deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

edits

Browse Source
This commit is contained in:
Justin Hall
2019-05-13 15:16:26 -07:00
parent cbf9fa5036
commit ddddfbbf4d
6 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
View File

@ -74,9 +74,9 @@ See the [attack surface reduction](attack-surface-reduction-exploit-guard.md) to
4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. 4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
### Use PowerShell to exclude files and folderss ### Use PowerShell to exclude files and folders
1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
2. Enter the following cmdlet: 2. Enter the following cmdlet:
```PowerShell ```PowerShell

6
windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
View File

@ -94,7 +94,7 @@ You can specify if certain apps should always be considered safe and given write
When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by controlled folder access. When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by controlled folder access.
An allowed application or service only has write access to a controlled flder after it starts. For example, if you allow an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. An allowed application or service only has write access to a controlled folder after it starts. For example, if you allow an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted.
### Use the Windows Defender Security app to allow specific apps ### Use the Windows Defender Security app to allow specific apps
@ -107,7 +107,7 @@ An allowed application or service only has write access to a controlled flder af
4. Click **Add an allowed app** and follow the prompts to add apps. 4. Click **Add an allowed app** and follow the prompts to add apps.
![Screenshot of the add an allowed app button](images/cfa-allow-app.png) ![Screenshot of how to add an allowed app button](images/cfa-allow-app.png)
### Use Group Policy to allow specific apps ### Use Group Policy to allow specific apps
@ -121,7 +121,7 @@ An allowed application or service only has write access to a controlled flder af
### Use PowerShell to allow specific apps ### Use PowerShell to allow specific apps
1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
2. Enter the following cmdlet: 2. Enter the following cmdlet:
```PowerShell ```PowerShell

4
windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
View File

@ -26,7 +26,7 @@ Each ASR rule contains three settings:
To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules. To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
You can enable attack surface reduction rules by using any of the these methods: You can enable attack surface reduction rules by using any of these methods:
- [Microsoft Intune](#intune) - [Microsoft Intune](#intune)
- [Mobile Device Management (MDM)](#mdm) - [Mobile Device Management (MDM)](#mdm)
@ -131,7 +131,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe
>[!WARNING] >[!WARNING]
>If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. >If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup.
1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**. 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**.
2. Enter the following cmdlet: 2. Enter the following cmdlet:

4
windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
View File

@ -22,7 +22,7 @@ ms.date: 05/13/2019
[Controlled folder access](controlled-folders-exploit-guard.md) helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is included with Windows 10 and Windows Server 2019. [Controlled folder access](controlled-folders-exploit-guard.md) helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is included with Windows 10 and Windows Server 2019.
You can enable controlled folder access by using any of the these methods: You can enable controlled folder access by using any of these methods:
- [Windows Security app](#windows-security-app) - [Windows Security app](#windows-security-app)
- [Microsoft Intune](#intune) - [Microsoft Intune](#intune)
@ -100,7 +100,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
## PowerShell ## PowerShell
1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**. 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**.
2. Enter the following cmdlet: 2. Enter the following cmdlet:

2
windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
View File

@ -26,7 +26,7 @@ Many features from the Enhanced Mitigation Experience Toolkit (EMET) are include
You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine. You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine.
You can enable each mitigation separately by using any of the these methods: You can enable each mitigation separately by using any of these methods:
- [Windows Security app](#windows-security-app) - [Windows Security app](#windows-security-app)
- [Microsoft Intune](#intune) - [Microsoft Intune](#intune)

3
windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
View File

@ -22,7 +22,8 @@ ms.date: 04/22/2019
[Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. [Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it. You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it.
You can enable network protection by using any of the these methods:
You can enable network protection by using any of these methods:
- [Microsoft Intune](#intune) - [Microsoft Intune](#intune)
- [Mobile Device Management (MDM)](#mdm) - [Mobile Device Management (MDM)](#mdm)