}NKhgc_cq{6!f*x^@*O5y+-d_Bug7q2X4G$T z&pGlXqefImK5P3s*+BQc1?_}bi1L&g{=A!LKl6?Ws%GwHABEMKbevK%*@UW*QN|l6 zImEmV9v?5g-=~D$*w@cfZj4(?Izm^fex94^tRBbD?^o>FqKrqXv)9OvEpp>?&H)!X~4!1Lc}h!;qA+9*d?; z&APpm6-_wPP$16n52~PwlTFLN+#y4=CS#7<@`j_eOJny`!s7R-SIAzS{#+J4_6MP2 z{QO@>kp96B`_&Fh?Mp7z{0K_2dAoJA>JNr7F;D>t%;wJXzCN`;{9O5sZ2S2hDbM@U zoMnvV@8>Zq+8x%TLsgd9*KGMQS+Vlp*h-lp%T(RyfuQJoael`lbJDew1Z$}Sgu8Bx zG1ILHy|fDUdVgg$tU*H)bWQj1iyl8wF=nv}cHU zJyYqahJFc$=dBjc7mCd$LWEw@EjYlja$LX@h3I??~-3@dyaH2kZFJ|m)LJiYmURbAK-tIp{Ky<3H4~{@w~C3Uzc!g zCN`%hE(UFRO?+C6gHhM(10rKS5-h{pByO#Ob@x1ptSHP~sB-fv{Mgr_nkDwKeCRL2 zep(BkEffiT?({hvLApIi~Ad;?O%^}QPKcw z>|E-e3CsoCCmkvjXHY-5qRuUacz$Y29*?npMf|wuLGz%G!y}Bl?_RIM(5jfqhJId_ zqW7Xi?RDf*)62fV-Rb>J&jw0b-JmcRVr=}Pc1BK9y`RHe@4d!u0uB2?TTg+LY1iY> zL*kWOl70%!$b;sz!o#|N?<;1D`Am9kDnl`jYiTR31g-p^H}#I%J^4OM29*fZiWpds z{J2hLI$>4zjT*CQrj3tzor@c5(0PeV5pu;Vnzs6n%D<)<^)uK+=~YlB?ohBz_%8`7 z_2A0y>M2R~+Y$rSKH~OZciRn{A_)S_MUE2H{|a?`N|rWp6-#kG;1hH$D~jbeI6X)L zeXFnfO4mFK`nkyTwT2G2n4VqS7bjLsNn?g9&M$j&xL;UEyP2yRC-zjMrnm~~0~?KB zCF7j5^XtWvS6~~FuAE3YJXp_!B*IA{*DJfqeJl8OL{>7_%y+m|%@2=S73+e19F_L^ zx#0ixO-WI%Jq0S-E&eA%VdC{h;YR5+T$ER)$o$TIO--596$g`!H%vEEl67A9>qO(s zs&Z1LG7NnDcrVNU6`c@1am=Ld#AiF}GEsv-Ea#i`FXRe8fT&&*H>*$m+&!aY!{zw~ zUx9xHZ|WPV01t@8_XpVy6+z(dEGQEw_iMdizjiQpvDQt(jL#R2`r3}BMBT15q!z&} zV{N|p%AcdIR;EV|SwqS|YJO3oYZkDi$QZ*2OP0E#~$PRF|$_s9M}= zF@gJ4q&F%4=qAsTeC!>=-Ej;iP)#g%b@i>0fuuEEp?UT|jfo04qz?vVq=in^+g~fy z*1wC(izyl^rMtmwKCm;JE68~McJZR)RAAJMe2HQrMp(te@u?d{J9(LX{DCu%y*Q=i zQ)SJ8=B@ZK+=p5|g9j!v!Z>v|#$8!RB`ysNb1H!Mqo;idj#5qZ=32hEq|Bk?KE2BI zlv9hSt?s=eJ{JbK8lXhAO(t2b3O59zRf_Muj`DU_OhC9n&9y?>T#wiAAiKur2Tj{N zjbiSGGGB9#1|oiS+|4l5&TYvRqtl`Md9d)vR0Y33yizqcckGOgAu|%5`%rm4-V|Yo z0rP4(G9`rnZmhb^b4K%STJ89N^CTS>s_{ebNqSO4O&z!1N}9ik)eX21fv!Nm2;Inx z{`9KyQdaVK%{+T>{Thrsw{*INLEli!p@MUCnFNWrb*Bor<7OVa}kw{m(@;X}8ikchlk?96IJm%?2 z{prt*)WaB|(w(_J+2KYaiHfrcwPxOnh-dTFThn~&4|DuqPOeEN520odD>8d|3xx|s z^~gC%BD-#i*yzKIOqNY+XP$(lv7A4FzFZyOL$1{O>j>%b2j?|>4B-+pDehuL?qO)_ zYC#c*^LH8+TYD;HwmKzp`GA<uZ*&@)1ZNNQ6gd_d?y*Y0Q3 zS9#|W(9o7614JdsRE{O;6~{hjnE0{p8o5t9GBP27JqQ#Q9{vBHg);v`T!f3crx25t zMfz{boit4UM`Eb|;l=;Qqq~A1DeE(hUPG@zpwXy>uGoT-k`mN~BcfW6*o^l=^pk7A zIaEUizi@{t%xr= zCcUwE$N5~2qh(K)pewA;KFyL6YdxR`9Rh({_tUzk>5ouScw{>ut zsy6QL=Ym)JPVP9uSnKi5Y>$x5_dO_cVmf^_w>_W_kB>V-cRPCc^c3?bwEbz{VQ1Kp=5_d;N#K{SF*j zX&O!jch+${qDNCqG~EUMjmFdUWO&5AL^%(tA>l3KZo>(#W8+7OBVUNb+LEiN{iyY? z8~%_;EY=>&5n$xmadTCk*x`?~8l#M}8*@Cm61wAq@3vjssD%r4?2kMgbyiK79w>R1 zU+POf`YllpL9f&mV~gi;n~m{}4(Y60O+612Yx{`$Mf`*()sM7vTDfYw8{ByD%{-+# zZi_@+Ny1&9K)6b;bCE>xBur;^>N{ayV}Es{vq|X`5^1~h^FlqJkq==rb?)$WuJ@Q} z&{6w!n>`sG&2snBYkvXPnC(Vnlo+S3#2R$@8Rk>*&^@}mzHUvgSs#K5RwGP_Eq$+v zAerF4KU&>laxyghj#wtOBnUIUn~Qp)f_#n)C-X%9Qjj9Wb;I{dg|?l$e>EL$ahz-| zCgU_+7p=+RYW^1DO<1pjF-W1RK&?bg^a+3}ta%<@>p+*;?oUC|i#d?>#-{7Ot4+6! z;^DKdh>x_g*q258g(`(k+f#%cBO;GBQMV zXE3{6W&G-&-`}S8GLT8do&)*OIwQ`iFi|Cuu|})C=3#`M*4}h@JHa@{%4I4XLTnjR z-bv2y|DNyp6z#8LeX)n;6nr`#BF4!cy-NU_QlKT?D<6qsq19ir`*gIMJo?hrVk6Ms z-sD}yk1EBQfH8!##g&C~8&yOjwpMIpYwx>3Ju&DIW!O1M>mqy*;S7GIi^y$?pM%zt zQ8DJd&U|BvQ-7!G8gGT_OqTZzU;IHxUJ1Hg`}Y?i0sVfiC=lM4kWrf`<1#4RLtx43BLtNa*$Y_c%d`(lK1ELN!y*G<;Id)c-ovW)vtEMb? zDM;j~!fdZ-dOYPrKIf5!LGTw1qN7Gn~Z zrjKf&`6BS?-C4g)zq!=ey_P){J}B)yRAG#L2l4sWE!8n%C)tp7@jydp_YSu5AFNL=%H@s%Iw$;7aP$dAbfj7gv&|mrN zMy4Os2fU(U<&wkP2ZZZqmg5LR8#BZ*ysoE%@~jtM)&1Sn%~oFIZ{uhgKZTDoa$3c8 zx1`(-f%e zs*BV@{IJ$a={K~PC8+i)(_%3?>p8{j=t-C<>5JVdWE=eacVD>J4@a>W&BQA8w@e9t z&fYadR@zw^LSy*uSJ3*FU(0@m@%E{f3_w%iW1{)NQl(ciFmN~N}p)Ynru~IV^%ksHH{Nz_KefIQj_f2YcArowz}Pz^=Pnmv5u3;i=Xal7tf_N zxM`*ZF4avpF2WNDsxbrs-T=v`^CAK&{Xg?P$HM%}3_V#z-4@&VuCL8DrxsHszkLyQ zr37BSK2_@s(rm-9N(cJeI(cOtZx;+jKb=*CeUYE%r*GKcx{&&o!Ino#^Xinh5NP{L zN$qUIC%5+hK=PkwN=$g^3{BndoYB4bA4o1kw|16qOuK)RTHj0Gn!&7lZKCqw`gFa! zW8_hJ7rU}ehR+h{{uuz3LXF%vCl53|Tk8Ch|5o-wnN{AU4EU&lz0q2%1nD~{@6>Y* zmTI#;1z~|uGS7_joW9W9{%GxJ!}p+Fn;=gRz&!xr83*t~uxgs;tp!Cvhb9`MnGfsN zHcN#!KdeN`PqDt~e{wp^Kj3~jcsC=#ZS-}e!>MQeOCyG#55Vd%->0bn&8xk_wv-_(EPRV~nKFd^db z!>)mAmK>>k!UCe}5q8W&V=cSY3D4$Ej`uPd2!6BVjBe*J4ex-}X}uN_Qj4^6v>6ms zQ93a-yIZsFo#vF%5QP&f+MYy2VoTzA1l%*->zjxw&K5z!py0UR9>D*{Ajo~<&N+8r zfP-~I?qx*p=>eJWGCuyUwF2(bN5YX2fguc0DVBF%DLlSIWlZ^6q<);3|KC50O^7Ev zYMNj3vJ8p_Yx|U4<1aOOuBUv@l29}W4OhH4v~z`n496q&R0kzpe#z{2K5cnauNsj) z|8t8s1&4w@NY|=gO_TDu34|uzKxm@x-a`H({YvN$#n~BUy012;ym>r7m(L+}td?MT ze4a(9LbZF4D=&E(aJ34!;bH4Q~V z{Bu@@x)L4yc!B&Qz@2PiDX{ufL0Co5bQdnfsrk>}D0mNNfo&cdup2>8O}ZL-5J#){ z_(F0Y8ll7UQJ>}vsFMnk3j$kZFp5k25a@?!oDYJA2q#C%gAX_T`Hq%s=$$hUCXZrK zrLe8RZRH@+QzFXdM6qFm*(5o`uk&${9m{=9i@ZWbjmXim2g;^R`6XwEmV8YUN|$*e z4QF;LcvrN<9@f;<7ds~oQ;a|5Q<8+jqeH=8wQhkWn@lI(_GZGGPA0ku?vcbZ#kgSU1aJ_XY%lRw3V*}SU&pss629by{>3oqH z?iU0ZtZpJIP(Oa7yltL)ZlmR0ue@>#hJGTM^z#iieSUaaGJUKI z9h_fOfwI4k?h{q5e-Ay+mM}lU#SxI}R+P}4x@8oIX9j^fyZ;52$y|g+ug&~!P;XoI zi?A9h!0wg8&uJdcOMLMI!Gutu2n@b#iSe62BRC%8Ie|_z))w)RtI| zk5f&a)t}NopgZq+xZ7^IjD^G&Y)Tw1D!ntQI*5|rQwxjJ{5x$U?JiWHp4pi1RB+l? z(5dX|S>l5t{zIM%^zh@nCzbOKN#*nDef3ry3-zJfCNS_@k89lP6EGJ1^xnTz!xjjK;64HDSbB%Pd5hkpkM8W z=;6`R=Bw8KI9}Daa@L^HtB$uh_XbL5PW1QtzMTjfJX=aSUUVKbmHadQ^5)@T>%l;` z@TC8-xZY7uc;i1Q%3PrZ6eRcPVl+d0n%Bvydy&cM3<}SkdRsvGfAhru_bF{K*X;My z@x0mjD{Nv_Y|EI+zT)U#TU{J#Y7$%RSrI;SEdf-Y&c4R~-CD4KfUwV>R`_Fm|dQx zW;PZSg+$I>emX5En!CyJ;4V7r>xBSQA3So(oFVL+V*d4p*)i^>lBj)-e$iQ}PYwgs z!`Am8t%oG&XLKL2)@qM}KxJ1{S`^#EAdrIw5`f%;SZ)Dxr;^7-Pv56!mw4uyj-W%u zF{(ko&o=wj&hVmwm6W#X(bxt%w~e;9R0-Z5#<=9z)f;hKs#_NVz-dYN0GCJp%_-Xm(Fp>#6gI0MsZhDc2*9m1pBg`dGmUSLn~kuj87`Fg3>GwaWgC z_ak1nfu`o~^Z721PPT3lhM=XfU=^ft(OPjI>Q_!mKKu^#fUY!N<3#5QuOEu7C&!+0 zx?-5?fc-yn4=;~PAPUv0{dPb_=!zRKSfhrV>*aTaP1Pe37=#4QSyER(Yeb$wj835X z6V+T*5e@z#$hRe-$Kw&j62*L|tI#Xuh5tmZe-042awmB!k6Y2atb-@>BrzWsict~6 z+G9NOiYgHKkOk-dWIFSjo@x^(VC4kO){1$azT%1XbbX}-PA$ZY4RyP-?I#V-5WY~fXGzq? z##a&_E&+=cLn>Nbr$xsyw%2h-^CzQ7Bb$YoQ&C+CWmAY@{cJlD0)U2E;lM}wowLg@ zOutU`?F&4g8lISa|EcTY->s_Z>guZPKFPglk9}f+06$>mgH`ZfXgG`&`%ce}YZWhj z*zaIyOb|8~aCd-#W%_Ip7usCP;oaU}uIqE;T}rI!0h&Q9XHT`a6C8T_b`alLWBF61 z0nQQt8EuQ-V!A=`JZHEyXe8dw$lqMvw6(O^^V)!@i~MI~w&{URG6RX!ZpA>^Jn-wzLE_dm+1{$vwLgnwLzLLHBSUOOCu#GEDLTLTLy9vFR0xgNY3?7$ zRP5X|Z8y4u-2I@F@@TzWxw?`zXua{&nfR%79s;@^?2It1mNe7TM%--&0U#Ws^p;YjR`h}`72nrO{J zk)U5~ZaBc-}gc> z!#=}5QX2^OoP2GG)_Lx<9Q~^uOf!b?bW=Am?8!>gavFQoBkVKHW&8Q>`S^%d$-7P8 zHEi^Qju(OsV-qC)-WH+b0j(g22KqLfe=6UkH(wfltJ^ikW{a2Py-uN&XNzQcJ=gv; z@<3bu#pJvKsg4agT0`4R%KCDNM@j|o{c849>ga9EVFis@SFsoACAZam=ffX%nq12L z8j&*n`N_)Do{z~UpEUE=0*k#ReA#)T>v+=iM3GZ={@;}zG><=tC?YpNVm=bn1_u=c z90||exC2@lgeR8<)T7^xMjtkkhZZ5{7hdW-NtYDeQ5 ztX@H6yGCXvBk5y&c|YL#;h)C5ST7;d%K6aq)n^O5cV<2OJ)aJH8PUaKB2^VAZsKG! z?7UY~yvkN0R{0BVO+xW?Qoszzh1QX`CcELeHGn5B*A!Oe7?-QGdrvkb^`&sYHs7uu z`p=kod5FVVTlPHCzw-9u&{KcKc*3~fQ^`W-X1wOoTeeXGsDA&Y$HWDWlfSzPCnvw? zkALNzG^mb&SsmClGx7w99b=yC&tsm-)%HZ0WNlF=5)_P$vV?ItF zR$v);4a^ogP>a>j5Ac(gGA&>ZX3yJrsU4l+%V7K)ewnUMM%9V29a?9wOv$l{;CtbF zMVsgSt)_~np@FLtR!NfdyvQZ1#)S>h-hFO%SV1gC_*UH@9PWOFZ59`?IIO@XmpN29 z#P-@W*CvmqYlW0YuGjh5|GM?znjv~2UZ;yu)#qn@!*k)xJu}$GyF!2BP0X{S^}TRL z&sJuV$B~8)uNtI)TkVo1R}Sq6no+hpXHLhjg*W5bvs*OJbqbvB#jEU?Q?y6fLCCb? zFqRglpE}lsVtb;Ew^xiDvo6za?&U1H>_@zyAlG8_Y{9dGaBOa}UdQ@DmJ>*Stj=U@ zKgDllF$8Dl*O%MJqr#)E0YP2ce9^6Mvl9~{{5tWlPEt{-=QY0CwoE+s#rm+1#%FF- z{LCI%%s@fof?jWKtW*l%I3c8ViqupP5=Vi*-qPGcN~Dj$8%%yPn6xr-TuS|0@kG~+ z6c%>8dL}n)x)_;dK)`C(Z~pCAO|njHB%$pch{ER3D>$kFO$`yJGQ8GAxFX|xqEryOpmN7dT?gtH@p2;J6B_Ld{R-ps&VUG&^KpT8djmGw{T+xPgG z*r?P=VD5`Wd(%JdxIwtu*|3_zVS0OY+_BQOtdSv%rgbbJ>sF|X9IKT7vl+J@exlm( zqS^!97J!thKd0f{k^7gSbUw`7LXWxmLN2P89?8l^R)p)V8RAu=*&X)hI*+t%<@IiK znN!wNEGP@#U2Zdsy4K&I5~R}^l>zL)Tk)d-WNCMY#9jQopuimmv>FPd!YujP#aoZ<)9QM_Bg(p6(lD6QAr_)s5Md) zi@(ZWGvKDnoKHKFH2HR=ST+04!E1JjQZ?esy>_|lG_r%khO9kU-hM|c8XS9g{4r6- zs6I?S=@8NP!}7<}`!9A3U%7I9f_>jWG;J#@c#<^vK74DZA9^;gTYD?R#CKr*p6Q1P z@+-IPiqVki`mEqr}ID# z9W)y8u{iF4Rp3dEjp>Yg=SIMQ^^bH{`j12dSZx_Hb3hj$M;@`0y{a6RDa2K%53f(+ z%Qe+fueUVJ>lWxkah1lC>TJ6$_Qo|s&TUY^puKMlST%IL=iO@qi8_5bsb_}FrXD&w zSu#;Zl;JMjE^G+aaSB6Nsh3>ZsD}Hji;cC|fyTEcB;mTo?4GSvk=Dq_&8A`e!%*sv znj%>-*WAcSyv&~gr({|0TjDgSxFm$a(mcJ$nZO_dDd)ODEywcYm8z_AN9xd z>yn?=ayLit^9uBt#mwq~0si&F^>$G9*oajlTC_r)LLJtYbbS*KZWeDV&)#(n^sGAXgMtdASl}BXo{blJtaoz!w?FEK)go-!R9Vc3aLsH?y&MyPSHFqWu0*zJ0QaT@SHVA{UzX2njKS!{U5sh{x zDMO#o1#^`H0R!vfbe|D#{9t)bpz)Ae6B(54YSi@_Y(oGK1Zke6jK~J?KLy!l|^s zEJoX>y_b&ZEA>5Q4Zx);xI z=JZjgJ!3Xglq#P5%~%$2`s`e8!tPXjzw8>@Mv&a}A^vaU7i2iUZ(rZ}khz!MZ!fJ854Y+|S(QKL^r(TD){_ z7Cr`>%Dj$FQ)YQ8UTS$0OtfQcDsG-z`4nHQ^PVeHmuR1mDfLD(zFC%VcTlrQ_gyLj z(LiIW&=BrsQj9nlwlFiB(eE_FOQ^ zc<>}dcKlu#Jx7NBr<PG7X*N79DWtqM0HdWGh z`|Cj(KTUlF`w&SK85c+(%Uk-3LAVSuy(PRNheVUiJ)DPYpB^VpOF<|LAAafVfN!Sf zV|%7FwfFh8QV;VSHVR>v;EvOO#UIiyJb|?&K23T&YAPXMV8OoKh~0p?5roWX z!IATB)2RA(9m>ZyF9OGE=LegY+{!UxOsm3Od$N#_`Is^ABG!zf2ONb?Ix)v|=u*{Uo`XG!mdXm9qy!72` z?vG40&gdy9Rbpci(6Irl7T1!}tl z)v*2a4WASHwegrC)2hNhq7u8&@I8xE+|UK3f;fdhhg=ET_}up^vhXDO3U2-p^n&K> zJ=y}_1Y;k4BpRo@LvSX*=EOGr>YfM+_cUwE>7;tGuWlqIn>0x?^zDVwRQapAjiD}D zt6%Vw1$$x9sLO!WxRfr13CVW`XN&2sU<%3EaeD?#e%w6zDqAb9Vzw(7q}UP}hrObQ zeOCBQcLgLs*ZmOR8S!#WW+iR0xa@PU~*!aqO)ZX zSIIcwqr;BUuV(xB=3YpTQkSx$q|T)}ZU_%+e5Ku^++u%(x<6NFhflSfh;wO-Ud1AQ z-V-9qFpJN6wjCZKfqGkHJ)`WnnKXFxyF%|+>kYvU{F9C0Yeu2rh!gB5t`I=BP|oPt zyGz%7vysKB7O(=BL;w+YE8z3|w6FLrA_wt_#d)R}iM}JCW%Tv1$nXh@p3bH!WnzD6 zVPA3;8lfR_6l1$>zOMcmNixN$jZ{Z|g*x-8jcw&D7Dm)MwaK+QYE*(>=OJRTh5UYH z@=%z^)T<%CQMbfTXRWCPdE4Q14eb^Bqs_xRfd)vgulaz&-dNqpi~>lROGv4bkbE_; zdD>K-s(w+Wb!`;{r>)gg6YO1{Y#;`O+b*|a-qvf@L5D9UQp=E*n;FFy;>QRLgE|I! zG)C#$4PFJbLDq2z zsQ^UglWN-hqO)dTO`acv%B(NV7iEMXQp=f-DeyIBsM!3JSKlqN%hh-$}_$iNNU#WF; z-O(g!1S+F5^Mm(Ao?Tl<b8}W@OLd?nB(<#j0By2UT;)91az^niD02Qk z7}nkv51ju0K+=GvKNa);j(@nL$4u*TPNZRI{ZfkkAS%g3tkNH}8o?ZIuoO`a666T* z>q#CeOri|D6H0B%U!($wgh6zhR!du3+*=r>X*r{=8Te1?M}o}AU#zQW0{?_?U;@|& zJ*qVT4)Z5`Ba1;cXtLsCz{N8kqGq-=f7oS$1R;PaFq8N!@iIs$>z>4AncARov+Gwl6;)U%*i@{4h*)Eq^}2n%tMQ{{w=He zQ^-w599XW`C&x#`L?b5yu#Y+1f7NJiC9MWgc1r$Eo!Eru3XFT6b~S4Tbik&{kZ`Jg z)t_|ey30n+{d=GHb53JWMardsO5g4<`03RLklFMvp@uuNfQM9|7O2OfcFFvF``*~4HJX4i6{VyLGcP{NrdYFL2c~wq72o%f;go5|*ul!DC0`_Kz*v1XR@9!R` zfW3hnM3vna?Y#f#pAG<-fp~0719#95X{V0%=A<>Q93-0-QrlKg=ELx1XW`^; zDItIAWcOw6^vNp4ChtWlUnW3jObuq9P%;JhHc#^h2AxlKodx)S`&_^^90>P&@Jnba z!?S>Y>5y$y^m&^>CkI3z|Eq*Atm2&138jCoMy$fD*SB)vrs4Kp<}LD{UK@!@()8nu z^6}6RW;SUDc7<4WlrA9F^OtCU%l!QMxPoORAwM!?+^*31DCw*%N{vi4q5R*C#HBN# zE?J6{gb_6WPE6&P+KJ_9E~F$LZV`^%@uDR%`&!aFT6ExtlXrpXwY>&%Fa)n+n|}S) zeWyr7TWroYC;UTrWo{>5{ikC1dqvZ_(zOz!8iJPpL+1W)5XehYM~2 zw3k!!u!>-o)J%i^nepE63<*dZ0!u1U#TSlspESozh{c%gt!pvmQv^(h?$0`*Xbx;$4rlW@0=FVgIG z9sS&{{D}e1WiSLs> zIqY*=o2reSJhdsop8*4Qt>o4|N+7@%wUG_`GcO{2LYD3?&inVydy6--2?Rra35nfXsk1jvRM9veP0IDpPX70L z2PypvHZP$GOmP!05d!$l66b(b`6Xw?G$5zPQsCb*>T`0xe|+cZfQk^~jTy$H!=8(?SUe4gW>CyH~lT;Jc_td(&c|`sWi0a%1t@TEE+8a zR;T&}oQpD?4&6zB;oe?MP{W2|0&@MqC;vK^8Dw3pk%1&kRt5BOpVY>J;2w`V^= z8kTdq3DH2F@UAo4m=COA)x6o~@9(f7fV51&w(PG=`hQQw$16jW#68y(lS~7B@bIT| z{_YFHtMAS`9Q5`e^-M%5+o3DD{eRsIkb8r_j{Z@R132jkO9D{jX)@{+r zBDF#53}5^Fg`+lUV5R~II@w8ei(QVsJKxW~;rc_x@mFR)vh{D|_OB3nCj6i)0Ey~e zDZhgi@Qq0e*qyi`hrI%DCA;~lPAUE(*N|_;##F2yfoZO=Ci{_!nrL#2e9_T^3D;^v zn3M1o8seHJDe4(x&s|?~V$Q7oDl+4G|ER*IKcib&VXjQfscEY-ocbknc59(aygPf9 zQS~*BEVE6eB*fewXC-k#*?l{`L5Ehg0S@{WS;=j$tPx>i|Z=RZ36No5qQ z)&)4O)#-I`PFP9)bZz`g6sJxaHFoO2*9o^}t9b-f)1gYsr}AJTQ;Q0=9e?^vH;CE3 z-90!G-BHbaaZEY6`0uoa?zsN>nq;N(0T#)Hf8_GEi(oJ9Q*ke$+LvxfIv|{SlSt^; zK`l|S(ug7WjUJt?1`L@5ftA|BAq^76mpqzEsFif3QLCgFA{yhN>dIp>61u<-vk{%I z*AIk*#7Ek|{GCi)+hn&IjzrU&4i^G$F4(S`tTd1%3&lPj80OZE2y%@58H!t{r}4RQPXt9LTj zi{CnKXO6`bh8mT?>|5Xv zRE;Qo#8=iL;s2EjK#y_>_!)4o=N;ek6$U+?_g>SkU5mF)66HFu?)!?*)r~2Y-`L*x zQ7z|sWA1+^c>);)-EcU0I}foe#>2h!*(l;0ZRk(e?psCiMq?9r>>?A|#n$lkmQh#Z z(nFQZY-oSQOGN*h@*Q{Wy`)WpMl!K=5Sf}jxZ|$Xuh1p%RA(e4a|i(7uT+x=WZKd> zNF-~zUJI8WpJgp|QZp&{a0*WT^(ABq(yePp5-V;n@kt1s8a4JyU-rH|_Kg8!A8)!- zxUCZ#(c`0Q+@LD7>@@J4&gy6Uk>6C`6g?(B-F81}JGzKmN6bVJ{#NRkz ze=wSkyE7Z2L+M_fcKk^yOkXjuF!0|T?f6}l?kugROTnI)hNouJ{;n;A2-_v`o5Yzk( zxoc$Yo%zA?zk@ZbT(~})jfjk6*0Q9$SmS11G zpJa%KfahoFf`gywP1-ICnrZvq&u@9T9F-gxQ7Jaep)uOF#fSP*V0j%^eNHzPNj3Mq z&Ik2qEA@ToRN`&v#s)z2jP~7z)oT0A29Xy#D4`S@4y_JsyeDuoO}aT~dyXk9fAyek)3v+s+0GnQYM++s5Iit; za=*}>HdmtVaK5pIr$q!B+w%=y>cIe+9a7n97kyv8!P>VzNYueUq$jL0JZLEDazX85 zpnfnJPQE|Oxv}|S?7nYY+%8{4#^NqAMY41Imi_1{jt#OQg04R`AYdhfRV6XtVmkTg*iEc8yq+%x$G z%eNG61NV3dv*Z<$4UE}f_~xkltA1VSsk^?3hG(`9aI_Z4PzZ0!KAZTS4!L@&msV96cOJVML{beEH+0=DgRE7M8+i)(lB)kk4r=%czVgVF(^ED2Eh#wio|$Q& zGHXNB=4s=zVC&G%5SfAbvBctM5`qN(#mJoD?)4KLrpE=gTpcHb?pS^gpA_HBaXAsg zc5P=B_G^L6JE&I^>ErIStEBk+jWYQ7y>@GDqyYGfV`*$vK&juSubYNO{;8Nw$I?je zIClE1&i&6^E%C2-5Un$B(dVx&p&-(#(tVd-eQB^S%{eq?ZrGmDrKUAMv(!}`;+Ar` zA4XnumNb)i%J21}%m|^U9O*8Z!d@umyrO+WOQ^Y6}9 zs#mwkWE!O*2EP-|3D`N;NtNSy=HHfx>?JTW6@m5Of9DTPQ3M?}$-O@ECuJ%-xOT^H zie)?xB!5uesqsZ8W&T>1bJFk|jg^$lXFErt|1bGFH_6~$0S1g$ai&vGsXH7An`#{$l*WuUb z@A{>`{lAL)uBfKEw%drG4N*iXA_5{J5C|Y39aIp|AV^E72_PUM1f+!C6p$t$m{6oj z2_+DulNgF9AVGRlsx$+H9+0a1JHFp{{xi-v7yrc>#=6vRiDYf$R zu<@U09Y@daaaX$poG%R&cEry`IbFCX$7`g3pluz&#C2D|L47B z+ET?rMEUeO)6t2~-vuWOLk8TQnW}E898uMs>$}k%Om`K_;S-2i(TLL+_SrPG8C&qY z*io7g$m=bv*QS#@iQetg7<@zb*iiAE0u?yaN_Frl^CejkC?Sj zgs&I?n0bPy3;Oe_xGU9$hlr>0lk+i302=&@orQGWMft|-8jIfA;U0zgu(Ca>gGns{^FNzt2Yn0|5a>eex?4YSoP&6-?NO^zJge1UW5G<)+aP2Hg}K`OlE{&oUj%fgY(`(Y)CWG~%jSmWAoa zPwPS-)@IGpu;L0gvsuT5@A!?)hMd5)W-j>1qs%Zz%G#2)5(GBwXKuLGa=64@YTc-nXSGQxv zs->u9jeXBuu@EKq{QWA&#&WZ1)Q9BcF-`Qc%Kmj1X>_QQ(s1pI@>8L{8ttF-I}Eo; zn2&Xxug7b2LXTX!_WIEvTCxH5I+-XxYjuq!M3N6kvwJ>$;)m(>iJ4g- z)G{U4W=e&`3$i@+erZi6jHZ8s4KFIdu$a*$vX|^W?wXjXPQqrdB zpoei?V!XBX*o;28@`evJf@Nx#KVek3$KX&je{HEFn9E<8D3R;$jBHD4)b$VDy(7RP z#eX&_oWB9as(TC6UnMw`Y}Y=RSA3Mc$gc;taQcpmc+kDtC@Y(-D*#yqH!T>gF|s*r zy(G2Zw|WZG2r5=$cHBF^xv{)*5kt8mu|9!5a_-`B7<39O9{N7O)0H++U2z$(5-FfY zn5+yCeX`nMh%J@g!(t9=BU4^DJo6wOqU3dAfZozA%3J#aSuq4<+Xg*9alo$S?wfDg zDM|ORaP!e`N-D7AM63qT{8amAI0e1@(U*5aEMP&N54s;=pVO~>=ZHth(w`q2)L_Xa z8NS{1Aj-xM{+nL1@@zCtN27-|k6Wzjh`4m*RvBM+3FV7y-@dxlbo-Q;-a46LdT7rp zeg-7=s>{qPkmeUo_aB~9&{3v*8W6QaqbH3euGeU{%&3KoI(wGGc;%|)=Og+>+6ofz zeae%&UGE}~^1QM_!f~5DUDV%s3pzbRFA~%4FM$@q-$j%w>m=-CSJP6a0ePyn+pJ_R zX=f{BNYOjRQ_TyEiDQ?lx7@5S^h3!{|GF71*)Tuj);`4{fW_G*vOu-7$f4QNJ-*@P zOrk_nuVB+c!~!D%FWku zTi|vOduQiFn-WMBkJ-Qlm>R6fbk3VrangRjBP){o24(t~!%VW!+@C#g;9E)(z9i3P z4y|3ci{Zn;ZP?~YGCO=Xiq4eLR)>P}OPiVvyJ7FQtA4ZR=;*`$GB<0V6i6(G>WSH` zlbi8N*q0j!Fc09#qVJ|4DJl}`_|nUm<1y!3O3UY8g;iLG_UWL=4z1tO;25DzRv;ap zBm3+tK2N{hq1fwkY|6L2qT2a?2K8tq%cwq4rKI3k=M3BOC4#(*58R<<1Ub)aB?{2;Jago#@J}t zUH-InZG0+3QjIWqDU5>98a-#88Ofw!?E{b3ZX)2#}v)xp=ufP4YO&YEzV4V#_mo&JY z(|4&|4yp49MM30)>tLUn zF0)#1ojs*y&zS9TVpH5~x!vN*SxHs5+$ z8*~tNbl~S5Wu1e}wCs4RF@!S5%2>WsgwP{jyb|;EBwN_T#_nAy%b<0x;PPr`IP-pr z%r_x~=^3x1o9Y+cZtHH>sr+j?VBx^b;87BXb$y1mWuZoQcHNKIKgsY{#-^)^Cff(Y zG7l&kuPQfL=yJz?&GvY};g@b5Elv5>A(-hziKiG#evjgVghDujQRH_^Xe2D zlWtDmx$U3z8FC4VmdCTO)!ytb^G@|OxRmU0|D#dhx0XTaf`x25EX%Lyb>rAXm98{G z<^I!te=Pll<}z?PID1 zp8P(VdT#MfA=fLbkxc!vy6FxL$^EhL&w>l^It+n8|6`Y#VwJ<*NH7V=3@wa{3_P4s z)7e`kMrCe0Tx-J`+*k9Oa= zeBrN}=8;&%FNQJ@_ukd#6Hi|#tJ=2@4`A~dUbNC$35aS4Z01f~A0-JSrSdo6`rT&$ zpwC*LNg`o}L&3D#AiQ^K@y@4P2O2+Fn+x^*w?UUdELoc1FhJu3YWkt?ur(aCJe+hj zsqYSVSh@A^N8`#7VbH774EqehM+ot-qDMl#4ZSrSBMmvrFE;@Q5Dz*%#oS|gP1l*X z`6@f$Z)9KLe{ItH`m}D-5zxy>OjRE;H1N4JKoW$gn?`ZA^t`x;f{R$lx-X=l#g0H) z4QlV+0yVuZH&mb<2ZE!RQw;Yd5PLH;?hH=8loW`>yEgP6@6ZlVI9cD#(- z>{pp#>ZV#NIfhKtRrT8s#RN>c>P+Ict=Y^eiYwuE`F%EIJ3M$@6920f_=HWA^z)&#u}SS8K;MxBj+bFB><2eAt$B4?<5=-gcI za&|4?l4}n{=z+&EEN;4YJra@tmqY!Q?S0{x)0~3a0M?Kd5BSq%BuzH&T8&#Z4EYGq zCRW{9$z&vD0fZ|ER2dpBr2&VC2KOE_q!_nDMeJ{!hdfde&exAlv=k|Qeg8D=%|0Rakti(NE7YZkQ{Z^4L zRgr?NdDe4tPlPP~gyhv5Gl1c2?!D3O%58tYD)H@${IXM`VTQ-+=k=J|E@$=YryHI` zabq9!GW~_zLHJ`p?Vvg;p2`uMv$}JpxfqQ^!zbk=SwL zSaumAW@JND2tvWr@}*jjxk3w_Ju@0mzl}24lezK}`h<1zyTm5Jw*cfr)cYU4B4n_9 z=1YR0@ZP!LU*PI{Vm8l!>t7Up|%8C;^}z5CVz zVR~QoL^^=80#E{K+WQ2~?YTq@q#!VmtBgi(W|lErfVLhnuQ|69(>pqLpiz%8@+ z`8!{~z@@_)17ZbIk>w7rz7s9@D?lL*?#q2aKPY zydSRuC`j>#J0@K^jpf@!%=k%b21gOH6^athPS{^<%u;^=p9NHoo!xw`K%xS`P^$yL z$Cq)#w6fK2<+dBW6aJ1*!}|~MWet8CrH6Z8ZWm` zd~#GiG38@x8qAKYXt5>1+dS*LXeobmj^_)o*9IxS>T?o2?aU`+-;@1UQ1^-zIQ@v( z4kP_hN^aAi?YdP(LzMV>iS_>5xDLri6@*(0$D2du3lKB|Sid|BVBf03ooC3v;jv#= zeq7dVy()(*$_5)Z4Zp0{v2b6Gw|@(mc63M$(KsS5rbb{?onnN@)i>04BPwlZDXO&x3N#$1|9~`WEz`U8+2? zUz1x_Bpj$IXaOCYJ#=iq3)xcH%`oOm-z&+~X z8RLpkQEo$w-5@2TIak}NZ|EMs zfuB47R*p1Vy9il7j$MI2w9}sNKTp(IZb{>t%-b~Kxvw67K<+@g!GJ|7z|58TkXh}e zn$^P7j_xzYa|!>FM&0!<;YM(k51vdVFB-5P!}1w?pS7)xL8@YcW)J=NT*bmNKM4Nu zD(227bs0v70G!rT`e%;YN8qs~J~8^oI~l@BkuYE;;Uqd#8A{W~fRr!f%rr^9Uh4PW zLrE#Hh-nkBQ9<`JVJ>9>bfql+Tfy_qBK91Xzuf|m&>$Wt zKUCoFjBR=x3jFTl*WCXU1HA^~=@S1>u>v69zIX(IQUAM<} z|1MtqKd!{aVi!DwBOu|(-QYg5NH?)P!Q@x)vSzxzn9x;+kcmM z!{bsX5V-S+UvC@WKeH(g8HHk>-i--sIJ)BPu&Cb@v9k04euZb&qEps#|Lc)r_!ve< zrl(gL5C24^ERy$(2A^+MYuu(}&XM;P@%hdHaXXWxq!Y`N*fo5b_DBrFS5s%d7JM+hE)QUODr{K z6vGp$n?#o8lC6-U4x+rd9?@3R&C;Fz0o9(}FWvWpBHG8@bw}6synN>^Hd>xB8zmap zJJCYp@G9vz%GIAnRLmi%3LQ%;w2Q4!*()@2;5AFNxY#Z~c9y20@bNl~9fq1Ga)8Wu3JV?||mBxUwwM``p*6nJl0?cvHdw3oFM_iYEG9rnwp`?alKG@+L+h7?NJ3EQLMx2D(2Hq*{ zFI5UpxsVoc?T3ccdv4=yZM<*ZuaM`>`AvLcmp;&QJub~9E93j2{b%1%9ot*LT^ITk ziP1#CvcqVrw&K|msP+<|VRSF;DsuKjG3V~P>ly`+x_D*US7&rx>U@2?WrbWbad9-# z#j&k1gw^!!TV5Nh)QWle9Rm;k|O*EBE zgt=iUl&RkV&y?U`4!yQ(54pTe^7H*R>p4|<0{DyhJiDZ|k3HO7_jrI(Km3hSTt99q zU~c?43CL|I;Rj5KWK`)6yCS7(iqC#DMHTEJg+11Oe7pb%3Nq6BwTD}r;(3+5rU8Ae zT6yr{p9_Dv&y=!Q{+0{9u)1yb+*YiDa0g@f>Q1WH|Z?%~AA5 z^pJn`lOaO+kDT;RdjzSGUO~W*UJOp&&n}WEwsQiDh?8hfcyhUi~;`!dtE z1~)BDQu>?lh>CJ?%J&U%9C?>uk%;)tu0;tS!!Eg)RDXFnJ#f=2*ia#md@-z zp)?1OOjQywQl{5G#I)KH)6omxgp4u>eU`PCt?(+Mv4jlixzQB|39EMQ8Qp$Gl&-Y7 zn+P^-oFB$V@kan2TpqRUh8KgqMQiUN(nRv}XV&-Tar3q)`}aBG-?!H5e@MSg2HLYi zCVnU^!c%cRFqfoHTdF$#P>yYHJ;ZqH&hJTybeB*VD*J4K}W6fV8yfKYN& zn$DD*eJAA$j8ZDp*C4*mfll%Rq|fDy{|H#LS=j3fp0moh9lp)P9XA}KUzbaG29pN! z@71Z7w4HLQ6BIzqo8_YIgjbKJO#> zEe?tofuYV7XYgHw3@Jd~)!r2`Gg5tqb5iNCR!JU?p?uy;3P4_Lla}v1wb`s4CyA>+ z*>TPIQ|l(ksa0BTZP`C`OaOIW&1=ZlcF#W7zw@+clXD@xuq#K+k5CvYzTIUuCS((+ z?|`I4u4KHEU~m4d`XDdN?~aH9w;T?LYC@_%jUMqi6?EqDI~EtYiJ;qCUyBoZII6Q6 z#xmZi78t;RD8>GpY>?V40dBs+FURBizC@$mBbb#nlM4?xJTx^$sr}l0*$dC zV3y+fxxCgMS6m{-ry-NCdk&)>(};Ked~QF0@le6B7p)uRC$+qC*KV1vN$fcfG%4jHAXZxbOeY5kJwuIiSZa5smP(in)7;m zSB3W{#mIleERE02P$JyyKlN?&k<{XTLD&0lWL0i`#q%qjY2h(}%bG_4eg}iaap+xX zSPaPLP_8Wcr{~P#%d<|qy zyY2E|KB!tY-(cn9NlkZjVJMk7KbMt!YrGhKKPmZcmY5CrmWKYn$l)D5DVh@X4x?vP zHW69ZCv5$?N9iZB&j9KPg)W(F`nz>Bz;lg8EcKLH~Mx`ne?SqF(BAihA(r*x z*{20dj@9NvX57h3X#?ett@DCk>f;8)z8?MSEb$^Y;co1K?~G-C6P7HS`~c4>Y2?$$1IZeNB7f>t>IUUlq8;z< zVjk9t4o79F?mlw9!3u5bj!2Ag?ytP+(!;-6evoSHcUH4_#rq=LNJ| z9*z9`-Prk$J&B$h(Xs`AAgT~rB)vnyd|O4*_C|%LDj1QRHEY;_;NL5?6~-+rO*S50 z+vSa*+#miqYrjY`ve37TvpBR>j=bk(MWseA4juC9x$Scc62;T{qI~;;11&S7I~qBX zXVBx+E%uJi;bFk%64SYEp*CpyK=LPSfp{P&abePm)VfvV`RF2oc36IZxK23TVuDSg znNhL9?bJPw02kJBwb7r#$#`(=y^?+0GvC0Z5zDB)%BvIJ`Tk3HJ3YQEXRicB*sS+x zutJssV;RT0A!dsh`&0%yXWi-Qh^%1q1U2!Ltz=9nlAy`1lS{X)lkoate&klIg;L;Tna zJm;G}R||E^Rb7vwG)@Ag$Red5!4S6cjAR#j}| zL4Kj%*;LX#Z!0k67*P`PqR8qO?}e|Q^@z&P&{eu(66Wj%1@H_hQA2an5weE9+HyFAMc_?Oew`64mJdH+iNqU%{wRkFs+AwM>Stfwf7rz-@o4#}ew_K0Z z9`q1NF7s^s#4vmdF~~NcnOPM|iIYPTlnnMzVpeZ6JGM(@VHpOlPUlNyqx;()-^a5@ z7^FN&U4p`PNScL;~hrM8SAt#`)Yh=jvsTtReE~Q5qb1{*ktTkVKd-B1hb@8QTmHEY0K4u*G(yNJC zW~thz;{8u(lhnkZ(#EP0k4B27gSMN!-|sSj$R_itV;5%Cg`5(VRFL1ad2J-`+AY1f zZc^UozTa!kjyTUzJ6_=*47>WfThhHT_7gCf`sTMK?sb_g5&!X? z{_<~>rmI?n3k@G7JU*Qk$}T8+(oe5*2H54u+c?WJ_~YW7;TZ9HBj9-0n!(f~2nY{! zAFA!nsz-0if|)^A>0garGZmhV-2Q1XsMQ5Ryf*xyDPnEuv-0D*XsF{`Neh0HgkRvF zwoFY+KctyK^-aZgYlpSok|MGHGGM>$|En=?Nq9763d+Z>8GJrB{c?2PRyyL%j)h`D`IQh(pJReB`1 zZ>o1E1)PU)+4oGZByxww>BEomUBVkvPnZajT`IuR>;CPQJd9lDg!O ze2M;BLF&^s-sDLqa6RsnCX!J`8nj34rzM4jKBC(;)sZC^_>9S`pDAU zcWpmXXmfkj!L}*_&aTc$%3alE#hGH0M)j{LqjT=Ndwlfn#-z7De+S6=WD4K1Mdl5l z7e&_RylNYe#C)rqml|- z8m=AQJ>^m+;@x48N>{ZX1Az`yo}bf$SK7lG$kncnPVKtQhFhk*5cH^6o+=n0SYy2Z zLHs5YNFo0ANnw08_O^*obNrVXygW+WQlk1m*47NFl=-VhUJlP!2++2LBHpN)wO(ll z5UA^&7n5ERcfC?dJ|&XhKnIKu@L8tOq>{nY_1?}H+RtYpN==W6%ZST5FWPR)Ck0b~ zUzDS(pl|D{4t)gJld^&oKDB%5=IWy((tY(e_VgdHf>x>WF$)mDHw^RydIeCAJfZNZ z?_5ztdv;6!{%oqLfEnR`O8zPTpS&-2Z~6VEB?G7Go_KBmd;LC_T$26n390<_ V_oMWV`;0L4zNX$?g1YsK{{qVPsw4ma literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-step-diagram.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-step-diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..85a91de789201124a2fe38b75efb5a2c7d059407 GIT binary patch literal 19014 zcmdS>XH-*P)IN$Lf++k1L5k9%6e&^^5$UKj>D^F-D2UXElz^0gs7MEqDlO6>H0eE2 zdXe5F0YVQw^aMhZ6W{lL&bRaFez^B$jO@L}8e`9_`m8yh`Rqg*8){!=1BKg(kJHL2S!AUD{NeoYF51Hn zLngtS*Rpoe_$_5pCIvd=on3RgZU2D?wPDoHe;>`9wf+@8EPnXK@UL*=+U21CskjjO z|K$oEmp`j3S24#cM*|pq?Gg&tim&ontUQO768Cc4e2cj3Y6}R&tPlt&U=YC1|A#cL zGU`UWS;R>JV9)GGJLvJNYCc2#6bJ|sa=RcEIxw@*rgjpuglm8v!Nz$g_*82Q#|#{$ z)q1W%Nt?$%V)4?pxwnGZ%3t@B3Y;K~dK|6dnv~`Oh6SUcCNwmHQ^Fsm83LA&s!pqr z-*E;7XdT|J9hxa7$PrrtCw@e&l6=B(5ntKm}DDBZh)(>y%s+aeVT71?DDHE+Zjv9{kR>tQwffyT5Iv!} z(~lat-X8V^2aza>>ts}NVP~Bv1$Sb0QUNt(&5^qywMDYkT&q<|9*uF;uBz$g#STO} z)SG^RHE@X2KH_2BledD+$g^zmwiSFIcmapmZ+5E4Y}hu&=3st~mrh(di`8Djs%CGX zFO{y_E1k9(D<bGF!paDixO?lC`LC5)E%-e&w9!CN}8t`K4^4MFXiPkJ^z zIR09068p44kWwoK@M13-(Qs+SQg z@fH&^p(m_p)Bv@witn*aQ$0Awaj}m+mdmht2+}~+vD51tRdP*Q>zbi?l|DoiH zx$aSF2%Ihf`<)jdZG_)CgjbT@!#4Ga{RKdCqg)hms&tbV9>Mw|E489yhfDjNA>&8y z=M`u$cywbKB6i=(FAilS@kC(==dObK5p(|gwiaX=!wGiLm9y*-sy90xSuqKn7{}Gc zonZGq!w!!(RhvkY{Pm@U-W8?JlUC8bEM$h^7qtF za;tC;B8N6^r`WP9^1 z*Q~DDY0?;(>EsjDlsHYXWt0pvl#O3-19*Z&4oe@!s$yQq+dObNQY|kTI_MRDvdC+t zT^(d+(T+}9y{K)kYpT(6f|$FKtjXfgX#{3hdI1#~4k;J#HCKFlZkXL;?Moh2ZEgFE z3inW}hmTJ{j}(-k8rTvr5#DW@!UFQ0hk%O?eKO>SDfu7NQX(frPzKZE)47KCL9_n9 z=NpDp5c+7$OhD}u4mPWOL^`1%%rdCbh^Nef4LwRaAvVJtiR)WxLh|RxUeuatkcl;<`HcEU|!;?Sjoob|{;rciAhZU*k zo%in;N%js%SEyhovjWVpE0fQcgC`Zby<jIsk z;feHh4=Q$#zx||`S$JJUb8XVKe|?;a&I7*b6_^-e;LaiMfvctgx?w-sz=0QDm%!{JZ^sU?S*)*Fkd4s`?oFlHsof?Zqjt$sr< zU!c`Q%UcX5cSYH^M5dawv;3V>I<4R#&z5t9-|hJ7)$1Qrnq+aa$0`ut)6VV}f7Txq z(68o#$0FW;r}6w8z?+#`p}g?kDEpb8zd){)+~UI&<(-eYu+cYOXua#?A=7y9f_Zbj zMpd#=Z4Aric>V881h^>1g=E+AHU8V$G}eU0%x~zd#og{HkOI`24$mUID|R(TqI)O|jTxC4=~Xv$%Q)ok2lndJ~!I!%K7L9nQX2Z1jxoA6zkZcO>0 z0i4Vq_Uxsv#A!}XFhGavrp)?U*()cG~AMp?NlabCaPC~oU<+&hh&E9@r95dC*m45 zTj9F}aVEz<@4LXmP=(QrCfcGVa6_xg8#9M>O@<8(kqTx0+*9)AbLa~7b^hP`{@uK9 zr6&^GX`eyOAbh9$RKPnPy_8tkd77DL9F+ilaFwSlR~lX7kdB;|!j2U9297Ie6Qjc} zG@l_S7GN0>$rI1flbg$s{~OgfwHAs@WTh(<-Cn5V!WE5nS4vIapIfC~j^ZkTvt1oB ziklQ&@=K1MDeS;^JXHqGF|+}@`i5D`#V&rAc2COl9t3VE`&Uf%xT?>!?ZJOnjp@xi zi$c%9lIN5vWl-9E3Oj1P^NKhb9`~pA50Gol4f{3XN`C&`p8bHe({oN?$M*a!Tv@!_ zJDnjY@dvl%Qo~hr^{p4=2Y#c>T^4$Bnzm0{8 zvriLQ>K{PAkjsA*yhi88^3rle*r}91_`+JGGO2Jla*c*&p!2Eb-UXVM`=cFB*+muM zV^q(C496EUvC!P(XL``bN%ay#fln(kUX<3Rs!j=Bpt017Shz^@>qX8iUg|oK`shQA ze+Fzl!}40!+75Oy#FuGk9zW2prvDdK+_;v%{_jrn-(@=0fA?P>9#bFx|Bs5l?+AN~ z*JVZjr``8%ePsDpxOeN?zvz#K<|1wA|BqJKFUv|hju#rZV285)4zPKz^d>|~@$-Dt z0r$St8%dS?ZrkE3Nm8+W6UVQT&L6m46}kH%=v&Zr36Y*SK0OwdqY?9ptjqsz)0L*n zj5zEYQa;po|2M_A-t~(W<;U_o;-t{(f10O5XtdFh)&?`izg*>UmbejZW~5U0Q&<5Z zd#3gnIN_2Ve74c0CzsC^e1+ys-%Y1X6KA1Q;d55~j7WNf;#j#&1E*HTVMzx|(VUW8 zQF#Wdi*Y?=L7<5>vrZn=1p3I57609nK~G~-lOZmHsh~?kK!1B zBua~vaz@6bx@YhEQtV&r`}z#xf;E=)t+v7o{=k*Gn0>U3%jKj|p z>A2hZn~gbXl8wG;DZU@>2=k~mLV53|_#8K=2-^k>aqiwfYX8y^&H}sPq|Js`^4+%V z0}z`sSU8ptk#kChMvutrnwRT^b1HUy$R9*|une6tM;{t-N`9}D^t3Wit5IKdW-~zN z3v*$TR)4X@X33HpU6+>+M(UUmXALz&ilsMfWm$Mbl=%o5)E*MEFWZBamM7ZPvXG=B zM`V|trY&F4Oq}dD?Se_)kacx{^>N76o{%2DAZ;v3))NhGC}=<&mv3lF2bcs*mfB4c$xgp} z)X4isCk;rbZDk2uJ(eY+I;WI^-AQg&)i#ME1tP1iy;;@*;Sj{#qlOS-L+L!R(BrJ| z=%`4ojX1wlceccS^KLrgc3JJes&@JVr9UIMwXbWi|4w) zo_A;=>t@3_EJXiN@DfZMDd>5U5<-fJ{B-SL(iO)5P*(Wnzu(2hwKKm;96vf%tekG! zg@hr44l^*bL^4;HVkiG z1H;Nr+v{6^^WT7czqTz~w|UAUfV?=bByr{OT%d~apR;+Es|D{*b99!-{g}pb8CTF3 z(<{eWHo+#Nlh&v8*Ku`Y)_d62-{>QVrG@d^ z(S{lqEB%vkQOTmx#`u`Lgc~NjFss)J`iVodn5GE+in8U@kcHNxFI<@!*+e&(VZ(ge z^Ue~7N!9L1pWc^_jjorq>yJECV@mKVw^k$UWesr23V#TQ_=G$Mou8{}nbpvGs5B*R z$Yuqbg&Us+LMrwT{U5i_%b6d4AZ%h)B-r@2rD@+%3@>o41hrfaGFV>4dJl|x(E*FeUn5gBUU z9!{PfLI=sN`)FD7BJ&iS0zGW zE);(36qbu0dRNSbZvwGxE>BErMm-}_TH7GEqFKB8(o!YD5$h6rb2(G1w;69%#x!2p z(N>6t>KjHeYsMa(O(PN4-gIwpanoAlKR5Z}oObrA_qz+vjvi$i8>dC+xlaEh_}(-q z1X`u0a@w`S5!;73yw5%c(y*SgDw61u^`z%p zHE)N-?IUAnrLj-;-|vm9o@I-Qg>zK3-N3k!h)Z0^#&_9K6WlZN@ua`;9N-+^DNKMg zb5&{Vu~)dLdpybx%+o*_!krJ<+aR$H#Rhx|c5>%GES>ZMp0(~F&yhaZ(dCV}5K6h` z$l_E>d;v=cIrJg=WFtDaT%*NO1D2#4e9=XS5M-ywGEtved<>vO@~-MMDq4#@_!zpgF33YTwI{AbDB{-qG_ z_~#7Bto5a0c-u1R+wBz%!A&8@pI&br8wDq^s3P)Y)iEN=b=$d(Ldeb)Rh)*$nG+Am z$78;Re39>OOk;E0ChKl0K=^>@-tSvImMPOs^M6lE7&R>v!#=lWWm7D)t-qY)Kn*_b zW+}>H9MIa_kPiW%le|F5z-p+%0Xv}9J`kv4T*6lif`Y(#soRFQjR)u|{PHtk&~V-r zDheFFnJ=tqKOLol@IbQDEt_gUwPfETi&6GQXZr}%KH5=)hBQgiX3~i@-e=094TkDY6YScP6@~4!^;#hlM(NM6tOWycdOoE z6S=UZO&pa|d|o>Phe~tbg}xZbWd+}G0yX!zUaxCG3B>)-2H}n;iZ6d*!A! z!^-Q~K2e$6h$8N>OO;=aKi^Vnrw%L3El{aYmhD}@Fs(i@CYeRzCn-BT1Rj^5Wi%J} zb-lo0UFrU2s#Zr{T-*xw)iM`%O0@b$jc@LdTia?}9qWXQ)L(xYR}-$)5kz-Z#EP>S zw`Q@A(VS{C_Dp|=_3px7|Gqmye|#`%gx@R`5eh8cz`C0FB8Mikql@V$f}<7CE%~z- zx%$5Ohx>uPt^>R(R#gR@7icyA9DNn70&%uIYM3Se`YQ%fKhoL%{pgI1&y3a>TLC^t zkC44!HP1S4Js?L+@? zCyhp}9x?ZCPw#UGzyIp}WvIfQdFrRiWsN``L7NH`UVxRW8Xh%YB+&cLOUX@$UZ5SiuTIB3g_T^4E&iSNF6F*6D9+vD z;m;7dDBmt9>d6Ka_dx4Kod-_>CYp7L7wk7~@F-c;Mcb=Gx+NHVT?ysC>9dsyGx5LW8=HNKcWa(z=1h(iEj0O|vvb$RJK@UdMUo_d zoj#b?L}K7_gkaP`=o#W94=?=70hw~=kJsLM-I;Oxy>7A%wupi}Dv-8SVBrHH%aa@x z!+Mw#!+?ss34%MDS9Rp0w1sjcrnmPwMy7Nw%?^f2+ z!h16x%*p2TT3l9U-(_TUOnk%1T4Y}Py9pmvFAhM8>B>pP$!&m03y{hk8hwk58Rksa zMIG&@h6Ry9FwaJ_lNHj&>LO&uJ&0v9Va}a!iWIFk(GKVskP@9A5UKgD!_OJMo|tk~ zdiJl-u5hnxvnb}M&k3rxY-?(Tsi(yhXB~NIn5h=NJ@PZz>u~$y&02rE^)dEM4~p=H7X!uL&Y)y^kH`<&1B(iMUP}yw($B#hU+j(;<_+2#2yNsX0u{Ik*GmRpXdieLq9v z*eW&dged?D7 z$JwafrEXSM7Lk6J^_s%o=B!L$NGJU63OrVIf)oz99U6aAn)dt> z<72q_)w}B6)}n}tkofR%KT|^rD&DKm_Nl%YMH(@LLL_c{=u~F zvN8O|d`y;I@}iHeyb!an#iY2D&9lPI*3uKe-LhJ%h2q^a>Vg8t@mlRHn76#>nHH*_ z^B`?Sjnsx91@A{ppR~bGDwI;H)F8$VCQ#I9o;J`?F8_}-6z>t_yClm;e-9<~3%}qD zrDdHq*;i%;mhLNxi%Gzr%jK>!+z;Uw323o4DEpAtZ+&px?zU=jjOf{mG3R8z9i>Yx z2mLCn9wIHH%8#5B){GE<$Keq#d3Q6MUY<4 zpZ^Pk#Zw(B@_LPk-?2x{v|@h%j;s$z3vG-WLV1q^9=o@Eek36UF`2$0`H!}MSeuKE z3F}_!s1?2rhJ)FWjG8zW@_E6L_r(HjoBBIt5@lMo2J7Ky)0LIX{nxm7n zGuz}{5PVu1OgS0y{&WpLpw1I2y#izJN)16BmcqD|NLvfTAenvM2WcQU9b!a1m!EU| zh5#smNTm#Xojh5hdt~X!V#~oMMhe_fY;atuvNI$JvYN?0IAVOJt=0aYCo;2m>=zV2 z2Ry&4^wk*ItPW49ZxjA|P2y3tuu)u+F|g-vVOeJV=rzS9elPy_3oEWY2luOsDkhU9 zMyL%MAmK5{+=Qg4vhX&!#PUjhaCBq1&P}C{9!YM#Q&vvp=O9*=a#T^6N{sI3zMrXG zGm>bbUd2s;H&I{3&Nd4c)dG4xX+~*Ier*)LA}Y<<)9|7;vf0(#nM%RkjV|e9`5#s% z7DhNo*Li!O8HjY$PT*0g6nsqhx-la65ms%^H#3g7NEvbUd3I93(4#|asYv|6wQ8xJ zEA`RCzWx(oVljL?ba)oHE|kacG`Zaz;72|Q=4$j?hcMA?YDhlT&h zpKX_==F;>e)`3nJfv7uajkSxlL+UlZExPPkbtmddtaA(}#5mXTzKhztF@d4$cJviK zf$yk3+_AB^_#z~Pe?y>uC7enL{z>N0aq4PBh~jUs#p8l|X@5>6^X|@N)5xIb4CX?~4$c@sY_qxqh)*Ti08_+<4V4YxDr&Sm;_noYHN}=?AgLb@L+q@ zfbWXXWP*7AtH9g36uKtcfs><<$eD^<>B>@EvM?m(_QX^w%UM4VVHy!MGf}2E;TdG| zo#lIe`75s^`mQfiz_!HVm*7Y0CNublX@ zgloim-~d*Fmi^9RI6%tIF&aKbXv+^37bD@VPj++p08LvAdfb%Hymq_Cmzg`X$;=Gc^QGHSR^J>_Q zfok@bRqGZDl_GYcc@?#Zo;_A|;5k|;3s{$9s-Wj+Ttz`abEfyr{TJR<{P8z|G0}Q| zuviW*KWpiIY0tGt9hal8@{*yrtz$^H+qRdqLsJF8?!|XG(*_*7;(T+xG}TJi7ou>#M(KuE{amGXC1W!Ch9lvt`ZALL9fWjf(F#>PYiDpHkPw28|KE=Y?6 zvK;n>R&WLCIi~8z;c34~p#LFz%A2Y2W@903EbpNVlzBWG{WH69@bx3Rzq#>(WR}EtdFEd(tzTh>g2OlaZu-7+5n=gD^3O-+thHXKu})t zI^8FCfw{nRr7WmgD|ln&+dLV-62~0}n^aQDA+%0`UtcSub*rLNGkghWPQFckQ@TDj zZ_#r=9yn7yy-%v2Ye+s8Q{NO!`Ccs%rn)Cy|L52ez^S{Sq&>-MCMnIEWfe!4_MgSw zqQ11+*VXj3yve+oe2JeU8%B{3*lN#2(|Y)=j>-L2T^K;ahd(aZ8Q>!Hxmy7%BO$(g zFc@Hj7nhPO$B#ejBvSf!Ak2kBCPUUkDpHGOTjedo(J{LjxYAuebYKa1!qYV)<85x<>C)U$_sav-K!LR%ECS9K7^W}dt1)4@jhlZaznmdYmTv>=N=}NrN3lZ< zk{$JHlMHojLr?03DP4mZ>XYV+w<}=Pj z)u)!vyscFu!sU8Coj%=}JMl{&uWQ?ibM(X^q+`!NYG1NfG@38^bxtTK9L39zz0gv1 zoe&nx*(U53rJpd6s*GtthTThuSoMU9H5aUYxB?6v_5wFWcY1U0KZic|<(2l6C~{_S zODMwgX^zJC^AY5+nSu;kte-5eX!cBb9^1l@Cq)JMhZ9$`5!0Bm)jnb<>d z=y~<1)N*lFeWWk$vUjaW4nr~_BjLx0?|{H9C^8-OXVes&h>=#g)_bQvC_>ZXW_=y| zb}!4CL67>vFu?UX>FpuLC1XK%`lLcJ#eGVSkH`qVn~@URB&rTyH+$(@3}(LGKwSJE4-4~4z|j|egCW`CMzgIE*d|Xr5 z3f>1@)_*e^Z`a}7{ARdf`k{ngupN zep~s!1|H4KpP2ENAL497TBHx;?!n}50jE4BVn>dC%fynUX_s!$BYtYvyDKhedQY=(=>%-n9sI$!BSdd;7C zqAobAd8)R5-Pp2=LmLL)sD%c8bi1A|nxz$ITOxo0O*((@b{{y9GF$sGxvR<$9j-{U z)k4*O->uut0WzO>=pkEN$^=^Hdp^yK0Ry)J4UH!A&*b~$!s!2gvG#d2>Pc=9IWJWM zDxI{+zu_2AJyY|LNc!a$_Cb00r~BBCFYxW+m7`4VL?)Q>SP4!ZgxIX97&5>l=1dz@ z>`b@$5uXGE(voI3_AY5fu+m{K(j*pH(=`7qCR z>70Rk>x^bZf6K&?hwt(*15|_Tt+8^0$?m0`hsD-qeQ_0U?-vDuATSHb|4i5PcYM%O zKi(>0;mbZM7=jhznNjA7QXk7bc-Mu?#!Yd)dh~yDw8y~=XmZ7w zGp-rqHrMWNfU)JQZQsv#6F6%6R=&1XVrw7iKnwzw?Wc=nU*0mYH3}Y_M!!3n!;F8* z){f$%gK+T0-s&6;aeC?u2vDnlE&Uj;_TK(mWj}fB^7AKcNP;m3|IMa5J5m|ynNFcB z(Z2;Q2U-5d`DCGE>7ECz8sK-rhbeXI7k`XH?t*(p{fZnn0wJ^@%%P%&3wsG(z=@M^ z`Z0Rw>ARQXg1uj4zF$5M)6l9o*T$+#Z!vzm9F)dRr+P$B3pjf{PZ!K6C~c4z$)7V= zx=X;pClfQYqB68716oR{-(48bpQQF>3J--JwO)Ahjj9g#C7ZC;OJx#sSDFZM=uY-^ zDU6RE> zf=BPIy$b;v*CS*{BNRtRxT?h}-_0>p8_YOoZeJP*JIHr5gO>ZoVt6j;3O`>9W&HT{ zc`JeX$eml27q>a0ZS9y}n!cdVlitrK^=b9kCg0=)%$UOD!Z19{ulfID@Y=i3{W$Bp zD_LCozLa=w)J3}vnwR_u;D0%;PoVGIQ!MB62RY&D$D!#X1GLVES7-q#oYH&A+?-*a zR+X)?X?dV3{j^M53%btLj&#mAahvyL?rIjW4)Yzs)4!$gL5`- zIQnvPJrcj`$rW!>?`)m#k|SGOxcg|n{wnIMAqaL#EXi%xopnmabO0sq99;Al&Q79= zh#!-pf5D8d5q>5)o5U+qWI<83OV7|{)>$pu&TkGQp;AS*OQmX+kGth}k!W699*Rw_EKe7JRVt?){LTw@!%IWRLiUYz>D!U!gJu68wY51F5 z@KH+MPIDo|Dt4=Sr)?~MXP{>!P|?Vvbf*GIKI5>Fs=>qELMMBfSGN$6Yj zCGdI1XmIU~yp!7*{g{TVi8{Bpi3E68zU%AeZKxJ47C@&eA-wsab;XxEk_}R^`R53s zc)t>b6>f8o)x(w4Bqx@ZZf!B!U?K;?w^}x79)1_g?Hb*F3^i2L<{RcKRMh1&3Q3e! zuyGf0F^4?e38d1@96M`r4dv@9Gbtzwn3em+0|V0|cs#VW{DdntFJ92lah>}pBVu6M zX5_RrW(YXFKbDH9{Ru=jDh8^tYX|liqVocUVY!&rU8`24N#=Cj6W2wIfNS2YmRbEZ z(`nx>;9v?oLCNe9%2H0o_BeRv*-Lc7diC&t*0&q<-2c;~DCLU_!vNojWNDJTcvnOUPo9_wm8RJJ@ zsoYvT%f&{#-wingrvg?5L%~|PW__YCca72}8O8}|Dq`ra&6vTPFkXSR- zVb^3XFYAcSdi5vNrw2Y{x4K?y8+7Bt%*(~q>QAh7<@BkF!jX=UT-OKD#c3jQ*jyP@ zYFHUNqKbiINpU^EBlq0*+-Zn_o^-+!V!-`^_PgEzHucT&fm{d5CyPY!{TO@8!I z!EJ0Y=&8b0O^%gy-qSQEp9-&UyN$>2{?f2xO%o#F@tZ2;Qf3|B9MMWe;7nu~LJ&OO zd5TiZ234Cp?{e>EiDY|NEi#jkn{Rt#8d(B;EyCZXpU0{>USPX#QIqp_rDD+80e0dnJ~3qpO*3?)FC( zJ?(6w1UALb+$6&4b5mkW3A5e3Vpm#Y{p7C~kA-Zo$_=ruinK+qfLM{jFV&g%pqWt% zapqun{kLbPHVT7X2@hr>L^KphIe)a=0gf(LJ=1IwWQ-zW;`Y1+f3qL!wgxXSZAenqAJt*z*@U&;Myui ztv_3hzxWx&S;WsCw6fw>P~I6-vCr z`^{Sw9Uq(`#%~=|e;y6ayy#ISWixuhMy|e)s$9Egly@>D_~K3j2-p;PvTAa1*`Fqu zrq3i&bEe8n+LU0(6^b*ByN|kKQ)Kp53*X0LQw29gD+i2sBQ0_mv=}7pTl`#rL6h$L zy;;H7>?62u;@&jo#GvLW%MC@AqV0SMVG(_}S^?_|j^Oyh+U<*);kf0Kz12N@}#6YL)bw{6C&WGm;(kD;l_pZ#Ce_ z=R7fSG-ES$oa{(PL2g1Psf_EmL%fRIsOn1MO2*kO0F{hOw_Lpw)>nS&oHuRtPB8~v zu?;;Ax3KWpoLb+bkZ86{!06Ix`(Eu(A4!y)v}D^luaa+B@h#b_*9iA4)~psf?0<^V z0@h%f*9bM8dGZqaQ*r*+2?6p0T&2;8t^=H=iOy4(vp)ejH^lDheMf?TcWMl&0?ayC znq1+ifQoWA&J}a&@5=7%%+W+W&3@k6du4i!Fv4~D+)LT0lgT;3bn>6Ul2M0v+Y+j*GlM{E&Px6@ug0}NR)}$2NwZPT-TT~@K?fF<1Vc}GcACstBiay+Y!Jz zP-XqM2DR_=zp}<(%?peMj+31~)c#i`__N~HcF};CIzs-RWblLI#s3d9gDI{#rSZ^h z2k&>BbN;CD?3C=|GAButi?lKx5Td+8sma^uw!s;J8Y!iBQ@uAT23;_ReubsdnELI8 z%QT#Hr!`O<#U4fZg!x(zR!x5MX+9yAkFc%2AqgORp?tebHWr5MECVCvJcvP6S!d&I z!~Sf(GY`sMD`9W#I(_1uOvWiEsX|r=>C0Pfz&RhI+vhCjoe#LP#`c$c##0eT1(24w z!(p|Mxj1^7L!%=nhIn41hSq>b_KX3`BT$f}1}PNHuS=Dzwf-&tXdi%+ln!#;cy;u> zepHXNfndqBrW+JG@$*oN?cTURN9O(12)hbdQau!jM(WwbOfIj9wcBh@UZ}kYJDIvx6Nsx)%P+!TS{QI2?cUa_>Y< z&AJt_#nX@vrMNnw0{0W0^R7Hz7#52l&g9f)-tqK!i`dEW8OUNOx-0!x<}dLAY22xK zfdlyB3DXlv-2syogy9OtADgw29k}~_BepYz>l5{-YS%>^HeGMB?J$1q8xjbpWLCMi z4k6c%Gv-tltNMiN)O%lE3a%Fw7^PQGqWR#jDPSj{cNiX{NhakbMKMV={&-*aYPmbs zWoxRu7XQs_Z*O0Vss@@!Zg$udAS)<-iKAbBLKiahcy>6uK5k&v3k$pyC{6RybHv%6 zuRr|x(S-k)zYv8gs*>y^V$~?8{cY|u)xx&EGmc#t?Rb8JhB;pz&g$3O3Qpco zgVjyy9`E1m;}I-DRpW#9K0!g(2;Ou{!S_9#uF%}mLl7UaKvV;y4klS5#S;Kn!uD)a z&9!qDwOJ_vrj8$_>(2pABreL^GPmgtx)=sAMY9EDP=MZ9i5faR4hm7<$`ah=;#$2z zOCur9cA6gHHUY3&$F7tppzBSf-p~B4af52$rv{5E&{bb9(;}UOb}9I|q9Qav`5|e$ zXZUTMcPA;x(?vVH{h9!cgv^0I)r9#}Ls@NQ?y>G-7_()4|6FsU$fgIx$5R zdruE3MWS1*lJ@K{Aib)xxfT5C_g$Ja2E+4d>_oPv)s>f#L`wthc7(V}k%V>pFOZ=S z0&SSW$CZmu4E=?Rd@&n>83!0p$ln5%sWwE|w!uzRZtGMja-pL==Ub$>Hy$0*)@(mv z!KGI6{#RFFcu)S4szrpq=22ef~RIr&a$r~$o?Z)JK{zWEPF_)GWfp4hvUZrM(wJg*WJDI z$KSxn)i9%1xAQ|s!W)h9bm|;MtK)wGI4isX#K#4zqF&OTm^$tu`C^vmfWUP`Pn0Xf ze`F^`$w+-+`ok~SwNBDKlcFLHR}L{_p$UV}zGqhJwG!Jf z4=j_IDcnqao;V@Osn^5uDQF+z*$K53k5kP!7O)xtob9A0N1xD|Z-oU}*fy69jRrGL zef$NZ=_Kv#?+N`9$cZTD*FF9K*L;Jj_`@5i*Q0mMb%tPHOwJtCIN|zl5;?7&ZCc&U ziZ2QK6}~tEsp_%%_^a|#sM^0+Ee+URu3#I+f9=T2)oA>+VH%6jyzTBmcWRbROsDe( zrD91nS^wvxdOlvApZsp*(?WpOhKME>?)@goQ}Xip{l~LZC3>sF{@aAgXNV1fUEu|X zqHNjd=}1T?>A*z3by(H>&(b6Dxq@OknqLCfG=qVjFkL!?z)yc}27f|y{8_V3-ewfa zEl%6)YG9;iER9$*67NUx%w1N!w^`KJ1sbH7TE?H#g8$ z|ET|q{)6V@TyiJ_zo>0aeWWtQjut~fF?NNQ9Y<69yyZoutShs_omJ81w9{mXJf^vkoex-cPSIJRXOUkDBK? z?p8F~|AX)74yuN%n@hmk_3js!QZg9pVu~)2`o@;1^jYu*m3uho=Jr*s%<^# zJ+s)}kW=mY+qNqo7NSz_)mUifp}8ti55{7}!5e@g#n+s^M~WO6u0?$>|TAGum@wXFzC>lg*FU21WTsnHevB|8(iKeK^V-RmmheM0=QN`3iPx9UFiNClbs zJT6_{w2-ULa~1z0t`yzV$9>{dZ!KRLA6AGm98w{mn8YGyXz7Brqz*(l@c$&70r(b7 zRve$w^HXSKaNGQToL@c=age-$a;x0gkD_@wW9&psOar%|~kI!3WU9@}Uf zI(@#g<5SY7XDH*d>Hr{Gdf>~%=d@iMpiJi^>G{bm@=HWX#!K|2g7=*hSLw+1Ij7DZ zr|(+Aip_0ZOi`%m-3AiW#5$2ZE8rS|vn|jAxn}@b~=`*zG%w?{x@f6s* zyw#j3*0;4WvJNM|9Pk0sFPJ|9{eE}_dTy#f1(XuKfdu*ZB|CH*Rh?oq4Bhpfb}z-- z?MDIgje-vnH>g2_O(el)1&MFNWtDE(U1C2qUnwzQ2PHx+UtC<{Kp*5EYDmr1`ESek z{!A-AX&ZCZpI(P@4;q;!^I`Q??YpV0)s=;R{|k^9u7;UagEKxdG=3a>ryc^7r5!oG zV9IhUFqjlqi#t^k^)aD!lTVE{ZtZu=AY9O4OLx2EK> ziefy0qm!PHA-1!h+yVqX7kEnEl{zi-4hD&Yq{r4L_Qp36Q80n?{LM1ysD2#Pd04&Y zn40rMvt6ob<(no__~(yaEsMdGen0+A*@jLZ+W`JG9(vx1c+#O7#XI0=RQv95U5RpG z0(4`sQoQXc%cc9kv-87YBRmF!o4vLkt^=%|)U8eT9)0-8?rx8fA}E5U)A|~L&l&Dr zX_|Kbp|%V4WN50N#s^cy@67~ij)tVW(s3qWBKRslZfjw2d1C|`UoeM$#K9bssb(qU zK47a!Zm|n^D}7x4O7-2(Cjyj@Oj4q>I-s+$RNY}o*h?GE^{;@5r|R6RChT<*j2YTw zm2X!Ldk|Qhds|c>hxMGT-~!kTD7-78@`js!_2t9-_1gSFf#>NGZb|9mNhxMwh$39- z4%ZYQQc!_qm9PQoRFM$iJOz(IY6rE+gKrfFFR*sCnZODWl1@9Db*oLIY@h2zR-dFU zDhH*7nBTMi=7W&c{hshLb)>SiEN{5hfcnOM)4SDMdp0A!VJOQhSa@kg`g$6?-mD%( z^TCt4^E!{m(vvdu_;y6R)NTm<_4f4W*C3;gG7rv)qHv-AN;OjMylp?PDKEU*lADy_ z(Ykx+g2T;Q#BBF|IU2(R7{QJ$y16_-%wmdHYdP==*i7#sxZlb4%s3(I69Y@dIiH>j zEzMDw_rXJ?5bkB&SB~qh;T=>L7Z`EoJ*?7jl0Ms`U|TduXR~UB9ktUuO7=>~JK`%) zlp9?A!PdWR!XuuFkT$=mU5V&FPVqcmMROg#F}g_?eATv-wAc~uW=-@fuix$WJJhdRd+!1)luW3txy7X!{C_obKK@MSaU9<%NlNl7CqIg; zOny}2xH7UIer=gZDOAqM{HXaEljZj{Y++j{>8yp3mHaxI`H|#TPDHk%W_Vi*In+n| z@UVxL)WmuaB(NdBYvqsSHxV7$I%TF_sE%JetE8?izq(;kuhU$EGW@(_n)B$8u)D;x zI$Y;$lwGsAhrlY2Bc&GklG+EXjxc?8$Uyy+ajZ_u`%3t)J(k6Ho(l~83Xwipa)Ub~ zUBY}&qMK@;{*3Z+C{cWy@6$UzylWYByM=GZJnL3t9Zh{jri_oamz1v7>my0!xA^3S zYrDGTu=d3a8a0(RKTDTEYg?z1uPTxdg%P1nhm)~N%L$J9VrHCQ0*j!Qq8m_IuH|2T zPsM1eX%XXv<}uc(ry&9Msy~1xGA&g02w{yn+ZSxp;tKSN1I^uTbQ#yG5;$Ypa|hM2 zE_68%@U+v-2dtUu7D5$m{kikvjENZAqm&M{sa6&T zR&ARx@?GhqN`t7jw?s91zPuS;Eo=FHpQOGbRUxM@vUFB-Edm7Uhv^Y|S))%ONAAj* zs($h$u`#h|7$z>MN!LPnSiUwm(XuMwvuwOCf8+uH%akpNC1MWLJG|#uX3nov8hz$6 zmb64)Z;tC1B>?Nc4u&MDm8@#R%?V8pgvuUMZB%GR zPEh#%Z$J?@6cc!Y(ygWLt-p+moUV8qt+YJ$j3PtG=Z`qt+Ymg|zfOX!+{3b0!BWFd zdA$zCP?+hP+^i1YG`WClQ+scE_8=2HG;uHlSy=W{GPYQVSJl%{$D7(Te{6Q`cbDc1(@|S8xHpBTjEQr*e0Ho4{%qWFpi>#!>uLtxmTz# z&oQ@3V$<>TD-t6>#rd-731>l>Q~{`--CB^XKKXb-DyTcI74!K@)((_TkTBUI^nGqk=m(+!sOe-8WqZFW+mgt~ z`}2VR8B&w3*_49X^c!crQNweQebJ)dxlugevJJ2F7Zf77b_ z|6_dhax0(bbM?SCs~`e{43{(A6MaP__{oPUo1knRg2Vk P83^PEN5d*kUQGN8TyyO3 literal 0 HcmV?d00001 From f8139e4739e10a76d053cfe274ff02aa46cdf40d Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Tue, 26 Jan 2021 15:04:29 -0800 Subject: [PATCH 48/68] Fixing typos and updating --- .../images/false-positives-indicators.png | Bin 14102 -> 15655 bytes .../images/false-positives-overview.png | Bin 27939 -> 27865 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png index 733db3cb46935defdc17fb312d25c927ea95f178..e30347f04cfea0fcb937b7a1730202b307750fc9 100644 GIT binary patch literal 15655 zcmd6Ohg(xi*Kfpviim=MQbnYfC`fNd=}ka-7diAMy@Ui5=>jTEy7VRiq?ZJw3(`v{ zfk+7fLMI^*0^D%U``&-x-uv8dKTk4y&n~lO&CDvlwI*8kr7HDJrkel&fLdKm=@kG# zaYR1fyMB%Q5C73gK`w5*RWtPl0H|m$ewW7PAtV6cAwXT}xj{hYR+ihQo3SMZ5w0kyK*?0{1`_OuOtI*d4U%xFo_SJsXiWrK$nRs3NwMZdYpF2^_<@(Ua z{X9qBv99QfSH4r!;_U0~>%kXg=#6*nl>b!R`TtzuId+fk zVCEcW32Li6?i%&M=EzH(fF}u=+3uhdP5U;5Bg%6L7$zh*&=&Gf7fdKA$HGFo8*;?y z=Fis7xf_X-4m)!A`N|WA^`#nXrJ{>*301Gw=az0bTc-oHO@^KSp|hSV3AyMmz-aKX zwvTf#X}B%@_GxdM>@KGNnOgo;VoK8|?FjK`l_z7Qll}Akhd`N&r|E2pubdTC&7XU_ zS|JCNHX=fNw|h=6UEC^!)n?cmv4`98h$hr1Vy&9*Jq@)4FfPXaH= z(_Vc$5E1;DOOop^mnHdL&YK%th!2)v!58DCZreW12q-Z6BnsKGwZ-^s-h}?x@%hK$ zBZ@+oCC6|*lf1?R-a+K}&XXCr?$V|GO~UyOjPa)2uqWNPIpm|KHE8dmwQ1#gjXy1s z5{yAk3*{~ow#=XVYW@gB4+%ehl+WA1zL_vBv&lwuq~IKN))Vx{<$YN#5KHfxfTG zN~>Wy!C+KK+TjX?6#UABl|{-{HE{2z!qExrGj;R{?~%E^uI2jTuChX^(X;+hs&K97 zR_9kN+Mh-c$7`zOHbO1!lCXbN?+T8(aS)MRgQ?H91?fOT2VBg{`-yrbDjXRZYqfpd z?)RF#c;dOc)JvVHAJi zkQxR3S4uuy*?UA6HE?#k3O{F9^n{%!38gum571b0UaLzL44<(X@xO;JluQ76dFc;$ z5g~D|6Wj|IEZY>x-~5@n`yFpjV;Lqt2rAF7s?ejG4zkz8)qexa7gOjeNQL3*>aGs@}ROxQus?x;Io! z3GeX+a-JZH{E@3bJ9(>^42+g1ym2Qa-um~F#dUH6p_Z6`6io~EGr;a|ihM)oC3^#| z+zJ=h%Q+dx7bLX*6q#iUHc?1lVcJ3(i~XZ@08_oZJTo1{5hX;ha>g@>&o++)E*?Ep zq>=Y|G zf38zK$BN$X=P|-~vx4`3t#E}>@Vv}avp$(c7_o^Z$pD^Ahyo~woBJ(?dal54o-cMr zO5g)RD;!wq0qEO+NB`V?emz+0KdR{p1^WeQuV4HtTLIkvshAovZX+5#Iu4x;!FnhOXEj7vD8+!<&P$yfrYsz1j;5r@wMYzc$>UbDhiUuZ!WaUNsGH{xL@`#Sueui zXhem&^k&`?$n_C`fd{U2zQ}&I_}$CkszuOGqd@)3tR% z1T4pa)(tfNA#ddf?&i!{#Jy|Oy>qs`v)%N#8a(2ezh6*mYS&V{&+W-Pka2bUo{y$F znH)^Kan?z6&QUaMxjdc{Hvm!L+|`sbtyq={Do=c(b{SNOG&kC4`bg0!mt~nYDd$)j zj23W6YgsXpO<9F`7U@VjBPO!%CUjqWrocEqc$zc5@s5Q_qRKRBXMVcuu90*prB}b) znr$~LhqLbFH0&U2N6R1SNeMGG?@GF|P^LSVC*J9~l={smqx>L2p6FN&>zlJb-Ek(k zI!S5pnvAIHzuESIQw#VhU?vIQfQm(tm*JDVN$l?eybNaGaig{})96ouAH!=K-LG~KxVxzmoFTyukQxe-q$yef-&Cu-D*cccVUF`$+-T9>Q)T7Fr6@V@9 z*je}i+1|JkwO$b5Jqt{iXeRA2X2~yZ3KVS`BYNS+_}ZLFT1e^0Q$t$a!lR6`>*@!R zo=lBy`m#w~jdRb3JM}HF(=?=ZnoZ4}TsOV=G3Bjt>rK+W%}Nn+%zM05xcUh1O)q>r zx>zD-Jp361iSM*yy|et>y&t>|NE2y-`(j@6xf>eKupSTlZInjVKWUm8J^y00tLc3c zXjq+}>yzc=bRUduT$=OdX7NjHONZ#0jJ3+HA9{b&cMpGk5Z6BJriJH5 zhEqk;YNUyXKV%rMyZLxfG;FIo$%YhBa!}1^;Rh8;q%}VD0xlGPEM=r*)xT!gQ~Ql< zJN|yqD!|g8)NFkgg}C)oj?+suT)-&Bd1YR4<9(4s`KO+$UX?MAA+JgX1bFFMJ!Nr7 zI$PV=C(R2C|$XI`pKm?J%hV1oh;Xq?U-?ZnIv3ukG{F)53c zxH}5oy6qe&NpPR-%Jl&5h(OrJZv1(9OQIG^$W#IEs|=honCvUA!#Upc<5R|_A(Pir zuG-&=uSPU*k(~S3`x6;A!%laHOxU_CA0?R^_qn=j6zemn)~>zr3LmmE&1eW?yy z>6p)FwM0mV$%AO_5Pf7d^W8U%R#cBPUNm>{cnP2rf-3+3iP=8+a zu@v?QK)VuSHMxQX+npBj$7u&B!dbNz! zi~H*)tbr>rd#p)5F7E)^5%39E>M4nQR0|w9GW8s3pnF)9$ZSTH3lHSv$sSgYvZfuU zc++p6Hd@({1!Tzc9P>}zb+Pf+@6%yu(x>O}^r{%|$43mIZG`HcmX286a*EYZs>!AG z8UTU^{`d@bmImj`rs)U|cTPI*SPqrIY3HpZj}#tLm*;i8YJZSVV9!<8DAtvvIa zpXYztu1$M^Sz6$Z-k=HoL3%5(M64gGkR)Hr4nc7|G~ zg_bEXg}m}dP%+2A<;9p8x!j@@;F2%ciY+oj1@9UvL2M6 z#BF4P&@{)x`9^hiu!bzRQ8gjKq2De$=4m z1LnoXaZt1od>n7P?U-5Ho=_jW;dG$eBGFeyZQYwKXveSfqwY=}*uh#>sr;tqaJ^h5 z{|y@QTz_h4P;Xj)>TE2DY{@@&)^b&JF^7oVf;hd6h)ZnpvUpee)^SNAohGNBm2f8| zN)8qyO4EQ)Qpst2H#jcAN;K#iy~6S3JXLL?+A)V21E{^fzwg*)R-p1+Pnw7B(?tGq zyZu8?J3hike;e<=lEbEXW#pad)NH>R&@|p&AIQ6q5F>dW3w?T4>fU;(m1=aR#a}f9 z7$96l+%E)&Q&bBT;4p`MW*vw$aUO(Fw1}r`0{;DYZ#=)kuwXo>^0vio###a zl{C98={%d>FdF$KI~u?Ah>4G9BixQ;I{rjF@r#0GM81>pfPx=lZ(aG0PaM+F5{n5u zGvxnR68Bl1iuBCm?U<}>S3g_~$HL>Nd@`6TUa@B?Mo4;x)LiRW1^HBbsLY<>VQD*x zZEHkeQ-Dv49i;Mm=P3@ZjUbNl9k9~$5cUIZ+rpcJZ~B0L@oViP@;omucQ{RzMZq+Z zK+*HMm_(?-V$ZcHYG3PSD>gjIF?Q$2p9RcplROZ)-HjKuWb3&5k0e{bV`<-S-Pbr_k-p1ep zfj6;YE&66>ua2J@^*5P2S-k`Cn4i?tLhAU0OxI4ikyPn9i84VdTbTy|a4YYd0}QL0 zD$;DYQK{sgjaMvh#2)avBfZ%NMKqi+%jpW=Ji?9b;P(85Z_$3silpzj-7oJ;zhr|C zm((urtNfxl-cM(+1W&OffUAC3XSUH}$I~Rq^w|&n!@uQd^F(%-DF^efEomaln z!qb~rc2s(t4JK5YeQ-7VLzBDHlTyJ533UU!qp9lrSh^T~wpRH3%?w>&Z~OhzTc>~h zxy&L<$+gSl5k>>363Udf<^gMU*nWgWtS?4GE%PP8m6yLt!XS?VaP6tK8BT zypjQ|O1E78$E$v=`q#?NwXbVh_dLw00doUiwJlQSt=IwLl&jL?lt4>OikR+mV3vs9$;Qe zP;aVzFX>X~-owx5U=#rif{_4<-zdqAcBO3ZE_SXj#R7%1&6B}aaSqvm_HOQ%|B^tU z@c!$FZ7}~l7(XzE_df*_N7xnQTQD?dtLr|5FrDI)vs141v2#+m&w5~SK?Vxvw*Fh+ zO6@y^YZU5i3-yvL2XHYru!P`^ zLy{qs^lHN11%0O-6 z1y+HH26>NbOAInh2kd}Q=CVLcOT_=j)XnuoOM> zcb2c`Mrm;om2l&0<1bfU3w%;bHDUCCOnSp04XBXsYhso>&(CX8v(nBwS*JT`~A2`IC*|&nzPHwfL9#}D~$-)X06X8wjZjb}XyL7ruMm&55#Sq^I z!GP(6pcMt?pg)r`A%w7V4{oGOiU0X5yQ~BEZa5Tn7~ea#b>7^1CJzuy2-=BT?Vk@m z7+l{U0HS2LPfl`(r8((o>!cnJQqSgBrLznaX%&np3N^6SWHr#;-@7Mj!O~FnKZAW=Q;YZQ9!&F?=PX%noq<5-S zkW@(Nv><6J9Y_`T2A!dIa zc16=IN9mH~`Q^Vd^yPNjFV|4cdk@QXtJg@)R!=1botkpf5#N*hH6%wsk|i&r5L!JN zjb_MV~yg7C#tOW!F|XKTv4%5UCLFY~Jf( zCTRB$4hBwu&i{nbe0em&Oy(Zvc&hv=aFACb=iyMS|MO9L){6;U|ZQzZx`ACER< z=VS-1GJ{$sQjR3f_kYibqyby@-oa`ZvyO$@5M*Lo5O+ol`(*!b!XL z1E#RkdT=PG^uF!!HVRiHQJCQY4@5oHo;cl4ZPOC@`S1=oGR>(dGoqrOF}I^2E_2wN znru8UHW2zd$i3~n9Mrpj55xRcQUH8sj3%Luvry`Ud4KDm^Aps0tKrVGT%-I=>B{K3 zdYEy7+!7nZRk|!8hfzBbVC!y2)<{8;P7=`4L3z2|A`H!zs z;%JYh>hK4b0I!3{M6=AGSPQ5ZT*yfL=bnFJLys?vC!amCH8E_2i(=lp2wz;-AJY`_ zgr;G+xcnnl0DxuiA{Stoj&_n3L0(;o7g|Qp^F|ejWyOM-9F7;iP7?aSB}~TDi=tD? zVTY8%FUitr!sp;TxV6z=IUSe?UQN@AkL=cM^O|wU*9@io*JKhqm;izu_AZ$%9d4KFa1w0_TSM3Whvfj|-#ua{{h=IB zHnwWonYQ$wPrl76JrTIWm1^*{v>2Rg>fWoxv@R; zCC|heyP$GLn~Z_aOt^ArGygnj2WI|8xpV07`*M~0h(Lb&C5=tF~=yr-mf8z?6;k6dc&=U6H)lK ziB6N73DDS8hEY>lEWOjPS88Sef<$oWovIWT+_YRhoc<`$exNE=WId=QeENZ`iq;fzwN>?8KJxn-nMBvEDVtqfu`B|V z;qIwH3U+(D3$OSjqFmPV9M+b-hcu;uZPRgIs_gH9Z)Yk)ZUR zPeCMjl}{Xg{H%8)*dgN83O18=HygB_MosP1*C?*_{mO*yKAn#2)04^*pEfAMbN-)@ z*N!2#5lu35R5xYY^HMBEP#$;dw83QLI3a|z45DsDB(uP@rDM*cdBTgyb2g}dGAiuv)l>z;gu zEiaoUy+=jn+8jY92l19DaAq5{9w=ShY7pZfXYA<~()6(~aN2o24^tA%XR%+NUFxtV zT?`xid#tr#7X1>%HXCn)5YrP(+V}uRj~oZ6N$q=ry^z<-NL{j7#SX^O%9%#-J5i_K z6SCKdgL_L)RLwB^jnK*5I!U2!9ib3^w0ZcTuXZ{W69NlfYE-&4my~O{gMt>v*J}|@ zTC>@$rOhy2NIiyw)_#q2gf9^oGN2t^rx}Z@aKPQ_9sX4RrmxN^TjHL_%T$w|H|c!| zmx4e;u{8Lp(Q;=X10pxkCcwJkZ+%REj0L3Q%C{x0_we8o9@p>y0R zyA;jSRyP|G6rWxGBKN%c<+jf;3X*a{+-9QKVa}FEq%LU=H$;63F?=v>@!Uq=W(qH6 zMi>Ck=k)pu$*~j@jYuWmu=(E5x2K2hKhtB~iZcWR4WH@l4!99?d9~-SEBkK_8%_6w z_8SU1RR1urXjIhz>fh8a&7ACy=GUe=WpLL@if{U*niJp`mhpaiLxT~+iYZl&%(R_G z7tNPW-uRr0uBYb~vx*6uz2ejaJfEo)R@iH*_>tOzX47a|#0^wdD=fz*WB;1N_JGVW zuZ%EL8zW|!DNDsEZ7us1SY^a|{II;I1!sg?{|J=efzVeqUzHXd9EizAW9o*`(wH_6V(Ksa1m{{5`$TxgMnFPx`Mg0aMMF=5dc2qJZPTPAG-wfolvKDrDW z*cHCti74PULq2TT9gq_{+)w1EXyRyie5-li2vrsLc^W$!GaPjgC*N<|tV*qvbFIR# z$9d27-Hu8ZwGYZ?-Mpu{?_Z|ib%nJ0YrIt3gp3f%_naV7!+Qg&LdYWYF!ag9#>lJ8 zsioqi3kF<$x1XsBAr{Pis@meO#hxpn>IK6|23`%mPZkfVAGh*g zp>n>Sj=!(K`LWaA8r}|PM=l;%eQ|_-rUN-55A>OCk3DU&3_3ZOa|u4YbB^(`o4U_N zuNH~wjH|%vbHPcg8HC%-JoEO_Vr^5~geJ-0w(qCSq^)a`Mb`183e5U3d?C4XzPj`! zOFZznjiJ7JoaxcO2&C3mE)+PgO8AbV5^W)Q3T>~&`WXGD-v*WNwf z4+9$$jF-QDY&W*ot8}SlcaMHT^OIk6nuYTvpcMatZ@fz#667LCPfK&q{mVo6miQ&L z+=tZow(3DM`3J=eY?eFf1zsqMTme#GFyHTHZs@zMh*3EvwjLj@MGj4!0M~hT9x-77 zNm<#oXoEV9!Ok#9_7eA5Y6z=NMSl^!gstkL*IBi?iqLHh^y5{JZjTDe{=M&5{O?z6 zYcUQ@ZYMK#W6A^p6g&U-&zrg6Zbigca)mSpjej}YhI#xOruFn-Ni)x~W$_HBZu}3) z?JS;0P#p{Td<&`Zrd{Q(r1yf|oRw*0%R=k+RobRcfdL0`1M+bnmS2XLs> zzxrc63%>h8@3FJtqY|xIAqdgEV=)Dw*>F;SCK5O~Q|MxAR{F6UGb7u(_jFRu;x?;X zkPoM50ND-ya+_T~_|LH6o1nZ|U1SE*A?hu^Af0uUWN!ky4jE=K54^>u)MQ?iS@K-Z zZcE)9VEf{|PKP5aP#ydFH(u+5->KARY&2AHDDK7$ujqs7VQo|6rU4sPazaWd*Js_@ zV+yhtsRN%6kH(ZQ6*yfXBU-OT1HQN;yt)8Y_k#itX-h^DvP4HO-M_5=K$Z%&xp%gV)wWBZyEbJo7O`T!%YMa^>M&U5Ff+Ji+jo&(@tG&Dy!U5} zi;3mpM$L~)-&3Ka$yDv6M8mrh-BMAk_h9trcZd__ihLEif2aInjQs$_d>f-6*2K#; z3XbZO@1msl=gT&xYM;hE{~Tstv3`QvV(}2$==RCUYxhXj^P0>8|eAy~74D=MG?Tv%8vd4pfZW4IQEuyY~@ld%i zJFzlh*~F7+ye=hY|HobJvQ2l{odoTPrKdYDOR&p5j{9K;F9q0}g`;eE4R?nexSOr} zb-Xy)4tfOptw({!yDizA1Qx_?kB{IO_?p6`EbMh%Qom1y1=?vQnUc||!PeAe(ok3*yszfY zkWVrc;c`Q_+}DX=MB|ZxFEvBPrF#91<*g*hN_u>;l~=h_$BA49s+--1|aCj8r5u!=w}t0D{wJXU!j! zcPA`!&@?RTVw}03Gx**tMvnT%>m2{=UDnM;X1~(eeT3sPcFL}-qxv>xqWG0q33@}S z+fN*b`@N+x7v2kkwUk6^fsrkF8(*RR$G;*CTK03Zg+h3(kGbAlFC-N>^rMJCf1z5m zH9Ii*K}ObkJVO1%_IuH|&FJ0cpG{ZFyhz5ifS^q^B z*gY%tZ-|ba_}Kex)!PU$=}OSO-nuHOEFVk0xPL~eEU8@Hr>+S+=T;1=fO=(5NwK=b zo$-I%YeoK=+aSmPq>ksBl`yWaoD<>CBzDHDXYqF%K38XZrAZX-Pdl4OCJ~@V`zQnr$y`1(IF z!8$Q|6dUk>p<#hzjzh_H|9g^f#45Yxk{;&Nj|s%?(w8%IBs^VMQFkix$I3a+EsGcq}&xi_CVHm|not8swE9lYKp!(cRh7^w-X*reE> zygYquf#^{wP0m?~Segs07x#MeoMj+)ycSR4N?cJ)rA$rC1qK$9?t!9P<;h=D8}Zk6 zM7+%;sIya17AtGz7)8FD#~p670$g7=A)cXKz+9-6B)v*cTWN%NBgwrCaT%4-XtW)ik< z7-g=t&G~lg3wqRH4+7L|7BaD+ytSI>>dE@sd^;6K2Vnm4n8ay$pUJy{_cf*M9A&<& zGL;un+p;p9wyMcnamlo4711?3j&F(bh=61au4ADh=_27GN;$tGpj|!*B04!Y^2FNu zsO3;{k(P9tIHdAY`D%g%N&R|LuUnc!SM6R#-OUmt!XviQ@PiYAw>x#&OAS)i-NdgP z>%H7lU^JCdxSDDNsX+4(a7W7#>WB@0mL5yWffe-EdhkZ0nFX2}^NDdS7hR1de))r? ztG5hUx0a|Au@o={uk}kP9@JL1Y!BASSbE!&-hTt(mQW5$_H0&!+b494_dc~Sd^@z= zA}U9t%ctu7!hhb1ZZm4y)?d}c(EMOEGk9^v)eM8VG6GE~vHg~^Gw zN%*7NoyQdd&DbkrPv?%Q3zPaFoW_zTFAojg8QELvELb*) z%o^UKd#3eI@k+N&cbI4TE!g0%-VlXeb_xf@5A!{rd}5MR_Ie{T8=G4qIa468=Oyt- zoOLbz7Grg&nO~qP4G5H{mU{GS`CQj#-n6$g^2I^GR0yl_rP$6@&-d}!)z|miw&N00 z1RIySI4$!XKmns?(}odA0^QYHK)H#nBj)rRFIgw?mt9{@>QjI72&@P4n;%~ph6Yck znoLdZ_8jq|dB8FuCl>wOKQ@|kHLHZocP4d-UCK8sFhZ|-l?{f_@dwXy_U&r8O68$XHYzR@=%7_uKLIgK>_OUZc6$h6@g!8kD2Ve3c3c^ksRflQ3q) z?}gOn-}%{r{ki$73GRPCU(Pi*1;xEm-VmWq7m1_Y|2E}n&103U*y-^#RWRPz%GB?^ zck)M1szAdx&Lvgm5wx@qoF(O+-xeRfk4>x2OO3X}4?O44Yc7M?6PJ>YCT^!%eV14) z_N|6`rHZDrks3Mf%0{~F+$F@?iqa{qd#SZf8hKHu<-#eZ#gYhaDHLyYKic!mJ!9v7 z9(6h%w9Dof(H*V%t>eiOv7e2;v*6N4D`K8db=PU0y+6RVJ5j)?eDT|ZxaiyM!aql( z0NRO4#;Y;2T$z5=zWzv^BTb*B-ds zGr!yFl9z2qAPJ(_BVlXv9Rv_XZP77at@fwGB2OG!PO<0`ZKDx;tP2?YE2=2SVdS?h?gw9{Z#ROYwgOzseXM$2+zVo6VrCy%j*n4!0X+st)+lF9 zn7Iq8evG?qN|1;e0~A&jMHE$?9K$?|1F_s8K0177c@gVlh6{lRj1M?|NOkbeJmLVk zI(L3yIW4FzOp6i~^4|8z^(sT@SQm_l(_qVdj8xnkrjOBj*Mqk#R&6+`VF5g%Trp=Z zZo%}@cDJ^^l-Qb~WN#W(DwZeEnj)|b4MM_pTAYM!a+DQzYe}mTvys`b32e&MdZge) zDKlSw?xl*r9yhnu9fx;(tD2^HnmE}ZNbs>3-fy4^gTv}TgCTcmP<+|ATgRr51`yNK zxMx!?2=6s|(^_EL%;qW}bp4Ot{3@3_Vluu&?$zAV?eb?5tfRifHMTlqF^RF@T5Gq2 zomBIMkCmFhTHOn&}HS}q&B?uwpr~!o4i%5=&^M#t4Cm_e__JTq&MzM?rsofE7xZ3nhGo?UNm3i z8?E{c*TpiWiKnsdT$xm@&`}uia41IX-A-Ix(jT%hKie_m(Jy?3OJd0zw{?Q1aTu9e zwY(W75$VaXb<;cDgMXRvi;3q(epM|gRlypw89{Pw7;pXZ>iKR-s5P&THeYZ>V|h4v zTKiqDV|C6)TD9c&%B^q5x%u{Y9}aeCy+Cb&Q>`31BsA@TT67y-V);)8P1Ty z;AQuZSIJrVMv5#>DOKJyE~p{)I?%SyE0EnK#3K(%#OUq1XYHS=re<9e3VLtUY-=6# z9ha3J7t-g9@zHKOp9`&yTO6r^Uz2w-;ODrXVc+P*HM(iN_;W(7=}|oNQ25~hcTyz5 zzyxRR-b@)hik9|mqx!a>mhTp_Zq`=45x5<z3qD!e&ZiLE9#y=rwroxfzonhrr`4?>^{*`iYxYxj{MdjTIHG6Z6E5v$ z;`&blb19E5uOf6wNbDtCSEo+20n)23q8Je;tF>~2zal#%oa1F^bXqmNeN(B1QjTQT zL@_02-pM^9nyu~t-TOF}NK`nSo=j<72br1U9jn5}S7ulm__C2qSM5`o8TzZYTa=f3(8z zgI&CQYKOcUajiL*yH#<_fuBV>2)Cxfa7)f>MNK;RX!kLvFK_>E{=b+~V$#_CQkQ!Z zifw!2D`ZI*+aOwWhXe5R+S5p*ajIwS?iZ?{CQSAh0^ zlVaN6<^QS#`+pKMTURcUDDMzJCyP7nm$}Dom%-JJ9vw2bKl&#X<@G(sK&6VP%K*2F zP#pQ7qaf#e007L-$uY#=YDK&vu)W)bW==i5%Mnp#uU-`a&$g&@ed3IY_Fk5bTCyU< z;FU_q;OhF8R*9G&8J-f80nopVI0<4OkcT!$0MmWED|f1Bb|+jaIgsNm1HRCcQo z&MilC`dV;H{eUIBpAASgvn)>b7K}m18<&q>dj;NH16O1x?re~A9_h-5u+m#2{0bW1 zv6)apQ*by7svIp%Ut~7zleMJSYhp*4a`it%FCm#_)t_lbVQoKeWrJ_5e^E;vN&U+|lA6FtXZ_I-(yGL;FgJLqDw>6LioLD%A!Uo?MN{|8Ev`VW+(_2SY! z$^RzBBk(Jnp*OMo z?Eia1(DUSkIPD)-FP;gV{LkzEnZf^;^1Q;6#?C2gjqr_B+|j^`cGQ($DnVboe*eD! DUFA~h literal 14102 zcmc(`X*^q7^fw+{)zZ=lEk%dhDvAzTHAQvOQq(-vaI0FOi7_H1p70g38aFzxVoC@atzg;+>Rp9_D;me|`FrW+r?>LgmH*XykCF*qu`yjaM?S zr+#cd+Guv+wuFk$+AF@eUZTb1^}Duh*WELBj_x@jt2Z3-CcNHwguJt0tUZt}G!mM! zDjnqnzni)%4e2%^izbhp7fKz=N(cE=QBhZ9xfSlUE#_J2?)&=NCsSrIa-!nZPBGy2 z<>P;Cx2XB~-f;<0dE)B-uQz{~`HZ|1Y?8@?DB?Iayoj~Q?`>x@gcB1?K5T1jdd&vO z*uq$Dk-lZ8-xP`Cy)V5lHhPtgDWyNdQENA)mHAwYKkho>PVk2 z2p#oedkQ?X*VovaD;SKF=z1p3HoUjw%S2$_E!rlRu8nM(SNedL?AkNEmsV9MUi z+Kg_CZbB!h001#>hU~;P9|jY*gqKX~ofS*8HW$ui=gErR^HZ&GPE-I+d}eB|&mW&0 zoOa*rPGRPB13xWRn@6wE+Wqv4Almbs0ys=H`p0x2v<0Mem@#Y$)XClII6W|g!~&}ZBuuq{+Ziv`7Q#B~~P{VHfibL#HOkx=U6gzvmm+x#g%a5Ua&0&A97| zO5FL7LgUrXHTQ(yS2U9so)Y1W^{=w&(R~dGYF-GxsQY7ns-4-4FF@jIvfR6Sf9AxG zTdh4wj>}oywQYUPD6N4Tj~Gids^psO?wD-;>+bV^6^r+{1);erlC^JHPdtQ|cUno?kc39_;SO-BEm^ zP8J^z41Z$VGoSB5?v1y|3eRmfU+B#RAZHg1&RwRS7pe%q4?-#m!;j@d+t{rDlVT>E z`nOm4X)qr$GB$J{s{jq~Keu*imbN#8@g}~nCMtzNrm~@J!UJ4Fg}Z{N%}&*JVgz@R z{jr{e`(>YJUzjz;3NZj2nRCDSqwkj}>#QAF(j8L?`2L0?5(W6}jc(Z3(REnk zkCLWL%a-5`Px?Z4D*~pU8+K(ahZFBG2J@utrA#d(Dn8~V^xSto(yhid<24BiqnpVc zqMnv^(rhM9wG*4LzP;eDBR&-HPBeEFO1@)_x8S<=A$+>YEdU z0^AI&f}9Ieln2{4dJk;{u_jot3&V!A)n^&K`e#MXtLlb(Y>Lj8LNI>a*d@~K+zta- zg7{6Tm++o4qF_g|^bujMum#2IdeZPC0+@W%r~0pVYi!iRQTqIFiqwy#hZ$Z->xw`|B4sIM@dX%vZZE8acXhi zlB2TM*G%hqQG4iT60{k-*NMUF?T0?LUAe?Ap!_Wt?vr0O^Buoy>3x4qOnM~ug2bCx zUq*G`LBW>(3eg#`IF7F|ZTwlUUGxl7`>OAw!FVXC-;4z51U08qv%=5srVNAC*A#Dm!r}_N}ayUpu9lIdGoqZItx8 zu-OIK>Jv2Ln=AbwTgO<>W7L`>BWBu6TYfm~%4~H7!~UvSI2V+p{pX@U_vT=-6}z!h zw_^jY5x5F#?Eju&n#K<> zoS}NV|EY?I{BdzL6ivM#x&m;?F#|qGXzh)wGyQ;M$j3-pZOf zaOs7W71!wlGQV-FMGnRbo)o17_v zLwV$-!KPJqvA;0#YI*!KY6*;&D>85!{ zY-v~VOIK2_B5}R7S5>|PHbdkbGqtgxaPn`VGdO4Iq-(t^L#Jm7V|RhE^UodgIqVel z#dwB-rP*9#>W7E*yHBks}ryD+;b!`K^3x>O)Ub#QjNmjI=6^A-ACU&Xk zoaNow($!RZ_`<8rUlibOi6K8+^_2V|n+lW!W|bTtc=2&V)opLguhsoRin4be4$v#x9=!ahj3TVJZ)=efJZ(p8XPH9?F^OPZPz`hg-cI!)A5O!NbjnP8_@PE&WoI%9@o*5$Gk(C^)TNu3m3s{?bkjKGc`^9e?MMz^o32tD`K)C4KD`E<&HKqbPX&^sUbeOcuhmAHz8$f0kEdY1`d4Eqs#baj~=o(730=4u&C*w0Qmy>}sKVXEig`i9W1)^=%`O5Wri*M|gRBE{D^rS?gRcUmU zvS3Q-!p~*}D7hbXG?-UcJzF(nhc457hjJDxoMElG_1L@R1zw9Zs@Vv@Hie(>L^H?3 zi$?2I-0Egu;8?k*JO=!QOC6UWakDRka-)3=o^JhktVBaVDx}c=U9f>g;Vj5M5!9hv zzC-N--%EHJsf91u``gYXoOyoIq6TE(nat?aN~%jRx6zf~u%ZlWK9Jf0rd`$@gH({s z?C4JIi66dH>^thz02ZJI7q6fD!^|42Y;nlJYBc*xZ`d9Cq#;@9esbsSf4qoHt3Wq0 zzOn31Is2kbxy*nj;+JoR6$<82OuT4AZTRS5K9A=c4LC}mD$^14!->HO z?8?@a(@k!9jHOl91+TqDNlULdW}tz!GmuC2k8Km6c7E@YmtwcVJxPdJ|3g7&i zI=F|_{j&N>mM^vH@;APzZT@LkNG9C@MY`WJ_$zMLAMW_)fcIF5t5Q#;zrq@)R8mwv zc4xWOA&!Ew!ar$h;O@;I?OFRNb$u-U^h;qkqIuovEs#<-XU+wU8vfDqU?s;p(ZcIv zdW_|h zJIsv|`R^rn^Z7318O7+Lm^S%}B(-iSI!sv{bnw z?~#>!^f!A?R<$#cKfqdr(Hl+|3k&!Iis6Lyv)cCLzDP>VnczRH6@Pr{%|LT-lUs5+ zVbaZM zopt|^5Zj$bM?L&XTjXLDh<@&U%ZNUP7r!s#6dn4C!7WWSy>=-RV9NF>)ta~jyj@cm zcDGIXdrMda;5H?$Mc5kFye@4^@zJX1f4KzJ2>u5<)5>Nx_s7QpDPpA(6tVch!fr$i z4*X2k0_nwk&Rw2J-=}S^?tJEqV>>>+Up;HEB1I1pRsJ_}rhI0A(_lH~4UO0;2FZYL zyPKWSx$E)%i+IvVWIBd~NeWguQ2Qop83~KNJ3OqTI&d}1>j&O@t-+FF_sqgpzEn#| zY6n?KwW}g~ak8g24R!*wNZC1lbGLJi&RSz~!x3dGCM>2%FO@)5&kXreg#2AIFPkp$ z^U&osCpxAXdz0C7j@dk*C@p)7r1bB)bqcq8kC9=tC2SWILfUbW&1fXdxhu}-q2mO0 z5_v3Fw7TarvUvr~H*L_F=Dc(-k=45a=}ck{tdbTuqe;UTZW}^!pCa)1?+U<&mQ~go zo!k@dwpNC6R(fDSNz(0j zeu0gL!+!jpG(T6u9Bn6?iZFtX%w_&m)9J>Ql@O9WS}hbakoP~-xjZTyzJCZtXI9Hi zU7C;L?H%oknn~=~F&ZCM*m+1vQEKZoSh1GyGC^q(d&=e-9qd1xbVF8d-pR)KXX%{7 zdS~dyaN_J91(FyztFE%vM6K6pFIBUqkrUMNJN<5%iefN9M={wj54l+HI9O3=wcXy* zvk1j2jE>JwufM{5LrN8uC1T*|H)9ZJn8~G(F?IOfJ}A#4Rzp`bTSsV{{Lr@?&(PJ! zj4EdN?7n*BR))^_@;f%aV*gqpb?N;wuhJ3h!gj=Ip0hh3#aKGFGL+wYGuYC&xUp&R zele$yQGvRTYk04;e60>V65ot_)Zh@FMUux08s5qL20B*-!>zP^Ag;^WQ2O8iAOHB7 zR#BbB$-3jv1vEQWzfNZ$R)Bc72`R~+%M$hQA}q&n%z)-+W*lgxnCuT-J;d7V4X)%? zUh1TSOAkWNuo?%}Ocd}0I!+EnhnVQ7)yVOIq{+_@)Ae)<_j&JBIJ};CZfCH5W<*98 z!u(|Tf!pzhZ7={Qv`W-r1)*lp6t{G4=#Pp{!$A}9pwH;ibx#;+8S){xTA}+x(z(9R z4GM#tV^-Yb?1z+ETZ-UZ_`sQ^>ep^WodW0xX!Dr9UXo#RGLqNdH|xHDGILs3g+6ZY zGn;w#Smk*`^do1&jWTgdR(Q0h{C+~NvfxEYehAuk%?nJE#VyVSI-Xj*#v*K#9zyhv zOI!l}ObZpmq+FA${J>nW*CuKId$Ov?89qx}s6ARJ0uU~ARL(~B>Q_CQNc#}d?0d_( z8uP{G#Fdmv(oJiUMb-`|@3~&@@wgH_Ml<%oW3%URp{92amsIwmdX1Nk{HeZpE@(w1 z>0_WrD)-vw$_v7gYtp0=0glDR@cYT9p(z>zqf3<_N~p3&>f}2Yov!^SX6`qBdJ{G% zvhfrOJ(!+|m6q1Wp{mYE&_eC?H31}LfCJpO<>enxZ%5u64iuC^emB1VfMO@KZ zrT?ZCU#u*vGgi3*Il0_E%l7k>B)C1wSXlpI4*WbgpDuT<7|Oen94PZs>q_^OT7^58 zIlcA>)$USqCG_mH%+cIC7SwWh+&@de0L|wn7OCzpJZu?q9wp6*^5t6dl_GSl-5gS+ zGh*G*0hES&L3nv8YnhkN79gl_+W@O&_}o6{d%s#4`?J2kbcg5Q?xo#?FA*|Nb|RI; zvcg2}Lg1FLLD5FHI`GIdhMDuq>(CiIz(@M3v7zlkE&zDyq7AU|z1mOf3100+SEMMy zF%;;H31}($AMU=f9mV?erEKFX7-4fcBuW#5Kne%Z{efJ~rsb?KtPo%!q1@csU z;>Xsr@Qul56WsHdR8_hAZ<8T2!ZP0y#0xUVQv4Z&R_TFX1-D)Lcy*}C$DD-#8U)0< zY)(fk+~!=a3q>nxTugl8;qGj81omaw?iIqd2+aPhVx=4U!%NoAJrFb!j7wdwb{nG- z=rt8q@M`&mQM~@buj)sO?w&^M$@)$dt00a{_-52Lal&J-kqbA(;+xle#H;uaLb;xH zv+$IAakU<*Htp$|Wx=Tt=`0&cNKMkPp4t>IqElnHd#2oBCZZ=9!#wipT2I>L%gHT? z?u$OSSA7I7BNBCGD(;+UkpZ*(|Z(R@DmacbXdIV>~3jGQ^O zRB6vt(JHFJfHL&dk~LoS*;`(toP8Jk1&#vcMKCT$+b^9-_vo5#=zpK5-i;fM+JB$G zE5HVLI9S>&m?-fC`z+|XP1JnLoW51aQynyeyPg>s^~gL!F?f~?ez}K_NLRXlsJM4e z4019fbx&T;qv6Kw*;@r7M(**AY}=)Doznu(@5AMiOXczp>sEV?oeT8$kTF3Pf)DBOO7MkvX}A-vh&ZA8F!}`Q$BDV@JUk^ zosY|2bkf zWUtWy5kbUTY+zL`uTLch`ZaY&jdA;!#b_W;C^}k;<{oFG_ScMyn2T2}xv;T!i(eS3 zt0#B<5wQbpliBo*Q)a;b{pa7KYX9-oC$7CF*6#c7fxTv%gEzKW>$7%$@!Su5dmtP0 zv?ua+73tE+_cUCf4e3be&*qTbE=VG;Gq5kk252y6QZ&H>lmjJsA@e20pK*0N#W%$6 z25nWNg^%s`mrCaV)G|#a*OVlpesmdg?21Eij8}FS?Ru&PT zkKZ1{#j;278Ma|DPfq+$(-q&4%!WRx?o#9h(ZIOTI%!v_#~NH6b&=LQjEj3tI;+B`-z<;E$%UhKdMW<3+dbjP ze}wMK%lx@QbyMkOcGKF}m^S}PfgBL4F9a{9L*MCJXG#O0)*c>ePIi5NLG@E zjcC;xbmKh%`n7m{dZvbo;7~GdR+c1shSHI1OHW+^0XoDPHHz2Bl1szNhGG#pkmt)^ zUQ>N{hu=jveFtgUYF{pt%X{m&`A*PBP9DvxM3H6s_R-K*vtrrPWnM!6;o1P|aEI3x zpIV$jST1V){;|>-HzJx$J*$~6R4n)|86~oUhx5wRev+qLKcHD68JN-~WSd&TfXfd2 zA!RgLHDZ|>(9#6Tirp%sZ^SP1O{2Z{|Dms|t6Rq+0c7r!+SX;{HXq_87^V(ZaI*p` zZ!3Bsf+Jb(^ekDU-=8G<3Xg7`)P>(}5G>+rX7pJgsa#--QZaGE0!IxK^wBb>jSh6JINFKa@0i5{vK;N-vM?UvJ0Yir* znbLzZ;NpeA75vhoNvp3vP;xoCf%|+J4dLI2M1%zYY5u_Kl1WC$Mv1%Zg|_nM%uO30 z6OVGCgC7Eg!6X%Z(7;xQGvTdj@8=_htT{Q-G^b5O8F|2qh4%i6qw zHHh3lo-o@qhk4eQxK(Mq35-d!XEiMhRh{rat_(0=UFdQV+!3h0Zy{56r1Kjw)VSzR8&qB00VHBXn(*C%A*s~>6! zAXNaj2)MTTs~c6fezt-?S|&%h{9|hsM?_wUL1VfZp!GZXdqj4<`?>1d0h6zg*UVd=P5n^{2a((jWiuO}~^{v%j5lHgUs?rG{zR_#J(Y zckkQ%OB$WUQh@`CYRw4YFSPL2FsFY{aiSY%;G+2`v~OA9zasU}EQWa9D6d*q$SOoL zYrY>Tq+h{ELUC~=i*-U2hEmVaR zE?A93yR5XhPiH?q{8R=Ilh{ixSrmD2`*{daxH@^Q+Muaw(4u0qzkBW_Ai90IgPCYJ zlWMQP|C&I9;KB0Mvd!Ygfr9FGCvP#mbfJL0wRzh)S4YUacxtl(H)hE5P?X}itShN* z>p%qC%`tPnjwh8gs}m4}O1eZ(GM~a?BpEGcZp?veRb?*}R~js7*9As=Qd9-|F zc{^t*Q2-zwoc0pVDuxX|ujGmiU2dvyYC&enX7fZqgposxOR!Wi1LRMYjhqgs+|2AK zygxE}OSo2T-g8(?)X;^^kjWS77!kOYTwbWeFDm_Bl^CiwZJKC-Uh_pQs*s9FdHjW8 zcYn)GA<^Le`8%@-m5ng){B3h%b(5fW%b^p^v5jj@?A*qhjuw2w_?&rQEtG|VFuHQ3 z{#ut_gvV*~y$`AY4jq!5uVOcPBA|<)XZnzTJ)fo#kFs>TjPg9>&b*F|SZOj{9rB@8 zTo;ShsE;PQkG-uV@aLgurrD?n05eDb_59Cxmv;;g4a~OT*X{rXg^DU}BYQn|e{}Co zgqc>Y{(9yay8QQ?)F&5d4smk@TdXFWGiQo$X#K+quur140gq)yei}rw2kzShCA;?C zc+~#z@G0)|6CH8`+Se#SxqwT_f(frMif-SO2%9-i-H=X^*%d&l%x6N#+NM6J3@?jZ zdNO0kYLM!ic|<(t5iLB-YQsCjazp@3TK;+>8o$U>TA`}flgfAg$#|Up&v~frryu{E z6Wg59+qJhJy*bY|`MkJL^R-vyD#N#wkTpAQWr-6t`w@H5h3Rb%n|$K0N&7TJC!~?I%caHK#BUjjr~6z>*Q!I0WP=lo-kK$ESzpVdNF&U_a6FW``zNMO;DZ!Vnk7U zJLP@z-|dG0hxYxyy?JLu7Q9g1}5RvpeGZLh$~YeVJiTJOuZMAg^y%oINeUZJ+;29Y)0OUjHnuc4PH_`Amwg6;)wwmGxxl+m zO+&b$5?r}?!EJ|`+kp17jBXNWt?gwvn|f2YXoSk}jATwnBTZ4dWBVNLs^IKdof(Yf zNY!Gk_;mefPovd~M4i5=Ren+$VQOVAngP9&G0VMiC2!1*z~B|JTURpr+!{Pol@)T( z{9XbVXdgM5i;GaV-eRrygwMbjS*w;BM1S~Ob|9l78QbU4Vr*(`bB~Z5*FS-1Zd-5U z0!2?5%=%DBHQh^fNTuYZ;mss6H3Yi5HrK}xa&eTAu-TQ&#e^O=HMJz$D@__(INx&u z8x_>~{9>5@RM)mK^@JIB7e-k7o3_?yBFEB=tQUYnGUqp0zkt&{K+{9b;Be84t!Rb-p|RkL5rVSqki0swaMM<|L--1x~bLC6Y5^ z;N4$mSRwmY*cql%Es(m}FOKNMf;GU{!I>~tbcHi3bTa@|L1sASjos5Ardn%%BO7sk zoRHgTmnK_e2}ffX#e>i>IHO|W0OLtI+qcek6XZ2tTxN$F;C!edt{`WMlAG*QTQ~j~ zcSK?BdHXWx;XrSnutug!=opD_312`K`n(T&G7$EPx{6BsvTBCN= zZ)&5JFVsGFA6$hn2hw!6FM0+0y`SqsGNUqzojUWy5mI(VT4ip&?skUHk+FL6n;Ke= z!_LkdRW?r5xD^#LOZR$+&BKs`>6>;Z`@-$Qe&y+KGdN`RSed^W@w)dpSM4c|R}AKC zkI|NqR`V{sYL(2~2CdBDgCs zCsk}FizRBA%sjy`T9PRd3De@)ep(Wr?@Yd9Sm3D z9dX#a0eRj3Wq!S)!t-(Ig`c#t?p$@SZvZGd@|`s<*@U$3+J%n*FQac_P8vJ49qUdO z#noF*pg(`Txy1_X#?qlNMNcivS;4Izi5Jo7l=MwP+AZn=^L(@hv1T(Ofn4!7IR4>? zS1mh$$4BMSYlRcWD=)BDZ<%Jzel0AyYe|W1VcPMb98!!I8KRYw(}e-M`;K`n4Tb#U zT9%)+T1BAgHFas zcD!2uccUYOnBQ;5jEVf9){Y9h z0AH&pA9-HirQ^%GxyC3}c2vx*OamX3`;PfaB(H_mT9BOog$OxocnmQ>%xO3eBaR`9 z(hyLssErqt;Z%Z`=Fp=(yUPRKW0(*Prx@%^N$quz-2|;TXubhl_FeHd;aUnt^0RJ1 zLy+Y&cHT5S)L9O*0*^{6)%rT@t)zcPmRs@iU6350= zm=*MIwsV6Ly)-GiZ*8N=e^^(IT- zL-Y$UJo}SGM4686#;|nfp(AMoHc02Y9eF~0kpb##6Bgq zF|z=x1uL{aS}8MP7lZ9a!cKH$*pStJhbihhdM?3tj;{2r<*?rf9;CaKUnFJ}GnWKQ zPcFiq-2TN$_4Eph@KjMW3?I=Z!(A-gvw#v)Y(tYbY;TZqnl2&W5Sksd_nt+dLkAWS z&DtohMF}=u%oGh4&a8J8b~&o(5@?JX&1AgO4=X`Ys#mQ@tvY!fy7ZH;I2(8K@KG^n zVnG@T#R>H!y;%b(4l4pz{YenYInQA_#(O-%MtUI^b<>J*ow@Ndqqtl6 zDwDAiS^HQ8?G|2fu7q6md(qVG=17|kT!jJk`3JE+Fj{CK*EHBMk1;H~?f%Pc7!7am z*wll<-9Y&8g<;%bQxT2xi%ODrzE{QmUES@umMB`Y0jF<5x&CZ5iDHeK#WObwiHIeGQnY;VX79+udYyh6m0;ROpp zW357WT3uxr>da*0@2D{`4A+iS({XmlMD-B}MX`2Fcy zUy_PZI>FN;tySs~KPZ56oS#%tnmDca5C>zA)jaCX`@$H1m4kAbB$e`ACz`dqgdpgPzjVdC%|H3ac8raNq!(hYnt{O zR8*KDA9AA)*7e4vul(E8){#s70aTLzKE;+@@m26CmOe!&Jp%Z2$p5=nImN_ zHRG&&7WZZ++&*Y*&2jw;{ESaoD0#t{F3qC;p}Zt!`Bg~8%;Yz!B#VZ-OBcTuR31kO za_D#b__V+`Kk27R2d@a%6Cbn@hD6*V&V z5|#=L^vs}kM3P+cW_=Cip01~_9aD0MVLQ3gul8mBoS!T>mJ`NlP4OfKxH09wxurKm z_%*l%s(fPQ+iO)e^sM7iUlIbHnbAmRuD<~u#?Jd$mSSwWt7&(U6{tI7-xs{~NS<2& zk^P{)^_S%Rl7tuO?-8QB)LTuf;hQsWGA1^9lGEw^R8Q7R9u~dP^^#-73g0{}N8>MP zm<&T^lDWs|5XO7VK*L`KfBM7y4YImdHbxOm5C`sOW19>^Q{AbCzKvj{ zrXV$Z=KYj1GF{hs^r+*YA$U=tWWj#Tk1exMhWR{3t61nu=G=nk(;bubTJXVwU>B|Nn5CZ)FAO%>lWxQngF`~Y#UOfO-t zFSeD}=-w}Tse5U;@T(Os%~`=hU9xNQrCAF$=^Dco9Id5R>opZj)n^9?3a$Rr6v#;3 z1Y385M5rS%Bn7H2I=NAXQlmenBY*l5m4gtK;R{y{$km2LA-9-82{@&;`zDooUyN;C zr*|aVnXp4n2fp?%;|kjLzKIR)RFjAhtpP58d0?h?kPbi`%F|XfQmd0p?~NJKPlqZ7 zlI2pEapeb(;9h8F5n?-`9+lSDbI)q}H5iXfri^*)X)r$OW|@%wegz+2T@lkC`KTT1 zW;pqx5?U5yH&H6?bAt6;&;~o@a0|rai-Ngv9cVW~icG3yXQpv5%tmI)TCK3xk+2ER zOA(R2E9vb0gNs-7bMeTI1Ppty;}|YnQ0$~%I%4ZuXs8uf{&7ItgSFuXAE+_O!YtTE zj-EVc#WjL-pONcpTN&)&SJGlymF~o-;qTT*y>$OHI`DxdQNQSn#;Cu;o`wDqgu7?$ zF!n^Zmf5dWu*)1ygA53h3lzKe;=YA)Y5}8TDBQo7+PS6-CtKLW53T{E5brqcFy1x% zl5KR>s^Tjo{?8_5i;Du;cE7)fW=Y)%lmDIXAo&^t zYT}PN3sB7;v_Jh2xw4GqCcyT9)U>k7Snp_VjdlmQu57`0%W~?ik!Px>hSX>c3HW}(?;vm#2P2o z`0BN&YYg=nXm+BzceVX7%vJxiHsOps2cQ6!?>L;+Bpt*xlaHx#>xXA3-;qHfj_q3w zrANgIe(@yzkvH#&_AnH0K-ZK3+>0NdJvM2aa#AFZ~xgj-VF;^h*zq5pe3ETOkn6Vx5;{qnzcQ<*um?lX2`u@%J;jy8HeW+st$6Ix- zaLdp!>ncJ`- z9D=IrP?H!M{F)kCm3%D&legKbEL+ShF5RYHULpL2^{=^Ld-`?~>thy808zp(~F?ki<2s;2h!#K%TRu?WwX z;yP-jo(N_W8YVurdXnwWVj=n-eIpmy{An4H_^ZmTm)E5a$$OVN4w=1oOZRb3b=8Qm zqKvx`1KvTz(9n8oB;CWcf6vL)1>Mdv@DhK-s|lPf-yfi|1bITh%A^9}1#HnW&A^{h zULWURftFcyg#XmzPZRCDidnqLEzrVQ2>!V%iRK>q+&48*Mz3#3z8o{iUNWb|(yHL=dypWD zQwjP{2c2~uqLDf6RpX@N;MVmgxY#fg7bOA7hc&tFUx^_*TnIOEVPAS{#^v7OyY`NV ztk}D-Zu(kXcBl3#rrGnG!}hK!d{?C)K27c9-W<>e&*~{XZ z3Q$zgnAq8l!`{4fDC#jyl;Z@h>TZ8s_J8W@38{TsQqBLy7WRU6^F(h3+`eIbz4EGe G?EeBWzMVb* diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png index e86ad1454deefca58b80b4c04d171bff693672e6..c2092639aff433aa2ecb5d9318ba7b030d82597d 100644 GIT binary patch literal 27865 zcmc$`cTiN#*Di|k3JM4Yf~bHXIg3gTijrT_ki!rZ1SClqauP%(D==gjavB(N&KZUz zAUR1G1{m^?W=Lm`zwgxjZq@zc)~R#q>?+Eh-o1PGUcGwtTFemPyZPC!MzOHQ2kkOWp$bU{Z+R}HC9M( z(aqoAFE@9{=wxGO%vYMJV0<2(Qs}jbO3_l6QrFp5)Vn&le+w8aaLM;P&v*V?3UCUP zz4^B!2-3KD?Qcn*jEwnjp;hrU^FMz}54bpik0xACZv@}@TQJK`zjOU>DV&;G_HQBJ z=l|BuoM-M-`2HCbP}Xb2Z}sh-MM)*{pRQk3I44d-^k0sWbpdB4LyI? zgR>6*BaM3e)nx;lV&i4Ll<8SZlUX!X8hKu3xhDOss-EPl*{qIxgl{J48z9RNuiTtU zazWIc#8NtKrDun#DTkwnI{ab$m!}t%v0@<%R{9iY{#yefLJ7Go<6mdF`+?D?Y%dn_ z1jhst3sUVHz|Z^@$udYzkFTbNVixGV7F6VKhXUQVZYE4yY71b$i+AOyz3QAOEc{en z+3J&Wv1OG>!GEnvhsOy&pM&-7*zT$Jhd&P&y6Jm|2F`4d`tlP?NmM>X?#9`xVQ!;- zU=qz<4%jgdKt+sHmitYRO00ShA<`x>Jc(iQHYzsbHR3$Ue*)v;pE;z3y|%AHG))<1 zIT|!&jdGxzdaiIX6VF#lg_6?rK-VWnF7!P|&fZNA`vU{?2u-AsZE8fZd<^EVxrFk5 z)xEcEm}FXEN1h?B=cG2u{)1C!_>Wquk**pT}50jeEshMMQ@Y^S`Q7gli^^LJHvnsg2)joFn&#bA}=u42A`njo$ z7;b*`L&0A3JVNamRT5L&Fvpm3s;(bf7*aKBMVxjFWc*Mp%0+-Ce%X#221@&a&34uK z0Jbc7gW@&FdRO8Rn`hlt3OA}uDxiqn6{Z~+{g~&@=;w0}Hk&wlv1fXbuCIoK(^h^* z6;}Tdj&+xZrnRr?N`v8*T5av-bQR<3zKl?^z+7)tMC;fb8>&T4G8GrWs5Atlg!AMFTLi6_lA~ zre^kEo4c{m1Ke5+0#z}U0cf4el%FZ?jV{A(U?}Z&D0-f@VXbBGBKrO;Z1FB2!qSIc z6?by?qNA{+5LIaK-s%m@NWI*wNck)f{%;`?VlWJ!LL7L` z;~7v5xE85$-$wgOt2)!PnR3*|nF$#?EntNL#-GK@CNy|R9aps!nGkvVcrEasCnHwbm#`c;7uavi&;n+$f zkm_}=(v`ko-W5a~Q;t=Rm|Lb+u4LEeFAvz`6p-SJn&v;eGy3HqccCzDYIoO$`)qQ> zZ*{;ui^y--N3*J~-r%N+kuiL+oq9EI*%o+#Wml)U}6m zh^dn00s8LR(+dc^zYF(9msL_cHR?Ei4J3D{k16K#dxle}DFY zaavVcW^anrM0!I5xqY%qxidygjC^n72Tne8&K%u3W`+m-?Eh$dO+*!%IQ4A8e>g) zA^m-#Mf-u7Qd?*Oy5tsA)1hp?`_E>lNZtFPS+|4Nu(PO(H_vWoi6(E>@qjI@-!z&W zP;Prd%f<2-t-oV$y>Cdi`qZsGFHpv-Y)M5h*BNx==9S&nOCcUZDO-m4!+ftDHF2I1 zDGdknNUa`>F<-+yy?HGK9@v}lw*^5D`W=6|d|ZP{v53)p6R&h){7HA-H;+1?p+GPF z7E9nTviaRMD3Mant|yoYvNVwTHpXMq?d)Vix3R|Fj~omAGZZr56o9fhne&(CO0jS# zH!Eyj9XkE3oW)T>&5dG37$=Qc&Dy+a{^(@5+#1rS=VISZTPjR;P@bm8RU09%9?7W( z%|WPMHp~gsPr!?gbG8Ue>-=yzhFT)C?D_pDg)V`5%A=*PbSo-t$>^ir<6Y3DvwI83=wRX+NH!BhN9W01_T3E@ z!?RUppI^)?yFU;D*&bJYztBV!8#Ty+6@uxpSEuGxn~RNarhMr256>FB$ox!dkZoyi zQXNQ`3(K|YJGpj@8JY@QyB0m3U!3^+8dslAjp!6?uQ#vm`#C|*?xZ!Ycl2SG4?Jz{ zLtK33ZuQgTNUzNvvNcH5Ih9oA+f9qpp*wTPx~eO$jP9GPwY-hx8d@wQzfZS2a-^FC z%D^tjFU)zNgI{bOTY8IcX~CuNexc+(oskV!MxQls@y3R!X;78m5aQ?0n%Px;Y{2Ky zio(zm6lejymda0NWS&LA7M42O!z(0!^|ag){wP;&0a1It+R}e%1_3Xe} zqTX!txCu6ic{8XNAD>=q^DH-t`!1&_f@gEnSbKOwcgAquGf68$kQCAnv6KA7+@S6p zY6(Y81ILfVVb&*Xh16esENA30kAJbLLxg%WF7mNUrD4u#YEV(a&I1xZmevyF)n^ z?rq-UYvgO$g8m1q!diST%^Hyg6IkxdGj>o;f?J<|{F$6N%pr<143P61bA@_*3oKpO zthaaB?4$l9HLIRe!%xf0*OnSspv-7Plo9;7$N@0N~aM zawI9})z~yscgZ>E0Sk#pkf&(?h#mrj(wGPVhTz*$AY2&uOf5ZVGk9|6kd{fGgy5<6 zmgZ9cw}BTZwpmjDE&ZR5EdJNSlr2%`)!tj&O#d0EkJ4he5 z5qlCMvq4e6bB~#s8N<+Du*<`|u?Ud`#rwcyt$#LhY=SU%egEGS0+xdOup<7?=OL5e zm|wZj+-VdGS{uN}Wl9r)W5&#G3ddZDN-}g5c+LO-F}-`8DQ7H#&sQ( zZy{C&N?!!g9?BR-N*|X+sY<`;5K>Nj4*K<>?4#mqQ1dwbS+_{@Gfn>FsVdt^t_>=N z_-Uz=x#xvv8j!P@$>wUUglbx}fhKsJ@%*@^rD?PlANyW&-S794j>e)lCRn#gy#;eo zg5n0ePFMRXt}voH+G6Pxwz~74jBcK?<+MvcEpoO>DegH#1$jdIbk*oiqNYul1FSCD z&~L~=E4pvTKTdrEpMb(F-`nuH8W=twIDXbekBYl7ib#nbYq59w;e)K{?@E<0%@ciR z@K!_+e18~P1O+b-)4VreNJ;aXCDSY%p5oscLYJ>^*0145YAp3q${b=%2K1ENQlqxp zj_$5#=)?5VQsj61j5xH4Onu*7ti9-Cm=ArAFBDm18j8V`7e>N23%L>J%{+De6Mc7w z8+_h*Vp1ZZGtO#SkDlus8965x@#KLPk`D~o6w(~VUHGHXdXt^!amcK~c^yV9!Fsm|-#Fd4*@Z&v4$z$>keR*zKFIZ#dQ*^qk z_3Nb}MFo*6Cus<-uAEA?sG$w5atpn_pOc9@d>7Tr8NxhuluXi%zPkpV1t00`XY_S0 z)_y}{EL@sY+!j?-JzqkGQx$!NP>Liqsq4`@-c8z3Hu!M6kM0#nJ)O8x9|EvsCYXPJ zdBobk`2bq-J2Wpc0imVO^LW!(u1f_yhda!#6%Usu({xBZT(4^P;!hV3!*8o4H;?aQ z>QDQ5Iel}oUZkpDxQRhEI8<@f?G|!kNFH3VtAy$1gYNTg=ZMOPmWT$prhX0s=HJv` zK9L2NHBOHrU2bAAI=e$P%UaD^)=!%kQcqGigOG}zRZv~0&hin*n%&W5B~_s+z6SBS zm8Q&ENOQr(#JE$kcgdH7#p+9EW9cCP&u~`e@7cg61sQYaA?$fe7Wq-smM+tkgWmCI zwE^|W)u@w_m1vNpt<(?;Z27kWdV8J-{!I+P%LE_%Hs51;y2)AlW_A@16(2~(9+g#8 zR8>{^sxdG_w70J39KKuzlcBGwSq~#58aA`V{McAL^! z>4*;h+#;VmapK#I%z&>+VI`=UhK@w z76gUXQ_yD9LO!@VX<1IIKCdjBdk5<=&`|@!H0>=?QFTwlz|v2ivEs}igdL&PY_GSB zrrl@9ETmq|aO~)ETg~io)1-oOhPWo)t>>kB&pz)vHf;kQYDd@4(Ds>$dNUpk8^~bp z0XNi^@k82aL$>XjX50s8hRPYp%4l*HQo}uvsXJ&NJ=^o5RTI>yd@wOyM#?@jQH7M- zS2T}nNRJ&wkeSmACC}YWM!HW3v)6$c>rmB*lp>!VuZ^SAKIe!A;-Q( zIuBmE&0lL>S!g>@a-g3S#-5nsUUP#-6#0#BkgN7wo^IYC-&R4@xyL(aX!$Yt2WGQ& zu!(NPxwbkkpFb>es!DQUvidu!(*8Yuw|oFoLv5uaCO2&?oP#T3Tl3xNY|Q?HG#uwI z+$<}cKVoAlq9q`x52$xi^2g?KS2!(|$Z4#f-4b|`sUrrL&&^rwm1Tja(>=Ny+7TMB zH#=4%uCX&URlbbf{L^QsH@Uy>^RR@)K!l7*?@tV`;U0_ID`@lb0mSfTro%rA6L0g1 zJsN6*`?}O;UyC-)@j(_&;Tqsx&2+G{zllen*;e*+ZN3Otq6W zM2A%&(^E(Ko|=!#hXz8I2lRe!v(&8Wq!!vWJ?f42Mc&Ox;CsL`_58u_L9OadwxDuP#a)r+nH}D5D%aibzT2uNH^Q;dq(o)#sG4Er6+#P?PNpU zUwqzUCE_=Y9qYnDI>schlwR>?-15^KWf2_2ubAe%Fva9t3cUZptQmf7=9H%&y(GP7 z2K_J3r?Qp5)mioE+#~?sq1}<*R#uf3In%dQX^X zFzmg(%o zt{9hLH3Fgy^aI3h0kLD%@_#)iSLmu?PGdG~E|xlxF_%Z>H>d?Ht&dX4WkERltA z0M>UCu(P_~soNnYPSojC*~U#6@UC)+=b$ZnneW-`qFT#|cZ&!vjz$fU0y~>SSJOP( zK0AtZZ+!18t=iGD>$^LvJDMaM8W)zo?CO<+fg+667|=a{6VeC5Mvo!#-Jbbw+nP#* zU@riVN6D!fEw!6??)D&fvS!E^#bYYQX1aKFdBSm))U<8yI2+lskz3H8UlgNUqFT2; z!<~2_bRrhtpS*C$eym4K^x#%)IAC&=#daI9>|~>Ibl?}7Z?k)SfDKYiiIs~B2qp#F<5)ndy z3|iGm_#P_=-rajEkSkF!AcCfI@ZPKTpczY?g(7k9f!`r_h|DDa2$7Y_t{IeJ zW85zVefO%bM0_t7TUdP$hI&RF{f_sJ>q_RY^zkz^0;(;C9R4vTUdK_{7{8_9jXEpI zn8L5GS=i)5L#eB*Z`+n1cG=Ew3)&-2UgAR2%Jav;0`N@f9G7>tws2^;?=RLd@5Qr) zkmO?Hw>iAZ%y!OIfQ=peC-{z8aEj+zV(R_)@m&!I>6FX!S)+|fe|+72Id$E(-gzqN zG{o7k!Wij^jLgLxlaJLqsq^!evysDksrfNt{TGv_{uk9yW#y3A*lHdR!?LhYy;PRz zH80b#3DBCY1^7`YXq+{sD9bsq${P_Y53B%ylIrJdeaLLN2NCfBsE<&poh!PH7+ALaQg=702` zu3qQHz&yrxp0n?yJ2UVxvwadO+2eriO!bwoi+v+{^E&P|m(k2)lhF9JJJoW?bXwn^ z*PqJC^Ee3y$2VjnMyiy@Ty90I&2Xs=&X0NeHj-HbTBS<2tQGQ_~S+55yHiK3O_vACd?3^ZwP4jE2{rk zL;1Bk*Ng66EiFp>8|fQd`kkI!xsH~l#Hab8EUM3 z+bCi5C=ws1dO5CDiD6?6F0kEU5Uj1C})?i{6mpE z0a!pHA~NPy#X8JQhb+R6_oRUOWm~H;6Mlq0BCOIsnRKbo;(y5aoWs<`;u?MukcQS% zGfnz{muBTc)@@xC5t;eL9HXvRZFx}_H^(Unj{9IS~mUfx%zPLhcv4 zbpNiA`t4OS{j2*hg6DhghGg5{g;9TX{yU{((SM9wlK`j?{h`*^CNaA`QhnE%>0;(0 zDrZ;noGK>xz2AoVCHuuVag=Io+wfHbQ>t;+AiBk6yd|YJnIJ`?RbX!{dNu?5rTBWl z^Q1*Oev`0s1t=4|EyDHRIN<-V zg$XCyvm!)XX1b9~GHKP-)to?(OO(+1ST=y>0N6Y=0FoTowS@kk{`GHOi=*I=CsYek z6W}7k_5YV$Hiv2w5$Qibr+GVwUmT8cnE_)L^W1AAr2~BdI{w?&|C`wkXxm$&@)rd= z_p#k~I`r;|WSC`Q@IPJpW<`5cJ?oI%Id=3Ic&wE@2*9^Em~${GE<;Kui~d(g@()*+ z7aN@+_cxl)c9MG`N8@@W#sGy$6rg$?z(&+$LnkHUYUN6;hF7E7Oa5mrK$`2cWqgjr zZet9R@M-IJf!Y6jAIyOgE^w?9CF4@0Gxgb5LPrdNKegS6St&oA|I~3i<~csnoTZ$M zJN(xPRL`W2LEcF;+=4p;;~UXFi_E{;Pg&U}?xO{(fQ6S2`UOg2>o!yTRNP?d1`oL< zcyj9}P|M{dJf?)PWdQmvXqG+Kt9tOKE$IHFQk}*_gZ=C;Tfi*N7K6wVVyR&bn}u+8 zH05Ja!4QR>oN!#N^j(8x>Zo5e?MfuUb;mQd9Fr=vT{JWTSr~?rO45C+f zx5wP^FLXlTNIGD6X4ZiIQ9R({1HCG`sXQX6+nfC*r$C4UwZ4|@nD(XOfP)8G1a`Xt zeV1ihSmYz7tbqKvtOnRuyea5r6K6OdWaLPDX;}JfOG)3iM)PLVR2Z)V86B3X#7VmN z5MMj0T^EZ)Y#NjC7upz-g6`NKX)zv|qSDLtX3BW$;{<>qv~mOa4i5xD4%w24{4QtI zL%N05RWWj!y5bjcwic$?8#$s%%vf1L-6wDh+n|;5qmnOBu#qf0zu!uWe#&q?syH8+ zg#?jhtlkOZ{ws1h02(c|kYrL14WuS9N;$we+7uf1&SbCDcPlF-ajO7qTSBfwq#Inj z_C?i{PR1UYR#j3y4Lz8He(RFU;83Q%MBLYi=%~Ts_0}UJDf__~bwwJ*d>}Q!xH+qKDU_W6Jv@xiqEvQ3uWf{4wy6)C#-$}QHs}p z9UeA16==Y1dJ&1_CWuO7%4xOtXQHmu6aX4RfsbrdNM9=$=Xxgi*x1TY!-`(n`F>9n zle&?Sk&4RhoXfCk9?TCvItp0cDQ!ldy|&<03c}vOtP+d9*6#I3&hu+J1z}mNrpSj7 zQP3I1htu(XK6;HbvuPjz#D7s{L9<2>C-8%)m8JE+gT=h`j?aENDx}j0G*!JZ9vOYq z|H$#O*)9(1po1ece|1IBEoys%C+?cXoHLbr3+x$kE{!45uk;o!k889(JPJi?dy}Vf zzerepT_u_jmsM<*gfO645X#@ITXb#aae7rw#cBlGmutKMvT@YUpkFa`e%|5$;m zR%Ba#Qd;9tj~$XQ%2_}DHJNU2O5EB^g|^9a3ghsv-*K5!@cSM4J588|u;8fPzvL(e5{`s07tGGI%;K0+0AkWf5ehfK2G?;L{?9Fq{(0{u;{5-cN()B z)JX9=GB#cqf_NPUAqF;+Kc^Yua8N#7wgTshVyeP?V}ZBya&CN_iM)8;-hQKr-AJ*{ zB#td_1z$20Hnh?9U?ucva5H*;EVX~7WM z>oQ>z)BUd)tRX)0KXn(fSboBo9(^SCqI-M8z+Tq!MK+%wYt(Fpg+2Ti57ongAIoEa z@AuJr@yppK+6hQKIoVRu-mf=QIUH#o@3y)Gxr_4qQkAm&D#E{S+~BfA?&O8`WTAhK zeot=qglg3lcYjN<7!6a+N)Ru>EPqcJ;^Ol?9Cc%4{Wf}{qM2pSczc}FdcLFc&g=ku8Vyt6mD@+kt*%OZpnw zXgjw$Xt+4~^r%I9%?&fq|D5R@UQxcDn&ozf^d?*K!rf>7&rETD^7G#1pBs~U`u4PG z^wIa1bDQvd3f0?H?Xhxy<6Bepq_2M6HCCYJIn^4sUk}eTwc|!TbZYZDmo}?tdA&( zasDnV`Xu{s9#E$Z6;nJ2KVT&tBYn9a<>-HSMRoayN)2CvacydETVqBkk;Rz!*rV^R zdT6;e46NUHXewy4Nuo)kE0n!)6IOx^d$q&G7%~nKU!yA<)qLQKc^EuibFzYkcwJk6 zy{Yzge7!)SjmBiM^bf`As_yHeFUi4a0$#bjLfPn7P}%%89&fGnnlx3nX>2;kMy*<6 zC#|C>YIy{L?={T&%mdaFLH}ARE>cwU{jGT@CM7X%e*Dr)-s@8lzq&Zg=*ETJv3EP7 zN}S&SV!RYfnhJlUjrF9OK=FS^#;3J~jxGAZ^vzGanbjwmpm_(Y&Y=gLg1Rh)8cl}G zvAlS26&k)A5|rh1M;o#!%rdRb6sK;veNCgU!0Y=Gh6Jqhwa^7t(U8$RPBN3e=O>^{ znO7njYudNt0j*x<1Ea-5J$2@qsWwRhAQ6}@L`hwqnsk0qHCl2rWi<9W4GQ#dUph7% zqPr`q|NcW?)NIgdg`KWRGD!ng^tW0n9W-QFd%;(xBnCnq{HaS4zn--LI8GZ{F#PYg zePg?%j2`KlePf>BJPeK6(vi`ATWN@Z%6m2re~{4JqSNc(WZLb>5)tVM!&|n zrx~wR3+vvFoB-32y0ck5e#?2A=q#nUr8)%-nfTJ*p`1DP{p6FDq!XoiQ3C?EUsV=4 zFANAv#mQsOd!DpV^QKx>-!tDOf5{VHDM)m;sK%eoxg zQxuz%?wV^>b(m+fbhqyv+@$Z}!?94ZAJRIhczw!|caQk2Am)V{z6A{Vh)rs;7RR+V zEIwAvRo$4?=?SZ9aaY+^;lbQmef>f2Zj`k_71Z0>wNHIxPI97A^+Az5v$0STY5uo0 z7N{^!vNKoLJJEm71tXq1K;TOoIdt>V2bKv^!>kGdwo<*@S0z6kFC4S(D9i8O%CCH% zVC*NQ(a`+lFmRN3%7wJ_vW+*kD2Rk-=|j4j6XLgGNdCjR;eFYsUdQ87R$B{n;E6f< zlYoS@aR|8)j^5sK+=X%FnZH8+*ECo&A~rADN~v?_(2LIF(+GbxvSqCD%=A$q?QU5= zf<~6=6L(WCx^`K6s+re1t}7@^XEi7bvM;BnLq*nE3sv{EgKUYf&r}b3A<|~w@0b|H zPa<5l;UobJuz4-3E|mF+N`t;`-RY1D*bk&1z-dW5<4fU|Cni~_dy8!8p5{u7ExPGs zp&|Ay3dHR`>b+BE^@NQ`ULZy^kPiJld&4+jife?pPa1Cm=Jz|?EAYC8n(T>JNrmUG z?&sGw=ahO`)Umd#>`Ri|kH3iYrr699WiZLwsULENT3AHM_S%$Rf5&F*zZFMURz4PsL*w@?Z7(vk*moybO+5{4yAUm=oQBO`RC~jqCWWDPH}36raLBQ$gJmeU ztn%GMTPfK7&?`L5y6n2^8`oxqVH}m>*2@jz9Uea} z{zx9JiYr%vZ)#cQ`^YCkA{O=RNx|Fo`L*!19I@MVUU;cT^K|o(O+S=Eswd?D3nS%$ zxuKm@J;Z5_DV&X82GP42u!&Fxif|o6a7tR9#yw828cNz67BQGrT;)pd&!-%Q#_nVd z?z<*M7LUF<1X^+hvYA{S#Ftns(&|%smDXXeY4ia2DcVhQx4jOXmaHaoaTwgmhgl?* z-uv8*LDa1!xo+gd^S>ntpw<-`Bt0QA(^uR$##3Mvp$Y?yX3WNd&Uc|u2PiUK10Nk! z%p-hXoLNwQ#_+229^klX2g%mH%J#A0U(~1${_!}PH0KV{L~4Cqkk|klkVKqM5|hJ$~fn z8yAvq_2!MMqiMlJL>NUnO!~&Ga{djG7j%}og|zZ}vNyww!(VND)cjW82p!@{p)>l0 zv*c|6k`}^9gFjuf)*03rrni$luvrAKB}mpswLf6@`Kk-9GGyHsrwXiiTv;?iw+%jX zR!qrNU?``5U;}Ly#%%<#vrY53^0V-D*|OCt{Y;~&iYV0KK<6mesq>MLOhi~xQ(t6tu;x3YJppDyh1T+0t;9)GSfD93nUKv~xvG#y}whJ@-<> zE2QwY2q~^ycHuR-QWvU z<56P2b8cjcG%l^=A=gQ>-U!Q6%dM%h_p^_L(MWx*Mw|Md<-dyaWz)`18_jWBOe-AiG#TXj(U3k^qmxq7emY=S_ z@O_zyi;uvn5a*6Z)2N2AgO)fN&v*M@l&7_e07`VxGg*DCxZJn|a-xz{4W6vA3@M)t z7Dk#vV6R^ioI4s;4(P~7#C||fLrKJp`SF~M81;Q6_WnFkKuTd0 z+$DwHMKAs=3+KOJa97ijR?g?wcE>#l8wE9q^P{9PKNX7fLBHwL6*g-7U%D+E6=R#f zsSs;b%&F*TS9zk#cKkv%y3XD#`S^Rh>PNG>gOfB!f=f9nozeA%Gl11-{k72{ZjGC{p(o6;>|1o;ICaS-JSKO@u;9IP$=2p4RA`X6T@K}5`41nELy=-9W%iJg zi4n!`XW<8EvQx=0=ll*kl`y(f4Z~=K^69_{+P>__VsQjnN$JkOY~VXK0lk~WFZ7+< z6ZNlYq&PgnPh3UYe&UkRWvs8{3)b{|EWdOllWRZ&qY*Q@o2rM>4Aq(a{9Rb6HpR8^ z_k>ngK-hA0JF^&^_IV*v;Z~O(NIyl-$O3!3>A|LA!ta2NezOFo41EI=?bUjiU^vnA z``C|bo{8TZB@^t1sJ=e`nt3avP-lDMMsYY9k)SrddXw)Re+Hdl!6xejgv=@gK*ZgV z???-xUKDXE-wN5EC^oDkI}oa38-NwcY2iyh$-@(i9i3 zoO5k(1831;_kk;efO2G^2ZqG>aF+IE!#jCp+-Z@HSm7fn`tR=2n`bcwQL zjcd|Xc*88`RlvLPI-VSM;()@I?OgVq>JhhUY>WZZQF*VsPIdDORNTl-1(W&j%Pw2; z?{r~_Ia%8AUoZO~Ch!Eq-=>-w5V1xr7?nNe_w+^ZfT0jb>9|sfxBF&N;gDDIp^lRj1sz?{j<~7(!(BlHtGbtlVZ64~{7%~6u;m=ha4)xs0;ZBOuhswc!oO1>P>1VW6{(mI*#PmFC2@7d@TN{yAHoJ>4isUtm@9WI+d<@Ap0>r_NgW&5^~4v;cnP zICHmFUrBN@mI+#5@txe?LoE{_z}Fl7P1ASXKSpTn+;HOiYzf$~_#f@@`68jWg(Sv} zoDuz6`_+RAbnlvY2BXi_8nSuee!uw-%Rme?uIWmBg_`RsW6Q2;AZDd&H|uyMN0{}Uv&q7>j+AZ-7- zlk$@nVf^*^ItjLjI(D$vM$Yqo(o%#6bD|~U0XY$Nq^2fZEW#_1iI215mYuRRk(tZ- zyRL>yJVpX-w4ZgS{lU+!yojosM8ZtQ^4@<)Wlq~>(9EiOk8Th>AOoW*m6;Fo_`;^* z@0j&YsS1o29p55axgK0fI^lb1wi?2b_8?M_Nbn==OLsvlgAE`RYS%VjEU#$lCef|n zPkzFKgfCA@nx+(tV?L=A{Z4(@jR(*3#dIE`Fu_H0%W;t@N z`d)b}fEb^xQt^IqIViG{vMojpdk(pzJ?H&QfRu>L%+v22x8~~K5*eKN&#|f_ zLWL(fwdUAU@xP8sWd(_Skt*d1{hiBM{eA@q_IUdD0ZymeaEs8zqieM7j8hd>!+@wV z{sVW1Qv!d8>lj`+9jglM{yBJfG;7bJvzu7CRkSqZLr2jgOhtRf?IJng6cy|%zP=|`E zil)=;scAkc973?gBpOa4U_ z)Law(qrA4)p0oLEemC>4gzfIshV$R4vsA`K-xL0)h=OuHmFDj_;)rS6Z#+d|2;4pX zAigDq(Q7>eip-#q(6@xfRZP0sS#fFfP?dkiYziAwp_~l_+RP{OFNSi zRdiK!{wSeOBBEa4i-bT!l_!hy?u)5A^%z7juV_|XAdrJNVj=UkDDZD9jT>Z3WIv*h zH}zV)GE3+EuP*MRN~3VWNlYF~!E|cEDGGOuWiF$xyd3H;9MxYSFIv+4<;4$?2X(U! z4SW|k*cGn*;1b9mV7WMUygF`QCIz|;Kn2Ry%4Sz8eI7#-(jloN_g>*IPg-C={?{DR znN#Ht7It-R4}VJDT_hrrmLcbVRq%{z*r)qB&#=@AeHd8OV`RT$&FOGm^CKWuv)1%G zl>hKaJ`Kx|wy78WUi=k5;m`F$7ym-$N7FxlIT|^rZkXK(vqnvb$w;xEEWRQdVV>%VgO z?De8zAUr1g4|V&sjA9Oe zrmEJXIl6jWBDkreVBqBXT*G%_km~QmtUsb|r(x+*_oj54_AVvcR?4S&LP$Za-~g-$ za8+Ip{?ymI>3%Zro_Ds}(qes)Ov4p3Gi3sMQN{AH!)x32`_U(<(}tF_hC_h=dV#EW zK@Ta-$9Zg(^^6i0Q!wfTP%l%sQ1Eyr`o|1m*$woJWGSG97{@=$*0N?3Dc_A{`$Vre zt?h;HeaG2VsvHtv{zSywcWsG~N@&Cd{W}oAX6^%syVS<i62oNey)WHY+vOxJmbgT97NSzx-zPYvm2S7W}v?kVB?M{le?;%3NWKl>ZXOg0g9^b54R{;ln;_&uz0P9`^Cny__T*RRawA4Zs}MZdcE;V-F_i z2l--oHZCvDCL4q%5~^p_4!d|vamX?{F`#AZ`fKJC;z7Dtq4lP#2?nkzWK68=8Vx^8 zx;pi5SL@gLvz}*0Hqd^UrndaWDTAa7{cEFJ*MfpS$!EW?xtpl^76-aqz)#dTSX_SX z1af*_96(x4QKd%iu=#K>GZaQ-8DdCP86tKZ}x1ZJSkoQ)~;j{@S0D#)( zfO{8ky!9wKF#DW)kx)fc>Y0A0x|1g~@-8Y_?!(_IVJhnOI3HZUshYYpZq=}NMg&=N zKuD}7B1*nNW=_5;RG>QB6Mhhd`47SI;j`>iYXVr#54zTM?2Sr3oD)_BitA`tnJyFmYb<=!l ze7FGMBnsSKSR_!9E_hlx<4P7Je=w6rE`%IPHavIj6NF@zW`}_=(o?t7~9r9&-Cc1ap3MQqwy7>d(N*wDq za{H|AYtrYt%xlwDIR9z=+-H@_36(><0t~0`Mko(L-vGgyMIx-0BKm9^Z2-~FTLpV> zSH;*K)oqmnM%wX_rSjyuSMVdUdJcd!F@}umxTv63_SE=IDPmJEkCm9~lZYi)`m%?E3a-1D_t*EPe{|IV>m- z?<-bAM*H_0T2E^DTR^!oBHbE?_BkWhtI;c-^^voa-I3lpkE2y5h#6|aV9i>eYz9%f z#*s$EkMVC$^cpnq4;xfxEGty~Vs$BY&rxZNh4GC=ye+>Rc@UcqBuYYu87zY%EX~3a zEq-x)4Iwjqs|=fwtE?{gH~Vdu;7Eu3Mz;@F3!YO7nuRSC1&fp!)0Fg!3+#>_)$5`& z`?HX*dS(rOSR859^Y11!BbCwA@yj}3(S=b++|#r$6k3S0&SRnreN02jOINx=Z<8>Xzi8di_I%9O4 z!WJ+aiG`$vjAm&n%XHODpZvbRl#+~S?;*AH`Pq=Qr0#P~TgnG2A71ieR0b24c_<{% zR0~?l;S+P^&&AX!`;9=26`*PJ0m|mHt8|5BLi!(*vFWE8WRs-xBIUfj_p;TTpt2r4 z4DSCT_8kqhx5V?JsQ>AL%1F$8t`-T94((A6;6j1uR0v zC|SE5ZI{Ddl2wR-iWt<|4^~ZvMAkS-{o7X0j?;-!Ha*I(O|k0A!LSDT>4E9W&ix$4 z!rRf11>xrP?gF3L8`C=_h3@e!7?Fi|?h1VYv9ewBck=}l%ToGKSmV$<318GqK^j|J z*NFr8vDz%|*u@gMgH%nwqZ?pkAr(99{EJwVioHqufV9XoJBRe+WuV#^9lV7>eZ1rO z@;4aM{j6`vrgmPqO3%dgq||F+L#)N zgXlKg*qOqW{k4zv%~a=%@!_FbS5l=LlBgG8^hthklz5&XGN@mm**1CEHtVof()dzY zVQE=vo?1QS%>&HP(j0%PiH_gFr)D+t%w#VLy~5$b%E=ql?boBE@z#I``i+ER@`na4 zKgFzU{c|R1m}w#IjhK$4#)XiUN5kOT8zcKKrCR3_H6HHdD~6P_td3|Hb)MfV@jm@n zIhnN&BpYk43SdXW`YnI-tZ15odHP|dkv~Prw&Uf%Q@Q7|FA4d1?Xj=3PN9?(bnXXP zm^hfd{STD1-Unwk#bFUHX)j&RR?e^cf8wMcnk5AzoGO1dkh$+jmGJvdKz_=lnoIQ@ z+8tH!Wm*-`ylN>adZKHvp1BNPEORk^Y1%Mo{AwHqovc6ka`3BXPPU2a2ocR9F^o*K z*IX!il4mzUZ&XvbYFCdyNFIngChu@>M8igLo-;i^){3id1edlFQ%MSnCVst%s`Qz0 zBLN*pPpE*XI3bispLFfKy=Toxrc?BmSV2dode~%_s?=HD(nj&N8L!|Ob`2}n? zDUH5K$r{V+;L7jK9pe>ePwGjz&Jk5zHGLoFj_beEZR`_$EP@#<^Yq2a;$|6YKN6Xn zY#yu}uFSPk7d0GnBZnawDvS0y>33+&{EQ_y^QQOaUaDVC5O=$bIg9+$Am>?CDLR?8 z@wpJ|#x&lq+4Hh}0rh$mYmi;SoF&w6K_ZvsPCI$kE@BQCp=RCO=Xbrp0Tr^&De=RKL4!m?)oQ9X!Ep-O4%`^=~m< zSr&9-F0OC>g5K8QAypyReV%YCAG2g@!Oos zkK1!!N7SF|r_~C7witUBJXU4G^lIbO*vO}Z(pNK)K_T*SqD@RRkkxb|F!<{9v`417 z%oCIB-i%F6hGwv(lLr2e;=Vha&Gzp*-K`c?yH;^)MZ{{Ut*BCa#VCnYMXd(0Y42*P zMX3={vqq>Oc5GFOqV`Db8nIH;YHaV7`~E%8`y9vn{_+0zUVr2`xRNvHb)DCFp5O2H zGs3HQeP%@c0i(H+#P-Jl>o13`GnkHnZPmi*#vZYhP!0&MxWrGrRHa$yIW3+G;lt{^ z%zcBVVmw=icTb1{D@5_7trJj~xw(nF62# zy;a5i`n(kQXZOAJmE*HV*C_fskx~~y1t6evv{KQ>c~1ERcF^|2jL144qx0RO%Xi(O z_So;ipCvut&eq(iX(qL^L0#}yL_#cY7acAqQSXNhGqGnGA7x%SEy_OWUG1EGHU0E~ z5h`r+^b6%>9sX1ePTkwNDwGic1lr8|a>E4#)_>fse-^{H1$)8jNoobig0#r}d(-SN z{U3p|FC4Q1-Wn(5{Dw&uNXbG%+@Qu@*>>z9&E8txrPaSX= z54(nY{NF8x9(U`VyF6pR(e+gvRlFpZgPp?X2VL@b6z+7z*{)b5=gM(E-;vS&29VOd zZ8kTiTZElo49Jyshe}Zprdz;82+eNQpmFXDuOp~8tcSEeiEv>x(i77gL=4s;W8tnJ zfEnV;w>7Wnj=b1AQd?^!RLid9WbQE&rxSJ?IZWZMy5xzH_{-j^gM#R!Wc^{hqweCF z0#wtQ?ro$B^g{Zn0_J~lU#|zXb$F+5rH<_NV45AR&g)g2{v>E#YmoAXD@ACE7zEf> zn38(RJ!fy4+^x>_4uNo_NF?1&P`pwpiYnIOj2gc(>Rxw;YjrN*Ly-Eh zMl)!4mPWG^4h2P{o=YG=b2$|*^|AK1&KX3cmm2@TN?Bk-@2AOl%4K?rU$G}cG&@t- z86KKoyFdL5Xwu|?tox1LM8Jzn8hZ{<3oc9k69VdHktj~v2uN|R%VNz_7|b#5Cv zUVrI%BmeWp({8$5i-q4HlSzoE-jN&Yjw^F}r&XpNHGAy?Vm;4oXibRqW;=aTL18WO zj5i!>l{x$KrQ_3hK5YKvlT~?2h<$;~cu$M09=4d=O^(`O?+rSI6Sjd*R>tx#RN<}X zr1g6p7pry7K(*DWuBHiY%jVo0N4fQ2Wyat0OZ5XtE3;9sJ2R!uRbg|bMN+pT{);=# zl!_cr&h;v-il<1`wlARE_QosjCh@T}gSKXDEq7cWld{Wd#^@CS@j#<$-4$4gpf-kh0yX{K-sO+@?Dx6is^ZgY(W*eic5NNb z4*J{95XVAjmb%!bNhPiU5kP56k#}IIKUqI5k{Vz=4C`e+Dt>fI20d)&Nbcwz&2sR& zr(|=OI)H>M3Aq-rAQ`XvHyPOdg*A^DK9o|aVhz7=&MlzR5zsDF5lFX{JS6R_%-drb zt6@Nee_PayQ`R63zVSojHlKx|(pL#Q1ouG&tFvVR{|~&RLDgvmKu!4LlAXp^vqVL0 z9miRjrN5Jc#f=%SB$Uju^cF1 zWq6O^2;`_MXL-x`s4g0;Y?J5DqIoQZkF;TQPV)|bxag3lwybq(uuDT6f+P6~de~&| z&PFQpV!07a#xB}7J3jhscPLyGIg@720eK%6=|~Mnui!30(CG#oAIv%3;*|>-dd)XO zxD>W{3nNe*87_Nxf^UDyIVCPu4~!@%dso_UN-I<#B6;O-+g7&ej} z<+5)mhO%Cn^~>uN&r3jw{F=?8I4zsb`+p^kG*~>@K<8qE*Ww&T-5e9H5q?+W7-BMZ z-)1-qnRFQc2zR`Se%A0UBaNu|wc$v6yOi^JMe^w8?A(5l>Zb|E3VI`%qiC1yQfF;~ z;RrczWlUq{OP58ukPzMgKRbM&vwpn}*-piV1|562p!FJJ4%ehZ#WA9PiyW{l@GfYb zhvf2JEq!TG`LRoM)p<(FLj>D672Tf8Qb+BQYl@q=Ymz!7mwv2lXP_n}{(P{dq3L3a|fjq=d#rL8} zrtW-wHm?OspPp;Cy5ldFKKWq$ zn`FTiCJY+dS$ajVA9H)Q^>NlqCrT>j^P7P_O_CWnDWdlvVodGFO#}CFBlhGm0G2j2 z!aG3bgzk<9*IxS02&~I-rC#$)p92a_-R1AO^H!99U9Y*czuP)lX)@CTr}MTDNUXwV z+uF;Sk)as|XIseZ&o|hux}M-lV&uZ$1L$GfyZ6LjF8)x#emp$a}Ve`fwsE(-ctsUPW4M9R^}Qu;Y*ci7bl4 z;c#oHcQS*vS%z}5{iv+p=EV$H~%FfFL{tTJCuL8g9;#M#1L_iu9x669rT8eQVXr1L1 z`E`SZw|hd`8J!L82`Gd`%J3}6KT=svGbf%bRgvyJe%w&{$ zRgwNP*TtVPZ{<>y82cjyze@e){wn#8ng&V~aGeH}flhP>ukY6LEA9RaYv?jXPq|c0 z1yTSyvxPM8D@c*sB~Z&8E#Mj#=K}=>qC}R~S%c&sRyI?qGW`Pl77PWnUg$>4K2cP1Q{_OAUdMR<$G%z-5ig z-70exGUlNL6bwt~O0E(>-5LX5NBBk6G6M|ZH|sPvL!1Pr&T@ln-)KFAtV;i27Y+jo zi^8uk&PG?DZ~C90%QOVB(Uw)$`s}$;I@@PJS2!W)a*rDbG%@KOCs5tK$6t6q;v-8b zAt)dC?G9%U@^`uh+gmvlsaOBmK$ttXbTa{8R<-K+?x?P1rXKGM1*`_Kv#O<)*GIG>~=|L&DW~gXq!sb6edgX zx`wgHShnZnJlxYZ(a_hnu%5C;rVzVSbQpT`HqK8PH{UTgbP?g@iTQEO#c^=NfEk)} zQzXhoBm-DOl$~%RYnA%y+V))LR%D^XQ=ofX^J@VBDNA1&_$~*;*#!Fqa=ne|aKatv0lE(?H>~L0-=%~LhYc7f8-IPA=^9UZ0}Vc&r^64FwVFma zaGfI(qJWlw*thcI)hAk`v8^KJV>yq>ol#ILI>AUwm&+I6*)h#sFLPbl8?^LX__=xF z4-<_N??dvz7W>KXfrq*;axLfC_YFDvRxr9R(Wrw3`u?95OCA|syq!}qPsmI+urMym zVF|EHs1^;hHf$q3RE<+`R3wpzY>2)#Ku4fAtR)$*lMl@>9>}V%MbJ4||IU5Y`GB-M zKB7W?hzu~g4h|_ZU8&zJ+B5+wA71AF;uRJ=3enthUiOJY1vdeZNst|QN`?JE6dJ2- zaAah}cz#6jb3oNwpgS)TqIs2)X;>mU;Vhfl(yPLlvP0T43><|jg;I1yvEz9Y8lwXL z{D-Fddo}XCPJpIt0A}Uo|1IaGLCnBGbHe22NX{d*BSIq7k*7?Nq_CL0#pAUGK$v*^ zUW(QX2iQ%al;4?8&0VHfQN=kd;R|W1Czs(htp)>jp^bba1q4LA` z^!1vP;{)(t&KiU(5z~ji>_h>E8(^_{7G3gU0$RDZAI+n1lW(;Fn`2XX zWHq;z+$)yoH}<0y){!B9evNt$Of&)drQ4G}gL=&D29Us54zp!pkJg!r)N~*dhZk?j z6Hb^qgoV}t?pOTQm<1xh4RYD-JgW1fDwu|$aj^eVPvUP~FY6K;H^T#HvdUiZ+&(l| zKO%vpsDM!W^x%<=;A31ltC5!7?Ff^I^cGl6u=dO#N?#p08NAg!u5A@n{%YPNNnx$p zA?qR?IIjQN4>L9kn=#?A2ilpo|40P^kVj4Sg7K%q$D9yLV>aCPhkJ1t$w%{m5n&XI z3dH-th%(r{YQZF@7Mn1+(XCW}b- z$Mbku2HTM^p7$QS3p;!}PnKPMC1Fs7B%<%&}3;m&saxZ%O{JUNHKv z5q;943{Vbh0*reU7a4CX0+4hArUO9cBH9lO&kO!Csg^5Y1ctt8|BLb~*O%6^j;-Z7 zx0*zjtT=To=uQD0l3`=Rd|Y`&GO*k2;cCjedb){^=1o*hE3?SwEaf1*vczLk+WZRyFSl;9Rgr-i$)c_5E+^z!P zEmzwuafM<(Twmu;Kv(+lf1J?D(B|*F0lcqi0Wjn#$=uFl$@*u;y2;Q!_g(S7PXl_q zl9}&W|2Z9X29VV-^=W|b(>5{?2P5!q!OVBYZ-5E|FpgqBl6YgRak|3L@cWd85s#s8xv8mk33{y&>%jnY(M z%;k?m02)#SC+LOr-0sF4jg10UTOX^0tWMOFSM7S#trC5JH7nKU7a&A*0ko7DQo5|< zAcSBpR{is(&oIm!2Pg<<6PzhMMR7a|zNU$*QZ+NLxdy^j4rhF(L#Xul;E}hrQrw*( zQVD;E+Ge98#r2z=9n`aFg;>bU#6h0)Vb3f=j{xpT8N7Hj7gR#0oO8Hh*_#reEud0rTa za;6wtIE3OZW?k_(4?Jan+w*<4CK`$3nqjzz$g2(R93KEiH4qhg;FvA-a5|XFJC%`E`HCHW`U=(0fE*3f^eCIjwI+2ro5AdojW+bzgl1e8=kU+jquZxph*k|!a=2_q7fm#RBkT=1gy$|(K4VjU|| zb+q<~a94JW{7!j-RSsS+VZck_8BbgA;_`wNKyjmSUw)wu$|^#INcI1mICc-gUYhO}u)Pz? zHcvL%`EGKUDA>m7*tZw=@|LB2DxE{u$JxqXJ@Liw0(vt9#VCiN-?uDx4qvy@G`ApE zv;yPWlC|%s<1%eSk<+Ttd6MjFJ^Z$RBGt9H!PiTd2VdT+9CU3hH^n3QP#hJ_LgMk8 zki10ci6rbG(WGyU3M%q>Mxiz3@VM$aBCM&-mzW z`XK#akMNq)uKnd-sF^FOi=y79zZ3XW+J|m#PfsT@d%j@J(r|nN@MoI#ODij-2X8-5 zj2T#o2mCTp{qgH4sS5y@Sn9Vv)gc$+1F!!B48g4)KwryzKwVcs(s0n|y|G;*MJArQ z<=hlv%#xpO%LD+tkI!IU57f>^KyJ3DB^LL#>_3m18*?pIDs}2je}?pIlS zbEy$IGmB9QGhnss_*?6X#&uFc*j(d|krmb(}TuY)+Zs$L@oR zjQ1AW9psPG+69Lgd=T!WzpfvIZr_c#0c&{ zL7Y-s`)vuO>Iu=!G|7l7igrOUXOKEd=Y_{Jo<`K3}tNKBqQrUXH&pZFSP(z2i zMcl2HYHWN~#QDHs-=24mP4>&y0HYQWAvwxGsbl9zqN81xdWE*BWMotszB<_Se7{<3 zUeSK6h9>zF#k*?k+E$_!EM4CZqlN7N}v$ z=WSRB`y)o zk}o9X@?5VG8pY_@Lfj2aOk}$u(y{jU zg}RSD0_C$7JNB9mfK>u;nJ?oos%aNd@^|Rg4k7s}qujG^4lWnwM-^f+O_H!bK?jO;pr zQguMJkDvi6`T`@pKIJx}!$(}YhhY}6697Pa%~hlVxk*LO-=i}C53C&(EN z4B!RewW8sZ5ECaoe8#D^?F@aJcR<4@-9pcfMKn^>docB$c<}tL{a9p)u9~!)E@R0P zQHL|rjd#EC4BVV?a7w$IYa>%js(*j_`)m1_715RK#R&OtUhAo?@M|L%Pz$)Ir76x8 zHU5d|miyYD*k8Sjw{r*t_CE`SdY%{9pCnth&Yw@_Rxgbjc4XP^rIv0tPLB!^4%-C5H@84tOO~;Y69DX2SdIRn&0FTVmjBnLF#v#N+e<6%?5@I>^$~!gi9aG_W4bUQM+E^*5Sg;+(LD2 zTcrFv*GeF-c1mzlph@MXFvxUn@2Ps#S?}j(6zPFb>_u!G|2a($v%RhY4?zo_@|Uxo zkRZg4sGj-ht@Ab4!BDUTDrGb<|GDQr<3h-1#GYQGqo=&%8+RRvMmo#bL5ctgR3fIV!Z(gL;&VQY1GiNlZIx> z=Vpy_l7wIma~V;ncoAjJxtK+TXG_kiw|+l!(6AoqsF95U{0?A6D;8LBlgf)PsGeJR zXZ^bbkEN2tUdT0(bwo&aR}xoyw$x_XjNaahO}TKYP@8jPvkI+JuCLar+DB|e06j>bE(ZX5Ze{uq5OW+!C=u-%;SKE+cnp6H*cTSXtJul^3HO8Ac(lyq&~glGOLtJ ztyg*u8vDl(VY}%M;z8iw{#&C1&JB0p3?t#pR591Fiz8foLFEV@>Vpb*qiTG&+h9fZ z>UP#S1DC+t?i~m(4cL@hX5{zsFYXgR6wvQVvLoG6O_G|GjT5UNu)P;EAALL1%?cdT zFvyO^hdi$5AM86_bkuHWRs_N=z*$1}`op1b8Fzc6^|-!_HS~AB?`b`8&ma44wj4BN zyQb|JnZu5J%hpkSH8Ofp5LfQ;jN*eTV$a!lJw*JqtRSW}=k3b}dxVI}T_%quFj{aU zGldxA{QnkYp1h{yRlGhS6<4R%8XL+uH6M8uhJy*jw1g=jC3CBPng9}Ld~@DwjZgR< z%g|{q-^^%g7?g28`m!>NCsLTVqtGkbEJ4^{@HAk*KE|=GfTQd`^?KgT9xqZegego) zggZKn7O)ZUSx@Z)6kgS7{ClnB(@Ln77R$QR5|B>)mZzL?(8I_+VK2 zRV0&S-s-k}a6ju%WD3qD#h0tItK#W~6q;Jszgbf>@3?kneEwD^4ErF#V9zJTD{Xf) zUc8NM>!Z(MuyD;c870W<`J)Zqu8fDcMZ=tx&~T>Acgs#dv{1-QLIkb81>)YQ#vXt# z`y_Cochl%mh}Z9*s(ZiEs%bla=@bwk{2MLMdUK(AXCiz${{2iYizJ&^fiWpZHz~K==xN{En1u~b}ecqJL*=h`_##J>c93R zEZ8pC1WyWYs0A-{Yd3+~xTHe<_xd$MR8pKT_Kc)J(>mzar z3YF(t$<;e5#IQGysi@HCPaa3pGb~jZl5t&S;IyP$N2GRge)XXhQVu~1K^T-y1c$(n z7VeL7ecpgyQ(fSRGOW#Sc_ zQV9fDF!6o>p+x!77js7zXduqP{ms-BaJ3H!`kMtl>!7^-xf5FbR1$nd6#BX|bq8DP zGJ{X8Mc1VA9VK#?9`1m<}Y*O{c!ipuF3Ivzr zGAI!$5!Q;rrT zq5s~D4#xKA{z|AjW3D+~F`K2qgnBxBDP90~?k4_|vHsZWVn|r-rqLKOR!H11b2GM} z5?;t^ux!D;8SD%HnGYebLrg_<#JS7eOnuEjb05Png}L$(J0DImFdQ-LgBy86Q=1i= z8edlkMFI$t?}k(!xdbOOa8m{KeQXWioFA>EAwXcV9h;({OqIgD_Oz)AG{ZL#$GPj3 z={sn;mgdVG`OLU!;wEmnCU{!gWSDb@c(Y$STQGH%XheU8xt~_<@LnAN%rFcZw9Ho2rYj$r|GT;dj+qZxtv=RR(x=JvN%`eD9{%cjH#k%Zk!Ql}QO* z8XHxW3^Gt_7;TNYD+VzV)?^0(v(_(0)xOUbY_+=FDm|M+Yx{ql9ej%s0@G=`PTcDSWbzc^z1ydLT%CA0qGKw~++eW)mmY)^c8G*iI-dQv_q5`Fsx;P-UPexpt51m~a$1sc zFF!60DSCWTZwd1394>j5F|8;Ip-8DwXHZbsm(svGg4)N-A8+wt!BM$h1p1raiB&$oYz4A@acLuR+P~YW3?emm3qMTkQ z@hEPcKmKnHu6i`zdqIUn9enS=pg5f+gmQ}x-h5$wu>%-A*`D(c)t!hUx(v=})wgjC zcfP1C8q!W?T}i*yX-tBz^VMzN*+< zX?p{mr5xu4{g^Xpi__gLpBKMWTeYOF^R&@_=2w+~j7~#i7oO+Sy*9m5-@Nj3LTK~5 zaes~XVt=~!&vmAYGnb4LKQQ+ED*fbDX%sztenT3?WL1>e{xfNdd|3J1;n!87pIf45 zs;dpG!EDL|u0{5(u~wdTP(Caex z=D+SclA#55-udLQz8TBYCPkkdaqhvP^c+1_lpYvo7x$6tTy%HWE zP-yzSi?<4f%dR)pS9-b>%-^)jU$Ef8)UML!C|x%@n9Llr!3|vm{Zu^7pIZ3R>@=L7 zDfB+CjrU;N-(9#)18-4Wjzd*dgF|`p8R=ekh3g4*#7DbJ5>7yu?0%h16@>&2C*fW* zsbp!3xbFTQ+bZ~=LqFR<{UN-l=l$ZTZTZ9>v1s*|?f337ob()V$ZW|Ef6V1A*Z@-8 zElyoV@xS6(%Rfdb2D zHHiN@^Y8iphu5L;oxl)kFCeE`YNyTGdnTvnK?y~qEQ2p?+b-zTWq GzWiU&pNFde literal 27939 zcmd42XH-*9^fnqrL_x(uQz@dNKp-FrN=K9yr1ug!BE5#*6cOnH2_U_NmJoWcDn$Z< z^bQJy5UL~;L%j!o_g(jX_Z%HtX>ZYjK%mP? ziZ3-mAgcEu(3wvc&I2vGiP%iw-$fTi19uRJ?)vH9nZcRBLlEc=Na^KsZSS# zhkIN;ympVXq)X|7mFs(lj~CDQcd&#CHeT1?#l7|_M>f{H6Cq&Mdo z6cm`B-)FQ(+!zXw;wT!KA*2=iuHe(O)Fjn())n4*{rN)Balb=0U9FXUN~>lS;SGqtQLbBkqGbCrduIn?C&+ic-p=8={15 zk2$|%{O$?ZSv20M?&$X;X8VWOqd617A}Uu(=CMixrBzZ)OQN_ZHE>7aVXO3^9z6bgYoS9IWdGreLjdXkX%c}67>X~pUiW4+tuc05j{1?|@jSfzh8gt@ z5J-g1hxa92R>qzed!YY;bblZS6g={1j5pV}$nQBzW6;v5^ik6M8)}U?6XScl(JG@~ z>eM4Jk4&QOw8{%Dy6Y^~Ff&8G>w#Zs;kVmQb`lciRGboN1tySt67(ru2?FdnNU@Sb zC=)VuX?R)xm9lI13IoA}7t%4IErpV}NKhgc_cq{6!f*x^@*O5y+-d_Bug7q2X4G$T z&pGlXqefImK5P3s*+BQc1?_}bi1L&g{=A!LKl6?Ws%GwHABEMKbevK%*@UW*QN|l6 zImEmV9v?5g-=~D$*w@cfZj4(?Izm^fex94^tRBbD?^o>FqKrqXv)9OvEpp>?&H)!X~4!1Lc}h!;qA+9*d?; z&APpm6-_wPP$16n52~PwlTFLN+#y4=CS#7<@`j_eOJny`!s7R-SIAzS{#+J4_6MP2 z{QO@>kp96B`_&Fh?Mp7z{0K_2dAoJA>JNr7F;D>t%;wJXzCN`;{9O5sZ2S2hDbM@U zoMnvV@8>Zq+8x%TLsgd9*KGMQS+Vlp*h-lp%T(RyfuQJoael`lbJDew1Z$}Sgu8Bx zG1ILHy|fDUdVgg$tU*H)bWQj1iyl8wF=nv}cHU zJyYqahJFc$=dBjc7mCd$LWEw@EjYlja$LX@h3I??~-3@dyaH2kZFJ|m)LJiYmURbAK-tIp{Ky<3H4~{@w~C3Uzc!g zCN`%hE(UFRO?+C6gHhM(10rKS5-h{pByO#Ob@x1ptSHP~sB-fv{Mgr_nkDwKeCRL2 zep(BkEffiT?({hvLApIi~Ad;?O%^}QPKcw z>|E-e3CsoCCmkvjXHY-5qRuUacz$Y29*?npMf|wuLGz%G!y}Bl?_RIM(5jfqhJId_ zqW7Xi?RDf*)62fV-Rb>J&jw0b-JmcRVr=}Pc1BK9y`RHe@4d!u0uB2?TTg+LY1iY> zL*kWOl70%!$b;sz!o#|N?<;1D`Am9kDnl`jYiTR31g-p^H}#I%J^4OM29*fZiWpds z{J2hLI$>4zjT*CQrj3tzor@c5(0PeV5pu;Vnzs6n%D<)<^)uK+=~YlB?ohBz_%8`7 z_2A0y>M2R~+Y$rSKH~OZciRn{A_)S_MUE2H{|a?`N|rWp6-#kG;1hH$D~jbeI6X)L zeXFnfO4mFK`nkyTwT2G2n4VqS7bjLsNn?g9&M$j&xL;UEyP2yRC-zjMrnm~~0~?KB zCF7j5^XtWvS6~~FuAE3YJXp_!B*IA{*DJfqeJl8OL{>7_%y+m|%@2=S73+e19F_L^ zx#0ixO-WI%Jq0S-E&eA%VdC{h;YR5+T$ER)$o$TIO--596$g`!H%vEEl67A9>qO(s zs&Z1LG7NnDcrVNU6`c@1am=Ld#AiF}GEsv-Ea#i`FXRe8fT&&*H>*$m+&!aY!{zw~ zUx9xHZ|WPV01t@8_XpVy6+z(dEGQEw_iMdizjiQpvDQt(jL#R2`r3}BMBT15q!z&} zV{N|p%AcdIR;EV|SwqS|YJO3oYZkDi$QZ*2OP0E#~$PRF|$_s9M}= zF@gJ4q&F%4=qAsTeC!>=-Ej;iP)#g%b@i>0fuuEEp?UT|jfo04qz?vVq=in^+g~fy z*1wC(izyl^rMtmwKCm;JE68~McJZR)RAAJMe2HQrMp(te@u?d{J9(LX{DCu%y*Q=i zQ)SJ8=B@ZK+=p5|g9j!v!Z>v|#$8!RB`ysNb1H!Mqo;idj#5qZ=32hEq|Bk?KE2BI zlv9hSt?s=eJ{JbK8lXhAO(t2b3O59zRf_Muj`DU_OhC9n&9y?>T#wiAAiKur2Tj{N zjbiSGGGB9#1|oiS+|4l5&TYvRqtl`Md9d)vR0Y33yizqcckGOgAu|%5`%rm4-V|Yo z0rP4(G9`rnZmhb^b4K%STJ89N^CTS>s_{ebNqSO4O&z!1N}9ik)eX21fv!Nm2;Inx z{`9KyQdaVK%{+T>{Thrsw{*INLEli!p@MUCnFNWrb*Bor<7OVa}kw{m(@;X}8ikchlk?96IJm%?2 z{prt*)WaB|(w(_J+2KYaiHfrcwPxOnh-dTFThn~&4|DuqPOeEN520odD>8d|3xx|s z^~gC%BD-#i*yzKIOqNY+XP$(lv7A4FzFZyOL$1{O>j>%b2j?|>4B-+pDehuL?qO)_ zYC#c*^LH8+TYD;HwmKzp`GA<uZ*&@)1ZNNQ6gd_d?y*Y0Q3 zS9#|W(9o7614JdsRE{O;6~{hjnE0{p8o5t9GBP27JqQ#Q9{vBHg);v`T!f3crx25t zMfz{boit4UM`Eb|;l=;Qqq~A1DeE(hUPG@zpwXy>uGoT-k`mN~BcfW6*o^l=^pk7A zIaEUizi@{t%xr= zCcUwE$N5~2qh(K)pewA;KFyL6YdxR`9Rh({_tUzk>5ouScw{>ut zsy6QL=Ym)JPVP9uSnKi5Y>$x5_dO_cVmf^_w>_W_kB>V-cRPCc^c3?bwEbz{VQ1Kp=5_d;N#K{SF*j zX&O!jch+${qDNCqG~EUMjmFdUWO&5AL^%(tA>l3KZo>(#W8+7OBVUNb+LEiN{iyY? z8~%_;EY=>&5n$xmadTCk*x`?~8l#M}8*@Cm61wAq@3vjssD%r4?2kMgbyiK79w>R1 zU+POf`YllpL9f&mV~gi;n~m{}4(Y60O+612Yx{`$Mf`*()sM7vTDfYw8{ByD%{-+# zZi_@+Ny1&9K)6b;bCE>xBur;^>N{ayV}Es{vq|X`5^1~h^FlqJkq==rb?)$WuJ@Q} z&{6w!n>`sG&2snBYkvXPnC(Vnlo+S3#2R$@8Rk>*&^@}mzHUvgSs#K5RwGP_Eq$+v zAerF4KU&>laxyghj#wtOBnUIUn~Qp)f_#n)C-X%9Qjj9Wb;I{dg|?l$e>EL$ahz-| zCgU_+7p=+RYW^1DO<1pjF-W1RK&?bg^a+3}ta%<@>p+*;?oUC|i#d?>#-{7Ot4+6! z;^DKdh>x_g*q258g(`(k+f#%cBO;GBQMV zXE3{6W&G-&-`}S8GLT8do&)*OIwQ`iFi|Cuu|})C=3#`M*4}h@JHa@{%4I4XLTnjR z-bv2y|DNyp6z#8LeX)n;6nr`#BF4!cy-NU_QlKT?D<6qsq19ir`*gIMJo?hrVk6Ms z-sD}yk1EBQfH8!##g&C~8&yOjwpMIpYwx>3Ju&DIW!O1M>mqy*;S7GIi^y$?pM%zt zQ8DJd&U|BvQ-7!G8gGT_OqTZzU;IHxUJ1Hg`}Y?i0sVfiC=lM4kWrf`<1#4RLtx43BLtNa*$Y_c%d`(lK1ELN!y*G<;Id)c-ovW)vtEMb? zDM;j~!fdZ-dOYPrKIf5!LGTw1qN7Gn~Z zrjKf&`6BS?-C4g)zq!=ey_P){J}B)yRAG#L2l4sWE!8n%C)tp7@jydp_YSu5AFNL=%H@s%Iw$;7aP$dAbfj7gv&|mrN zMy4Os2fU(U<&wkP2ZZZqmg5LR8#BZ*ysoE%@~jtM)&1Sn%~oFIZ{uhgKZTDoa$3c8 zx1`(-f%e zs*BV@{IJ$a={K~PC8+i)(_%3?>p8{j=t-C<>5JVdWE=eacVD>J4@a>W&BQA8w@e9t z&fYadR@zw^LSy*uSJ3*FU(0@m@%E{f3_w%iW1{)NQl(ciFmN~N}p)Ynru~IV^%ksHH{Nz_KefIQj_f2YcArowz}Pz^=Pnmv5u3;i=Xal7tf_N zxM`*ZF4avpF2WNDsxbrs-T=v`^CAK&{Xg?P$HM%}3_V#z-4@&VuCL8DrxsHszkLyQ zr37BSK2_@s(rm-9N(cJeI(cOtZx;+jKb=*CeUYE%r*GKcx{&&o!Ino#^Xinh5NP{L zN$qUIC%5+hK=PkwN=$g^3{BndoYB4bA4o1kw|16qOuK)RTHj0Gn!&7lZKCqw`gFa! zW8_hJ7rU}ehR+h{{uuz3LXF%vCl53|Tk8Ch|5o-wnN{AU4EU&lz0q2%1nD~{@6>Y* zmTI#;1z~|uGS7_joW9W9{%GxJ!}p+Fn;=gRz&!xr83*t~uxgs;tp!Cvhb9`MnGfsN zHcN#!KdeN`PqDt~e{wp^Kj3~jcsC=#ZS-}e!>MQeOCyG#55Vd%->0bn&8xk_wv-_(EPRV~nKFd^db z!>)mAmK>>k!UCe}5q8W&V=cSY3D4$Ej`uPd2!6BVjBe*J4ex-}X}uN_Qj4^6v>6ms zQ93a-yIZsFo#vF%5QP&f+MYy2VoTzA1l%*->zjxw&K5z!py0UR9>D*{Ajo~<&N+8r zfP-~I?qx*p=>eJWGCuyUwF2(bN5YX2fguc0DVBF%DLlSIWlZ^6q<);3|KC50O^7Ev zYMNj3vJ8p_Yx|U4<1aOOuBUv@l29}W4OhH4v~z`n496q&R0kzpe#z{2K5cnauNsj) z|8t8s1&4w@NY|=gO_TDu34|uzKxm@x-a`H({YvN$#n~BUy012;ym>r7m(L+}td?MT ze4a(9LbZF4D=&E(aJ34!;bH4Q~V z{Bu@@x)L4yc!B&Qz@2PiDX{ufL0Co5bQdnfsrk>}D0mNNfo&cdup2>8O}ZL-5J#){ z_(F0Y8ll7UQJ>}vsFMnk3j$kZFp5k25a@?!oDYJA2q#C%gAX_T`Hq%s=$$hUCXZrK zrLe8RZRH@+QzFXdM6qFm*(5o`uk&${9m{=9i@ZWbjmXim2g;^R`6XwEmV8YUN|$*e z4QF;LcvrN<9@f;<7ds~oQ;a|5Q<8+jqeH=8wQhkWn@lI(_GZGGPA0ku?vcbZ#kgSU1aJ_XY%lRw3V*}SU&pss629by{>3oqH z?iU0ZtZpJIP(Oa7yltL)ZlmR0ue@>#hJGTM^z#iieSUaaGJUKI z9h_fOfwI4k?h{q5e-Ay+mM}lU#SxI}R+P}4x@8oIX9j^fyZ;52$y|g+ug&~!P;XoI zi?A9h!0wg8&uJdcOMLMI!Gutu2n@b#iSe62BRC%8Ie|_z))w)RtI| zk5f&a)t}NopgZq+xZ7^IjD^G&Y)Tw1D!ntQI*5|rQwxjJ{5x$U?JiWHp4pi1RB+l? z(5dX|S>l5t{zIM%^zh@nCzbOKN#*nDef3ry3-zJfCNS_@k89lP6EGJ1^xnTz!xjjK;64HDSbB%Pd5hkpkM8W z=;6`R=Bw8KI9}Daa@L^HtB$uh_XbL5PW1QtzMTjfJX=aSUUVKbmHadQ^5)@T>%l;` z@TC8-xZY7uc;i1Q%3PrZ6eRcPVl+d0n%Bvydy&cM3<}SkdRsvGfAhru_bF{K*X;My z@x0mjD{Nv_Y|EI+zT)U#TU{J#Y7$%RSrI;SEdf-Y&c4R~-CD4KfUwV>R`_Fm|dQx zW;PZSg+$I>emX5En!CyJ;4V7r>xBSQA3So(oFVL+V*d4p*)i^>lBj)-e$iQ}PYwgs z!`Am8t%oG&XLKL2)@qM}KxJ1{S`^#EAdrIw5`f%;SZ)Dxr;^7-Pv56!mw4uyj-W%u zF{(ko&o=wj&hVmwm6W#X(bxt%w~e;9R0-Z5#<=9z)f;hKs#_NVz-dYN0GCJp%_-Xm(Fp>#6gI0MsZhDc2*9m1pBg`dGmUSLn~kuj87`Fg3>GwaWgC z_ak1nfu`o~^Z721PPT3lhM=XfU=^ft(OPjI>Q_!mKKu^#fUY!N<3#5QuOEu7C&!+0 zx?-5?fc-yn4=;~PAPUv0{dPb_=!zRKSfhrV>*aTaP1Pe37=#4QSyER(Yeb$wj835X z6V+T*5e@z#$hRe-$Kw&j62*L|tI#Xuh5tmZe-042awmB!k6Y2atb-@>BrzWsict~6 z+G9NOiYgHKkOk-dWIFSjo@x^(VC4kO){1$azT%1XbbX}-PA$ZY4RyP-?I#V-5WY~fXGzq? z##a&_E&+=cLn>Nbr$xsyw%2h-^CzQ7Bb$YoQ&C+CWmAY@{cJlD0)U2E;lM}wowLg@ zOutU`?F&4g8lISa|EcTY->s_Z>guZPKFPglk9}f+06$>mgH`ZfXgG`&`%ce}YZWhj z*zaIyOb|8~aCd-#W%_Ip7usCP;oaU}uIqE;T}rI!0h&Q9XHT`a6C8T_b`alLWBF61 z0nQQt8EuQ-V!A=`JZHEyXe8dw$lqMvw6(O^^V)!@i~MI~w&{URG6RX!ZpA>^Jn-wzLE_dm+1{$vwLgnwLzLLHBSUOOCu#GEDLTLTLy9vFR0xgNY3?7$ zRP5X|Z8y4u-2I@F@@TzWxw?`zXua{&nfR%79s;@^?2It1mNe7TM%--&0U#Ws^p;YjR`h}`72nrO{J zk)U5~ZaBc-}gc> z!#=}5QX2^OoP2GG)_Lx<9Q~^uOf!b?bW=Am?8!>gavFQoBkVKHW&8Q>`S^%d$-7P8 zHEi^Qju(OsV-qC)-WH+b0j(g22KqLfe=6UkH(wfltJ^ikW{a2Py-uN&XNzQcJ=gv; z@<3bu#pJvKsg4agT0`4R%KCDNM@j|o{c849>ga9EVFis@SFsoACAZam=ffX%nq12L z8j&*n`N_)Do{z~UpEUE=0*k#ReA#)T>v+=iM3GZ={@;}zG><=tC?YpNVm=bn1_u=c z90||exC2@lgeR8<)T7^xMjtkkhZZ5{7hdW-NtYDeQ5 ztX@H6yGCXvBk5y&c|YL#;h)C5ST7;d%K6aq)n^O5cV<2OJ)aJH8PUaKB2^VAZsKG! z?7UY~yvkN0R{0BVO+xW?Qoszzh1QX`CcELeHGn5B*A!Oe7?-QGdrvkb^`&sYHs7uu z`p=kod5FVVTlPHCzw-9u&{KcKc*3~fQ^`W-X1wOoTeeXGsDA&Y$HWDWlfSzPCnvw? zkALNzG^mb&SsmClGx7w99b=yC&tsm-)%HZ0WNlF=5)_P$vV?ItF zR$v);4a^ogP>a>j5Ac(gGA&>ZX3yJrsU4l+%V7K)ewnUMM%9V29a?9wOv$l{;CtbF zMVsgSt)_~np@FLtR!NfdyvQZ1#)S>h-hFO%SV1gC_*UH@9PWOFZ59`?IIO@XmpN29 z#P-@W*CvmqYlW0YuGjh5|GM?znjv~2UZ;yu)#qn@!*k)xJu}$GyF!2BP0X{S^}TRL z&sJuV$B~8)uNtI)TkVo1R}Sq6no+hpXHLhjg*W5bvs*OJbqbvB#jEU?Q?y6fLCCb? zFqRglpE}lsVtb;Ew^xiDvo6za?&U1H>_@zyAlG8_Y{9dGaBOa}UdQ@DmJ>*Stj=U@ zKgDllF$8Dl*O%MJqr#)E0YP2ce9^6Mvl9~{{5tWlPEt{-=QY0CwoE+s#rm+1#%FF- z{LCI%%s@fof?jWKtW*l%I3c8ViqupP5=Vi*-qPGcN~Dj$8%%yPn6xr-TuS|0@kG~+ z6c%>8dL}n)x)_;dK)`C(Z~pCAO|njHB%$pch{ER3D>$kFO$`yJGQ8GAxFX|xqEryOpmN7dT?gtH@p2;J6B_Ld{R-ps&VUG&^KpT8djmGw{T+xPgG z*r?P=VD5`Wd(%JdxIwtu*|3_zVS0OY+_BQOtdSv%rgbbJ>sF|X9IKT7vl+J@exlm( zqS^!97J!thKd0f{k^7gSbUw`7LXWxmLN2P89?8l^R)p)V8RAu=*&X)hI*+t%<@IiK znN!wNEGP@#U2Zdsy4K&I5~R}^l>zL)Tk)d-WNCMY#9jQopuimmv>FPd!YujP#aoZ<)9QM_Bg(p6(lD6QAr_)s5Md) zi@(ZWGvKDnoKHKFH2HR=ST+04!E1JjQZ?esy>_|lG_r%khO9kU-hM|c8XS9g{4r6- zs6I?S=@8NP!}7<}`!9A3U%7I9f_>jWG;J#@c#<^vK74DZA9^;gTYD?R#CKr*p6Q1P z@+-IPiqVki`mEqr}ID# z9W)y8u{iF4Rp3dEjp>Yg=SIMQ^^bH{`j12dSZx_Hb3hj$M;@`0y{a6RDa2K%53f(+ z%Qe+fueUVJ>lWxkah1lC>TJ6$_Qo|s&TUY^puKMlST%IL=iO@qi8_5bsb_}FrXD&w zSu#;Zl;JMjE^G+aaSB6Nsh3>ZsD}Hji;cC|fyTEcB;mTo?4GSvk=Dq_&8A`e!%*sv znj%>-*WAcSyv&~gr({|0TjDgSxFm$a(mcJ$nZO_dDd)ODEywcYm8z_AN9xd z>yn?=ayLit^9uBt#mwq~0si&F^>$G9*oajlTC_r)LLJtYbbS*KZWeDV&)#(n^sGAXgMtdASl}BXo{blJtaoz!w?FEK)go-!R9Vc3aLsH?y&MyPSHFqWu0*zJ0QaT@SHVA{UzX2njKS!{U5sh{x zDMO#o1#^`H0R!vfbe|D#{9t)bpz)Ae6B(54YSi@_Y(oGK1Zke6jK~J?KLy!l|^s zEJoX>y_b&ZEA>5Q4Zx);xI z=JZjgJ!3Xglq#P5%~%$2`s`e8!tPXjzw8>@Mv&a}A^vaU7i2iUZ(rZ}khz!MZ!fJ854Y+|S(QKL^r(TD){_ z7Cr`>%Dj$FQ)YQ8UTS$0OtfQcDsG-z`4nHQ^PVeHmuR1mDfLD(zFC%VcTlrQ_gyLj z(LiIW&=BrsQj9nlwlFiB(eE_FOQ^ zc<>}dcKlu#Jx7NBr<PG7X*N79DWtqM0HdWGh z`|Cj(KTUlF`w&SK85c+(%Uk-3LAVSuy(PRNheVUiJ)DPYpB^VpOF<|LAAafVfN!Sf zV|%7FwfFh8QV;VSHVR>v;EvOO#UIiyJb|?&K23T&YAPXMV8OoKh~0p?5roWX z!IATB)2RA(9m>ZyF9OGE=LegY+{!UxOsm3Od$N#_`Is^ABG!zf2ONb?Ix)v|=u*{Uo`XG!mdXm9qy!72` z?vG40&gdy9Rbpci(6Irl7T1!}tl z)v*2a4WASHwegrC)2hNhq7u8&@I8xE+|UK3f;fdhhg=ET_}up^vhXDO3U2-p^n&K> zJ=y}_1Y;k4BpRo@LvSX*=EOGr>YfM+_cUwE>7;tGuWlqIn>0x?^zDVwRQapAjiD}D zt6%Vw1$$x9sLO!WxRfr13CVW`XN&2sU<%3EaeD?#e%w6zDqAb9Vzw(7q}UP}hrObQ zeOCBQcLgLs*ZmOR8S!#WW+iR0xa@PU~*!aqO)ZX zSIIcwqr;BUuV(xB=3YpTQkSx$q|T)}ZU_%+e5Ku^++u%(x<6NFhflSfh;wO-Ud1AQ z-V-9qFpJN6wjCZKfqGkHJ)`WnnKXFxyF%|+>kYvU{F9C0Yeu2rh!gB5t`I=BP|oPt zyGz%7vysKB7O(=BL;w+YE8z3|w6FLrA_wt_#d)R}iM}JCW%Tv1$nXh@p3bH!WnzD6 zVPA3;8lfR_6l1$>zOMcmNixN$jZ{Z|g*x-8jcw&D7Dm)MwaK+QYE*(>=OJRTh5UYH z@=%z^)T<%CQMbfTXRWCPdE4Q14eb^Bqs_xRfd)vgulaz&-dNqpi~>lROGv4bkbE_; zdD>K-s(w+Wb!`;{r>)gg6YO1{Y#;`O+b*|a-qvf@L5D9UQp=E*n;FFy;>QRLgE|I! zG)C#$4PFJbLDq2z zsQ^UglWN-hqO)dTO`acv%B(NV7iEMXQp=f-DeyIBsM!3JSKlqN%hh-$}_$iNNU#WF; z-O(g!1S+F5^Mm(Ao?Tl<b8}W@OLd?nB(<#j0By2UT;)91az^niD02Qk z7}nkv51ju0K+=GvKNa);j(@nL$4u*TPNZRI{ZfkkAS%g3tkNH}8o?ZIuoO`a666T* z>q#CeOri|D6H0B%U!($wgh6zhR!du3+*=r>X*r{=8Te1?M}o}AU#zQW0{?_?U;@|& zJ*qVT4)Z5`Ba1;cXtLsCz{N8kqGq-=f7oS$1R;PaFq8N!@iIs$>z>4AncARov+Gwl6;)U%*i@{4h*)Eq^}2n%tMQ{{w=He zQ^-w599XW`C&x#`L?b5yu#Y+1f7NJiC9MWgc1r$Eo!Eru3XFT6b~S4Tbik&{kZ`Jg z)t_|ey30n+{d=GHb53JWMardsO5g4<`03RLklFMvp@uuNfQM9|7O2OfcFFvF``*~4HJX4i6{VyLGcP{NrdYFL2c~wq72o%f;go5|*ul!DC0`_Kz*v1XR@9!R` zfW3hnM3vna?Y#f#pAG<-fp~0719#95X{V0%=A<>Q93-0-QrlKg=ELx1XW`^; zDItIAWcOw6^vNp4ChtWlUnW3jObuq9P%;JhHc#^h2AxlKodx)S`&_^^90>P&@Jnba z!?S>Y>5y$y^m&^>CkI3z|Eq*Atm2&138jCoMy$fD*SB)vrs4Kp<}LD{UK@!@()8nu z^6}6RW;SUDc7<4WlrA9F^OtCU%l!QMxPoORAwM!?+^*31DCw*%N{vi4q5R*C#HBN# zE?J6{gb_6WPE6&P+KJ_9E~F$LZV`^%@uDR%`&!aFT6ExtlXrpXwY>&%Fa)n+n|}S) zeWyr7TWroYC;UTrWo{>5{ikC1dqvZ_(zOz!8iJPpL+1W)5XehYM~2 zw3k!!u!>-o)J%i^nepE63<*dZ0!u1U#TSlspESozh{c%gt!pvmQv^(h?$0`*Xbx;$4rlW@0=FVgIG z9sS&{{D}e1WiSLs> zIqY*=o2reSJhdsop8*4Qt>o4|N+7@%wUG_`GcO{2LYD3?&inVydy6--2?Rra35nfXsk1jvRM9veP0IDpPX70L z2PypvHZP$GOmP!05d!$l66b(b`6Xw?G$5zPQsCb*>T`0xe|+cZfQk^~jTy$H!=8(?SUe4gW>CyH~lT;Jc_td(&c|`sWi0a%1t@TEE+8a zR;T&}oQpD?4&6zB;oe?MP{W2|0&@MqC;vK^8Dw3pk%1&kRt5BOpVY>J;2w`V^= z8kTdq3DH2F@UAo4m=COA)x6o~@9(f7fV51&w(PG=`hQQw$16jW#68y(lS~7B@bIT| z{_YFHtMAS`9Q5`e^-M%5+o3DD{eRsIkb8r_j{Z@R132jkO9D{jX)@{+r zBDF#53}5^Fg`+lUV5R~II@w8ei(QVsJKxW~;rc_x@mFR)vh{D|_OB3nCj6i)0Ey~e zDZhgi@Qq0e*qyi`hrI%DCA;~lPAUE(*N|_;##F2yfoZO=Ci{_!nrL#2e9_T^3D;^v zn3M1o8seHJDe4(x&s|?~V$Q7oDl+4G|ER*IKcib&VXjQfscEY-ocbknc59(aygPf9 zQS~*BEVE6eB*fewXC-k#*?l{`L5Ehg0S@{WS;=j$tPx>i|Z=RZ36No5qQ z)&)4O)#-I`PFP9)bZz`g6sJxaHFoO2*9o^}t9b-f)1gYsr}AJTQ;Q0=9e?^vH;CE3 z-90!G-BHbaaZEY6`0uoa?zsN>nq;N(0T#)Hf8_GEi(oJ9Q*ke$+LvxfIv|{SlSt^; zK`l|S(ug7WjUJt?1`L@5ftA|BAq^76mpqzEsFif3QLCgFA{yhN>dIp>61u<-vk{%I z*AIk*#7Ek|{GCi)+hn&IjzrU&4i^G$F4(S`tTd1%3&lPj80OZE2y%@58H!t{r}4RQPXt9LTj zi{CnKXO6`bh8mT?>|5Xv zRE;Qo#8=iL;s2EjK#y_>_!)4o=N;ek6$U+?_g>SkU5mF)66HFu?)!?*)r~2Y-`L*x zQ7z|sWA1+^c>);)-EcU0I}foe#>2h!*(l;0ZRk(e?psCiMq?9r>>?A|#n$lkmQh#Z z(nFQZY-oSQOGN*h@*Q{Wy`)WpMl!K=5Sf}jxZ|$Xuh1p%RA(e4a|i(7uT+x=WZKd> zNF-~zUJI8WpJgp|QZp&{a0*WT^(ABq(yePp5-V;n@kt1s8a4JyU-rH|_Kg8!A8)!- zxUCZ#(c`0Q+@LD7>@@J4&gy6Uk>6C`6g?(B-F81}JGzKmN6bVJ{#NRkz ze=wSkyE7Z2L+M_fcKk^yOkXjuF!0|T?f6}l?kugROTnI)hNouJ{;n;A2-_v`o5Yzk( zxoc$Yo%zA?zk@ZbT(~})jfjk6*0Q9$SmS11G zpJa%KfahoFf`gywP1-ICnrZvq&u@9T9F-gxQ7Jaep)uOF#fSP*V0j%^eNHzPNj3Mq z&Ik2qEA@ToRN`&v#s)z2jP~7z)oT0A29Xy#D4`S@4y_JsyeDuoO}aT~dyXk9fAyek)3v+s+0GnQYM++s5Iit; za=*}>HdmtVaK5pIr$q!B+w%=y>cIe+9a7n97kyv8!P>VzNYueUq$jL0JZLEDazX85 zpnfnJPQE|Oxv}|S?7nYY+%8{4#^NqAMY41Imi_1{jt#OQg04R`AYdhfRV6XtVmkTg*iEc8yq+%x$G z%eNG61NV3dv*Z<$4UE}f_~xkltA1VSsk^?3hG(`9aI_Z4PzZ0!KAZTS4!L@&msV96cOJVML{beEH+0=DgRE7M8+i)(lB)kk4r=%czVgVF(^ED2Eh#wio|$Q& zGHXNB=4s=zVC&G%5SfAbvBctM5`qN(#mJoD?)4KLrpE=gTpcHb?pS^gpA_HBaXAsg zc5P=B_G^L6JE&I^>ErIStEBk+jWYQ7y>@GDqyYGfV`*$vK&juSubYNO{;8Nw$I?je zIClE1&i&6^E%C2-5Un$B(dVx&p&-(#(tVd-eQB^S%{eq?ZrGmDrKUAMv(!}`;+Ar` zA4XnumNb)i%J21}%m|^U9O*8Z!d@umyrO+WOQ^Y6}9 zs#mwkWE!O*2EP-|3D`N;NtNSy=HHfx>?JTW6@m5Of9DTPQ3M?}$-O@ECuJ%-xOT^H zie)?xB!5uesqsZ8W&T>1bJFk|jg^$lXFErt|1bGFH_6~$0S1g$ai&vGsXH7An`#{$l*WuUb z@A{>`{lAL)uBfKEw%drG4N*iXA_5{J5C|Y39aIp|AV^E72_PUM1f+!C6p$t$m{6oj z2_+DulNgF9AVGRlsx$+H9+0a1JHFp{{xi-v7yrc>#=6vRiDYf$R zu<@U09Y@daaaX$poG%R&cEry`IbFCX$7`g3pluz&#C2D|L47B z+ET?rMEUeO)6t2~-vuWOLk8TQnW}E898uMs>$}k%Om`K_;S-2i(TLL+_SrPG8C&qY z*io7g$m=bv*QS#@iQetg7<@zb*iiAE0u?yaN_Frl^CejkC?Sj zgs&I?n0bPy3;Oe_xGU9$hlr>0lk+i302=&@orQGWMft|-8jIfA;U0zgu(Ca>gGns{^FNzt2Yn0|5a>eex?4YSoP&6-?NO^zJge1UW5G<)+aP2Hg}K`OlE{&oUj%fgY(`(Y)CWG~%jSmWAoa zPwPS-)@IGpu;L0gvsuT5@A!?)hMd5)W-j>1qs%Zz%G#2)5(GBwXKuLGa=64@YTc-nXSGQxv zs->u9jeXBuu@EKq{QWA&#&WZ1)Q9BcF-`Qc%Kmj1X>_QQ(s1pI@>8L{8ttF-I}Eo; zn2&Xxug7b2LXTX!_WIEvTCxH5I+-XxYjuq!M3N6kvwJ>$;)m(>iJ4g- z)G{U4W=e&`3$i@+erZi6jHZ8s4KFIdu$a*$vX|^W?wXjXPQqrdB zpoei?V!XBX*o;28@`evJf@Nx#KVek3$KX&je{HEFn9E<8D3R;$jBHD4)b$VDy(7RP z#eX&_oWB9as(TC6UnMw`Y}Y=RSA3Mc$gc;taQcpmc+kDtC@Y(-D*#yqH!T>gF|s*r zy(G2Zw|WZG2r5=$cHBF^xv{)*5kt8mu|9!5a_-`B7<39O9{N7O)0H++U2z$(5-FfY zn5+yCeX`nMh%J@g!(t9=BU4^DJo6wOqU3dAfZozA%3J#aSuq4<+Xg*9alo$S?wfDg zDM|ORaP!e`N-D7AM63qT{8amAI0e1@(U*5aEMP&N54s;=pVO~>=ZHth(w`q2)L_Xa z8NS{1Aj-xM{+nL1@@zCtN27-|k6Wzjh`4m*RvBM+3FV7y-@dxlbo-Q;-a46LdT7rp zeg-7=s>{qPkmeUo_aB~9&{3v*8W6QaqbH3euGeU{%&3KoI(wGGc;%|)=Og+>+6ofz zeae%&UGE}~^1QM_!f~5DUDV%s3pzbRFA~%4FM$@q-$j%w>m=-CSJP6a0ePyn+pJ_R zX=f{BNYOjRQ_TyEiDQ?lx7@5S^h3!{|GF71*)Tuj);`4{fW_G*vOu-7$f4QNJ-*@P zOrk_nuVB+c!~!D%FWku zTi|vOduQiFn-WMBkJ-Qlm>R6fbk3VrangRjBP){o24(t~!%VW!+@C#g;9E)(z9i3P z4y|3ci{Zn;ZP?~YGCO=Xiq4eLR)>P}OPiVvyJ7FQtA4ZR=;*`$GB<0V6i6(G>WSH` zlbi8N*q0j!Fc09#qVJ|4DJl}`_|nUm<1y!3O3UY8g;iLG_UWL=4z1tO;25DzRv;ap zBm3+tK2N{hq1fwkY|6L2qT2a?2K8tq%cwq4rKI3k=M3BOC4#(*58R<<1Ub)aB?{2;Jago#@J}t zUH-InZG0+3QjIWqDU5>98a-#88Ofw!?E{b3ZX)2#}v)xp=ufP4YO&YEzV4V#_mo&JY z(|4&|4yp49MM30)>tLUn zF0)#1ojs*y&zS9TVpH5~x!vN*SxHs5+$ z8*~tNbl~S5Wu1e}wCs4RF@!S5%2>WsgwP{jyb|;EBwN_T#_nAy%b<0x;PPr`IP-pr z%r_x~=^3x1o9Y+cZtHH>sr+j?VBx^b;87BXb$y1mWuZoQcHNKIKgsY{#-^)^Cff(Y zG7l&kuPQfL=yJz?&GvY};g@b5Elv5>A(-hziKiG#evjgVghDujQRH_^Xe2D zlWtDmx$U3z8FC4VmdCTO)!ytb^G@|OxRmU0|D#dhx0XTaf`x25EX%Lyb>rAXm98{G z<^I!te=Pll<}z?PID1 zp8P(VdT#MfA=fLbkxc!vy6FxL$^EhL&w>l^It+n8|6`Y#VwJ<*NH7V=3@wa{3_P4s z)7e`kMrCe0Tx-J`+*k9Oa= zeBrN}=8;&%FNQJ@_ukd#6Hi|#tJ=2@4`A~dUbNC$35aS4Z01f~A0-JSrSdo6`rT&$ zpwC*LNg`o}L&3D#AiQ^K@y@4P2O2+Fn+x^*w?UUdELoc1FhJu3YWkt?ur(aCJe+hj zsqYSVSh@A^N8`#7VbH774EqehM+ot-qDMl#4ZSrSBMmvrFE;@Q5Dz*%#oS|gP1l*X z`6@f$Z)9KLe{ItH`m}D-5zxy>OjRE;H1N4JKoW$gn?`ZA^t`x;f{R$lx-X=l#g0H) z4QlV+0yVuZH&mb<2ZE!RQw;Yd5PLH;?hH=8loW`>yEgP6@6ZlVI9cD#(- z>{pp#>ZV#NIfhKtRrT8s#RN>c>P+Ict=Y^eiYwuE`F%EIJ3M$@6920f_=HWA^z)&#u}SS8K;MxBj+bFB><2eAt$B4?<5=-gcI za&|4?l4}n{=z+&EEN;4YJra@tmqY!Q?S0{x)0~3a0M?Kd5BSq%BuzH&T8&#Z4EYGq zCRW{9$z&vD0fZ|ER2dpBr2&VC2KOE_q!_nDMeJ{!hdfde&exAlv=k|Qeg8D=%|0Rakti(NE7YZkQ{Z^4L zRgr?NdDe4tPlPP~gyhv5Gl1c2?!D3O%58tYD)H@${IXM`VTQ-+=k=J|E@$=YryHI` zabq9!GW~_zLHJ`p?Vvg;p2`uMv$}JpxfqQ^!zbk=SwL zSaumAW@JND2tvWr@}*jjxk3w_Ju@0mzl}24lezK}`h<1zyTm5Jw*cfr)cYU4B4n_9 z=1YR0@ZP!LU*PI{Vm8l!>t7Up|%8C;^}z5CVz zVR~QoL^^=80#E{K+WQ2~?YTq@q#!VmtBgi(W|lErfVLhnuQ|69(>pqLpiz%8@+ z`8!{~z@@_)17ZbIk>w7rz7s9@D?lL*?#q2aKPY zydSRuC`j>#J0@K^jpf@!%=k%b21gOH6^athPS{^<%u;^=p9NHoo!xw`K%xS`P^$yL z$Cq)#w6fK2<+dBW6aJ1*!}|~MWet8CrH6Z8ZWm` zd~#GiG38@x8qAKYXt5>1+dS*LXeobmj^_)o*9IxS>T?o2?aU`+-;@1UQ1^-zIQ@v( z4kP_hN^aAi?YdP(LzMV>iS_>5xDLri6@*(0$D2du3lKB|Sid|BVBf03ooC3v;jv#= zeq7dVy()(*$_5)Z4Zp0{v2b6Gw|@(mc63M$(KsS5rbb{?onnN@)i>04BPwlZDXO&x3N#$1|9~`WEz`U8+2? zUz1x_Bpj$IXaOCYJ#=iq3)xcH%`oOm-z&+~X z8RLpkQEo$w-5@2TIak}NZ|EMs zfuB47R*p1Vy9il7j$MI2w9}sNKTp(IZb{>t%-b~Kxvw67K<+@g!GJ|7z|58TkXh}e zn$^P7j_xzYa|!>FM&0!<;YM(k51vdVFB-5P!}1w?pS7)xL8@YcW)J=NT*bmNKM4Nu zD(227bs0v70G!rT`e%;YN8qs~J~8^oI~l@BkuYE;;Uqd#8A{W~fRr!f%rr^9Uh4PW zLrE#Hh-nkBQ9<`JVJ>9>bfql+Tfy_qBK91Xzuf|m&>$Wt zKUCoFjBR=x3jFTl*WCXU1HA^~=@S1>u>v69zIX(IQUAM<} z|1MtqKd!{aVi!DwBOu|(-QYg5NH?)P!Q@x)vSzxzn9x;+kcmM z!{bsX5V-S+UvC@WKeH(g8HHk>-i--sIJ)BPu&Cb@v9k04euZb&qEps#|Lc)r_!ve< zrl(gL5C24^ERy$(2A^+MYuu(}&XM;P@%hdHaXXWxq!Y`N*fo5b_DBrFS5s%d7JM+hE)QUODr{K z6vGp$n?#o8lC6-U4x+rd9?@3R&C;Fz0o9(}FWvWpBHG8@bw}6synN>^Hd>xB8zmap zJJCYp@G9vz%GIAnRLmi%3LQ%;w2Q4!*()@2;5AFNxY#Z~c9y20@bNl~9fq1Ga)8Wu3JV?||mBxUwwM``p*6nJl0?cvHdw3oFM_iYEG9rnwp`?alKG@+L+h7?NJ3EQLMx2D(2Hq*{ zFI5UpxsVoc?T3ccdv4=yZM<*ZuaM`>`AvLcmp;&QJub~9E93j2{b%1%9ot*LT^ITk ziP1#CvcqVrw&K|msP+<|VRSF;DsuKjG3V~P>ly`+x_D*US7&rx>U@2?WrbWbad9-# z#j&k1gw^!!TV5Nh)QWle9Rm;k|O*EBE zgt=iUl&RkV&y?U`4!yQ(54pTe^7H*R>p4|<0{DyhJiDZ|k3HO7_jrI(Km3hSTt99q zU~c?43CL|I;Rj5KWK`)6yCS7(iqC#DMHTEJg+11Oe7pb%3Nq6BwTD}r;(3+5rU8Ae zT6yr{p9_Dv&y=!Q{+0{9u)1yb+*YiDa0g@f>Q1WH|Z?%~AA5 z^pJn`lOaO+kDT;RdjzSGUO~W*UJOp&&n}WEwsQiDh?8hfcyhUi~;`!dtE z1~)BDQu>?lh>CJ?%J&U%9C?>uk%;)tu0;tS!!Eg)RDXFnJ#f=2*ia#md@-z zp)?1OOjQywQl{5G#I)KH)6omxgp4u>eU`PCt?(+Mv4jlixzQB|39EMQ8Qp$Gl&-Y7 zn+P^-oFB$V@kan2TpqRUh8KgqMQiUN(nRv}XV&-Tar3q)`}aBG-?!H5e@MSg2HLYi zCVnU^!c%cRFqfoHTdF$#P>yYHJ;ZqH&hJTybeB*VD*J4K}W6fV8yfKYN& zn$DD*eJAA$j8ZDp*C4*mfll%Rq|fDy{|H#LS=j3fp0moh9lp)P9XA}KUzbaG29pN! z@71Z7w4HLQ6BIzqo8_YIgjbKJO#> zEe?tofuYV7XYgHw3@Jd~)!r2`Gg5tqb5iNCR!JU?p?uy;3P4_Lla}v1wb`s4CyA>+ z*>TPIQ|l(ksa0BTZP`C`OaOIW&1=ZlcF#W7zw@+clXD@xuq#K+k5CvYzTIUuCS((+ z?|`I4u4KHEU~m4d`XDdN?~aH9w;T?LYC@_%jUMqi6?EqDI~EtYiJ;qCUyBoZII6Q6 z#xmZi78t;RD8>GpY>?V40dBs+FURBizC@$mBbb#nlM4?xJTx^$sr}l0*$dC zV3y+fxxCgMS6m{-ry-NCdk&)>(};Ked~QF0@le6B7p)uRC$+qC*KV1vN$fcfG%4jHAXZxbOeY5kJwuIiSZa5smP(in)7;m zSB3W{#mIleERE02P$JyyKlN?&k<{XTLD&0lWL0i`#q%qjY2h(}%bG_4eg}iaap+xX zSPaPLP_8Wcr{~P#%d<|qy zyY2E|KB!tY-(cn9NlkZjVJMk7KbMt!YrGhKKPmZcmY5CrmWKYn$l)D5DVh@X4x?vP zHW69ZCv5$?N9iZB&j9KPg)W(F`nz>Bz;lg8EcKLH~Mx`ne?SqF(BAihA(r*x z*{20dj@9NvX57h3X#?ett@DCk>f;8)z8?MSEb$^Y;co1K?~G-C6P7HS`~c4>Y2?$$1IZeNB7f>t>IUUlq8;z< zVjk9t4o79F?mlw9!3u5bj!2Ag?ytP+(!;-6evoSHcUH4_#rq=LNJ| z9*z9`-Prk$J&B$h(Xs`AAgT~rB)vnyd|O4*_C|%LDj1QRHEY;_;NL5?6~-+rO*S50 z+vSa*+#miqYrjY`ve37TvpBR>j=bk(MWseA4juC9x$Scc62;T{qI~;;11&S7I~qBX zXVBx+E%uJi;bFk%64SYEp*CpyK=LPSfp{P&abePm)VfvV`RF2oc36IZxK23TVuDSg znNhL9?bJPw02kJBwb7r#$#`(=y^?+0GvC0Z5zDB)%BvIJ`Tk3HJ3YQEXRicB*sS+x zutJssV;RT0A!dsh`&0%yXWi-Qh^%1q1U2!Ltz=9nlAy`1lS{X)lkoate&klIg;L;Tna zJm;G}R||E^Rb7vwG)@Ag$Red5!4S6cjAR#j}| zL4Kj%*;LX#Z!0k67*P`PqR8qO?}e|Q^@z&P&{eu(66Wj%1@H_hQA2an5weE9+HyFAMc_?Oew`64mJdH+iNqU%{wRkFs+AwM>Stfwf7rz-@o4#}ew_K0Z z9`q1NF7s^s#4vmdF~~NcnOPM|iIYPTlnnMzVpeZ6JGM(@VHpOlPUlNyqx;()-^a5@ z7^FN&U4p`PNScL;~hrM8SAt#`)Yh=jvsTtReE~Q5qb1{*ktTkVKd-B1hb@8QTmHEY0K4u*G(yNJC zW~thz;{8u(lhnkZ(#EP0k4B27gSMN!-|sSj$R_itV;5%Cg`5(VRFL1ad2J-`+AY1f zZc^UozTa!kjyTUzJ6_=*47>WfThhHT_7gCf`sTMK?sb_g5&!X? z{_<~>rmI?n3k@G7JU*Qk$}T8+(oe5*2H54u+c?WJ_~YW7;TZ9HBj9-0n!(f~2nY{! zAFA!nsz-0if|)^A>0garGZmhV-2Q1XsMQ5Ryf*xyDPnEuv-0D*XsF{`Neh0HgkRvF zwoFY+KctyK^-aZgYlpSok|MGHGGM>$|En=?Nq9763d+Z>8GJrB{c?2PRyyL%j)h`D`IQh(pJReB`1 zZ>o1E1)PU)+4oGZByxww>BEomUBVkvPnZajT`IuR>;CPQJd9lDg!O ze2M;BLF&^s-sDLqa6RsnCX!J`8nj34rzM4jKBC(;)sZC^_>9S`pDAU zcWpmXXmfkj!L}*_&aTc$%3alE#hGH0M)j{LqjT=Ndwlfn#-z7De+S6=WD4K1Mdl5l z7e&_RylNYe#C)rqml|- z8m=AQJ>^m+;@x48N>{ZX1Az`yo}bf$SK7lG$kncnPVKtQhFhk*5cH^6o+=n0SYy2Z zLHs5YNFo0ANnw08_O^*obNrVXygW+WQlk1m*47NFl=-VhUJlP!2++2LBHpN)wO(ll z5UA^&7n5ERcfC?dJ|&XhKnIKu@L8tOq>{nY_1?}H+RtYpN==W6%ZST5FWPR)Ck0b~ zUzDS(pl|D{4t)gJld^&oKDB%5=IWy((tY(e_VgdHf>x>WF$)mDHw^RydIeCAJfZNZ z?_5ztdv;6!{%oqLfEnR`O8zPTpS&-2Z~6VEB?G7Go_KBmd;LC_T$26n390<_ V_oMWV`;0L4zNX$?g1YsK{{qVPsw4ma From 0fc5c1575c45368487396bb4cef1ffe83d54c36e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 15:09:47 -0800 Subject: [PATCH 49/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 89da6e7ecf..99428b624b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -63,7 +63,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat | Alert status | What to do | |:---|:---| | The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. | - | The alert is a false positive | 1. Proceed to [classify the alert](#classify-an-alert) as a false positive, and then [suppress the alert](#suppress-an-alert).

2. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint.

3. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). | + | The alert is a false positive | 1. [Classify the alert](#classify-an-alert) as a false positive.
2. [Suppress the alert](#suppress-an-alert).
3. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint.
4. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). | | The alert is accurate, but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). | ### Classify an alert From 71ce32654daec644b5ddbd198d5fa7f167bacedf Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 15:11:16 -0800 Subject: [PATCH 50/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 99428b624b..65a56a8421 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -85,7 +85,7 @@ If you have alerts that are either false positives or that are true positives bu 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. 2. In the navigation pane, select **Alerts queue**. 3. Select an alert that you want to suppress to open its **Details** pane. -4. In the **Details** pane, choose the ellipsis (**...**), and then choose **Create a suppression rule**. +4. In the **Details** pane, choose the ellipsis (**...**), and then **Create a suppression rule**. 5. Specify all the settings for your suppression rule, and then choose **Save**. > [!TIP] From 5db57d8657c4b511930d491c3010cd25ef049736 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 15:11:44 -0800 Subject: [PATCH 51/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 65a56a8421..3cdec79594 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -268,7 +268,7 @@ Microsoft Defender for Endpoint offers a wide variety of options, including the ### Cloud-delivered protection -Check your cloud-delivered protection level for Microsoft Defender Antivirus. By default, this is set to **Not configured**, which corresponds to a normal level of protection for most organizations. If your cloud-delivered protection is set to **High**, **High +**, or **Zero tolerance**, you might experience a higher number of false positives. +Check your cloud-delivered protection level for Microsoft Defender Antivirus. By default, cloud-delivered protection is set to **Not configured**, which corresponds to a normal level of protection for most organizations. If your cloud-delivered protection is set to **High**, **High +**, or **Zero tolerance**, you might experience a higher number of false positives. > [!TIP] > To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus). From 98147f674b436cc6716e980e2869d013fe4e21bf Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 15:12:09 -0800 Subject: [PATCH 52/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 3cdec79594..f749263f1b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -280,7 +280,7 @@ We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivere 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in. 2. Choose **Endpoint security** > **Antivirus** and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-cloud-delivered-protection-settings-for-a-new-policy)). 3. Under **Manage**, select **Properties**. Then, next to **Configuration settings**, choose **Edit**. -4. Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting this to **Not configured**, which provides strong protection while reducing the chances of getting false positives. +4. Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting cloud-delivered protection to **Not configured**, which provides strong protection while reducing the chances of getting false positives. 5. Choose **Review + save**, and then **Save**. #### Use Microsoft Endpoint Manager to set cloud-delivered protection settings (for a new policy) From 4dce3eb74897b63e1b9d8093282a41702e395c25 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 15:12:47 -0800 Subject: [PATCH 53/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index f749263f1b..731967a11e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -300,7 +300,7 @@ We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivere Potentially unwanted applications (PUA) are a category of software that can cause devices to run slowly, display unexpected ads, or install other software that might be unexpected or unwanted. Examples of PUA include advertising software, bundling software, and evasion software that behaves differently with security products. Although PUA is not considered malware, some kinds of software are PUA based on their behavior and reputation. -Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If this is happening, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. +Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If necessary, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. We recommend using Microsoft Endpoint Manager to edit or set PUA protection settings. From 37c3f8535612fc56170dfa2c61bdf3befbfbb465 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 15:17:47 -0800 Subject: [PATCH 54/68] Update defender-endpoint-false-positives-negatives.md --- ...fender-endpoint-false-positives-negatives.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 731967a11e..251443c99e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -31,16 +31,17 @@ ms.custom: FPFN - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806) -In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution. +In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, includling [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection). -If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives. These steps include: +Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives: -1. [Reviewing and classifying alerts](#part-1-review-and-classify-alerts) -2. [Reviewing remediation actions that were taken](#part-2-review-remediation-actions) -3. [Reviewing and defining exclusions](#part-3-review-or-define-exclusions) -4. [Submitting an entity for analysis](#part-4-submit-a-file-for-analysis) -5. [Reviewing and adjusting your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings) -6. [Getting help if you still have issues with false positives/negatives](#still-need-help) +1. [Review and classify alerts](#part-1-review-and-classify-alerts) +2. [Review remediation actions that were taken](#part-2-review-remediation-actions) +3. [Review and define exclusions](#part-3-review-or-define-exclusions) +4. [Submit an entity for analysis](#part-4-submit-a-file-for-analysis) +5. [Review and adjust your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings) + +And, you can [get help if you still have issues with false positives/negatives](#still-need-help) after performing the tasks described in this article. > [!NOTE] > This article is intended as guidance for security operators and security administrators who are using [Microsoft Defender for Endpoint](microsoft-defender-advanced-threat-protection.md). From 2124e871d4e374b3206bd09300c846ed9e118495 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 15:18:18 -0800 Subject: [PATCH 55/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 251443c99e..9fef03cef6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -31,7 +31,7 @@ ms.custom: FPFN - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806) -In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, includling [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection). +In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection). Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives: From 8c5574fd668f3c09831eb4f953c3f0fa40ffe846 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 26 Jan 2021 15:23:49 -0800 Subject: [PATCH 56/68] Re-labeled code blocks As written, the commands in the code blocks that I re-labeled work from the Windows command line, but not from the PowerShell command line. --- .../microsoft-defender-atp/troubleshoot-np.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index 79cdbc3b60..05563e45c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -86,13 +86,13 @@ When you report a problem with network protection, you are asked to collect and 1. Open an elevated command prompt and change to the Windows Defender directory: - ```PowerShell + ```console cd c:\program files\windows defender ``` 2. Run this command to generate the diagnostic logs: - ```PowerShell + ```console mpcmdrun -getfiles ``` From 4948f6d7dc91d0958c655165d21a17b11b80f142 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 16:16:46 -0800 Subject: [PATCH 57/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 9fef03cef6..784067032a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -33,7 +33,7 @@ ms.custom: FPFN In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection). -Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives: +Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address them by using the following process: 1. [Review and classify alerts](#part-1-review-and-classify-alerts) 2. [Review remediation actions that were taken](#part-2-review-remediation-actions) @@ -59,7 +59,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. 2. In the navigation pane, choose **Alerts queue**. 3. Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).) -4. Depending on the alert status, take the steps described in the following table:
+4. Depending on the alert status, take the steps described in the following table: | Alert status | What to do | |:---|:---| @@ -69,7 +69,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat ### Classify an alert -Your security team can classify an alert as a false positive or a true positive in the Microsoft Defender Security Center, in the **Alerts queue**. +You can classify an alert as a false positive or a true positive in the Microsoft Defender Security Center, in the **Alerts queue**. Classifying alerts helps train Microsoft Defender for Endpoint so that, over time, you'll see more true alerts and fewer false alerts. 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. 2. Select **Alerts queue**, and then select an alert that is a false positive. @@ -81,7 +81,7 @@ Your security team can classify an alert as a false positive or a true positive ### Suppress an alert -If you have alerts that are either false positives or that are true positives but are for unimportant events, you can suppress those alerts in the Microsoft Defender Security Center. Suppressing alerts helps reduce noise in your security operations dashboard. +If you have alerts that are either false positives or that are true positives but for unimportant events, you can suppress those alerts in the Microsoft Defender Security Center. Suppressing alerts helps reduce noise in your security operations dashboard. 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. 2. In the navigation pane, select **Alerts queue**. @@ -104,8 +104,7 @@ If you have alerts that are either false positives or that are true positives bu Other actions, such as starting an antivirus scan or collecting an investigation package, can occur through [Live Response](live-response.md). Those actions cannot be undone. -> [!TIP] -> See [Review remediation actions following an automated investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation). +After you have reviewed your alerts, your next step is to [review remediation actions](manage-auto-investigation.md). If any actions were taken as a result of false positives, you can undo most kinds of remediation actions. After that, proceed to [review or define exclusions](#part-3-review-or-define-exclusions). ### Review completed actions From f0b5db42db04991d4d0a921afa3a23012134e131 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 16:36:30 -0800 Subject: [PATCH 58/68] Update defender-endpoint-false-positives-negatives.md --- ...nder-endpoint-false-positives-negatives.md | 31 +++++++++++-------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 784067032a..18ee9960a2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -104,28 +104,26 @@ If you have alerts that are either false positives or that are true positives bu Other actions, such as starting an antivirus scan or collecting an investigation package, can occur through [Live Response](live-response.md). Those actions cannot be undone. -After you have reviewed your alerts, your next step is to [review remediation actions](manage-auto-investigation.md). If any actions were taken as a result of false positives, you can undo most kinds of remediation actions. After that, proceed to [review or define exclusions](#part-3-review-or-define-exclusions). +After you have reviewed your alerts, your next step is to [review remediation actions](manage-auto-investigation.md). If any actions were taken as a result of false positives, you can undo most kinds of remediation actions. Specifically, you can: +- [undo one action at a time](#undo-an-action); +- [undo multiple actions at one time](#undo-multiple-actions-at-one-time); and +- [remove a file from quarantine across multiple devices](#remove-a-file-from-quarantine-across-multiple-devices). + +When you're done reviewing and undoing actions that were taken as a result of false positives, proceed to [review or define exclusions](#part-3-review-or-define-exclusions). ### Review completed actions 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. -2. Select the **History** tab. +2. Select the **History** tab to view a list of actions that were taken.
![Action center](images/autoir-action-center-1.png) 3. Select an item to view more details about the remediation action that was taken. -If you find that a remediation action was taken automatically on an entity that is not actually a threat, you can undo the action. You can undo the following remediation actions: -- Isolate device -- Restrict code execution -- Quarantine a file -- Remove a registry key -- Stop a service -- Disable a driver -- Remove a scheduled task - ### Undo an action +If you find that a remediation action was taken automatically on an entity that is not actually a threat, you can undo the action. You can undo most remediation actions. + 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 2. On the **History** tab, select an action that you want to undo. -3. In the flyout pane, select **Undo**. (If the action cannot be undone with this method, you will not see an **Undo** button.) +3. In the flyout pane, select **Undo**. If the action cannot be undone with this method, you will not see an **Undo** button. (To learn more, see [Undo completed actions](manage-auto-investigation.md#undo-completed-actions).) ### Undo multiple actions at one time @@ -133,6 +131,13 @@ If you find that a remediation action was taken automatically on an entity that 2. On the **History** tab, select the actions that you want to undo. 3. In the pane on the right side of the screen, select **Undo**. +### Remove a file from quarantine across multiple devices + +1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. +2. On the **History** tab, select a file that has the Action type **Quarantine file**. +3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
![Quarantine file](images/autoir-quarantine-file-1.png) + + ## Part 3: Review or define exclusions An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. @@ -142,7 +147,7 @@ To define exclusions across Microsoft Defender for Endpoint, perform the followi - [Create “allow” indicators for Microsoft Defender for Endpoint](#indicators-for-microsoft-defender-for-endpoint) > [!NOTE] -> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indicators for Microsoft Defender for Endpoint. +> Microsoft Defender Antivirus exclusions apply only to antivirus protection, not across other Microsoft Defender for Endpoint capabilities. To exclude files broadly, use exclusions for Microsoft Defender Antivirus and [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) for Microsoft Defender for Endpoint. The procedures in this section describe how to define exclusions and indicators. From 88c2ccb91f9599910eb8929a0bbd30971f2eda0f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 16:38:56 -0800 Subject: [PATCH 59/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 18ee9960a2..f61361d92e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -182,7 +182,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) (specifically, indicators of compromise, or IoCs) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, you can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs. -To specify entities as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to: +To specify entities as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to the following capabilities: - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) From 5a95a0a2fcf9286ed70efb477fd1cfa21e7cae1d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 19:12:31 -0800 Subject: [PATCH 60/68] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index caeb8f45d2..780fb5a960 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -117,8 +117,10 @@ When you're done reviewing and undoing actions that were taken as a result of fa ### Review completed actions +![Action center](images/autoir-action-center-1.png) + 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. -2. Select the **History** tab to view a list of actions that were taken.
![Action center](images/autoir-action-center-1.png) +2. Select the **History** tab to view a list of actions that were taken. 3. Select an item to view more details about the remediation action that was taken. ### Undo an action @@ -137,10 +139,11 @@ If you find that a remediation action was taken automatically on an entity that ### Remove a file from quarantine across multiple devices +![Quarantine file](images/autoir-quarantine-file-1.png) + 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 2. On the **History** tab, select a file that has the Action type **Quarantine file**. -3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
![Quarantine file](images/autoir-quarantine-file-1.png) - +3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**. ## Part 3: Review or define exclusions @@ -352,7 +355,6 @@ Depending on the [level of automation](https://docs.microsoft.com/windows/securi > [!TIP] > We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle. - ## Still need help? If you have worked through all the steps in this article and still need help, your best bet is to contact technical support. @@ -365,4 +367,4 @@ If you have worked through all the steps in this article and still need help, yo [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md) -[Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use) \ No newline at end of file +[Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use) From 95b12a62beb0830130ecb66f9d3e8155e26d8e31 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 27 Jan 2021 07:37:27 -0800 Subject: [PATCH 61/68] Update defender-endpoint-false-positives-negatives.md --- ...nder-endpoint-false-positives-negatives.md | 47 ++++++++++--------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index caeb8f45d2..851be0216d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -11,7 +11,7 @@ ms.sitesec: library ms.pagetype: security ms.author: deniseb author: denisebmsft -ms.date: 01/26/2021 +ms.date: 01/27/2021 ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -52,7 +52,7 @@ And, you can [get help if you still have issues with false positives/negatives]( ## Part 1: Review and classify alerts -If you see an alert that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. We recommend that you classify alerts as well. +If you see an [alert](alerts.md) that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. We recommend that you classify alerts as well. Managing your alerts and classifying true/false positives helps to train your threat protection solution and can reduce the number of false positives or false negatives over time. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items. @@ -73,7 +73,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat ### Classify an alert -You can classify an alert as a false positive or a true positive in the Microsoft Defender Security Center, in the **Alerts queue**. Classifying alerts helps train Microsoft Defender for Endpoint so that, over time, you'll see more true alerts and fewer false alerts. +Alerts can be classified as false positives or true positives in the Microsoft Defender Security Center. Classifying alerts helps train Microsoft Defender for Endpoint so that, over time, you'll see more true alerts and fewer false alerts. 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. 2. Select **Alerts queue**, and then select an alert that is a false positive. @@ -98,7 +98,7 @@ If you have alerts that are either false positives or that are true positives bu ## Part 2: Review remediation actions -[Remediation actions](manage-auto-investigation.md#remediation-actions), such as sending a file to quarantine or stopping a process, can be taken on entities that are detected as threats. Several types of remediation actions can occur automatically through automated investigation and Microsoft Defender Antivirus. Examples of such actions include: +[Remediation actions](manage-auto-investigation.md#remediation-actions), such as sending a file to quarantine or stopping a process, are taken on entities (such as files) that are detected as threats. Several types of remediation actions occur automatically through automated investigation and Microsoft Defender Antivirus: - Quarantine a file - Remove a registry key - Kill a process @@ -106,25 +106,25 @@ If you have alerts that are either false positives or that are true positives bu - Disable a driver - Remove a scheduled task -Other actions, such as starting an antivirus scan or collecting an investigation package, can occur through [Live Response](live-response.md). Those actions cannot be undone. +Other actions, such as starting an antivirus scan or collecting an investigation package, occur manually or through [Live Response](live-response.md). Actions taken through Live Response cannot be undone. After you have reviewed your alerts, your next step is to [review remediation actions](manage-auto-investigation.md). If any actions were taken as a result of false positives, you can undo most kinds of remediation actions. Specifically, you can: -- [undo one action at a time](#undo-an-action); -- [undo multiple actions at one time](#undo-multiple-actions-at-one-time); and -- [remove a file from quarantine across multiple devices](#remove-a-file-from-quarantine-across-multiple-devices). +- [Undo one action at a time](#undo-an-action); +- [Undo multiple actions at one time](#undo-multiple-actions-at-one-time); and +- [Remove a file from quarantine across multiple devices](#remove-a-file-from-quarantine-across-multiple-devices). When you're done reviewing and undoing actions that were taken as a result of false positives, proceed to [review or define exclusions](#part-3-review-or-define-exclusions). ### Review completed actions +![Action center](images/autoir-action-center-1.png) + 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. -2. Select the **History** tab to view a list of actions that were taken.
![Action center](images/autoir-action-center-1.png) +2. Select the **History** tab to view a list of actions that were taken. 3. Select an item to view more details about the remediation action that was taken. ### Undo an action -If you find that a remediation action was taken automatically on an entity that is not actually a threat, you can undo the action. You can undo most remediation actions. - 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 2. On the **History** tab, select an action that you want to undo. 3. In the flyout pane, select **Undo**. If the action cannot be undone with this method, you will not see an **Undo** button. (To learn more, see [Undo completed actions](manage-auto-investigation.md#undo-completed-actions).) @@ -137,14 +137,15 @@ If you find that a remediation action was taken automatically on an entity that ### Remove a file from quarantine across multiple devices +![Quarantine file](images/autoir-quarantine-file-1.png) + 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 2. On the **History** tab, select a file that has the Action type **Quarantine file**. -3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
![Quarantine file](images/autoir-quarantine-file-1.png) - +3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**. ## Part 3: Review or define exclusions -An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. +An exclusion is an entity, such as a file or URL, that you specify as an exception to remediation actions. The excluded entity can still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. To define exclusions across Microsoft Defender for Endpoint, perform the following tasks: - [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus) @@ -157,7 +158,7 @@ The procedures in this section describe how to define exclusions and indicators. ### Exclusions for Microsoft Defender Antivirus -In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using Microsoft Endpoint Manager to define or edit your antivirus exclusions; however, you can use other methods, such as Group Policy as well. +In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview) to define or edit your antivirus exclusions; however, you can use other methods, such as [Group Policy](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy) (see [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)). > [!TIP] > Need help with antivirus exclusions? See [Configure and validate exclusions for Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus). @@ -186,13 +187,13 @@ In general, you should not need to define exclusions for Microsoft Defender Anti [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) (specifically, indicators of compromise, or IoCs) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, you can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs. -To specify entities as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to the following capabilities: +To specify entities as exclusions for Microsoft Defender for Endpoint, create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to the following capabilities: - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) -You can create indicators for: +"Allow" indicators can be created for: - [Files](#indicators-for-files) - [IP addresses, URLs, and domains](#indicators-for-ip-addresses-urls-or-domains) @@ -205,7 +206,7 @@ You can create indicators for: When you [create an "allow" indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file), it helps prevent files that your organization is using from being blocked. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. Before you create indicators for files, make sure the following requirements are met: -- Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).) +- Microsoft Defender Antivirus is configured with cloud-based protection enabled (see [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus)) - Antimalware client version is 4.18.1901.x or later - Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 - The [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) @@ -215,28 +216,28 @@ Before you create indicators for files, make sure the following requirements are When you [create an "allow" indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain), it helps prevent the sites or IP addresses your organization uses from being blocked. Before you create indicators for IP addresses, URLs, or domains, make sure the following requirements are met: -- Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection)) +- Network protection in Defender for Endpoint is enabled in block mode (see [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection)) - Antimalware client version is 4.18.1906.x or later - Devices are running Windows 10, version 1709, or later -Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) +Custom network indicators are turned on in the Microsoft Defender Security Center (see [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features)) #### Indicators for application certificates When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates), it helps prevent applications, such as internally developed applications, that your organization uses from being blocked. `.CER` or `.PEM` file extensions are supported. Before you create indicators for application certificates, make sure the following requirements are met: -- Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).) +- Microsoft Defender Antivirus is configured with cloud-based protection enabled (see [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus)) - Antimalware client version is 4.18.1901.x or later - Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 - Virus and threat protection definitions are up to date > [!TIP] -> When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). +> When you create indicators, you can define them one by one, or import multiple items at once. Keep in mind there's a limit of 15,000 indicators for a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). ## Part 4: Submit a file for analysis -You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions. When you sign in at the submission site, you can track your submissions. +You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions, and . When you sign in at the submission site, you can track your submissions. ### Submit a file for analysis From 592c3d4fe02ed21e25325b56985c93471c329682 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 27 Jan 2021 07:51:06 -0800 Subject: [PATCH 62/68] Update defender-endpoint-false-positives-negatives.md --- ...nder-endpoint-false-positives-negatives.md | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 851be0216d..80c64fb69d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -187,11 +187,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) (specifically, indicators of compromise, or IoCs) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, you can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs. -To specify entities as exclusions for Microsoft Defender for Endpoint, create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to the following capabilities: - -- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) -- [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) -- [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) +To specify entities as exclusions for Microsoft Defender for Endpoint, create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to [next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10), [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), and [automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). "Allow" indicators can be created for: @@ -237,7 +233,7 @@ Before you create indicators for application certificates, make sure the followi ## Part 4: Submit a file for analysis -You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions, and . When you sign in at the submission site, you can track your submissions. +You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions, and their results help inform Microsoft Defender for Endpoint threat protection capabilities. When you sign in at the submission site, you can track your submissions. ### Submit a file for analysis @@ -273,7 +269,7 @@ To check for updates regarding your submission, sign in at the [Microsoft Securi ## Part 5: Review and adjust your threat protection settings -Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine-tune settings for various features and capabilities. If you’re getting numerous false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular: +Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine-tune settings for various features and capabilities. If you’re getting numerous false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to: - [Cloud-delivered protection](#cloud-delivered-protection) - [Remediation for potentially unwanted applications](#remediation-for-potentially-unwanted-applications) @@ -288,6 +284,8 @@ Check your cloud-delivered protection level for Microsoft Defender Antivirus. By We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivered protection settings. +We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview) to edit or set your cloud-delivered protection settings; however, you can use other methods, such as [Group Policy](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy) (see [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)). + #### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings (for existing policies) 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in. @@ -312,13 +310,13 @@ We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivere ### Remediation for potentially unwanted applications Potentially unwanted applications (PUA) are a category of software that can cause devices to run slowly, display unexpected ads, or install other software that might be unexpected or unwanted. Examples of PUA include advertising software, bundling software, and evasion software that behaves differently with security products. Although PUA is not considered malware, some kinds of software are PUA based on their behavior and reputation. - -Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If necessary, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. - -We recommend using Microsoft Endpoint Manager to edit or set PUA protection settings. > [!TIP] > To learn more about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus). + +Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If necessary, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. + +We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview) to edit or set PUA protection settings; however, you can use other methods, such as [Group Policy](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy) (see [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)). #### Use Microsoft Endpoint Manager to edit PUA protection (for existing configuration profiles) @@ -345,18 +343,18 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett [Automated investigation and remediation](automated-investigations.md) (AIR) capabilities are designed to examine alerts and take immediate action to resolve breaches. As alerts are triggered, and an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. -Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization and other security settings, remediation actions are taken on artifacts deemed Malicious or Suspicious. Remediation actions can occur automatically, or only upon approval by your security operations team. +Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization and other security settings, remediation actions are taken on artifacts that are considered to be *Malicious* or *Suspicious*. In some cases, remediation actions occur automatically; in other cases, remediation actions are taken manually or only upon approval by your security operations team. - [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels); and then - [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation). -> [!TIP] +> [!IMPORTANT] > We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle. ## Still need help? -If you have worked through all the steps in this article and still need help, your best bet is to contact technical support. +If you have worked through all the steps in this article and still need help, contact technical support. 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. 2. In the upper right corner, select the question mark (**?**), and then select **Microsoft support**. From 37c50b4ecc433f63043aa1b2f004097c4173000b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 27 Jan 2021 08:04:19 -0800 Subject: [PATCH 63/68] yanking AV false positives article --- windows/security/threat-protection/TOC.md | 1 - .../antivirus-false-positives-negatives.md | 83 ------------------- 2 files changed, 84 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 76bfdf55f4..0e49e0f09b 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -176,7 +176,6 @@ ###### [Use PowerShell cmdlets to manage next-generation protection](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) ###### [Use Windows Management Instrumentation (WMI) to manage next-generation protection](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) ###### [Use the mpcmdrun.exe command line tool to manage next-generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) -###### [Handle false positives/negatives in Microsoft Defender Antivirus](microsoft-defender-antivirus/antivirus-false-positives-negatives.md) ##### [Deploy, manage updates, and report on antivirus]() ###### [Preparing to deploy](microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md deleted file mode 100644 index e99e915192..0000000000 --- a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: What to do with false positives/negatives in Microsoft Defender Antivirus -description: Did Microsoft Defender Antivirus miss or wrongly detect something? Find out what you can do. -keywords: Microsoft Defender Antivirus, false positives, false negatives, exclusions -search.product: eADQiWindows 10XVcnh -ms.prod: m365-security -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb -ms.custom: nextgen -ms.date: 01/26/2021 -ms.reviewer: shwetaj -manager: dansimp -audience: ITPro -ms.topic: article -ms.technology: mde ---- - -# What to do with false positives/negatives in Microsoft Defender Antivirus - -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - -**Applies to:** - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - -Microsoft Defender Antivirus is designed to keep your PC safe with built-in, trusted antivirus protection. With Microsoft Defender Antivirus, you get comprehensive, ongoing, and real-time protection against software threats like viruses, malware, and spyware across email, apps, the cloud, and the web. - -What if something gets detected wrongly as malware, or something is missed? We call these false positives and false negatives. Fortunately, there are some steps you can take to deal with these issues. You can: -- [Submit a file to Microsoft for analysis](#submit-a-file-to-microsoft-for-analysis) -- [Create an "Allow" indicator to prevent a false positive from recurring](#create-an-allow-indicator-to-prevent-a-false-positive-from-recurring) -- [Define an exclusion on an individual Windows device to prevent an item from being scanned](#define-an-exclusion-on-an-individual-windows-device-to-prevent-an-item-from-being-scanned) - -> [!TIP] -> This article focuses on false positives in Microsoft Defender Antivirus. If you want guidance for Microsoft Defender for Endpoint, which includes next-generation protection, endpoint detection and response, automated investigation and remediation, and more, see [Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md). - -## Submit a file to Microsoft for analysis - -1. Review the [submission guidelines](../intelligence/submission-guide.md). -2. [Submit your file or sample](https://www.microsoft.com/wdsi/filesubmission). - -> [!TIP] -> We recommend signing in at the submission portal so you can track the results of your submissions. - -## Create an "Allow" indicator to prevent a false positive from recurring - -If a file, IP address, URL, or domain is treated as malware on a device, even though it's safe, you can create an "Allow" indicator. This indicator tells Microsoft Defender Antivirus (and Microsoft Defender for Endpoint) that the item is safe. - -To set up your "Allow" indicator, follow the guidance in [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators). - -## Define an exclusion on an individual Windows device to prevent an item from being scanned - -When you define an exclusion for Microsoft Defender Antivirus, you configure your antivirus to skip that item. - -1. On your Windows 10 device, open the Windows Security app. -2. Select **Virus & threat protection** > **Virus & threat protection settings**. -3. Under **Exclusions**, select **Add or remove exclusions**. -4. Select **+ Add an exclusion**, and specify its type (**File**, **Folder**, **File type**, or **Process**). - -The following table summarizes exclusion types, how they're defined, and what happens when they're in effect. - -|Exclusion type |Defined by |What happens | -|---------|---------|---------| -|**File** |Location
Example: `c:\sample\sample.test` |The specified file is skipped by Microsoft Defender Antivirus. | -|**Folder** |Location
Example: `c:\test\sample` |All items in the specified folder are skipped by Microsoft Defender Antivirus. | -|**File type** |File extension
Example: `.test` |All files with the specified extension anywhere on your device are skipped by Microsoft Defender Antivirus. | -|**Process** |Executable file path
Example: `c:\test\process.exe` |The specified process and any files that are opened by that process are skipped by Microsoft Defender Antivirus. | - -To learn more, see: -- [Configure and validate exclusions based on file extension and folder location](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus) -- [Configure exclusions for files opened by processes](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus) - -## Related articles - -[What is Microsoft Defender for Endpoint?](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) - -[Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) - -[Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md) \ No newline at end of file From 79c75450d4907cafbac4d82e359b16256cc089f8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 27 Jan 2021 08:06:27 -0800 Subject: [PATCH 64/68] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 7bcd7f8d15..6c6cd0335b 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -16519,6 +16519,11 @@ "source_path": "windows/hub/windows-10.yml", "redirect_url": "https://docs.microsoft.com/windows/windows-10", "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives", + "redirect_document_id": true } ] } From cc757691fac0332d41ab38cd26ad2eb471bb0c98 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Wed, 27 Jan 2021 10:56:07 -0800 Subject: [PATCH 65/68] Release notes for MDE for Mac 101.19.48 --- .../microsoft-defender-atp/mac-whatsnew.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 617e8532aa..9053de5168 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -30,6 +30,14 @@ ms.technology: mde > [!IMPORTANT] > Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021. +## 101.19.48 + +> [!NOTE] +> The old command-line tool syntax has been deprecated with this release. + +- Added a new command-line switch to disable the network extension: `mdatp system-extension network-filter disable`. This command can be useful to troubleshoot networking issues that could be related to Microsoft Defender for Endpoint for Mac +- Performance improvements & bug fixes + ## 101.19.21 - Bug fixes From 560702cef3489eefad29fff075b4fdae0f92ce31 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 27 Jan 2021 11:32:53 -0800 Subject: [PATCH 66/68] Update defender-endpoint-false-positives-negatives.md --- ...nder-endpoint-false-positives-negatives.md | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 8b351b1709..6a64647a0c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -61,24 +61,24 @@ Managing your alerts and classifying true/false positives helps to train your th Before you classify or suppress an alert, determine whether the alert is accurate, a false positive, or benign. 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. -2. In the navigation pane, choose **Alerts queue**. -3. Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).) -4. Depending on the alert status, take the steps described in the following table: +2. In the navigation pane, choose **Alerts queue**. +3. Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).) +4. Depending on the alert status, take the steps described in the following table: - | Alert status | What to do | - |:---|:---| - | The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. | - | The alert is a false positive | 1. [Classify the alert](#classify-an-alert) as a false positive.
2. [Suppress the alert](#suppress-an-alert).
3. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint.
4. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). | - | The alert is accurate, but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). | +| Alert status | What to do | +|:---|:---| +| The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. | +| The alert is a false positive | 1. [Classify the alert](#classify-an-alert) as a false positive.
2. [Suppress the alert](#suppress-an-alert).
3. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint.
4. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). | +| The alert is accurate, but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). | ### Classify an alert Alerts can be classified as false positives or true positives in the Microsoft Defender Security Center. Classifying alerts helps train Microsoft Defender for Endpoint so that, over time, you'll see more true alerts and fewer false alerts. -1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. -2. Select **Alerts queue**, and then select an alert that is a false positive. -3. For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens. -4. In the **Manage alert** section, select either **True alert** or **False alert**. (Use **False alert** to classify a false positive.) +1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. +2. Select **Alerts queue**, and then select an alert. +3. For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens. +4. In the **Manage alert** section, select either **True alert** or **False alert**. (Use **False alert** to classify a false positive.) > [!TIP] > For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts). And, if your organization is using a security information and event management (SIEM) server, make sure to define a suppression rule there, too. @@ -87,11 +87,11 @@ Alerts can be classified as false positives or true positives in the Microsoft D If you have alerts that are either false positives or that are true positives but for unimportant events, you can suppress those alerts in the Microsoft Defender Security Center. Suppressing alerts helps reduce noise in your security operations dashboard. -1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. -2. In the navigation pane, select **Alerts queue**. -3. Select an alert that you want to suppress to open its **Details** pane. -4. In the **Details** pane, choose the ellipsis (**...**), and then **Create a suppression rule**. -5. Specify all the settings for your suppression rule, and then choose **Save**. +1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. +2. In the navigation pane, select **Alerts queue**. +3. Select an alert that you want to suppress to open its **Details** pane. +4. In the **Details** pane, choose the ellipsis (**...**), and then **Create a suppression rule**. +5. Specify all the settings for your suppression rule, and then choose **Save**. > [!TIP] > Need help with suppression rules? See [Suppress an alert and create a new suppression rule](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts#suppress-an-alert-and-create-a-new-suppression-rule). @@ -123,15 +123,15 @@ When you're done reviewing and undoing actions that were taken as a result of fa ### Undo an action -1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. +1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 2. On the **History** tab, select an action that you want to undo. -3. In the flyout pane, select **Undo**. If the action cannot be undone with this method, you will not see an **Undo** button. (To learn more, see [Undo completed actions](manage-auto-investigation.md#undo-completed-actions).) +3. In the flyout pane, select **Undo**. If the action cannot be undone with this method, you will not see an **Undo** button. (To learn more, see [Undo completed actions](manage-auto-investigation.md#undo-completed-actions).) ### Undo multiple actions at one time -1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. -2. On the **History** tab, select the actions that you want to undo. -3. In the pane on the right side of the screen, select **Undo**. +1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. +2. On the **History** tab, select the actions that you want to undo. +3. In the pane on the right side of the screen, select **Undo**. ### Remove a file from quarantine across multiple devices From 87a43c486a27d80811f79d30915204bd20dbcb0a Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Wed, 27 Jan 2021 11:37:23 -0800 Subject: [PATCH 67/68] Add link to new syntax --- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 9053de5168..2ae1e83837 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -33,7 +33,7 @@ ms.technology: mde ## 101.19.48 > [!NOTE] -> The old command-line tool syntax has been deprecated with this release. +> The old command-line tool syntax has been deprecated with this release. For information on the new syntax, see [Resources](mac-resources.md#configuring-from-the-command-line). - Added a new command-line switch to disable the network extension: `mdatp system-extension network-filter disable`. This command can be useful to troubleshoot networking issues that could be related to Microsoft Defender for Endpoint for Mac - Performance improvements & bug fixes From 5db9bdd39f5af3eb34f60c0c86b8656fe6d0032b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 27 Jan 2021 13:59:44 -0800 Subject: [PATCH 68/68] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index ad505f776b..20419165db 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: tewchen, pahuijbr, shwjha manager: dansimp -ms.date: 01/22/2021 +ms.date: 01/27/2021 ms.technology: mde --- @@ -89,10 +89,12 @@ The table in this section summarizes the functionality and features that are ava | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | Yes | See note [[4](#fn4)] | Yes | No | | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | Yes | Yes | Yes | No | -(3) In general, when Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode. However, if [Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about) (Endpoint DLP) is configured and in effect, protective actions are enforced. Endpoint DLP works with real-time protection and behavior monitoring. +(3) In general, when Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode. (4) When Microsoft Defender Antivirus is in passive mode, threat remediation features are active only during scheduled or on-demand scans. +> [!NOTE] +> [Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about) protection continues to operate normally when Microsoft Defender Antivirus is in active or passive mode. ## Keep the following points in mind